Mazda Gala 2008 TorontoWhile governing my information (yep, cleaning up old email and files), I came across one of my early white papers on Information Governance, from 2010:  The Information Governance C Change. It can be cringe-inducing to revisit old material, but this piece seems as valid today as five years ago:

“Companies are awash in an ocean of data. E-mail servers are overflowing, troves of legacy data and documents are accumulating, rogue IT is proliferating, and social media and other Web 2.0 usage is seeping into the workplace. These same companies are also experiencing a sea change in their information compliance environment. E-discovery costs and exposures continue to mount, while courts’ expectations are escalating for compliant preservation, collection, and production of ESI. And new laws and regulations are expanding the reach of information privacy and security requirements to a broader range of entities and business operations.

There is a ray of sunshine in this stormy weather — more than ever before, companies are now compelled to recognize that they are in the information business, and that managing their information is a business and compliance priority of the first order. Information must, and indeed can, be managed in a way that confronts the exposures above and also creates business efficiency and value.”

My, how times haven’t changed. And the information environment has become even more daunting, driven by such disruptive trends as cloud computing, big data analytics, mobile technologies, and the Internet of Things.

Sure, progress has been made in defining what Information Governance means. One can quibble over the semantics of Garner’s initial definition that emerged in 2010, the 2013 definition from The Sedona Conference Commentary on Information Governance, or the 2014 definition proffered by the Information Governance Initiative, among others, but the gist is the same: in a challenging, turbulent information environment, Information Governance is the organization’s holistic, integrated approach to satisfying information compliance requirements and controlling risks and costs while maximizing information value.

Nothing in this definition equates Information Governance with a software solution. And that’s the challenge – keeping clear on the difference between the governance perspective and process, and on the other hand, technology tools that may help the process.

Clarity on this distinction is hard to maintain. A Google search for “Information Governance Tools” yields more than 23 million hits, linking to a multitude of vendors offering Information Governance technology solutions. But no technology tool can provide the essence of Information Governance, which is a holistic perspective on information value, compliance, risk, and cost, applied by the organization through an integrated governance process. The tool can’t supply the perspective.  And the tool shouldn’t define the governance process – it should be selected and used to serve that process.

This is not a diatribe about the vendor community – far from it. Any reputable technology vendor will be the first to tell the organization that it needs to understand what it wants to accomplish, and should express that understanding in selection requirements.

Instead, it is the organization’s responsibility to keep things in proper order: Information Governance perspective, then governance process, then selection requirements, and then (and only then) technology tools. Otherwise, a tool is allowed to define the problem and the solution – like the handyman with only a hammer, for whom every problem is a nail.