Board Inertia Needs To Be Tackled To Meet Compliance Challenges

John Mancini, President & CEO, AIIM
644
1100
210

John Mancini, President & CEO, AIIM

AIIM’s recent research—Automating Information Governance—Assuring Compliance— shows data leaks and security breaches have pushed information governance and compliance up the corporate agenda, due to rising concern about excess litigation costs, loss of intellectual property and damage to reputation.

Metadata, after all, has become an issue for front-page news thanks to the Snowden revelations—as has the right to privacy of heads of state as much as individual citizens. The issue of information and its correct handling and auditing for compliance has come to the fore.

But what is happening in enterprises to deal with these issues? The reality: next to nothing. A mere 10 percent of respondents in our global sample confirmed they had an information governance policy in place and 21 percent say they have such a policy in place, but it’s being regularly flouted.

Why? Because the volume, velocity and variety of information corporations have to deal with is making it virtually impossible to maintain metadata. On the whole, organizations are stabilising the volume of paper records, while the mountain of the electronic variety are “increasing rapidly” in 68 percent of organizations surveyed. 32 percent reported an actual decrease in their paper records, but not one respondent could report a decrease in electronic records.

With only 12 percent of our sample confident they only ever store what they are required to, 43 percent said that automated classification was the only way to keep up with rapidly increasing information volumes. Furthermore, a mere 14 percent are using automated ways to do this, although a further 35 percent have immediate plans to do so.

"The need to maintain the trust of customers has brought the realisation that many types of content and information need to be governed at all stages in the lifecycle"

Why are we behind with metadata automation?
The problem is, automation is clearly already a critical requirement. The need is clear—to ease the burden on the security team. The benefits of automated classification are evident, too: according to our research participants, they include improved ability to find requested information (48 percent), higher productivity (29 percent) and sounder approaches to compliance work (29 percent).

To be successful, automation of metadata tracking needs to go hand in hand with a comprehensive information governance policy, including a regular audit for compliance.

Creating a comprehensive information governance policy can be a major task, with the keys to success being senior management endorsement and staff engagement. If that wasn’t already hard enough, the events of the past twelve months in terms of revelations about security and surveillance have also added a factor: legal requirements to keep safe custody of sensitive data. The need to maintain the trust of customers, has brought the realisation that many types of content and information need to be governed at all stages in the lifecycle from creation to deletion— but it’s not always crystal clear what that is or should be.

Too many ‘works in progress’
That makes a coherent, sensible information governance policy a necessity. But getting senior level endorsement and involvement is the biggest issue in creating an information governance policy. Plus, we have seen that, despite initial good intent in creating information governance policies, many teams are somewhat limited in scope. There is generally very poor follow through with training, audit and enforcement and this lack of support that can lead to these good intentions withering on the vine.

This leaves many organizations at risk. For 55 percent, information governance policy is very much a workin- progress. Of those who have information governance at least in rough outline, only 19 percent regularly audit for compliance, 40 percent of organizations do not allocate any staff time to educate them in such policies, and maybe worst of all, only four percent specifically update senior management on what’s happening with this crucial aspect of doing business in the 21st century.

We all know it’s too much to expect users to be diligent in following policies, especially given rapidly increasing volumes of content. That’s why automated tagging, metadata correction and records classification are so key. Early adopters of this approach we talked to seem to be having success with the technology; a view is emerging that this is the only way to demonstrate compliance, reduce litigation risk—and may be the only chance to have some sort of check on the rapidly growing volumes of stored content.

Time to step up to the metadata plate
A strategy of rules-based metadata application and back-file correction may well be businesses’ best friend when it comes to the growing challenges around security validation, compliance audit, retention management, and improved search—at scale.

Getting metadata handling right could protect businesses. Now is the time to get started on that.

Read Also

Avoid Non-Compliance by Getting Your SSH Keys under Control

Fouad Khalil, Director of Compliance, SSH Communications Security

Leveraging Compliance to Your Advantage

Mark Bloom, Global CIO, Aegon [NYSE: AEG]

Chief Compliance Officers And Cyber Security: A Match Made in the Boardroom

Robert Garretson, GM, Governance Strategy, United States Steel Corporation

Five Key Information Governance and Risk Management Trends for 2017

Joe Garber, VP-Marketing, HPE Information Management & Governance, Hewlett Packard Enterprise