All words ever spoken by human beings = 5 Exabytes of data. 1000 Exabytes = 1 Zetabyte. Current world data = 7.9 Zetabytes. Ponder that for a second.
Data on such a vast scale is hard to fathom. Especially as it growing exponentially, estimated to reach a dumbfounding 40 Zetabytes by 2022. A much simpler concept: understanding the importance of having an information governance strategy to manage this data.
At GovLoop’s training webinar, What’s Your Information Governance Strategy?, Hannah Bergman, Assistant General Counsel, National Archives and Records Administration (NARA), and Matthew Nelson, Attorney and Information Governance Authority, Symantec, discussed the importance of and methods for effective information governance.
Webinar attendees were polled about how they think of information governance. Options were: Records management, eDiscovery/FOIA, data security, reduced storage costs, or all of the above. At 89%, attendees overwhelming chose all of the above, and they were correct.
National Archives POV
Information governance can mean different things to different people. From Bergman’s point of view, it is a process that provides the public with a mechanism for accountability. Information governance is just a new way to talk about records management and compliance, she said, which is what NARA has focused on since its inception in 1934. Decades later, President Obama emphasized this same objective, calling records management “the backbone of open government.”
While the goal is the same, a lot has changed since the days of cobwebbed archival collection rooms. The dawn of email and digital communications has created questions about what is considered public record. It’s quite simple, Bergman informs. If it is created by a federal employee (emails, reports, queries, memos, etc.), it is virtually always a record. That doesn’t mean it’s a permanent record that gets sent to the Archives, however Most records are transitory (retained for 180 days or less) or temporary (180 days to 100 years – SSA information, for example). Permanent records that are preserved for “the life of the Republic” are only 1% to 3% of documents, Bergman said.
To better understand and implement records management, Bergman offered some advice:
Email is a federal record. Just accept it as a blanketed requirement. It’s pretty much impossible that your email won’t be considered a record.
Do not lose your email. Bergman cannot stress this enough. If there are requests for information, you need to be sure its available.
Manage your email. You will save time, money, and resources if you set automatic retention periods and dispose of email past these periods. Again, very few records are permanent (only top, senior-level leadership. See NARA’s Capstone approach). With less clutter and density of data, it will be easier to find and manage records that actually matter for litigation or FOIA requests.
When talking about effective information governance, Nelson explained three core objectives: protect, manage, and discover.
#1 Protect critical government and public information assets from theft and loss. In a Symantec survey of public employees, the number one area of concern was cybersecurity and protecting data. These concerns are not unfounded. A recent GAO study found that agencies reported 25,000 data breaches involving PII in 2013.
#2 Manage public record retention and disposal requirements to maintain compliance with record-keeping mandates. This should include backup and disaster recovery strategies.
#3 Discover electronically stored information (ESI) for litigation, investigation, audits, FOIA request, and normal operations. Finding pertinent information can be time-consuming and expensive, but it must be done. A 2012 RAND study estimated it costs $18,000 to review a single gigabyte of data. And with hundreds of thousands of FOIA request per year, you can see how the costs add up.
So, how do you meet these objectives? Nelson says it’s all about having the right people, policies, and technology so an organization can maximize the value of its information assets and minimize the risk of mismanaging those assets.
People. Identify key stakeholders and define roles and responsibilities. Information governance can act as a rallying cry to get these stakeholders to work together toward addressing this objective.
Policy (& Process). Review your agency’s current process, identify gaps, and prioritize based on risks and costs – you can’t solve everything all at once! After this, create or revise policies accordingly, train employees, and enforce compliance.
Technology. Invest in tech solutions that protect, manage, and discover data efficiently and defensibly. Automating processes and policies is key. Moving away from manual processes minimizes the risk of human error and also simplifies and increases the speed of information management. Leveraging tech can also facilitate better visibility into “mountains of data.”
Regardless of the amount of Zetabytes of data out there, government still must manage their records. Training staff and leveraging technology can go far to establish an effective information governance strategy for your agency.
Also, check out these resources:
The President’s Managing Government Records Directive
OMB’s Guidance on Managing Email (M-14-16)
NARA Bulletin 2013