This post comes by way of a guest author, Jim Merrifield IGP,CIP. Jim is a Records & Information Governance Manager at Robinson+Cole, LLP, an Am Law 200 firm, where he is a member of the Data Privacy and Security team. He is also Co-founder of The Information Governance Conference (InfoGovCon).
A recent AIIM International Industry Watch Report on Connecting and Optimizing SharePoint, found that 75% of organizations use SharePoint, or are committed to SharePoint for collaboration, enterprise content management and records management. It’s safe to say then that, whether we like it or not, SharePoint is here to stay.
With that being the case, organizations must ensure proper governance policies are being applied in SharePoint the same way they are applied to any other repository. There simply are no exceptions. If not, the organization will subject themselves to some extremely serious consequences.
Let’s discuss three of them.
INCREASED RISK OF DATA BREACH
First of all, poor SharePoint information governance increases an organization's risk of a data breach.
According to the Identify Theft Resource Center (ITRC) report, there have been a total of 436 breaches to date in 2015 and that number continues to rise with every passing day. The same report indicates that over 135 million records were exposed as a result of the 436 breaches. Those are some very alarming statistics!
Furthermore, insider misuse continues to account for a high percentage of data breach activity. This means users have access to information that they shouldn’t have in the first place such as social security numbers, birth dates, medical records, etc. That sounds like poor information governance to me.
For instance, do you know who in your organization has permissions to view and/or edit documents that reside on your “Finance” SharePoint site? If not, you had better find out quickly because it’s sure to be a data breach nightmare waiting to happen.
LOSS IN PRODUCTIVITY
Second, poor SharePoint information governance attributes to an organization’s loss in productivity.
It doesn’t matter what industry you work in, all organizations have the same common goal: To increase profitability. In order to do this, users must be able to find the information they need, when they need it. If not, users will be much less productive.
Therefore, organizations must define how they will use SharePoint BEFORE allowing users to save documents and create sites. If not, users will save documents all over the place and it will be nearly impossible to find anything, never mind apply governance policies to the documents and/or sites.
Finally, poor SharePoint information governance will result in ROT data.
The concept of ROT (Redundant, Out-dated and Trivial) data is very well-known by now. Surprisingly, however, organizations can’t seem to tame this beast and SharePoint is no different.
The reality is this, IT personnel can instruct users not to save duplicative data until they are blue in the face. Unless proper governance policies and restrictions are enforced, the rebellion will continue and the IT budget will continue to grow (not in a good way).
Organizations really have two choices in this regard:
- Invest in a file analysis and analytics tool that can aid in the purging of ROT data or
- Apply governance policies to the environment that restricts users from saving ROT data in the first place.
I know it’s easier said than done, but the point you must do something.
Although this discussion focused specifically on SharePoint, it can be applied to other repositories (document management, shared drives, etc.) as well. The consequences are one in the same. There really is no substitute for proper governance.