Published:
November 06 2009, 03:05 PM
by
Adam Dworkin
We used to write letters. We used to send faxes. Even people actually speaking to each other on the phone have been impacted by email and instant messaging. Anyone who lives even the smallest semblance of a digital life, sending just a few emails to friends, to the folks who are always connected, leave their tracks all over the digital landscape. Nowhere is this more a fact then within companies. The digital footprints users leave behind may present significant risk to an organization.
When people created only physical documents the governance of these pieces of paper presented a relatively simple problem for organizations. What is the document? Are there other copies? How long is it needed? Was it destroyed when it was supposed to be destroyed? If it was needed, it was kept in a file somewhere, either a filing cabinet or even an offsite warehouse. If not, it could have been shredded, or simply discarded. But with all of the different avenues available for people to create digital content, the requirement for organizations to have clearly defined policies and procedures to not only protect their intellectual property, but to provide this content when requested, such as in the event of litigation is paramount.
Users will always be users. Organizations will constantly play the balancing game of managing risk while not impeding the productivity of their user community. This is at the heart of Information Governance. To place simple to follow, but robust in practice rules and retention policies that enable companies to fulfill regulatory compliance and litigation e-discovery requests while not placing an undue burden on the user community. If policies are too difficult for users, or if they perceive them to be a burden, they may attempt to circumvent policies to make things easier, and this exposes the company to risk. The opposite is also true. With policies that do not adequately protect and preserve electronically stored information, then finding and producing this information will be problematic, and the company will be equally at risk.
The ideal environment will automate most of the policies and procedures that govern how information is stored, retained, produced, and ultimately destroyed. Not every aspect of Information Governance can be automated. At many points, decisions need to be made of what is, and what is not a record. These decisions will vary by business type, industry, and the data itself. What does not vary are the methods available to make this a repeatable and predicable process.
I would encourage you to read the rest of the posts available in CA Information Governance blog pages and return often to gain insight into how you can employ this type of solution in your organization.