Many organisations feel that they are at risk because of a lack of information governance polices, according to new research from the Association for Information and Image Management (AIIM), with data lapses over the past 12 months sharpening focus on the security and privacy elements of information governance. 

The survey of more than 500 business leaders revealed that although electronic records are “increasing rapidly” in 68 percent of organisations, just 10 percent of respondents have an information governance policy in place that is respected and enforced. Twenty-one percent have a policy in place, but it is mostly ignored.

The new study, ‘Automating Information Governance – assuring compliance’ by independent information management analysts AIIM, looks at how the security of information assets is increasingly on the corporate agenda. 

“The impact of data leaks and security breaches over the past year has brought the security and privacy elements of information governance into focus more than ever before,” said Doug Miles, Director Market Intelligence, AIIM. 

“Massive data leaks of personal information have damaged corporate reputations and organisations need to work much harder to protect and preserve content.”

The survey also found a strong movement away from narrowly focused records management policies, to the much wider scope of information governance across all active and stored content.

With only 12 percent of respondents confident they store only what they are required to store, 43 percent said that automated classification was the only way to keep up with the rapidly increasing information volumes. Just 14 percent are already using automation although a further 35 percent have immediate plans to do so. 

The three biggest benefits from automated classification according to research participants were improved searchability (48 percent), higher productivity (29 percent) and defensible compliance (29 percent). 

To be successful, automated projects need to be matched with a comprehensive information governance policy. However, of those with an agreed policy, only 19 percent regularly audit for compliance. Forty percent do not allocate any staff time for information governance training, and only four percent specifically update senior management. Creating a comprehensive information governance policy is a major task, and the keys to success are senior management endorsement and staff engagement.

“The reality for organisations now is that many more types of content and information need to be governed, but the volume, velocity and variety of it makes it virtually impossible to manually maintain the all-important metadata and so automation is a critical requirement,” said Miles. 

“We would encourage any organisation to get senior buy-in around their information governance policy. It is a business issue, not an IT one and CEOs must be aware of the requirements and the best ways of meeting those.”

The research for ‘Automating Information Governance – assuring compliance’ was underwritten in part by ASG, AvePoint, CCube Solutions, Concept Searching, IBM, and OpenText. The full report can be downloaded here. 

The survey was taken using a web-based tool by 531 individual members of the AIIM community between March 15, and April 8, 2014.