June 2, 2016

3 Major Risks of Improper SharePoint Information Governance

7 minute read

Technology has permanently changed the way information is managed. SharePoint information governance has become a digital and technical endeavor. As the options for digital storage became less expensive and more flexible, organizations began keeping more and more data. Unfortunately, many of their SharePoint information governance strategies could not keep up and the overwhelming amount of records were not properly managed.

As SharePoint information governance has moved to the forefront of the agenda of many executives, companies have begun to invest time and money into ensuring they have a detailed and proactive approach in place. Let's take a look at some of the risks and costs that can be avoided with a proper data governance program.

Lost Productivity

Important information is useless if it can't be found in a timely and efficient manner. Ensuring a complete organization of data is critical but just as important is determining when data can be deleted. Redundant, obsolete and trivial (ROT) data has a huge impact on productivity and occupies a large percentage of a company's data storage. In fact, we wrote a blog post just about ROT data. A recent survey from AIIM confirms that "up to 80% of electronically stored information is ROT."

A white paper from IDC entitled "The Knowledge Quotient: Unlocking the Hidden Value of Information Using Search and Content Analytics" uncovers some interesting statistics. First of all, 90% of all digital information is unstructured content locked in a variety of formats, locations and applications and is made up of repositories that do not communicate with one another. Because of this, users are forced to use disparate systems:

  • 61% regularly access four or more systems
  • 15% access eleven or more systems

This of course leads to time spent looking for the right data:

  • 36% of day spent looking for and consolidating information
  • 44% of the time, the information is unable to be found

This lost productivity has a very real financial cost as well. From the IDC white paper, assuming an average workweek of 41.8 hours with an annual salary of $80,000, the cost of time wasted searching and not finding data is $5,700 per worker per year. That means for an organization with 1,000 knowledge workers, $5.7 million is wasted annually.


The topic of eDiscovery is something we've covered before and it bears repeating. Responding to eDiscovery requests is an incredibly costly and time-consuming undertaking for a large organization. 73% of those costs are related to the review for relevance and privilege according to the RAND Corporation. As digital information is easier to access and can remain undamaged in perpetuity, this presents a large risk to an organization without a proper retention schedule. Maintaining and managing your records is critical from both a legal and business perspective, but protecting it from an internal or external breach is just as important.

Protecting Your Data

As we all well know, data breaches are becoming more common. Peter Singer, a cybersecurity expert, states "Ninety-seven percent of Fortune 500 companies have been hacked, and likely the other 3% have too, they just do not know it." In today's world, it is not a question of "if" a breach of some sort will occur at a given organization but a "when". A very public and embarrassing example of this was Sony Pictures, which we also wrote a post about. This was due to lax security around the data and poor policies in place, including but not limited to retention schedules and proper disposition.

Now What?

We've talked about the risks and gone over the incredibly damaging consequences, but there is a way to prevent all of those outcomes. Let's go over the plan of action.

Reduce volume

As mentioned at the beginning, data is being created at exponentially increasing rates and that new data is being added to the existing ROT data clogging up a company's storage. This means an organization needs to establish and overarching and complete SharePoint information governance plan that involves every business unit. Automation is also a requirement given the amount of data which needs to be governed. This ensures less reliance on employees to not only take the time to classify records, but to do so correctly. Additionally, integrating this program into existing workflows will drastically increase adherence and compliance. By not forcing your users to greatly alter their daily activity, they are more likely to participate fully. Clear and simple direction on the process and expected outcomes of your SharePoint information governance program will also keep everyone on the same page.

Locate your information

The business must understand where their data, especially those classified as records, is located and what the stages of those records' lifecycle look like. It is also important to know who is generating this data, who has access to it and how it is being transferred. There must be a complete picture of what a record looks like throughout it's useful life and what is done with it after its usefulness has expired. As a basic example, keeping personally identifiable information (PII) separate and locked down to only certain departments or employees is a simple step that must be taken for not only the potential harm to an individual but the liability the organization could face in the case of a breach.

Structuring data

As discussed, most data is unstructured within a typical organization. This is the root of the problems faced when attempting to retrieve the proper information. The first step is working with the department directors to establish which types of documents are critical and declared as records. Once that has been established, these content types will need to be included in the overall file plan and the proper metadata must be included when these records are being declared. This not only eliminates confusion, it is the engine that allows an automated software like RecordLion to correctly apply policies to records.

Legacy data

As for the legacy data your company currently has, the decision on how that should be handled is best done case-by-case. Sometimes, an entire obsolete repository or library can be disposed of without fear of lost business critical information but unfortunately, it is rarely that simple. Here at RecordLion, we understand these challenges, which is why our software does not require migration to a central repository, thus eliminating the need to make wholesale changes to the current storage structure. Addressing existing records is an area we have helped many of our customers find success.

Just get started

Regardless of where you are in your SharePoint information governance journey, the most important thing is to take that first step! Every day, more and more data is being created and the hole you're digging is getting deeper and deeper.

Receive News Updates As Soon As They Happen