The following is a summary of a webcast in which Barclay T. Blair, Founder and Executive Director of the Information Governance Initiative (IGI) and President of the consulting firm Via Lumina, presents the results of IGI's 2014 survey (see link below). An internationally recognized expert on information governance, Barclay is an advisor to Fortune 500 companies and software and hardware vendors. He is the award-winning author of several volumes, including Information Nation: Seven Keys to Information Management Compliance; Information Nation Warrior; and Privacy Nation.
Mary Mack, Esq., Enterprise Technology Counsel of ZyLAB and one of the charter supporters of the Information Governance Initiative, offers additional comments. She is the co-editor of the Thomson Reuters West treatise eDiscovery for Corporate Counsel and the author of A Process of Illumination: The Practical Guide to Electronic Discovery. She is on the Board of Governors of the Organization of Legal Professionals and the Advisory Council of the National Federation of Paralegal Associations. ZyLAB provides e-discovery and information risk management software to the legal and information governance communities.
The recently published 2014 IGI Annual Survey, “Information Governance Goes to Work,” offers insights into the perceptions of IG practitioners, providers, and analysts about the IG market and the work of IGI itself. The full survey and a recording of the webinar can be downloaded from http://www.zylab.com/resources/recorded-webcasts/igi-annual-survey/
Blair: “Information governance is the activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs.” This definition offered by the IGI has broad support from the community: 93 percent of the participants in the study agreed on this definition.
Mack: We couldn’t agree more. As e-discovery software provider, ZyLAB sees customers use tools originally purchased for reactive e-discovery in a proactive way to reduce legal risk, make business operations more effective and increase the value of information through its lifecycle.
Blair: Information governance (IG) is not the next evolutionary stage of records management or e-discovery. IG is a coordinating function for a long list of information activities. In fact, 79 percent of the participants in the survey indicated that they see IG as the highest-level accountability for all information management activities at their organizations. They also noted that the top five additional activities that should be coordinated by IG are information security, compliance, data governance, risk management, and privacy. Business operations and management and data science also showed up in the list.
Mack: ZyLAB always has been a strong advocate for legal, compliance and IT professionals to work together to develop best-practice-based processes to not only be prepared for a possible e-discovery project but also to share the responsibility for information governance and data privacy and security issues. Our comprehensive e-discovery and information risk management solutions cover the entire EDRM and include activities beyond pure e-discovery, like separating redundant, outdated and trivial data from data that is still relevant and needs to be stored or protected.
Blair: The survey reports that currently only 28 percent of organizations delegate overall accountability for IG to a specific individual. In most organizations the CIO owns the infrastructure but bears no responsibility for the data that flows through the pipes. The quality of the data is put in the hands of the business people, creating a huge gap that is the cause of severe “garbage in, garbage out” challenges. Nobody asks the important question: “should this information exist in the first place?”
Based on this finding, IGI advises organizations with complex information environments to appoint a dedicated, C-level role to drive information governance projects. IGI introduces the concept of a CIGO to provide a coordinating function with delegated authority for specific information activities at an organization. The CIGO needs to balance stakeholder interests from each facet of IG and develops an operational model for the organization.
Mack: The CIGO is essentially the chief technology counsel function we have talked about with Metropolitan Corporate Counsel’s readers over the last several years. I am encouraged by the 28 percent accountability number. It is critical for the corporate legal department to have a seat at the table before, during and after new information products, services and partnerships are introduced into the corporate flow. Baking legal requirements into a product or service prior to deploying it can allow an organization to exploit legal/regulatory buying triggers and behavior, as well as protect corporate revenues with appropriate IP strategies. Examples of this include specifying requirements and frameworks for geographically aware information products and services, more effective acknowledgements for enforceable terms of service and designing systems to mask, or not store, vulnerable information like personal data. As we move into wearables, the Internet of Things (IoT) and 3-D printing, the value and necessity for information governance will become painfully obvious.
