Data Protection Guide

Update: This text was compiled almost a year before GDPR was signed. But it cpontains teminology relevant in the GDPR.

Overview

Data protection laws exist to strike a balance between the rights of individuals to privacy and the ability of organisations to use data for the purposes of their business. The (UK) Data Protection Act 1984 introduced basic rules of registration for users of data and rights of access to that data for the individuals to which it related. These rules and rights were revised and superseded by the Data Protection Act 1998 which came into force on 1st March 2000. This Guide explains what you should know about data protection under the Data Protection Act 1998 (‘the Act’). Continue reading “Data Protection Guide”

Enterprise Content Management is not Information Governance

Enterprise Content Management is not Information Governance

Quite a lot is written these days about information management and information governance. Analysts are predicting that effective information management and governance can be a game changer for enterprises.

BUt. Doesn’t this sound a lot like Enterprise Content Management, or ECM?  Aren’t there already plenty of successful vendors, ECM installations, and ECM strategies at work across companies at all levels, for many years now?

ECM and IG are not the same

In the world of enterprise content management, everything hangs on one single principle: that each document is unique, serves a defined purpose, and is therefore managed.

ECM is critical to regulated industries such as pharmaceutical, where even the specific revisions of drug labels must be managed and ECM solutions provide reliable, defensible tools.  ECM aids companies who regularly develop collaterals, training materials, as well as mundane activities like tracking contracts, document revisions, and so on.

This is not information governance, however – nor is it information management as the world is beginning to understand it.   The ECM world already assumes a one-to-one relationship, which is why ECM has never proven to be a solution for information governance.

Information management and governance – the one-to-many conundrum

One to Many
One to Many

In the information governance world, the rule of thumb is one-to-many.  And this is driven largely by email!

Email by its nature is repetitive:  even email archiving systems cannot and should not eliminate duplication.

In cases where an author sends the same document attachment to multiple recipients, logically all copies point back to the same central document. But as that document moves outside the organization, gets multiplied, is commented upon, and becomes the foundation for an email dialogue, the same information will be repeated and multiplied to make the matters worse.

Information governance has to go beyond the notion of identifying a single document or item and then tracking all revisions.  In the case of email, these revisions are derivatives in branches – in other words, conversations.  An ECM management solution can’t handle this situation, at least not easily.

Managed per content vs. managed per value

Another way to look at ECM is to look at how information is managed. ECM manages based on content:  what’s in a document determines how it and any documents that relate to it are managed. This is how revisioning for example works: inside each revision only changed content is stored not the whole document.

In the information governance world, there are simply too many variables.  Going beyond mere duplication, there is also the challenge that content simply “comes into” an organization via email and then forms the basis for other content.  The process is random.

The key to information governance is understanding the value of content and then applying management.

This is exactly and also is what Big-Data is all about: value of the whole content. Content (aka Information aka Data)  Value has been elusive, but think-groups like the Information Governance Initiative have begun to identify how companies are being successful in valuing information, (often by using Big-Data platforms).  Often, the mere age of the information is a measure of its value:  email is transient by nature, and unless mail refers to a specific subject that is managed differently (example, emails discussing pharma/client relationships at bio-tech institutions), its value decreases as it ages and it ultimately becomes worthless. And toxic as IT Regulators are very keen you don’t store but dump old information.  Companies have successfully ascribed any pre-determined aging to such documents and, as they are covered by legal holds or compliance regulations, delete them after a defined period.

Modern enterprise needs both ECM and IG

Is this really true for each and every mid to large Enterprise? The answer is probably yes, but it is easier to answer whether or not they need enterprise content management (ECM) first.

There are a number of ways to handle content within an organization, and solutions regularly overlap.  Multi-disciplinary solutions like SAP and Oracle provide content management as well as enterprise resource management, routing, tracking, programmatic responses, and the like.  Rarely do they provide information governance for unstructured information like emails, and in cases where they do, that email is often associated with other content.

Information governance (IG), on the other hand, first and foremost requires mature organization with mature and repeatable governance in place.

On the implementation level, IG can be simply an archiving solution:  capture and preserve email to satisfy regulations and later search and discovery.  At its most granular (read: complex) level, IG implementation can, similar to ECM, play a role in identifying unstructured content, categorizing it, and applying very company and content-specific management rules.

Companies need both for different reasons.  Companies usually need ECM platform, because the particular type of information being managed is critical to their business.

Companies need information governance, on the other hand, because there is too much unmanaged and unstructured information flowing throughout their organizations.  Without management, they are unable to mine any potential insights from that information.  Without management, they are also unable to mitigate any risks that information may pose. And this is one very critical driver becoming obvious as from 2015 Q1.  Information can and will become toxic just as any other waste: if dumped anywhere it will develop its toxicity through time. As any “big bank” knows by now, for example. On the other hand if old and stale information, is classified and incinerated it will be safely disposed of.

And make no mistake: informations protection regulators are already here.

By Dave Hunt ]