Data Governance Is Improving, But…

Corporate memories are at risk because the growth in data is outpacing companies' ability to govern and manage it.

Lisa Morgan, Freelance Writer

March 10, 2020

5 Min Read
Image: jursak -

Records and Information Management (RIM) professionals are drowning in data and, technologically speaking, they're behind others in their organizations. The result is dirty data that's hard to access, navigate, control and secure. In the worst cases, valuable data will be lost forever.

According to research jointly produced by Forrester and information management and governance association ARMA International, RIM professionals are more interested in using cloud for business record storage than they were previously, which isn't surprising given the amount of data businesses are moving to the cloud and creating in the cloud. However, the Forrester/ARMA report warns that "retention policies are inconsistently applied to collaborative content types" and there's "neglect of long-term digital presentation risks." The problem is that RIM professionals lack the level of influence they should have if their companies want to succeed with their data-first strategies over the long term.

"The sophistication of those practitioners has certainly improved over the last couple of years so this is a work in progress," said Cheryl McKinnon, principal analyst at Forrester and the report's author.

RIM professionals are seen but not necessarily heard

RIM professionals are present when their IT peers are making technology decisions about 60% to 65% of the time, McKinnon said. Although they have a seat at the table, they don't have the level of influence others enjoy, despite having the ability to foresee data-related risks. Given the wide diversity of platforms and applications that enterprises use, RIM professionals know that the various types of systems, such as productivity applications and collaboration platforms, will result in data duplication and inconsistent business record capture. The downstream effects are that employees can't trust data and enterprises are placing themselves at risk.

"If I'm searching multiple systems and I'm finding 10 things that look and sound to be the same thing, I'm terrified to open the wrong one because I might find an out-of-date version," said McKinnon. "I think it's also more downstream when we think about business records that have longer-term historical, legal or regulatory value, or just being able to [understand] how has [the document] been handled, where has it been edited and how has it has been preserved."

Business and IT leaders should be concerned that their companies may lack an audit trail or a chain of custody they can trust one or more decades in the future.

The C-suite and RIM professionals are making progress, though

Given the importance of data and the fact that digital transformation is resulting in more applications and yet more data, C-suite executives are putting more thought into records management and retention policies. The chief champion among them is the CSO or CISO.

"A lot of that has to do with the emerging data protection/data privacy landscape with GDPR in Europe. You're going to have similar legislation coming onboard in California and other jurisdictions and I think that has kind of raised the profile," said McKinnon. "Even if they don't think of it as a records or information management-specific issue, it does directly tie into how we control access to potentially sensitive information. How do we make sure we're only sharing it with the right kinds of roles internally?"

Interestingly, the report shows that the general counsel or chief legal officer (CLO) role as champion has been diminishing over time, which is interesting given the emerging privacy laws and the scope of potential risks involved.


In brighter news, RIM professionals, technology decision makers and line of business decision makers are becoming more aligned when it comes to data governance and retention.

AI is necessary

Humans can't keep up with the exponential growth of data, which is why AI and machine learning are necessary elements of an effective long-term records management practice.

"There's a lot of untapped potential for organizations to do a lot of the annoying or painful heavy lifting that we often tried to push on the end users 10 years ago around things like categorization, tagging, classification, attaching the right retention rule to the right object," said McKinnon, "I think we're getting closer to that being realistic with some of the pretty major investments the vendors have made [in AI] over the last 2 – 3 years."

As the tools become more intelligent, they're providing RIM professionals with simple ways of training and tuning them. Still, RIM professionals are wise to understand the capabilities and limitations of those systems regardless of how easy they may be to use.

"For particular types of use cases if you can get an accuracy rating that's as good as human eyes, then it's probably worth investing in," said McKinnon.

Avoiding digital fragility

In 2019, Forrester and ARMA asked RIM professionals for the first time whether they have plans to ensure that their company's content is accessible and retrievable in 15 or more years, but few said they have such a plan.

"[T]hey're assuming [the content will] be available, but they're not really doing anything proactive about it," said McKinnon. "I think this is one of those below-the-radar, under-the-surface potential risks that a lot of organizations are ignoring right now."

The risk is that later organizations may discover holes in their corporate memory.

"The lifespans of some of the tapes and DVDs and other devices that we might have in-house often end up being far less than we expected when they first came into the market, so there are a lot of areas of breaking points in our digital-first working that I think some organizations are going to start getting burned by as we move into decade two or three of digital work," said McKinnon.

In a report about digital fragility, Forrester warned that "[c]orporate memory is disintegrating" and that "[g]overnance can be more than a defense mechanism."

If companies want to succeed with their digital-first strategies, they must manage and preserve their data accordingly.

Read more of our articles on data privacy and governance:

Enterprise Guide to Data Privacy

How to Operationalize Privacy and Data Governance for AI

About the Author(s)

Lisa Morgan

Freelance Writer

Lisa Morgan is a freelance writer who covers business and IT strategy and emerging technology for InformationWeek. She has contributed articles, reports, and other types of content to various publications and sites ranging from SD Times to the Economist Intelligent Unit. Frequent areas of coverage include big data, mobility, enterprise software, the cloud, software development, and emerging cultural issues affecting the C-suite.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights