The Convergence of

IT, Legal and Records Managers to

Address Unstructured Data

GOVERNING THE CHAOS

The challenges associated with managing data have multiplied by previously-

unfathomable degrees in recent years. Prior to the ubiquitous utilization of

computers and mobile devices, physical records were the only form of data most

organizations dedicated any resources toward organizing. With more legislative

attention to data privacy and enacted compliance regulations, such as the Data

Protection Directive (EU, 1995), HIPAA/HITECH (U.S., 1996) and Sarbanes-

Oxley (U.S., 2002), there were stringent standards organizations must meet or

be subject to fines and other penalties.

A common view of data asserts

that physical and digital assets are

two very distinct entities, but in

terms of compliance and business

continuity, the two formats should

be considered equally valuable.

Why? The laws that govern the

management of physical records

and digital data are the same, so

the real “data distinction” should be

whether it is managed or

unmanaged, irrespective of format.

That said, most unmanaged data

rests on the digital side for two

very clear reasons.

Today, organizations of all

kinds must adhere to

numerous compliance

regulations across industries

and around the world when

managing both physical and

digital data.

First, understanding and adhering to privacy and data compliance

regulations is a relatively new job description for IT managers. Secondly,

digital data is expanding at a rate that outpaces the speed at which IT

practitioners are becoming compliance experts… As a result, Information

Governance (IG) practices pertaining to digital data are still largely

undefined and difficult to enforce.

The rate of unstructured data

growth per year:

62%

Perhaps the most perplexing and pressing challenge related to IG is

governing unstructured data, which is not found within an organized

database. Unstructured data typically includes Word documents,

PowerPoint presentations, PDFs, media text files, emails, audio files and

images. According to reports from IDG and Gartner, unstructured data is

growing at a rate of 62 percent per year, and by 2022, 93 percent of digital

data will be unstructured.

Information Governance policies are still trying to catch up with unstructured

data in many companies, and creating effective policies requires the three

groups responsible for IG strategy—records managers, IT and legal—to come

to the same table and create rules and processes that reduce, classify and

organize it in a manner that easily integrates into the workflow of business

users. Accomplishing this goal will promote easier buy-in and create an

organizational culture with IG adherence in its DNA.

Further complicating the issue is that this data is often created and saved over a

multitude of repositories like ECM systems, shared drives, desktops, cloud

environments, etc.

Records

ManagersLegalI.T.

Understanding the Policy Makers

Records managers, IT and legal perform very different functions and approach

data management with distinct priorities, based on how that data impacts their

department. For Information Governance cooperation between the three to succeed, it is important to better understand each other’s point of view.

Records ManagersPartly due to the changes in the nature of records

themselves, the traditional role of a records manager

(RM) has changed dramatically in recent years. No

longer are RMs admins who reside solely over paper

documents. Instead, they are well-versed in the

intersection of physical and digital data, and their

expertise is vital in creating IG initiatives because the

same rules and regulations apply to both. IT

professionals don’t often have a “rules and regulations”

background, so records managers can offer critical

insight into more effective governance over all data.

IT departments are faced with a universal dilemma: space and security.

Given the expanse of data, it’s no surprise that companies are strapped for

storage. Further, unstructured data has limited rules around classification,

Beyond the space requirements, holding on to unnecessary

information poses a greater security risk. All companies are

open to potential security breaches and the possibility of

sensitive information being leaked or stolen. Limiting the

amount of content that can be hacked through proper IG can

minimize the impact if a breach were to occur.

I.T. Practitioners

storage and retention, so IT practitioners would

rather purchase more space than to accidentally

clear out swaths of data that could place the

organization out of compliance. While cloud storage is

relatively inexpensive, the savings are quickly

overcome by the increased amount of data they need

to store. Because IT is concerned with deleting the

wrong data, documents that have outlived their

usefulness remain on the system, serving no other

purpose than taking up valuable space. Additionally,

retaining certain types of data beyond their legal hold

can also place organizations outside of compliance.

