How important is information governance?

In light of the explosion of content, data and information in the public sector, John Mancini of the Association of Information and Image Management (AIIM) explains why security must be upheld.

Citizens and public sector employees are generating more information, content and data than ever before, and public sector bodies are increasingly using this to help improve service delivery and to help with the move towards a more open style of government. In essence, this means more transparency into the mechanisations of government and, in theory, more accountability for those in power.

But where once upon a time such records were all stored on paper, this is emphatically not the case now. Increasingly, records exist in electronic form. This means that much wider information governance policies are now required to ensure that records are as secure in the digital era as they were previously. They also need to be easily searchable, by public sector employees that may need to check benefit eligibility for example, or for using the data to predict and forecast trends in service take-up.

So the sheer volume of data (along with the insight that can be gleaned from analysing it) and the way it is stored is a major asset across the public sector, but without effective information governance, that data also carries a potentially huge risk. Yet businesses and public sector organisations are, in reality, only paying lip service to information governance in the modern era. Why is this and how can the public sector go about addressing it?

Frequent Data breaches
An AIIM report in December 2015, Information Governance – too important for humans, revealed that more than half of organisations surveyed (US and UK, private and public sector) have had data‑related incidents in the past 12 months. Of these, 16 per cent have suffered an actual data breach. Furthermore, 45 per cent of executives felt that a lack of information governance leaves their organisation wide open to litigation and data protection and 41 per cent of respondents admitted that their email management is  ‘chaotic’.

Worryingly, there are huge volumes of content in most organisations that are not under any form of information governance, retention management or e-discovery. The severity and frequency of data incidents reported in the research has meant that information governance has never had more interest in it. For 28 per cent of organisations, it is very high on the senior management agenda and more than half (53 per cent) have recently launched new information governance initiatives.

The ever-growing amount of data has led to a renewed acknowledgement that using automation is essential for IG. 60 per cent of respondents agree that automation is the only way to keep up with the volumes of electronic content, while 21 per cent are already using automated declaration or classification of records.

What’s behind the lack of interest?
While it would appear from the AIIM research that there is a willingness to embrace information governance, many in the public sector are yet to do so effectively. Cloud and mobile have been hugely impactful on the way that the public sector records, stores, manages and uses information, but there are strong signs that many public sector departments are yet to effectively factor cloud and mobile into their information governance policies.

Although cloud-based content and mobile access are by no means new initiatives for most organisations, this is yet to be reflected in many IG policies. The AIIM research found that information retention, access security and data protection are covered by most respondents’ IG policies, but only 47 per cent cover mobile access and mobile devices, including Bring Your Own Device (39 per cent). Only 36 per cent have specific policies for cloud-based content sharing.

There are also issues with enforcing information governance policies. This was mentioned as the biggest issue for 41 per cent of respondents in the AIIM research, and there were further challenges with getting senior management involved, which is a crucial step in ensuring information governance is treated with the seriousness it deserves.

Tips for effective information governance
The public sector needs a common and over-arching information governance policy to encourage different agencies to collaborate and share data. The government can certainly do more to encourage and facilitate information sharing across the public sector – a central information governance policy for the entire public sector would be very welcome indeed – but there are still measures that can be taken to improve the situation in individual departments, at both a central and local government level.

Team up to make a stronger case – while you need someone to have overall responsibility, creating an information governance team across the business will help improve collective awareness of why it is important. Any team should include representatives from IT, records management and legal.

Highlight the risks – if people knew what could go wrong due to a lack of information governance, they will be far more likely to address any holes in policy. Highlight the risks posed by the types of information that you hold should they be lost or exposed, and make senior management aware of the potential consequences of a breach, especially involving citizen data such as health records.

Draft a fresh information governance policy – these are in constant need of updating to reflect changing work practices and trends within the wider public sector. Focus initial efforts on areas where the content is the most sensitive, but also where there is least governance at present, such as email or mobile.

Automate retention – deciding what to keep and for how long, and what to delete and when, is a significant challenge in public sector information governance. So set retention periods for specific content types and audit ECM system(s), records management system and email archive to ensure that they have retention management switched on.

Make email a priority - AIIM research showed that more than four in 10 executives believed their email management to be chaotic. Email is still the primary communications tool in most public sector departments, so it’s important to get it right. When addressing email management, use value-based criteria to set deletion policies, consider selective archiving using automation, and ensure that the archive is optimised for search, e-discovery and legal hold.

Don’t be afraid to delete out-of-date content – consider running automated metadata correction, de-duplication, and retention policy enforcement across all content systems in order to remove redundant, out-of-date and trivial content, and to improve search capabilities.

Make your documents searchable – scanned documents are common in the public sector, but were often captured at a time when the technology used made them almost unsearchable. For any public sector department with an extensive image archive of scanned documents, recapturing them with modern OCR will not only create enhanced metadata but will also improve the potential for analytics.

Investigate day-forward automated classification – this is particularly relevant for email, process archives and routine inbound content. Furthermore, consider using automation to simplify user filing accuracy, and in effect, automate ongoing compliance.

It is clear that emerging technologies have contributed to an enormous rise in the volume of information stored and managed in the public sector.
This can, and will be, hugely significant in the move towards open government but it is also clear from the results shown in the AIIM survey, that there are some major gaps in many organisations’ information governance policies.

Summing Up
In some cases there is no real policy to speak of, and in many of the policies that do exist, they are lacking in areas such as mobile content and external access. Many struggle to enforce their policies once they are created and face an on-going challenge of getting senior management to face up to the risks posed by ineffective information governance.

But these are all issues that can be addressed. Information governance as a discipline is here to stay and while its increased profile has mostly come from issues such as security breaches, lost mobile devices, and email chaos, it has at least pushed it higher up the public sector agenda then it has been previously. There is a desire to take information governance more seriously in 2016 and it is long overdue.

Further Information
www.aiim.org