[Seiner] Robert, I am glad that you have agreed to be interviewed for the pages of TDAN.com. Please introduce yourself to the TDAN.com readers and tell us about your involvement in the Information Governance industry.
[Smallwood] Thank you, Bob, I appreciate the opportunity to chat with your readers.
My journey into the Information Governance space has been a progressive and logical one. It started with my work at Wang Labs in the late 1980s, when Wang introduced the first commercially available document imaging systems. This was rocket science back then—to scan an image and see it on a screen, then move that e-document at electronic speeds throughout the organization or across the globe— versus the old paper-based approach. Wang was a year or so ahead of IBM on this. Wang sold a platform, the VS Series minicomputers, which could manage four forms of information: text, databases, voice, and images. Soon the marketplace realized that there was a need to manage e-documents, like word processing documents and spreadsheets, primarily for version control, so the document management industry segment was created. Then, the web began to proliferate, and companies were putting up intranets, and managing digital assets, so the broader content management industry segment arose.
At that time I had moved out on my own, performing consulting and project management for enterprise content management (ECM) systems. Then, much later, after all this automation had proliferated, the industry saw the need to govern and control information, which is where Information Governance comes in. I wrote three books for Wiley publishing from 2012 to 2014 on e-document security, managing electronic records, and the first (and still only) textbook on Information Governance, which I am updating now for the 2nd Edition. I have been training corporate clients and helping many attain their certification as an Information Governance Professional (IGP), and giving some guest lectures to university students since then. I also help companies launch IG programs.
Tell us about your new print publication called Information Governance World – where did the idea come from, how does the print magazine fit into the industry, how long you have been working on the idea, and what does your team looks like?
About five years ago, when my IG textbook came out, I thought there was a need for an IG magazine. So I purchased the domain, infogovworld.com. I tried to get some industry leaders interested in it but they mostly thought that no one reads magazines anymore. Still, I continued to nourish the idea. About three years ago I began working with a long-time colleague, Baird Brueske, who I had known from the days when we were both local chapter presidents of AIIM International. He and I began to develop the IG magazine concept. Then, last year, we found an investor who was interested, and then a few more, so we hired an editorial staff and started operations for the magazine. Baird is the COO, and we also have a senior editor, editor, Creative Director, admin person, freelance photographers, and contributing writers. The early responses by those in the industry have been very supportive. We are launching in September with the first print and digital issue, and holding launch events at the AHIMA (healthcare compliance and records managers) Conference in Miami Beach September 24 and at the ARMA (records managers) Conference in Anaheim on October 22. We will publish 8 digital issues next year, with 4 of those also being in print.
I get asked this question all the time, so I wanted to pass it by you – Can you please tell me the difference between Data Governance and Information Governance?
I see in this way: corporate governance is at the highest level of the organization, and has been around since corporations were created. It involves governance, risk management, and compliance (GRC) at a high level. Information Governance, or IG, is about minimizing information risks and costs while maximizing value at an enterprise-wide level. IG can be succinctly summed up as “security, control, and optimization of information.” I make the distinction between information and data by stating that the information is data that has been processed and has value in context. The next level down I see IT governance, which is a discipline that was created to ensure that IT departments are contributing toward the accomplishment of business objectives. Frameworks like CoBIT5 and ITIL and the ISO38500 standard assist in implementing IT governance. Then I see data governance as the discipline which seeks to manage and control data, at its most fundamental level, and to build in accountabilities (stewards), to assure that the data is true and accurate, so that downstream reports and analyses are more accurate and trusted. I’ve been reading some of your articles and getting a better understanding of data governance, and your “non-invasive” approach.
From what I have shared with you about Non-Invasive Data Governance (the approach that I follow and write and speak about), how would that approach apply to Information Governance? Should there be such a thing as Non-Invasive Information Governance? How would that be different?
I don’t really think that is possible. There are a few non-invasive steps that can be taken, but by-and-large IG is a disruptive discipline. With IG programs, the goal is to break down siloed approaches to managing information, within functional groups, and to get these groups to recognize information as an asset that can be leveraged throughout the enterprise to maximize its value. So it is very much a change management discipline. However, starting with non-invasive data governance is a good place to demonstrate progress to management. In fact, some clients have used funded, existing data governance programs to launch broader IG programs.
I will be glad to take a piece of that action. On that note … What are some of the most common business drivers for Information Governance programs?
Sometimes it is simply due to a single negative event, a blunder, like a major data breach or runaway litigation expenses. This is what Gartner’s Doug Laney calls “blunder funding.” But also, recently, there has been a sort of “perfect storm” of compliance pressures, cyber-security concerns, Big Data volumes, and the increasing recognition that information itself has value, which has contributed to a significant increase in the number of organizations implementing IG programs.