The ever-expanding and often complicated nature of

compliance regulations and global consumer privacy laws

have required organizations that weren’t concerned about

data management to make it a priority. As a result, the

relationship between legal and RMs—and now IT—has

Legal

become a necessity to avoid fines,

lawsuits and inefficiencies. It is their

responsibility to be aware of current

compliance regulations and keep an eye

out for new laws that could impact

data management. Legal is also

required to track information for

discovery and e-discovery purposes.

Retaining unnecessary information

opens up documents to more legal holds

and contributes to the problem of

needing more space to store the

information should it become necessary

for a trial.

Bringing Information Experts Together

Records managers, IT and legal perform The old theory was that once a record

was created, it could never be changed; today, the only constant around data is

change. In the digital world, documents can be resaved and transported easily and

quickly. New regulations are continuously emerging and existing ones are

frequently amended, making compliance increasingly challenging. With so many

moving parts, information experts must work together and speak the same

language to achieve the common goal of successful Information Governance.

different functions and approach data management with distinct priorities, based on

how that data impacts their department. For Information Governance cooperation

between the three to succeed, it is important to better understand each other’s

point of view.

Records managers, IT and legal all have a

stake in the outcome of better governing

information for an organization. Each is

experienced in managing data and

information, but approaches it from a

different point of view. The collaboration of

these three groups is the best way to solve

the unstructured data challenge.

With so many

moving parts,

information experts

must work together

What Each Role Brings to the Table

Records managers are expertly aware of the damaging impact

mismanaged data can have on the business. Because records

managers understand the importance of security and

infrastructure that IT practitioners value and are fluent in legal

issues, such as compliance and discovery, they are the most

qualified to bring IT and legal into the IG discussion.

When collaborating on IG strategies, IT can offer critical insight

into storage capacity, how to best protect data and the impact

unstructured data can have on security and infrastructure cost.

Perhaps the most important bit of information IT can assist with is

determining which departments are creating the most

unstructured data and help determine ways to proactively reduce

that amount.

In creating new IG initiatives, the legal department is best suited

to impact rules and processes by offering guidance based on

what may or may not put an organization outside of compliance.

Additionally, their expertise is crucial in determining which IG

strategies require an update. As mentioned, laws change and

new laws are introduced, and being ahead of new regulations that

impact how data is managed is key to avoiding non-compliance.

Understanding Unstructured Data’s Impact on Information Governance

The goal of Information Governance is to prevent

organizational assets from becoming a risk through lack of

compliance, resulting in legal fees and other burdens.

According to Gartner, IG is “the specification of decision rights

and an accountability framework to encourage desirable

behavior in the valuation, creation, storage, use, archival and

deletion of information. It includes the processes, roles,

standards and metrics that ensure the effective and efficient

use of information in enabling an organization to achieve its

goals.”

In short, Information Governance is the process for better

managing information – in both physical and digital forms –

through its entire lifecycle, which is no easy task, when

examining how quickly information expands today. Consider

this: as much information is created every two days than was

created from the dawn of civilization through 2003, according

to Google’s Eric Schmidt. Add to the mix that so much of this

data is unstructured that isn’t properly classified or secured,

and you have a ticking time bomb of risk inside your database.

valuation

creation

storage

use

archival

deletion

Impact of Unstructured Data

With most businesses’ data doubling almost every two years, and

much of it being created in a multitude of repositories, it is exponentially

more difficult for organizations to properly govern information. About 90

percent of information created and used by an organization is

unstructured data, according to IDC. The vast amount of unstructured

data makes it even more challenging to keep up with compliance

regulations. The nature of unstructured data makes it is difficult to

structure and categorize the information to logically apply rules.

As the recent Sony data breach illustrated, organizations are often

unaware of where sensitive data resides, and are putting themselves at

risk by having no effective structure to find them. Unstructured data is

also expensive. In 2011, the Ponemon Institute identified “an average

cost of $2.1 million per year to organizations who fail to properly

manage their corporate intellectual capital.”

