I am delighted to share key insights by Mark Jackson on leading a complex Information governance business adoption program.
Information Governance Insights from a Change and Communication Expert.
I (Mark Jackson) remember coming off the phone to the recruiter asking me to join a team working on lifting an organization's information governance maturity level and specifically on its adoption in the organization: 'It’s a great opportunity… for one of the toughest change challenges you will have' he said. Contrary to my original thought, 2 years on and I can fully agree it has been. Putting IG on the map of a blue-chip company with over 100,000 people hasn’t been exactly straightforward and there is still lots of work to do, but, it has been immensely rewarding. Pausing to reflect, there are a lot of lessons I have learned, but here are 7 that stood out.
1. Take time to set up and survey the landscape properly
The start point was to understand the current situation. IG maturity levels will vary across the organization, but what was clear from the start, in this instance, was there was very little awareness of IG outside of compliance circles.
Early probing across the businesses demonstrated a view consistent with this: "What's the point? Storage is so cheap and IT security is responsible for keeping information safe… It's not my problem! Keep your hands off my data"
The benefits of information governance are generally not well known, certainly not beyond the compliance aspects. So developing a convincing story, vision, and brand to raise our profile was essential. Understanding the current maturity levels then deep-diving into the problem helped shape our plan and set us up for success.
2. Determine the adoption blocker
There is little incentive or desire for teams within the organization to get their information house in order. The advantages, once you have adopted culture and collective IG mindset are fantastic: Quality information to make better decisions faster gives you a huge competitive advantage and can dramatically reduce duplication. You will also be compliant (and not just greenwash compliant, but actually aligned with society's and enforcement agencies' expectations) protecting your company reputation and reducing the likelihood of fines that are now in the $100,000,000s. What's there not to like about that!?
Well, for most people its asking them to change their own individual way of working, their business process, and take time and effort to organize their existing information (which in some cases can be in excess of 30 years worth of accumulated information). Volume analysis showed we were talking about 4bn emails, 1PB of data on OneDrive, and 32m files on SharePoint with a whole host of other information repositories.
The upfront effort of organizing this information is not an attractive proposition, especially when the risks seem so unlikely and 'someone else's problem'. The risk of being caught, singled out or ever held accountable if a breach and fine occur were simply not high enough to demand an individual's attention. Furthermore, the benefits of IG can seem so abstract and distant that there is little incentive to change quickly. So how did we overcome this?
3. Technology to enable change
The technology was a key enabler for adoption. We went to great lengths to develop technology to assist and make it as easy as possible to be compliant, organize information, and label records. We introduced record labeling into Office applications to give all users the ability to label records. We simplified processes and reduced the retention label options from 1000+ to just over 100 with recommendations of 10 max per SharePoint site.
We also created a policy called non-record disposal (NRD) which would automatically delete the information after a 3 year period unless it was labeled as a record or on legal hold. This would remove all non-records (including personal data) and help unlock the IG benefits described earlier much faster. This was a huge catalyst for change and extremely controversial, especially when we gave very specific and ambitious dates about when it would be activated.
'You can't be serious. This is insane! #handsoffmydata'. These are just a few examples of the types of comments we heard on the launch of our campaign 9 months ahead of the first activations. It exploded onto the scene as the 'most commented' and probably most controversial article of the year. It also showed us we now had traction. Tracking and surveys showed us that within 6 months over 90% of targeted audiences were recognizing our branding and messaging. People were listening!
To ease the impact and help build our story, we also decided to implement NRD incrementally. We applied it to Yammer and Stream first then expanded towards the more sensitive information repositories (Outlook) over time to allow our users to adjust and build their IG foundations (learning how to label, understand what a record vs a non-record is, etc)
4. Have a strong multi-marketing & engagement strategy
While the design and PM team worried about how to make this work, my biggest concern now became how to carry our message and guidance across such a large and diverse global company. For example, the policy would impact 120,000 accounts on OneDrive for Business including people who only had limited access to IT infrastructure working in remote sites in developing countries.
Information Governance is the sum total of all the rules, authorities, and benefits that guide how we manage information in motion and at rest – to create, organize, retrieve, reuse, protect, retain, produce, and delete.
An active policy, new technology, and a compelling story helped, but to achieve the levels of penetration required across such a vast organization, it demanded an engaging marketing plan with quality content and a robust change network. This all had to be created, revisited, and constantly revised, especially with COVID-19 disrupting our usual information network and marketing channels in the later stages of the program. More could easily be written on this! But one key lesson learned is covered next.
5. Enlist your leadership support
It takes strong leadership to identify the need for and evolve information government programs and give them the continued support they need to prosper. Especially bold decisions like implementing NRD. Resistance to change was rife at the start and therefore it could have been all too easy to de-prioritize information governance adoption during difficult times and worry about it another day. One senior stakeholder in the 'manage closely' group was quoted wondering why we were 'trying to clean up the house, while the house was on fire!'. I'm almost certain that had the program not had such strong leadership and support from the executive level, and in turn VP/GM levels, that it would have been moved for another day. Building ongoing relationships with the leadership (and their support network) early on were critical to the adoption success. Use every trick in your book to get this group aware and actively supporting.
6. Know your customers
Perhaps this should higher up on my list. It’s a classic principle but amazing how often this gets overlooked once the firefighting starts. Building a concise and relevant campaign can be dependent on quality information and knowing your customers well. Identifying where the resistance is and who the ‘swing voters’ are, then turning them into champions are all tactics that contribute to success. Knowing what messages resonate with who, what information people are after, and employing tactics to inspire change meant that we consistently outperformed other programs and their communications. Given the scale of the task, this was paramount. Had we not been delivering quality to the customer, we would simply have not been heard. There are plenty of lessons learned from delivering quality content that could also be included, but warrant another section another time.
7. Information overload - Don’t boil the ocean
From the start, we found it was all too easy to try and do too much. We often found ourselves getting embroiled in conversations around performance issues, technology strategy, or basic IT skills (How to perform a search in Outlook for example, or create a folder in file explorer). There was a danger of us, our stakeholders, and end-users all becoming overwhelming.
Strong data, constantly revised change impact assessments and a clear understanding of our objectives helped us stay on track. Applying this principle across our change network (and checking it was enforced) meant that stakeholders did not become overwhelmed and our users' precious time was not wasted. It ensured quality over quantity and we really challenged ourselves to keep things simple and be precise.
Thanks for inviting me to share my experiences. Hopefully, this has been interesting and informative for you and can help you build on your own IG journey. Shifting from a culture of over-retention and ‘keep everything unless we decide to delete it, to delete everything unless we choose to keep it’ has been a huge change that has affected so many people in a variety of ways.
If you are ahead of the curb then thanks for reading, I'm sure you enjoyed comparing and reminiscing! Please feel free to share your thoughts or other valuable lessons with me or comment below!
Mark Jackson is a freelance communications consultant with over 15 years of experience. He has worked on a variety of campaigns and programs (Marketing, PR, digital transformation) across the globe for clients including blue-chip companies and the MOD. He specializes in building reputations, promoting agendas, and engendering action and change in target communities or populations.