Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

3 Major Consequences of Poor SharePoint Information Governance

This post comes by way of a guest author, Jim Merrifield IGP,CIP. Jim is a Records & Information Governance Manager at Robinson+Cole, LLP, an Am Law 200 firm, where he is a member of the Data Privacy and Security team. He is also Co-founder of The Information Governance Conference (InfoGovCon).

A recent AIIM International Industry Watch Report on Connecting and Optimizing SharePoint, found that 75% of organizations use SharePoint, or are committed to SharePoint for collaboration, enterprise content management and records management. It’s safe to say then that, whether we like it or not, SharePoint is here to stay.

With that being the case, organizations must ensure proper governance policies are being applied in SharePoint the same way they are applied to any other repository. There simply are no exceptions. If not, the organization will subject themselves to some extremely serious consequences.

Let’s discuss three of them.


First of all, poor SharePoint information governance increases an organization's risk of a data breach.

According to the Identify Theft Resource Center (ITRC) report, there have been a total of 436 breaches to date in 2015 and that number continues to rise with every passing day. The same report indicates that over 135 million records were exposed as a result of the 436 breaches. Those are some very alarming statistics!

Furthermore, insider misuse continues to account for a high percentage of data breach activity. This means users have access to information that they shouldn’t have in the first place such as social security numbers, birth dates, medical records, etc. That sounds like poor information governance to me.

For instance, do you know who in your organization has permissions to view and/or edit documents that reside on your “Finance” SharePoint site? If not, you had better find out quickly because it’s sure to be a data breach nightmare waiting to happen.


Second, poor SharePoint information governance attributes to an organization’s loss in productivity.

It doesn’t matter what industry you work in, all organizations have the same common goal: To increase profitability. In order to do this, users must be able to find the information they need, when they need it. If not, users will be much less productive.

Therefore, organizations must define how they will use SharePoint BEFORE allowing users to save documents and create sites. If not, users will save documents all over the place and it will be nearly impossible to find anything, never mind apply governance policies to the documents and/or sites.


Finally, poor SharePoint information governance will result in ROT data.

The concept of ROT (Redundant, Out-dated and Trivial) data is very well-known by now. Surprisingly, however, organizations can’t seem to tame this beast and SharePoint is no different.

The reality is this, IT personnel can instruct users not to save duplicative data until they are blue in the face. Unless proper governance policies and restrictions are enforced, the rebellion will continue and the IT budget will continue to grow (not in a good way).

Organizations really have two choices in this regard:

  • Invest in a file analysis and analytics tool that can aid in the purging of ROT data or
  • Apply governance policies to the environment that restricts users from saving ROT data in the first place.

I know it’s easier said than done, but the point you must do something.


Although this discussion focused specifically on SharePoint, it can be applied to other repositories (document management, shared drives, etc.) as well. The consequences are one in the same. There really is no substitute for proper governance.

Posted by Guest Author

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from ridged business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.