Most significantly, the European Union (EU) General Data Protection Regulation (GDPR), which went into effect May 25, 2018, left companies across the globe scrambling to gain control over the consumer data they had housed. The GDPR legislation applies to all citizens in the EU and the European Economic Area (EEA), regardless of where they reside. So any global enterprise doing business with EU/EEA citizens must comply with the legislation, or face a major fine. The primary goal of GDPR is to give citizens control over their personal data. And the first step organizations must take to gain control over their data is to inventory it and create a data map. This is also a first step in IG programs. So IG program development has greatly accelerated this past year.
Sometimes organizations take a tool-first approach to Data Governance. Does the same hold true for Information Governance? What are some of the industry leading tools in the IG space?
There are a variety of them. One of the most fundamental technologies is file analysis classification and remediation (FACR) software, often just called, “file analysis.” This software is a critical tool to cleaning up the vast amounts of information scattered about on file shares, SANs, and other storage repositories. File analysis will spider out and scan all storage mediums to find empty files, orphaned files (created by sunsetted applications or employees no longer there) duplicates, near duplicates, the most recent version (often the copy of record), and also finding and categorizing the information by department, author, date, subject, etc. Studies have shown that as much as 70% of the information that organizations store have no business value. It is called, ROT (redundant, outdated, or trivial information). And file analysis can help clean up that ROT, reduce the storage footprint (and associated costs), and improve search time and accuracy. When you get rid of all that “data debris” and shine a light on “dark data,” knowledge workers can more easily find what they need to do their jobs, and to satisfy regulators.
Another significant technology in this space is predictive coding, which can radically reduce the cost of e-discovery collection and review during litigation. Predictive coding is software that a human expert, usually a lawyer on a case, feeds in sample emails and documents to, and tells the software “find more like this.” Then, the software, using machine learning, goes out and gathers a set from the entire corpus of emails and e-documents. Then, the human expert tells the software, “OK, more like this one, and not like these other ones.” And the software gets better and better at it and after a few iterations it can become quite adept at finding documents that are responsive in a particular case. Just 5-10 years ago, this was almost always done manually by lawyers pouring over boxes of documents and making these determinations themselves, at $200/hour. The software does not have to be perfect at finding the documents; the courts have said a 70% threshold is good enough, since that is about the accuracy human can achieve, due to fatigue and human error.
What should people expect to see in Information Governance World and where can they go to be certain that they can get the first issue?
Mid-September. We just have a placeholder site up now, it is being redesigned, but your readers can go to infogovworld.com and fill out a Subscription Request form. The digital version will always be free.
Many people consider the field of Data Governance to be… how should I put it… less than fascinating. Of course, they wouldn’t be people in either of our audiences. What advice can you share with my readers about how to make governance more interesting?
The most exciting thing I’d say about Data Governance is that once you have good, clean data, you have the foundation to leverage and monetize that data, using the principles of infonomics, which are detailed in Laney’s Infonomics book, with lots of examples. I’d recommend that all your readers read that book. Now, monetizing doesn’t always mean selling the data— it can also include bartering with it for better terms with your suppliers, or “selling” it (as a cost transfer) internally for use in other departments. And there are other creative ideas. When executives realize that information is an asset, and that it can be used to find new value, then they get excited. Suddenly, DG operations go from being only a cost center, to a profit center.
Also, another good approach is to ride the coattails of the new wave of privacy concerns, brought on by the new EU General Data Protection Regulation (GDPR), and also the inexcusable privacy mistakes Facebook has made. GDPR applies to all EU citizens wherever they reside, so global companies are scrambling to inventory their data assets and gain control over them. The GDPR specifically requires that a Data Protection Officer (DPO) be in place. This legislation and the general increase in privacy concerns makes DG all the more important and should breathe new life into DG programs.
Let’s wrap up this interview on a light note … Can you think of a single song lyric that represents how you feel about the state of the Information Governance industry right now? Your answer can be serious or silly. Why did you pick that song lyric?
Maybe The Long and Winding Road, since IG programs require a lot of upfront selling and planning, and must also be continually expanded and reinforced, just like a workplace safety program. And they are evergreen, that is, they should be permanent programs.
Any final words of wisdom for the readers of TDAN.com?
Since data managers mostly manage structured data, and records managers mostly manage unstructured information, the two combined could be a powerful team to launch broader IG initiatives. Reach out and meet your records management team. Try to jointly develop a metadata strategy and your organization will reap tremendous benefits.
Thank you!