Typically, business users are asked to categorize unstructured data

themselves. This exercise results in varied accuracy and prompts the

need for a smarter, better way to start the structuring process. Because

the same rules apply to both digital and physical records, there is an

opportunity for different groups – each experienced in information

management – to combine approaches to implement governance.

IG Initiatives with the Business User in Mind

Business users and C-Level both desire efficiency and productivity, so it is critical

that IG implementations impacting unstructured data do not make everyday

tasks more cumbersome or they run the risk of being ignored. Very often,

employees will find a work-around that allows them to do what they need to do in

a way that does not disrupt workflow. Initiatives also need to incorporate input

from those who will be responsible for the early stages of data management.

1

document, it is critical to embed data regarding its purpose, location and

lifecycle. Systems that allow business users to input that information in an easy,

intuitive manner—through simple drop-downs, for example—will ensure that

other stakeholders have the necessary information to determine where data is

and when it needs to be removed.

Make the Process Simple and Intuitive

The goal is to increase the probability of IG success, and creating

applications that are simple and quick to implement is key. Upfront

metadata encoding is a perfect example of how organizations can

manage data without compromising efficiency. When creating a new \

2

3

Offer Email Alternatives

Emails represent the most challenging form of unstructured data,

as they often contain critical information that is back and forth and

take up sizable storage space. Instant message tools, for

example, can give business users an even quicker way to getting

information they need, while drastically reducing internal emails.

File, synch and share systems, with enterprise grade security,

allow business users to securely collaborate without sending large

files via email.

Better Communicate Data Policies

Very often, business users may inadvertently contribute to the

mismanagement of data for fear of making a mistake. For

example, legal matters require organizations to put a hold on

deleting emails or other files that contain information relating to a

current or pending case. Because of the consequences business

users face for accidentally deleting a piece of discovery, they are

more likely to stop deleting emails altogether. Further, the end of

legal holds are often not communicated to employees who

continue to retain almost all emails. With better communication

and defined parameters about legal holds, the amount of saved

emails can be reduced.

4

Request and Incorporate Input

One of the best ways to get voluntary buy-in for IG policies from

business users is to gain input from those creating unstructured

data. Get a better understanding of why they create, file,

delete/not delete data. Examine the pros and cons of potential

processes, and create an environment where supporting IG is part

of the corporate DNA. Not all rules can be created with every

need in mind, but if employees don’t feel like they’re a part of the

process or that rules are created without their day-to-day in mind,

IG plans simply will not succeed.

The expanse of unstructured

data continues with no sign of

stopping, and forward-thinking

organizations are pooling the

expertise of records managers,

IT and legal to institute IG

initiatives that are not only

supported by business users,

but are maintained with very little

additional effort.

Future of Unstructured Data

In the age of Big Data, the need to wrangle, measure and make sense of

information is critical for businesses to gain a competitive advantage. In

a 2012 Forrester study, 70 percent of respondents said that Big Data is

or will be a collaborative effort between business and IT. Emerging

technologies make it easier for IT departments to quickly and efficiently

manage data in all its forms. Working with records managers and legal

departments, IT can have the information necessary to create processes

that manage information instead of simply storing it.

Information Governance’s role will become more critical as the

expansion of data continues. Likewise, there is no reason to believe that

global and industry-based privacy laws will become less prevalent any

time soon. The costs associated with lax IG practices (fines, legal costs,

loss of business, etc.) will only continue to increase.

The task of managing and governing unstructured data will

grow more complicated for organizations of all sizes and

industries. Businesses that bring all three information expert

groups together – records managers, IT and legal

departments – and create an environment that promotes

collaboration between them will have greater success in

creating and implementing effective governance strategies.

To learn how Recall can help solve your Information Governance challenges

CLICK HERE