BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

The Many Blessings Of Information Governance

Following
This article is more than 8 years old.

By Alejandra Perez and Kelli Clark

WASHINGTON  By now, most companies have figured out what the giants of Silicon Valley have known for more than a decade: the information they control is one of their most valuable assets. But what many have been slower to realize is that if not properly managed, that same information can also be a source of enormous risk. To manage that risk—and to maximize the value of their data—a growing number of companies are beginning to focus on information governance.

Information governance is somewhat of a buzzword in the world of litigation support and e-discovery. The term was added to the Electronic Discovery Reference Model (EDRM) last year, and legal technology buffs recognize it as an extension of the EDRM: a holistic, enterprise-wide framework for data management, risk mitigation and business use and efficiency.

There are a number of ways that a strong information governance program can streamline the e-discovery process: potentially relevant data is easier to locate within the enterprise and data sets are more manageable as a result of defensible disposition processes. However, when properly implemented, the value of information governance extends far beyond streamlining e-discovery. Companies that take a truly holistic approach to managing their information find that not only are they better prepared for litigation and investigations, but they are better positioned to address other risks and capitalize on opportunities that their large tranches of data present. Here are a few ways to make the most of your information governance program:

Proactive Monitoring for Compliance and Risk Management

Today’s corporate environment is a maze of regulations and security risks.  Companies that fail to comply face fines, litigation, damaged reputations, and enormous remediation expenses. Some organizations have turned to information governance solutions in compliance settings to proactively monitor for signs of trouble: ethical violations, disclosure of trade secrets, FCPA violations, data breaches, and more.

In the same way that predictive coding technologies are “trained” to identify data that is relevant to a litigation or investigation, these tools can be trained to look for communication that could be an indicator of regulatory or ethical violations, fraud, or other criminal behavior. Analytics tools like sentiment analysis can even categorize data based on subjective factors like the attitude or emotional state of the creator.

Business Efficiency and Data Mining for Business Intelligence

Good information governance makes good business sense. Companies that organize their data properly and make it available to the right people improve their efficiency—not only in compliance and e-discovery efforts, but in the way they manage their business. Some corporations aren’t just stopping at efficiency; they are taking things a step further and leveraging analytics solutions to mine data for business intelligence.

By applying machine learning to voluminous and diverse data, companies get a better view of their own internal processes, how their products and services are viewed in the market, how customer loyalty is generated, and more. This information allows business leaders to make informed and strategic decisions, and even automate processes that previously required human input. One of the largest US health insurers has begun using a platform that was trained via machine learning to automate responses to authorization for treatment requests. The new system has reduced patient wait times for treatment from 72 hours to nearly real-time for a large percentage of requests.

Cybersecurity

It should come as no surprise that good information governance also serves as a foundation for good information security. The very first measure called for in the “NIST Cybersecurity Framework”—the US government’s primary cybersecurity guidance to the private sector—is asset management. This involves identifying and cataloguing all the information systems that an organization relies upon, determining which are most important or most sensitive, and reviewing who within the organization has access to what. As it turns out, not only is well-organized corporate data easier to sift through for those who need to review it, it is also easier to protect from those who shouldn’t have access.

A comprehensive review of a company’s digital assets is also the first step in identifying which information is most important to protect. Organizations that have not undergone such a review often apply the same protections across their entire network, rather than taking additional steps to safeguard their “Crown Jewels.” Information governance policies can help provide a clear picture of what information is on a network and what requires the most protection.

So what does a company need to do to realize these benefits? It has as much to do with changes in employee behavior as it does with technology. Creating sound policies around data use and storage, adopting those policies and enforcing them are just as important as deploying sophisticated technical solutions. Any organization looking to reap the benefits of information governance must first focus on its end goals. Not only will this create ownership stakes in the plan across the organization, but it will also help ensure that plan has the desired effect. Whether a company wants to use its information governance program to limit risk of fraud and corruption, maximize business intelligence or improve data security, identifying those objectives at the outset and getting employees to buy into them will help ensure better outcomes.

Alejandra Perez and Kelli Clark are both managing directors in the technology practice at Control Risks, the global risk consultancy.