What Information Governance Is And Isn't
Over the last few weeks some pretty bright minds have been talking / writing about what Information Governance (IG) is and isn’t. Unfortunately, I couldn’t find the restraint to stay out of it. To get some of the background of what’s been going on, read a few posts from these guys (I don’t always agree with them, but I do have a great deal of respect for them and their smarts):
- George Parapadakis (this, this, and this)
- Barclay Blair (this one and this one)
- Laurence Hart (this one and this one and this one, too)
There’s also been a bit of a conversation going on on Twitter involving the folks mentioned above, along with Jeffrey Lewis, Ron Layel, Ron Miller, Bryant Duhon, et moi. Had I been prescient I would have captured / saved the stream and included it here. Oh well.
First things first … the definition of Information Governance I use is the one I wrote: “Information governance is all the rules, regulations, legislation, standards, and policies with which organizations need to comply when they create, share, and use information.”
The thing to remember about IG is that it’s really about policies that put constraints and roadblocks in the way of working with information. Implementing the policies, via procedures, is where value gets added; using the right technologies helps take the burden off of people. Information Governance without appropriate procedures and tools is just not going to work. Don’t even bother to try.
I am definitely in the camp with those who view IG as an overarching thing that covers a vast array of disciplines that determine every aspect of managing, using, storing, sharing, and disposing of information. And therein lies the problem with IG; it is too broad to be of real interest to any single executive in the C-suite, unless that executive’s job is IG and only IG. That said, oversight for IG has to be centralized in order to be effective on a broad scale, and it has to be centralized in a manner that allows no bias.
Putting oversight for IG in the hands of the CMO, the CIO, the CLO, or anyone else in the C-suite, assuming they actually wanted the job, would likely end up biasing IG towards a specific agenda. IG implemented has to be good for the overall business. Granted, there are various drivers, but those drivers cannot be used as justification to sacrifice or jeopardize other business concerns. Does that mean we need a new title in the C-suite? Maybe, maybe not. Personally, I’d like to see the CIO role redefined on a global basis to be the information equivalent of the CFO and let the various disciplines report into it.
If an organization is a litigation magnet for sure that organization needs to do whatever is necessary to reduce the risk and the burden. But it can’t be done in a way that compromises business effectiveness of other parts of the organization. The policies need to be implemented via procedures and tools that support the business moving forward. There is no legitimate reason that one cannot implement litigation risk mitigation that also benefits the rest of the organization. The immediate need may be related to litigation, but the long play has to be holistic. By the same token, getting field manuals to engineers cannot expose the organization to unnecessary risk or exposure.
During the past few weeks there was also talk about splitting out Information Governance and Information Management. The short version is that governance is the policies and management is the procedures. I don’t think that there’s anything wrong with splitting things out like that, but does it make a huge difference when trying to convince clients or execs about the need for governance? I’ve been guilty of using the terms interchangeably, but I’ve made progress so I don’t care. The fact is some of my clients get the shakes when I mention IG, but they’re cool when we talk about IM. The end result is the same except that I have not “educated” the client about the right terminology. Again, who cares? My clients don’t hire me to teach them the right terminology so that they can sound hip when having beverages with the IG illuminati; they hire me to solve problems or leverage information better.
I really like Barclay’s sentiment: it doesn’t matter what you call it as long as the concepts are understood and progress is being made. Ultimately, that’s the bottom line.
We can bang on all we want about IG vs IM or whatever, and continue to struggle to get buy in and move things forward. Or, we can compromise our principles a little (it’s not like it’ll matter in the long run anyways) and focus on telling clients, sponsors, and executives what they need to hear in a way they understand, are comfortable with, and ultimately buy into. As long as I do right by my clients, I personally don’t care whether we call it IG or IM. We can have the philosophical conversations next time we’re gathered at some conference and it’s only us nerds talking.
During the Twitter conversation, Ron Layel asked me if I thought that information is the currency of business. I don’t think so. If an organization has a bunch of cash sitting in the bank, idle, the cash doesn’t expose the organization to risk, and it appreciates in value. If information is just sitting around, it potentially causes risk, and has no value. Information accumulates, morphs, and transmogrifies too fluidly to really be considered currency. To be sure, businesses couldn’t run without information or currency, but unlike information you can fake currency (think about letters of credit, loans, debentures, IPO’s, etc.).
One last little point … peeve, actually … there are vendors out there (hardware, software, services, associations) that tout themselves as Information Governance vendors. They’re not. They may solve portions of what IG is, but they don’t do it all.