Information Governance (IG) is a hot topic. I have spoken to hundreds of organizations and individuals about their IG initiatives. Almost unanimously, these organizations agree that lack of active governance is a big problem and that very few companies have a viable solution. When it comes time to do address this burgeoning IG issue, however, how do organizations obtain needed funding? This is not a revenue-generating initiative. As we all know, it is more difficult to obtain funding for non-revenue projects. Fortunately, there are reasons so compelling that it would be difficult to ignore Information Governance when the effects are well understood.
Before talking about funding an IG initiative, we should set some baselines as to the definition of IG. It means different things to different organizations. Gartner states that “[t]he goal of Information Governance is to ensure compliance with laws and regulations, mitigate risks and protect the confidentiality of sensitive company and customer data.” Many people I have spoken with think that IG is just “another word for records management.” This is not the case.
A successful IG initiative requires a cross-functional team effort, usually consisting of records, IT and legal, often with executive sponsorship. The elevation of records to include IT and legal also brings into play more budgetary options. Information Governance will normally be a function of the IT budget rather than records, which opens up many more possibilities.
While traditional records management is a valuable foundation for helping to craft policies and procedures, IG includes many more elements. These elements include active enforcement of policy across both digital and physical records, access control of information and more. IG concerns itself with non-records as well as records. One of the primary advantages of a well executed IG program is that it creates more visibility of all organizational information. Records are a small percentage of this total.
In short, IG strives to make an organization’s information more valuable.
A proper Information Governance initiative can deliver a measurable and rapid ROI (Return on Investment).
Business Case Factors
While Information Governance is not revenue-generating, it can be a substantial cost savings center, thus creating the same net effect.
According to estimates, the volume of business data worldwide, across all companies, doubles every 1.2 years. This is staggering. How do organizations cope with this level of increase in digital information across multiple repositories? How much does this does cost? How can IG help?
The first step in measuring how IG can help is to discover how much of this data would be affected by proper governance. Studies indicate that anywhere between 40%-80% of corporate data is comprised of ROT (redundant, obsolete, trivial) data. ROT reduction is one of the primary benefits of IG. Because the average organization spends 25% of their IT budget on data storage and 75% overall on infrastructure, IG can have a significant impact on IT spend. Worldwide IT expenditures exceeded $2.1 trillion in 2013. The implications are stunning.
The argument that the cost for storage is decreasing does not hold water. While the cost per GB is decreasing overall, it does not decrease at anywhere near same rate that information is increasing, doubling every 1.2 years. IDC confirms that, while the cost per GB is decreasing, the spend on storage is increasing in conjunction with overall IT spending at 5.7% per year and growing. A quarter of IT decision makers predict their data will grow 60% in 2014, while the rest of the IT decision makers responded with a low end prediction of 42%–still very significant.
While the cost of storage by itself creates and incredibly compelling case for IG, there are many ways that cost reduction is achieved.
Costs for ediscovery can be greatly reduced with proper Information Governance on the front end. With an average per gigabyte (GB) cost of $18,000, ediscovery expenses add up very quickly, especially considering that the average organization has hundreds or even thousands of TBs (terabytes) of information in-house. Larger organizations generate PB (petabytes) of information. With a well executed IG initiative, ediscovery costs can be reduced drastically due to the reduction of irrelevant data from the start.
ediscovery costs can be further reduced via IG through proper legal hold protocols. Active legal hold allows more targeted collection of ESI. The effect of this is less data to cull and therefore less data ultimately ending up in attorney review. Additionally, it does a great disservice to organizations who place “everything” on legal hold. Not only does this create an overbroad burden in finding and collecting information for ediscovery but it suspends the organization’s records lifecycle. This is critical because placing non-relevant information on legal hold prevents defensible deletion of information, thus increasing exposure in many areas of compliance while also causing an extra burden on IT infrastructure.
The cost of an overbroad legal hold can far exceed the cost of losing a case in some circumstances. Proper policies and procedures will give your business the best of both worlds: legally sufficient legal hold practices combined with maximum defensible disposition.
