31/03/2015

By John Culkin, Director of Information Management, Crown Records Management

The digital universe, according to research by IT giant EMC, is doubling in size every two years – and by 2020 the data created and copied annually is predicted to reach 44 trillion gigabytes. So who exactly should be in charge of all that information?

To put those figures in perspective, it amounts to more than five terabytes of data stored locally or in the cloud for every single man, woman and child on the planet. Enough for 88,400 hours of music for each person, 1.6 million photographs or 1,300 movies.

It is, without doubt, an information revolution that demands new ways of working and governance.

We are now 10 years on from Randolph Kahn’s ground-breaking white paper Records Management Redefined: From the backroom to the boardroom which foresaw the effect that data explosion would have upon the records management industry. But already his assessment needs updating.

There is now so much data that while it is undoubtedly on the agenda in boardrooms (with huge fines for data breaches focusing everyone’s attention), it actually resides in every room in every business – demanding a holistic approach that was unnecessary little more than a decade ago.

There have been two traditional ways of answering the thorny question of ‘Who is responsible for information’ in the past.

1 The CEO or CIO

Someone at the very top is required to take personal responsibility for data – and to put a framework in place that ensures every single person in the company understands the importance of information.

This answer sounds sensible: but is it practical? With so much data at every level of the business is it feasible, or even wise, for a CEO to be responsible for all of it? The reality is that the proliferation of data in the modern data world has rendered this solution inadequate.

2 Everybody is responsible

This response understands that everyone in a business, from the CEO down to a receptionist on the front line, should take responsibility for data and for knowing what constitutes a record and what does not.

Nobody could argue against the validity of this answer, it has merit. But if everybody is responsible, does anyone actually ‘take responsibility’? Data protection regulation can no longer be treated as an after-thought: breaches result in huge fines, so failing to assign ownership is dangerous. Ironically, everybody taking charge is still not enough.

We need to find a new solution.

Antony Green is Data and Information Architect at UK Power Networks – a job title that itself underlines the way the industry is changing – and has spent the last year wrestling with this dilemma. The structures he is putting in place may well form a blueprint for others to follow.

“My role is all about information governance and so the debate over who is “responsible” for data is an important one,” he says. “We are putting a structure in place to deal with this as too often in the past data ownership has been a grey area – it has been seen as an IT or IS problem; but not anymore.

“For every data object we have appointed a senior manager to be its “data owner”, a person who is ultimately responsible for the data in their care. The CIO, business directors and senior managers form a Data Governance Group, which includes the company’s head
of legal, to take ownership of data protection for the organisation.”

Interestingly, Green sees retention and archiving as the biggest challenges in information management, even above data protection. There is a fear that having gone from
backroom to boardroom there may very soon be no more room for data – unless databases are streamlined.

Green said: “Having more and more data isn’t always a positive; in simple terms it’s like putting more and more furniture into a house. There’s a sweet spot where you have just enough, and there’s a point beyond which you have too much. Part of my role is to deliver guidance on what to keep and what to destroy.”

This kind of constructive re-evaluation of data governance is the perfect example of how businesses can respond positively to the new data world.

Wholesale changes may not be appropriate for every business or every sector. But what is important is to undertake an audit of information assets as soon as possible to find a system that protects and values them.

Here are five key steps to ensuring good data governance – and to putting in place a framework that will answer the ultimate question: who should be responsible for data in your business?

1 Undertake a data audit

The first step to designing a new data governance structure – or to improving current procedures – is to undertake an audit of all information in the business. How much information being kept should be kept? How much is just “data noise” in an overflowing database that slows down reports? Understanding your assets is the first step to planning how to both mine and protect them.

2 Have a really clear policy in place to help staff identify what is a record

The very basis of a good data and information policy lies in knowing whether a document should be designated as a record.
This one decision, often made at the coal face and out of the sight of the CEO, sets the tone for everything that follows.
Having clear and consistent guidelines to help staff classify a record is crucial. Classifying every bit of information as a record would be expensive and unnecessary.

3 Train staff at all levels

Training staff at every level in how to avoid data breaches – and understanding the threats – leads to good data governance. It is estimated 80 per cent of data breaches stem from human error. There will be soon be fines of up to five per cent of global turnover for breaching data regulations – and strict guidelines on reporting breaches quickly. Who will be in charge of reporting in your business?
Training in how to classify and value data is vital too; and not only for senior management. It could be somebody very junior who touches information first.
Have clear procedures in place for structured records (those stored in a database) and unstructured (information stored locally).

4 Embrace the principle of data ownership

Don’t be afraid to assign ownership of data to individual senior managers in departments that handle records and information; building a strategy and structure for data governance in which responsibilities are clear is vital. There may be too much data in your business for one person to handle every type of information.

5 Keep policies and systems up-to-date

Old data policies were often written when there was no social media and when legislation lagged behind technology, so they need to be updated regularly. As data regulation evolves it is vital people in the business take responsibility for keeping pace with it. Staying ahead of the game protects companies from breaches and turns records into assets.

The bottom line is that the data world is changing fast. Information that used to be confined to the backroom has not only reached the boardroom but threatens to overwhelm it. So new ideas are required to manage it efficiently.

Being responsible for data will not be a one-person job in future, even for the most talented CEO or CIO. Putting in place a modern data structure – and assigning ownership for each type of data – is ultimately the key to harnessing the power of your company’s corporate memory. The time to assign responsibility for data – and to finally treat information as an asset – has now arrived.