Governance gaps

Research reveals gaps in information governance practices as companies admit shortfalls in policies, and over reliance on individuals to manage their own information.

  • Monday, 18th November 2013 Posted 11 years ago in by Phil Alsop

Recommind, a leader in unstructured data management, analysis and governance technology, has released the findings of independent research into policies adopted for Information Governance (IG) in the United Kingdom. Designed to discover what companies are actually doing to govern their growing data reserves, the research has shown that even among companies with IG policies in policies, in many cases they are less than robust.
Information Governance is a cross-departmental approach to optimising the value of information, while simultaneously managing associated risks and costs. With companies holding on average 63.8 petabytes of data, 41% of which was created in the last two years, IG has never been more important to reduce risk and find value in information. In the UK 75% of organisations claim to have a policy in place to manage their data but only 66% claim that their policies proactively serve to mitigate risks such as fraud, litigation, regulation and compliance.


Furthermore, 49% of organisations rely on end users to manage their own information. While companies clearly understand the necessity of an IG policy and the risks posed by their information, many are over-reliant on employees to manage their own data. By leaving the management of data to employees, businesses cannot tackle the issue head-on to proactively reduce risk.


Dean Gonsowski, global head of information governance at Recommind, comments, “It is this over-reliance on custodian-based governance that is giving organisations a false sense of security. While it’s positive that organisations recognize the need for information governance, many are still not taking the requisite steps to truly govern their information in a proactive manner. In fact, many are still in the dark about governance and don’t even have a full sense of the data deluge they are currently facing. While firms such as J.P Morgan and HSBC are planning to spend billions of pounds and commit thousands of extra employees to aid their compliance efforts, this approach is largely reactive and still prone to human error and mistakes.”


Of the organisations surveyed, only 24% know how much data their company holds and it takes on average three hours for employees to retrieve specific information – this is before they are even able to begin managing and analysing this data, as well as understand the risk it holds.


Gonsowski adds, “Systems and tools are now available that can drive auto-categorization of data coherently and comprehensively, removing reliance on individuals and eliminating the inherent inefficiencies. These technologies tackle large data volumes across systems and geographies, examining unstructured as well as structured data, all while giving companies better precision and recall. Enterprises are increasingly turning to data management tools and services that provide rapid indexing, search, and granular categorization capabilities to ensure measureable information governance.”


With only 10% of the businesses surveyed stating that deleting data will be a priority in 2014, the exponential increase in data is set to continue. In contrast, 44% of organisations are prioritising Big Data analytics in 2014. However, this will be difficult to achieve as businesses will be buried in information as a result of keeping too much data, which will not only make it more difficult for businesses to extract value, but will also increase risk, IT headaches and wasted time for employees, as well as contributing to spiralling litigation costs.


Attorney David Horrigan, an information governance analyst at 451 Research suggests, “As businesses store and hold more information across different systems, platforms and jurisdictions, they are leaving themselves open to legal liability and business risk. There is a massive gulf between what companies are doing and what they should be doing in order to keep their data safe, yet accessible. Businesses must move to an automated process that manages all enterprise information and ensures the right data – and only the right data – is kept for legal, regulatory and business requirements.”


Horrigan concludes, “Not having a proactive IG policy leaves companies open to substantial fines, litigation risk, security breaches and compliance issues. This research shows that there are still too many organizations exposed to these unnecessary risks. Robust information governance principles, supported by proven technology, can help alleviate these concerns and increase efficiency, saving time, money and resources.”


In a similar study conducted in the US, Recommind found that 58% of businesses claim to have an IG policy, but 64% say their practices are only ‘somewhat effective’ and over half (52%) rely on end users to manage their own data. Other key findings included:
· 82% of US organisations agreed that some form of auto-categorisation and tagging of data is a key component of effective information governance
· 86% agreed that auto-categorisation needs to be based on content not just keywords
· 86% agreed that a robust IG programme would reduce eDiscovery risks, and 73% said it would reduce eDiscovery costs
· 55% thought that a robust IG programme would reduce the amount of organisational data