We have seen how exponential data growth is a strong reason to implement an IG initiative. Risk reduction is also a strong reason and this is driven by laws and regulations as well as litigation, audit requests and related factors. Barclay Blair says “We can’t keep everything forever…we can’t throw everything away…” which is absolutely true.
Much as data growth is increasing, the rate at which new regulations are enacted to deal with this data is increasing while the ability to enforce and understand these policies is decreasing. Looking at major U.S. laws and regulations only, numerous additions have been made since the passage of SOX in 2002. Prior to SOX, dating back to 1960, only one to two major regulations per decade were passed. It is now almost yearly. This trend is mirrored globally and is not just confined to the United States. These regulations address everything from retention to access controls to privacy of health and financial information, security and more. All of these concerns must be covered by an organization’s policies and procedures and enforcement must be consistent.
Risk also comes from controlling access to data, both internal and external. Information Governance seeks to address this concern and security and privacy professionals rate this is a high priority. For this reason, security professionals are often included among the IT stakeholders within an IG project.
Today most organizations use a myriad of disparate systems to manage their information. Many functional areas such as HR, accounting, legal and IT all use different ways to store and communicate data. When litigation, information requests or audits occur, how do these organizations know that they are fully complying with requirements when data is distributed? One of the functions of Information Governance is to provide unified visibility of these holdings, whether a record or non-record. Note that this assumes IG is not limited to a repository-based philosophy which is generally assumed to be a thing of the past.
A further risk factor is holding onto information for longer than necessary. Many organizations historically have “kept everything forever”. This is not longer viable. Exposure of outdated materials create risk in responding to any of the above requests. Further, some information may not be kept beyond certain time limits and compliance with these regulations is essential.
Data Quality and Increased Efficiencies
Perhaps the biggest and most underrated benefit of strong Information Governance is increased data quality. Poor data quality costs U.S. businesses $600 billion annually. When costs of the poor data in the U.S. government are added, the price-tag for the cost of poor data increases to $3.1 trillion per year. Some estimates state that poor data costs business 20%-35% of their operating revenue! “Poor” data can be caused by many things: ROT, lack of structure, lack of visibility and many other elements. Virtually all of these elements are addressed by a strong IG initiative.
A proper IG program should provide visibility over multiple repositories and the relevance of the data contained in those repositories should increase with enforcement of policies and procedures. This umbrella effect can significantly increase the overall value of organizational data. In addition to giving users the most relevant data possible, BI (business intelligence) tools also benefit from having the best input possible. This effects strategic business decisions at every level of the organization.
Pristine data also lessens the opportunity cost of searching for wanted information such as the latest version of a contract, an important email and much more. A great real-world example of efficiency is that, in the developed economies of Europe, government administrators could save more than €100 billion ($149 billion) in operational efficiency improvements alone by using big data, not including using big data to reduce fraud and errors and boost the collection of tax revenues.
Benefits relating to efficiency include:
• Reduced time and cost to comply with audits and legal / regulatory requirements;
• Increased business intelligence due to oversight of all corporate data;
• Categorization of data based upon best practices;
• More efficient communication across business departments and geographic divisions;
• Faster and easier access to information of all types;
• Decreased burden on IT systems;
• Less need for IT personnel to administer policy and legal holds.
While I’ve found that it is generally accepted on all levels of organizations that IG is important, less than 15% of organizations today have a coherent program to enforce policies and procedures actively over digital and physical information. Even within that 15%, only a small subset of those are effective across multiple repositories.
In my experience, the main reason organizations don’t proceed with their Information Governance program is simply lack of budget. By bridging the cap between records, IT and legal, Information Governance can be properly placed into the IT budget. From there, the factors of Cost Reduction, Decreased Risk and great Data Quality/Efficiency provide an extremely compelling argument in favor of a comprehensive IG project.
While all of the above reasons can and will be address in much greater depth separately, this provides the “Cliff Notes” as to the ROI of Information Governance.