K’ung Fu-Tse (551–479 BC), or Confucius as he came to be known in the western world, is reputed to have said, “a man can eat an elephant if need be – one bite at a time.” This of course is as true today as it was some 2,500 years ago. And Information Governance is a rather robust elephant. This is why, the repeated calls for a top-down approach that seeks to address information governance holistically – encompassing all conceivable stakeholders (and who is not an information stakeholder?) – while well intentioned, may be too much for any organization to digest.
Yes, information governance requires C-Suite focus. Senior leadership buy-in and support is prerequisite as the breadth and depth of information governance cuts across every business domain such as marketing, sales, legal and compliance, IT, InfoSec, privacy, human resources, finance and accounting, business strategy and planning, and so on. Each effect, and is affected by, the other: especially when it concerns the storage, processing, use, sharing, and archiving of electronic data. Too much for a top-down one-bite approach.
To Each Its Own Piece
Gartner defines information governance as “the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.“ Translation: govern information well and you extract more value. Mismanage information and you extract more risk.
Importantly, each aspect of governing information as defined by Gartner is definitionally a function of the individual business domain’s roles and responsibilities. And they differ greatly. Each business unit has unique requirements. So, while information governance comprehends the synergies (the systemic values and risks associated with information governance or lack thereof) there are also tensions.
Think about the different conceptions of data the CPO, CMO, or business strategy might have. Consider the need to aggregate data from across domains for workplace analytics or for targeting consumers against data privacy requirements and legal constraints that govern their use.
Each domain must take their own bite of the InfoGov elephant. Each has its own unique challenges, constraints, and possible solutions. Its own values and risks that require specificity of subject matter expertise to maximize those values and mitigate the risks. Approaching information governance as independent discipline-specific workstreams is the logical approach.
Each a Piece of the Whole
That said, as noted at the outset, each domain, particularly when viewed from the information governance perspective, effects, and is affected, by the other. The information assets that underpin the operations of each business domain are a sphere of commonality and as such the risks associated with information assets can represent systemic risk.
Because of this, each bite of the information governance elephant – each workstream contemplated – must be cognizant of the other to be strategically relevant and achieve sustainable results. Multiple independent workstreams, driven by roles, responsibilities, and the expertise necessary to comprehend them are required. But they cannot operate in a vacuum.
Attempting to eat the entire elephant is very much likely to result in eventual loss of interest over time. (Read loss of focus, loss of funding, and loss of expert resources as other more immediate challenges surface that need attention.)
“As a highly complex, ongoing program,” writes Thor Olavsrud, “data governance runs the risk of participants losing trust and interest over time. To counter that, BARC [The Business Application Research Center] recommends starting with a manageable or application-specific prototype project and then expanding across the company based on lessons learned” (CIO, 2021).
This speaks to another very practical benefit: quick wins. Writ large, information governance projects can take years before they begin to achieve their anticipated benefits pushing out the ROI horizon
Furthermore, not only are discipline-specific workstreams more “manageable,” and provide a cycle of lessons learned to apply to other projects, but the “quick win” is ultimately the best method available to achieve and maintain buy-in from both leadership and stakeholders without whose support, the likelihood of success all but disappears.
Yes, one can eat an elephant if need be, but why?
Matt Mahon, CEDS, IGP, has 14-years’ experience with Ricoh supporting organizations with information governance and litigation support strategies including data remediation, litigation hold, preservation, collection, data processing, review, and production. As the National Manager for Ricoh Information Governance & eDiscovery Sales, Matt leads strategy and training for the sales team, and consults with clients, delivers CLE training, and is a frequent speaker and writer on eDiscovery issues. Matt earned his B.A. in Mathematics and Applied Sciences from UC San Diego and is a Certified as an eDiscovery Specialist and Information Governance Professional. Matt lectures widely on topics including IoT, the impact of emoji and social media in workplace communications, data governance, and eDiscovery.