Recommind has released the findings of independent research into policies adopted for information governance (IG) in the United States and United Kingdom. The surveys were designed to discover what companies currently have in place to govern their growing data reserves and determine if these practices are effective at mitigating risk and compliance issues.

Information governance is a cross-departmental approach to optimising the value of information simultaneously associated risks and costs. In the U.K., 75 percent of organizations claim to have a policy in place to manage their data, and almost half (49 percent) rely on end users to self-categorise information. 

Findings from the U.S. show that 58 percent claim to have an IG policy in place, 64 percent say that their practices are only “somewhat effective” and over half (52 percent) rely on end users to manage their own data. 

Dean Gonsowski, global head of information governance at Recommind, comments,“It is this over-reliance on employee-based governance that is giving organizations a false sense of security. While it’s positive that organisations recognize the need for information governance, many are still not taking the requisite steps to truly govern their information in a proactive manner. In fact, many are still in the dark about governance and don’t have a full sense of the data deluge they are currently facing.”

While companies clearly understand the risks posed by their information, many are over-reliant on employees to manage their own data, and most are not tackling the issue head-on to proactively reduce risk. 

Of the U.S. organizations that were surveyed, 82 percent agreed that some form of auto-categorisation and tagging of data is a key component of effective information governance, and 86 percent agree that auto-categorisation needs to be based on content, not just keywords. 

 Of the U.K. organizations surveyed, only 24 percent know how much data their company holds, and it takes an average of three hours for employees to retrieve specific information―this is before they are able to begin managing and analyzing this data and understand its risks.

Gonsowski adds,“Systems and tools are now available that can drive auto-categorisation of data coherently and comprehensively, removing reliance on individuals and eliminating the inherent inefficiencies. These technologies tackle large data volumes across systems and geographies, examining unstructured as well as structured data, all while giving companies better precision and recall. Enterprises are increasingly turning to data management tools and services that provide rapid indexing, search and granular categorization capabilities to ensure measureable information governance.”

In addition to helping organisations proactively mitigate risk, information governance also enables businesses to respond quickly and accurately when faced with eDiscovery requests. In the U.S., 86 percent of respondents agreed that such a robust information governance program would reduce eDiscovery risks, and 73 percent said it would reduce eDiscovery costs. Additionally, 55 percent felt that such processes would reduce the amount of organizational data. 

Attorney David Horrigan, an information governance analyst at 451 Research, suggests, “As businesses store and hold more information across different systems, platforms and jurisdictions, they are leaving themselves open to legal liability and business risk. There is a massive gulf between what companies are doing and what they should be doing in order to keep their data safe, yet accessible. Businesses must move to an automated process that manages all enterprise information and ensures the right data―and only the right data―is kept for legal, regulatory and business requirements.”

Horrigan concludes, “Not having a proactive IG policy leaves companies open to substantial fines, litigation risk, security breaches and compliance issues. This research shows that there are still too many organizations exposed to these unnecessary risks. Robust information governance principles, supported by proven technology, can help alleviate these concerns and increase efficiency, saving time, money and resources.”

(In the U.S., the independent research was carried out by Osterman Research in June 2013, interviewing 113 organizations with a minimum of 500 employees. Interviewees included CIOs, the data/information decision maker in the CIO’s office and the data/information decision maker in the corporate IT department. In the U.K., the independent research was carried out by Vanson Bourne in October 2013, interviewing 200 organizations from private sector organizations with more than 1,000 employees. Interviewees came from risk/compliance, legal and IT departments in financial services, IT/telecoms, retail, manufacturing, business and professional services, transport, travel and logistics organizations.)