Looking from an e-discovery angle, many companies are ill prepared for litigation because their records management policies and practices are misaligned with their e-discovery processes. On the IT side, organizations need to understand that information management is more than just storing documents and making them accessible. Once a regulatory or litigation event occurs, the ever-decreasing cost of physically storing unnecessary data balloons into the enormous cost of legal review and the risks associated with production. A focus on information governance, using existing staff and existing equipment, can reduce all three vectors in e-discovery: cost, risk and time.
Blair: To provide the greatest value to the organization, a strict risk orientation is not enough. There is a balancing act between risk and value. The survey shows that IG must be a business-enabling function that powers data-driven business models and insight. Although value-focused IG is only in its infancy (less than 10 percent of the respondents say they have an active project focused on monetizing data), 92 percent report that risk and value are equal partners in IG, and most practitioners (68 percent) indicate that quantifying the financial benefits of IG was essential to IG success at their organizations.
Information governance should incorporate all the tools needed to better manage information. This includes organizational controls commonly expressed in the form of policies and procedures. It also includes the processes that are driven by these controls and the people who develop, enforce, and follow those processes. Finally, it includes the technologies that enable us to both control and exploit our information assets – a very broad category of software and hardware. Almost all – 91 percent – of the participants agree with this statement.
Mack: Most of the value-creating information is now under the accountability of the CMO, the chief marketing officer. This year, for the first time, CMOs spent more on technology than did the CIOs. CMOs are already extracting business value from potential customers, and some are mining CRM and other internal databases for other revenue-enhancing information. Other sources of business value include ERP (enterprise resource planning) systems, HR and talent-management systems, source control systems, proprietary manufacturing transactional systems and collaboration systems. The CMO and the COO are key allies in information governance, as privacy and compliance breaches are more likely to happen within their accountabilities. ZyLAB has been working with these constituencies, department heads and corporate officers to surface and protect key information for years with our information management and e-discovery platform.
Blair: Seventy-five percent of the participating organizations expect the amount they spend on IG to grow in 2015, and grow by a lot, with the majority projecting a 10-20 percent growth rate, and over a quarter projecting 30 percent or more.
Nearly half of surveyed practitioners say they buy new technology in the first year of an IG program (document/content/records management software and archiving technology are popular). The average small to mid-sized organization spends $330,000 USD per IG project (on products, services and staff), and at large organizations, per project spending is over $2,000,000 USD. Spending seems to be geared towards products and services, with just over a quarter of practitioners telling us they have hired, or plan to hire, new IG staff.
Surprisingly, given the common assertion that sellers in an emerging market tend to unrealistically hype its potential, practitioners and providers have similar expectations for how IG money will flow in 2015.
Seventy-five percent of practitioners project an increase in 2015 IG spending, and 83 percent of providers project a revenue increase. Similarly, 59 percent of practitioners predict 10-20 percent growth in 2015 IG spending compared to 50 percent of providers predicting the same revenue growth.
Blair: Practitioners are taking on a wide variety of IG projects, right now. On average, SMBs have four IG projects underway, and large organizations have six. A majority of organizations are actively working on updating policies and procedures, migrating unstructured information, and consolidating and cleaning up data. Other popular projects include implementing a new corporate governance framework for IG and defensible deletion.
Blair: The way data moves through an organization is complex, touching disparate business systems and applications. Managing the information in these systems requires a broad focus. Respondents have a broad view of the technologies that are part of the IG product market, with the five most popular being records and information management, information security, compliance, e-discovery, and data storage and archiving. We do not view all of these and the additional eight identified technologies as “IG technologies” per se, but rather as points of management and control that are coordinated by the CIGO. As IG matures, the technologies that form its core will come into greater focus.
Mack: In closing, ZyLAB is pleased to be a charter supporter of the Information Governance Initiative, and thanks Barclay Blair, Jason Baron, Bennett Borden, Jay Brudz, the IGI Advisory Board and survey participants for giving visibility to this important opportunity to serve the corporate community.