If you are in an Information Governance position in your organization, you have an opportunity to smooth out the traditional conflict that governance has with the people who work in your organization. The conflict can arise because the needs of the organization do not always match the needs of the individual worker. Here are the usual drivers for each group:

These two sets of need are sometimes in conflict and there is frequently evidence to show it. Systems are installed to manage records, but nobody ever uses them because they are too hard. Users proliferate SharePoint sites like rabbits in order to collaborate, making compliance even harder if there are no controls. Insider threats, misuse of personal data, or even just file duplication are all potential impacts when information governance and user needs collide.

Make it easier to do the right thing

One of your challenges is to make governance either the easiest thing for users to do or make governance controls happen without getting in users’ way. Easier said than done. The solution is often a combination of people, training, policy, technology, education.

First, you have to decide what is the right thing, starting at the organizational level

Information Governance is the sum total of all the rules, authorities, and benefits that guide how we manage information in motion and at rest – to create, organize, retrieve, reuse, protect, retain, produce, and delete.

As an example, an external regulation such as the GDPR impacts organizations that capture data about subjects (citizens and visitors) connected to the EU (either living in or traveling through). Your IG committee or team should have defined a privacy policy and plan that includes these mandates from the ICO:

• Security activities to protect data,

• Retention and classification activities to make sure you don’t keep information too long,

• Legal review activities to make sure opt-in, opt out, and access requests are accurate and appropriate,

• System design activities to make sure privacy is built into all new applications,

• and so on.

All this will fall to the ground if your users still find it easier and efficient to bypass your activities. You will find many users only need appropriate guidance on what they should do and they will behave appropriately, but not always and not in all scenarios. Especially during these days when workers, from their homes, are away from the watchful presence of the office.

Technology can help when it comes to users. In a practical sense, it is important to think about data-in-motion and data-at-rest. Data in motion is the document you are currently writing and emailing to your team. What is important is the time, subject, recipients, application and labels. Data-at-rest is the same document in a year’s time when you have saved it to a shared drive or cloud teams site. What is important is the category, retention, location, security, and findability. Governance addresses both of these but in different ways.

A cloud governance solution like M365 is great for the data-in-motion side.

1. Users have a single substrate of capabilities where all content goes. They will no longer need to think about where to put stuff or copy stuff. If they choose email, SharePoint, Teams, or Yammer the content will all end up in the same governance environment.

2. Users don’t have to think about how or when to classify content if auto-classification capabilities are on and available with your license.

3. If the easiest place for users to put content is in the cloud, local workstations are safer from ransom attacks, a critical aspect of working from home during a pandemic.

With data-at-rest, your workers have already completed their work to create content and what you want to do is not make more work just to clean things up. File analysis tools are great in this scenario. Data-at-rest content is:

1. Mapped and found much more easily even though it may not currently be in the right folder or server with the right name. If you know what you have you can actually govern it.

2. Automatically classified, clustered, grouped, and labeled in short order without disrupting user access required when migrating, but ensuring appropriate protections.

3. Reduced, shifted, archived or migrated to get stuff out of the way or in a better place to be accessed or protected.

With the right technology sets and platforms, building a bridge from the mandates of the organization to the needs of the users can resolve many conflicts. All the decisions you make as part of your IG projects not only reflect the needs of the organization from multiple perspectives, but the end result reflects that because users have done the right thing.

If you need help with a compliance strategy for your data-in-motion in the M365 cloud or for data-at-rest on shared drives through Digital Transformation and Cloud Migration, please reach out. Infotechtion.com