This is a guest post from Peter Sloan, founding member of boutique law firm Information Governance Group, LLC. They help companies across the United States create, validate, and update records retention schedules; establish data security policies and breach response readiness; respond to data breaches; and implement legal hold processes. The orginal post can be found here.
It happens every day. A company spends a huge amount of money on a new technology system, without fully addressing the information implications.
Maybe the decision (to move on-premise operations to a cloud SaaS or PaaS, or to retire and replace an enterprise database, or buy a comprehensive new tool suite) was reactive, driven by an impending crisis. Maybe the decision-making was siloed, with IT not clearly hearing what the rest of the business truly needs (or more likely, the rest of the business not speaking up). Or maybe IT just responded literally to a business directive of the moment (let’s get into IoT, or Big Data, or Blockchain!). Regardless, the green light is lit, the dollars are spent … and problems ensue, painfully multiplying the procurement’s all-in cost.
What was missing? Strategic consideration of repercussions for information compliance, risk, and value for the organization as a whole, including privacy, data security, retention/destruction, litigation discovery, intellectual property, and so forth. In other words, Information Governance. And when was it missing? Before the decision was made and the dollars were spent.
So, what if something could be hard-wired into the procurement process, a trigger that timely prompted decision-makers to call time-out; get focused input from all stakeholders; assess the repercussions for information compliance, risk, and value; and align the procurement requirements and purchase decisions with organizational strategy for governing information?
One Percent for Art
Over half of the states and hundreds of cities and local governmental bodies require that a percentage of expenditures for public improvement projects, usually one percent, be used to install public art. These “Percent for Art” laws and ordinances have been in place for decades, and they provide reliable funding for public art programs across the country. The results can sometimes be controversial (arguably the point of art, right?), but the value of public art is well-documented, including demonstrable economic, educational, workforce, health, and civic benefits. So valuable, in fact, that iconic public art is often commissioned privately, such as Deborah Kass’s OY/YO in Brooklyn, or Anish Kapoor’s Cloud Gate in Chicago’s Millennium Park (pictured above).
Percent for Art requirements are there for a very pragmatic reason – without them, it’s too easy to merely get the job done, the public facility built or renovated, without the art. It’s simply the nature of things – we get tunnel vision, doing only what’s necessary to get from point A to point B, without pausing to factor in the repercussions. Percent for Art is the trigger that ensures the big picture will be considered for the project, and the broader public benefits of public art will be secured.
X Percent for Information Governance
So … what if any company decision to procure IT systems, apps, or tools were to hit a similar trigger, a procurement requirement adopted by the company that a percentage of the total IT project be devoted specifically to ensuring Information Governance? What if the project’s green light would not be lit until an IG assessment was done, surfacing the inevitable repercussions for information value, compliance, cost, and risk, and with dedicated budget/resources allocated from the overall procurement to seriously and strategically address such issues?
Sure, the X percent could be hard dollars for Information Governance consulting services by outside providers. But all or some could just as easily be allocated to the internal functions responsible for guiding Information Governance within the organization, such as through time/resource allocation rather than hard spend.
And what percentage would X be – ten percent, or five percent, or one percent? Of course the need will vary depending upon the scope and purpose of the IT procurement. But complication is not our friend – there’s a virtue in simplicity, and in ensuring that something reliably and timely prompts this strategically necessary effort when IT system decisions are made. Every. Single. Time.
And I do know one thing for sure. Any of these percentages would be more – and would better serve the organization’s vital, strategic interests – than zero percent.
Posted by Peter Sloan