Last week, Big Data Insight Group explored eDiscovery software solutions as a method for managing huge file storage banks across enterprises. This software uses big data to report on big data – mining through an enterprise’s entire stored information portfolio and displaying where sensitive information is stored, the document types that each storage bank consists of or any number of other investigations that a company would like to perform.
But Andrew Snowden, an information management consultant at Fujitsu Services, says that regardless of advanced technology becomes, the actions of people still have the biggest influence on an organisation’s document storage landscape. It is humans that write the rules, humans that decide whether or not to follow them, and humans that display all sorts of bizarre behaviours which get in the way of the best laid plans.
So how can an organisation implement policies for best practice?
Poor file management, as we explored in the first article, is something of an overarching trend within many businesses. By mislabelling documents, copying different versions multiple times, or storing them in the wrong place, workers cost their companies hefty amounts in storage costs and risk regulatory repercussions.
Ironically, though, this situation is predominantly born out of a culture of high productivity, rather than laziness, according to Fujitsu’s Andrew Snowden.
“People are busy with their day-jobs and ‘filing’ is often given a low priority,” he says. “The pressure is on to get on with the next task, rather than storing something in certain way for someone else’s benefit at some point in the future.”
This is an interesting point – when our victims are faceless and nameless we are often more inclined to do them wrong. Yet even for ourselves, we don’t make things easy. Our personal storage areas – the folders on our computers that we only use for own items – are often left in disarray. When we save files, we think in the future we will be able to recall and unravel our own idiosyncrasies with ease, or we make promises to set aside time to have a spring clean of our document folders at some stage in the near future. The problem is, we can’t and we don’t. At a personal level, this causes some problems in terms of critical lost files or governance issues, or simply irritating inefficiency in trying to find files. When the entire payroll’s files come together as a tangled web of documents, the exacerbation is scaled up and magnified accordingly.
Snowden says: “This leads to massive amounts of duplication, minor variants and key information in effect being hidden. All this has cost associated with it – wasted time, working with incorrect information and governance risks. Most people are aware this causes themselves problems at some point but the effect is magnified at the enterprise level for both information access and especially information governance.”
It is critical then, that storing and filing processes are made as “easy and obvious as possible” – laying them out in within a standardised policy document will be a very effective exercise.
“The information storage policies should be part of a wider information management policy set that supports the business activities,” says Snowden. “The policies should start with the basics of what should be stored and understand the information that is being stored along with how different types should be managed in different ways reflecting the business needs. The policies should consider information retention, information access and security, information governance and should underpin the proactive management of a key resource – information.”
It is important to note that any information storage policy should focus on the type of information, rather than the type of document, as some might be inclined towards. Making assumptions that one type of document is likely to contain certain types of information – for instance, a spreadsheet containing financially sensitive information – would certainly make for simpler segregation at source, but it is extremely inefficient. Many documents that contain sensitive information could slip through the net as their file type isn’t usually associated with that type of data.
As well as listing which information can and can’t be stored within certain storage destinations – for example, personal customer information within a public cloud environment – the policy needs to outline ways of limiting the overall storage landscape. One is to stipulate that personal files cannot be saved on company storage (according to Nuix, iTunes back-ups account for an alarming amount of company storage). Another is to ask employees not to save and adapt their own copies of centrally managed documents onto local storage if the document is hosted and accessible through shared drives.
Once the policy is created, effective communication of it is vital. This is something that should feature heavily in an employee’s induction and then at regular intervals throughout their employment.
Snowden says the communication must focus on the pragmatism of the policy, with the benefits for everyone in following it and the repercussions of ignoring it clearly explained. As explored earlier, a disconnect between act and consequence inspires empathy – if employees can’t relate their actions back to anything, your policy runs the risk of being just another formal policy which is frequently ignored.
“The communication should be practical and reflect the enterprise approach and business case,” says Snowden. “The aim is not to create many information management academics but to make staff aware of the processes to be followed.”
As an organisation and its operational and technological portfolio evolves, the practicalities of information storage policies need to be tested and reassessed regularly to ensure that they remain effective and relevant. As well as testing yourself, it is important to remain informed about what is actually taking place around the organisation, Snowden says, so that you can get an idea of how feasible the policies are, where any gaps in the policies might be and where they are being misinterpreted or even disregarded.
Obviously within an enterprise that creates and saves hundreds of thousands of documents daily, this is no easy task. This is why wide-scale enterprise adoption of eDiscovery tools is beginning to materialise, outside of merely the legal context in which they first surfaced.
“Using eDiscovery software gives an organisation the opportunity to carry out an information audit in a powerful way,” says Snowden. “It’s a great example of technology making a laborious and difficult task realistic and achievable. Letting software trawl the information stores and present powerful management information gives valuable insight into what the real situation is along with the tools to correct any aspects of information storage which is not aligned to the policies. The analysis may also help to inform how policies should be developed to reflect the reality of the current situation.
“This information management audit activity can be run once but, to be most effective, the process should be repeated to monitor progress and effectiveness. Keeping the software in place allows an organisation to monitor changes and to look at smaller volumes, assessing information added only since the last survey, for instance.”
Finally, given his line of work, Snowden was understandably keen to stress that specialists help in identifying techniques for information management and assessment of policies is available should an organisation feel they need it.
“My key recommendation would be that organisations need to assess their situation now and not leave it until they have a serious issue,” he says. “Clearly they can call on software vendors and information management specialist services to help and these organisations can help with the running of an information audit and the assessment of the findings. The reassessment of information management policies needs to reflect business drivers – again this can be supported by information management specialists working with the organisation’s own staff to help develop appropriate polices that are supported by technology. This will allow any organisation to maximise the value of the information they hold and meet their regulatory requirements.”
Are you interested in using big data analytics to manage your document landscape? Email firstname.lastname@example.org.