Information Governance Gets Respect
Cruz thinks that companies need to have policies about acceptable use of communication channels, particularly social media. One multinational bank, for example, bans employees from using Snapchat. It is grounds for termination. He also knows of at least one case where a tweet, probably considered as completely innocent and non-controversial by the tweeter, was construed as advertising. Another problem area is posting something to Facebook that contains non-public information that legally cannot be disclosed. Blog posts could also reveal information that is non-public. The policy should be tool neutral and spell out the exact definition of non-public, material information. It should also address the protection of intellectual property.
One difficulty with the proliferation of communication channels is distinguishing between business and personal usage. This may not be immediately obvious to younger employees. They don’t always see a dividing line. That makes creating a policy to explain it to them extremely important. They need to know when a tweet, Facebook status update, LinkedIn comment, blog post, or Instagram post could actually create risk for their employer. Cruz is encouraged, however, when he sees millennials recognizing that data and records belong to their employers.
Policies that were written before the emergence of all these new communication channels need to be revisited and rewritten, probably on a regular basis. Policies may need to be specific to the job role, Cruz says. Perhaps the sales staff can use Skype for business purposes but not turn on the video camera. Perhaps interactions on social media need to be reviewed before they are uploaded. Perhaps some types of messaging are blocked completely. It’s important the policy statements not be too stringent. This can have the effect of encouraging non-compliance. Policies should “help people do their jobs with the structure of the policy.”
Gluing It All Together
Actiance, says Cruz, can “glue communication channels together.” The necessity to capture information from multiple channels and possibly millions of transactions can overwhelm the system if not done properly. Information governance, then, is not simply about documents, spreadsheets, and presentation slides. It’s conversations. And it’s conversations that could occur anywhere. “Data is nomadic,” he says, “it doesn’t want to live in a single location.”
Unique to Actiance, according to Cruz, is the ability to capture conversations. It can take a snapshot of, for example, a series of tweets from a particular individual, the entire thread of a Twitter conversation, all the tweets of a person on a specific day, or who was on Twitter that day. It can also see what’s been changed or deleted. All this conversation data is sent to an archive with the format intact.
Keeping context is necessary. Archiving conversations by converting to text messages disassociated from the thread is not very helpful, since the context of the conversation is lost. Indexing has to be robust so that it can understand all the various communication channels and meld them together, says Cruz.
Best Practices
Cruz’s take on best practices revolves around the notion that information governance involves not only traditional content but also newer communication channels.
His first point is that information is all over the place. This results in both increased value and increased risk. It’s a business fact that “content containing business records or sensitive information can be anywhere, including the cloud.”
Secondly, there’s a real need for policies to be up to date. With new communication channels coming into favor (and falling out of favor), policies should be reviewed on a regular basis. Now that waiters take orders on iPads and no one uses quill pens, why would your information governance policy that was written 10 years ago still be useful? The same holds true for retention policies. Are they still valid in today’s world?
Training is the third best practice. Companies should involve employees when designing training so that it is tailored to their actual needs. Training should evolve as new technologies for communication appear.
Closely related to training is his fourth best practice, that information governance tools should be designed for today’s communications.
Finally, Cruz stresses cross-functional involvement. If a policy is going to be successful, if information governance rules are going to be adhered to, then buy-in from multiple departments within the enterprise is necessary. Collaboration is now standard in most organization and blocking the use of collaborative tools is a strategy designed to fail.
Controlling Respect
If central command and control doesn’t work for information governance for the modern workforce, who have multiple devices and multiple communication tools, then what does? Everteam and Actiance, I think, both recognize that sometimes you simply have to be forceful and say that certain activities are not permitted. At the same time, you should be encouraging employees to explore new technologies that could add value to information and benefit the company.
But information governance goes well beyond policy statements. It’s about more efficient use of technology so that information that needs to be preserved is preserved in the proper way, for the proper time period. It means engaging employees so that they feel they have a role to play in the information governance arena. It means following through so that retention schedules are not just promulgated but actually put into practice.
The stakes are higher than ever. Regulated industries have long been subject to certain strictures, but now the regulators are demanding more oversight. Non-regulated industries are also coming under more scrutiny. Information governance may not be the sexiest topic around, but it is getting more respect—and that’s a good thing.