Information Governance Policy Development Is No Longer a ‘Nice to Have’

Published On March 02, 2020

Organizations have long understood the value of information governance policy development, but for many, the task of implementing the discipline across the enterprise has been too easily shunted to the side in favor of more pressing priorities.

That may be changing, however, according to new research by the Association for Intelligent Information Management (AIIM). The association’s survey of 230 senior-level executives found that 73% of organizations now see information governance (IG) as either important or critical to their business strategy. The number of organizations that have “robust, enterprise-wide information governance policies” has surged from 14% to 25% over the past five years, as IG has moved from being primarily defensive in nature to the center of digital business strategy.

Information governance is an umbrella strategy for managing information within an organization. Originally conceived as a compliance and data security practice, IG now encompasses everything from records management to risk assessment, enterprise architecture and data analytics. It’s becoming a critical element of the digital transformation initiatives many organizations are now pursuing.

The AIIM study indicates that good governance practices correlate with business success. Forty-two percent of organizations that describe themselves as performing better than their peers said they have robust governance policies in place, compared to just 7% of low performers. Of those that don’t yet have robust policies in place, 24% of high-performing organizations plan to implement information governance policy development in the future, compared to just 3% of low performers.

Automating Information Governance

Organizations are making progress on applying IG practices to rid their organizations of redundant, obsolete or trivial (ROT) data. This is an increasingly vital task in light of International Data Corp.’s projection that the world will create 175 zettabytes of data in 2025, or about 10 times as much as was created in 2016. The only way to keep up with growth like that is to apply automation to the process of finding and deleting or archiving duplicate or unneeded data.

Respondents to the AIIM survey are sold on the value of automation: 73% completely or somewhat agree that it’s the only way to keep up with growing data volumes. That’s up from just 44% who agreed six years ago. Equally as important is that 72% of organizations surveyed said they are confident they can identify what data is safe to delete, nearly double the 38% who believed that in 2014.

Automated tool adoption is widespread, with 83% of survey respondents reporting that they are using technology both to apply governance practices and make the process as unobtrusive as possible to knowledge workers. The top focus areas for automation are monitoring performance and resilience of content and records management systems (practiced by 43%), detecting security or confidentiality risks (41%) and flagging data for deletion based upon rules (40%). More than half are automatically classifying content at the point of ingestion and nearly as many are doing so as part of workflow processes.

Gaining Buy-In Is a Challenge

Despite these encouraging trends, a troubling 45% of respondents say their senior executives are disengaged or only somewhat on board with information governance policy development. The top challenges are gaining buy-in on the importance of IG, followed by difficulties creating and enforcing rules.

The best way to get the organization on board is to sell IG as a byproduct of another initiative rather than as a discrete project, agreed 58% of respondents. For example, new privacy regulations in Europe and California demand that organizations identify, classify and manage customer data at a granular level and at scale or face expensive penalties. No large organization can hope to achieve compliance using manual records management approaches.

In short, IG has gone from “nice to have” to an essential information management practice. Iron Mountain has a long track record of expertise in IG and information life cycle management disciplines ranging from managing complexity and risk to automating processes. To learn more, come by booth 41 at the AIIM Conference in Dallas March 3-5 and join us Wednesday, March 4 from 5:05 p.m. to 5:50 p.m. for an interactive roundtable session on “The Secret Sauce for Complying with Privacy Regulations” featuring Iron Mountain Corporate Counsel Manager Steve Lester.