In last month’s article we started on the first of The Four “Ws” of Information Governance which are:
What are your information assets?Where are they located?
When can you dispose of them?
Who manages them and has access to them?
Once you have identified your Information Assets the next logical step is to document exactly where they are. I know what you’re thinking; “Why do I need to document where I keep my stuff? I know how to find it!” Therein lies the point – YOU know how to find it. What about everyone else? Do they use your “organizational system?” If not, what happens if you leave? Retirement is still a possibility for many people or there is always the proverbial Beer Truck (God forbid!) running over you at some point in your career. Nothing illustrates Unstructured Data more than having to search someone else’s shared drive to find something you need quickly.
Succession planning is a critical component of Information Governance. Knowing what you have and where it is located is vital to doing Business. It may be true that you’ve been doing it this way for 30 years, but somebody has to pick up the pieces and carry on if you’re not there for whatever reason. It is worth mentioning that overcoming a reluctance to sharing knowledge is a common theme when you’re going through this process. I’ve found that most people are more then willing to share what they know, developing several techniques to encourage that is a good skill to have.
Now how do you go about documenting where your organization’s information assets are? It’s not pretty. Arm yourself with the Records Schedule created in the previous step and set out to meet with each of the Steering Committee members individually to review it and document precisely where each of them are. What you wind up with from this exercise is a Data Map.
Data Maps have a number of uses; Information Technology can find it helpful for Application and Infrastructure Management, Records Management will use it for Disposition and to understand the sources of Personally Identifiable Information within the system and Legal or Compliance can use it to understand the sources of Intellectual Property or Corporate Confidential data. In the United States, another legal reason for a Data Map can be found in the Federal Rules of Civil Procedure (FRCP). FRCP 26F, Duty to Disclose speaks to this in the Initial Disclosure (IAii); “a copy—or a description by category and location—of all documents, electronically stored information, and tangible things that the disclosing party has in its possession, custody, or control and may use to support its claims or defenses, unless the use would be solely for impeachment;”
To understand the urgency of going through this exercise, we need to look no further than the same FRCP. Section IC states:
“Time for Initial Disclosures—In General. A party must make the initial disclosures at or within 14 days after the parties’ Rule 26(f) conference unless a different time is set by stipulation or court order, or unless a party objects during the conference that initial disclosures are not appropriate in this action and states the objection in the proposed discovery plan.”
Here’s where I ask the question – can you produce a Data Map of your infrastructure in 14 days? Unless you are a very small organization, my experience says it is highly unlikely which is why I recommend you start immediately if not sooner. Now for some good news and some bad news: Technology has progressed to the point where there are a number of tools that can help you build this Data Map. There are a number of applications that will search and identify a good portion of the records you are looking for. There are also a number of applications that can interactively maintain the Data Map. The bad news is that you will still need to go through the interview process I’ve described to validate what these applications find or find what they don’t. It may be a shorter process, but you’ll still need to do it.
Next article we’ll discuss the Disposition process.