What is Information Governance?

An introduction

Do you control your data? Hardly anyone will be able to answer this question with a “YES” without reservations. Although the topic of digitization has been given a very important place in both the trade and business press for years, in many cases the elementary foundations for its implementation are lacking. Many digitization initiatives are characterized by individual projects that are set up in an isolated ecosystem and consequently only function there. Analyzing an isolated set of data and applying AI to it is many times easier than performing meaningful analysis and obtaining correct conclusions in a heterogeneous data landscape. There is little point in questioning the usefulness of AI if the most important basis for analysis, namely the data, is already of abysmal quality.

About 80% of the data you store is worthless (RED)!

In the aftermath of the ENRON affair, companies were strongly recommended, even legally required, to take care of corporate governance. In simplified terms, this means comprehensive management and efficient control of the company. The counterpart in the digital domain is information governance. It adopts the principles of corporate governance and should result in an organization that is competent, active, efficient, legally compliant and purposeful in its handling of data. In most organizations, this message has not yet been received, even if the trade associations selectively issue publications on the subject. With IG, we are now where we were 20 years ago with information security (now a market of around $200 billion).

The new practical guide Information Governance (IG) (2nd edition 2021) is dedicated to this complex of topics. We have tried to take into account as many aspects of the IG as possible and have involved 24 national and international authors who have made valuable contributions. We have tried to reconcile the aspirations of digitization with both corporate, strategic goals and regulatory requirements. IG is a management task and has basically nothing to do with IT. It is primarily not a technology issue, but a strategic management task that must be led by the board of directors or equivalent bodies. “Data is like water” : in order to use it successfully and beneficially, it must be actively collected, evaluated, managed and disposed of. To date, this task has been left primarily to IT. Although a slow rethink is taking place, we are still a long way from where a data-driven company should actually be. The necessary knowledge is lacking both at the Board of Directors and in the business units. As with corporate governance, it is not enough to simply set up a committee and think that’s the end of the matter. IG must be implemented at all levels of the organization, which takes years in established organizations. This naturally also requires new competencies and people.

At its core, IG encompasses a data-driven vision of goals at all levels of decision-making, structures for understanding and controlling data, and diverse technologies. Traditional IT departments as we know them today will no longer exist in 10 years. Data-driven organizations require new skills; data specialists, taxonomists or data architects are in demand. This change management becomes the biggest challenge for the management. To make this task easier to tackle and to reduce inhibitions, we have extended our MATRIO Method® (cf. matrio.swiss).

Which technological developments pose the greatest challenges? While the topic of the cloud will not be discussed further here, it can basically be said that the multitude of new possibilities for data storage plays a central role. Most organizations are ill-prepared for the question of where to hold what data. To answer this question, you need an information architecture. This is becoming increasingly urgent and important to prevent cost-driving and inefficient data silos. At the same time, big tech vendors are going to great lengths to try to persuade or force customers to vendor lock-in. This hardly works, because mature and evolved architectures always have a wide variety of technologies whose status is completely different. In addition, there are legal concerns (keyword: Cloud Act). In the worst case, this ends in multiple redundancy of existing data. Although several vendors are now addressing the IG issue, most solutions are relegated to their technology stacks. At the same time, established ECM/DMS manufacturers are struggling with the problem that it is precisely the big tech providers that are penetrating their market. This is a field of application that is per se characterized by a high degree of complexity. The traditional ECM/DMS market is becoming diversified, or less easily graspable, as lateral entrants unsettle the scenes. For the user, this means: The need to organize data is growing, but so is the difficulty in selecting suitable solutions. Before going into technology selection, one must determine the information/data strategy. For this reason, it is of utmost importance that management addresses these issues as quickly as possible. While there are issues that can be done automatically, these are definitely not one of them.

In regulatory terms, a lot has happened, especially in the area of data protection. Many companies have now realized that they really have to get serious about the GDPR and the new Swiss data protection law. Our core statement: “Only those who can delete data can control it”. Is of course central in this context and forms the acid test for the success of IG implementation. Data deletion in particular has been criminally neglected in the past. Many systems are built in such a way that it is almost impossible to delete data. These structures need to be rebuilt and redesigned. The good news is that the technologies for this have also changed significantly. While earlier archives could only be used with classic WORDM media, today there is a choice of different WORM mechanisms, which are also available in the cloud.

The need for verification, testing and certification has also increased. In the context of the situation described here and the associated complexity, the question “Are we legally compliant at all?” is becoming increasingly central for many organizations. Proper digitization projects require comprehensive design of data lifecycles and controls from the beginning of data capture to destruction.

The good news is that although data volumes will continue to grow exponentially, new AI techniques are enabling us to find better, simpler, and more efficient ways to process data. Thus, we can use new AI methods for the analysis of ROT data and for the migration of the valuable data, which also happen mainly on the semantic recognition. This area in particular will become massively more important in the future. In fact, semantic capture means understanding the content of the data (information indexing) and mapping it (e.g., in graphical databases and knowledge graphs). For example, the krm has developed the k2 PID Cockpit an AI-based toolset for identifying and cleansing personal data.

This closes the circle to knowledge management. We are getting closer to this goal day by day. There is still a long way to go, but this is one of the most important goals that can be achieved with IG. I am optimistic that new paths will open up here in the next few years, which will significantly simplify the activities that are still strenuous in some cases today. But just as with all strategies, it’s “the sooner they sow, the sooner they will reap!”


Submit a Comment

Your email address will not be published. Required fields are marked *

Related articles

On 16.3. is Digital Cleanup Day

On 16.3. is Digital Cleanup Day

Tidying up is clearly not everyone's cup of tea, but we all know the good feeling that a tidy room, a tidy desk or ... a tidy drive! You can feel proud with a clear conscience, because deleting data also has an important effect on energy consumption. I have calculated...

read more
Dealing with data risks: Data breach notification

Dealing with data risks: Data breach notification

A data breach notification or "data breach notification" refers to the process by which an organization or company is required to notify the relevant data protection authorities and, if applicable, data subjects of a data breach that is likely to result in a high risk...

read more