Onna Blog: Unified Information Governance: Reconciling Conflicts Between Stakeholders
Information governance is a critical discipline that encompasses many parts of the business. Compliance, security, legal, and IT all have an important stake in managing information; however, when it comes to handling that information, conflict can arise. Priorities may differ when it comes to data retention, archival, and deletion, leading to difficult decision-making. Add in the pressures of data privacy laws, like GDPR and CCPA, and the perils of disunity only intensify.
So what does the decision-making process look like when legal wants to retain data but IT wants to delete it — both with valid reasons? How can organizations avoid spending on outside counsel to weigh-in on internal decisions? If these questions resonate with you, it might be time to take a hard look at what information governance means in your organization. More likely than not, you are taking a siloed approach to information management that has your people working against, rather than with, one another.
Here are six ways to align information stakeholders and proactively avert conflict.
1. Formalize stakeholder relationships
All too often, information stakeholders are thrust into meeting for the first time because of urgent matters, such as litigation or discovery requests. These matters require cross-functional collaboration, and yet crucial relationships may not be defined. To ensure all stakeholders are connected, you may want to start an information governance steering committee comprising key members from security, compliance, privacy, legal, IT, and other lines of business that hold essential company information — like HR or finance. By proactively bringing stakeholders together and formalizing their roles and responsibilities, you can foster clear communication and coordination from the get-go.
2. Understand information’s value from all perspectives
Company information is multifaceted. It lives in different places and serves different purposes, so its lifecycle isn’t clear-cut — nor is its treatment. For example, while personally identifiable information (PII) may need to be held for regulatory compliance reasons, you might want your year-over-year company performance metrics for business strategy purposes. To avoid miscommunication and conflict, your information governance framework needs to address the value of information from all angles. To start, you can ask questions like: What purpose does this data serve? What department(s) are concerned with this data and why? How might this data pose risk, maximize value, or both? The sooner teams address information from a holistic view, rather than a siloed view, the better.
3. Make a plan for potential conflicts with risk front-of-mind
Once you map out the answers to these questions, you can start to spot overlap and conflict in priorities. Although every organization is different, the most common conflict arises around the question of retention — whether to keep or delete. Although you might be legally bound to retain information, you might also be required to delete information for privacy matters. In scenarios like this, it’s crucial that the necessary stakeholders come together to resolve issues, and not just the ones in conflict. Depending on the situation, you may need the input of separate stakeholders, such as IT, to help you understand what technical solutions are possible. Regardless of the nature of your potential conflicts, identifying them early on will help you get ahead of pain, risk, and confusion.
4. Develop an information governance policy
After you outline stakeholder relationships and identify potential conflicts, you’ll want to bake those solutions into your information governance policy. There’s a lot to consider in developing a policy, but a good rule of thumb is to focus on people, process, and technology. You’ll also want to break it into two portions: minimizing risk and maximizing value.
On the minimizing risk front, narrowing down legal, compliance, and privacy obligations first will ensure the most critical protocols are covered. This could include anything from the who/when/how of handling yearly audits to creating a data retention policy. Once that’s done, you can move on to the data maximization portion, which informs how you will protect and utilize your information. This could be anything from handling eDiscovery to data loss prevention measures. Every company’s policy may look different, but the one thing that should remain consistent is alignment from all information stakeholders.
5. Assign roles and responsibilities
Once you develop an information governance policy, you’ll want to make sure every stakeholder understands their roles and responsibilities. This ensures your framework is put into practice effectively. Every organization looks different, but a good way to delegate responsibilities among each department is branching down from the executive level to working groups. Executives, such as the CIO, CSO, General Counsel, and others can operate as key decision-makers, and different departments, such as security, IT, and compliance, can form working groups to encourage better data stewardship over their own information.
6. Unify your information in one place
You can have all the right people and policies in place, but without the right technology, it can still be a challenge to locate your most vital information — which can lead to stakeholder conflict. Especially when it comes to the scattered, proliferating nature of cloud applications, keeping tabs on dynamic data such as messages, threads, and attachments in so many locations can be daunting. More often than not, teams end up heavily relying on IT to expend more time and resources. Implementing a solution that brings all of your siloed data in one private, secure, and searchable place can make it easier for stakeholders to find what they need at a moment’s notice. Not only can this help you avert future conflict, but also reduce risk, maximize value, and enhance compliance.
Organizations have a huge opportunity to leverage key information to help realize their goals — but first, their governance framework must guide key stakeholders towards alignment. By focusing on the factors we’ve discussed, you can start to transform your information governance plan to work for your people, not against them.