On Product Development and More...

Last weekend, I began doing my year-end housekeeping ritual. Organizing my file cabinets. Like many living in the hyper-expensive Bay Area, we have limited space. This means that all of my family’s records – taxes, investments, insurance (auto/home/life), automobile, house, credit card bills, utility bills, medical, school, warranty information, etc. – must fit in the three-drawer filing cabinet located in the closet of one of our bedrooms.

Now, I could make the pun that my investment folder is getting thinner these days – as a result of the financial crisis, but in actuality it is getting thicker – due to the fact that the mutual funds continue to send me even more information (about new policies, new regulations, new privacy rules, etc.) that I feel obligated to keep.

I devised what I consider to be a pretty good system for managing these records. I think of it as my family’s information management policy.

• I put my warranty and home records in drawer #1. I keep my financial records (taxes, investments, insurance) and bill records in drawer #2. I keep everything else in drawer #3.
  
• Each time I get a new record, I file it in the appropriate manila folder sitting in that drawer.
  
• At the end of every year, I go through my records, and delete the stuff I no longer need. Generally, I keep most records for seven years. But there are exceptions. I keep my automobile records as long as I own the vehicles. I keep my utility and water bills for 2 years – primarily for comparing usage between years (this helped us confirm that we had a leaking pipe last year). I shred and recycle the confidential information (the statements). And simply recycle the non-confidential information (privacy policies, etc.).
  
• Finally, I lock the filing cabinet. My cleaning lady comes in once every other week. And, while I trust her, I really don’t want to provide anyone with the opportunity to go through my confidential stuff.
  

I also have other places where I keep valuable information. For example, I have a safe deposit box – where I keep the passports and a copy of the will. I have a similar process for managing these records, but I do it less frequently.

While it seems like I have a lot of “stuff”, I feel that I have a pretty good system for keeping everything organized. It works because my system adheres to the Records Management mantra that I described in a prior blog post, The Information Explosion:

• We need to know what we have and where we have it.
  
• We need to make certain only the right people have access to the information.
  
• We need to know what to keep and keep it as long as we have to. We need to get rid of everything else.
  

So, as long as I am rigorous about following this “process”, I am able to effectively manage my personal information.

It made we think about how information is managed at a larger scale, by say a corporation. Most of us in the industry are aware that corporations have some very special needs for managing their information. Corporations must:

• Ensure that information is preserved according to regulations (e.g., HIPAA, PCI DSS, GLBA, etc.)
  
• Ensure that sensitive information properly protected (refer to my blog post, Protecting Your Information)
  
• Ensure that information is managed according to retention and disposition schedules
  
• Ensure that information is cataloged so that it can be ready for electronic discovery (See: FRCP)
  
• Ensure that information is indexed so that it can be available for enterprise search
  

So, how well do corporations manage their information? The results are mixed. While there are many successful deployments of records management solutions, content management solutions, data loss protection solutions and enterprise search solutions, these are actually partial solutions. These solutions are not addressing the comprehensive information management requirements because companies are not holistically managing all of their information.

When I couple this with the fact that electronic information is growing at almost 60% year over year, I see the proverbial “train wreck” coming on the horizon. Corporations need to do something. Otherwise, it’s going to get messy.

To quote Gartner, “Effective information management will be critical in the next decade, differentiating those enterprises that will implode under the infoglut from those that will use it to dominate the global economy” (Source: Gartner; June 2006; Spotlight on Enterprise Information Management).

Some contend that we can solve this by asking employees to classify and manage their own data. Just like I do at home. But this has two problems. First, people really do not like to do it (which typically means it does not get done). Second, and more importantly, it is almost impossible to have two different people (let alone ten thousand) consistently manage their information according to rules and business policies with a high degree of accuracy. Hence, we need to automate this process. Otherwise, we are not effectively and consistently managing our information.

So, we know that the process to manage information is not rocket science. It is not much different than what I do at home. We establish a set of rules for classifying our information and then adopt a policy for managing that information based upon its classification.

There is, of course, a catch (surprise, surprise):

• First, corporations have a lot of information. It is not uncommon for companies to have billions of information objects (e-mails, word documents, etc.) to manage.
  
• Second, the information exists in so many repositories. These repositories can span the globe.
  
• Finally, the information is subject to potentially conflicting rules and policies across regions or organizations or legal jurisdictions.
  

This means that this is not something that can magically happen overnight. But we need to start now. We know that knowledge workers will continue to create more and more unmanaged information each day. So, this problem will only get worse as time goes on.

What do we need to do? As I mentioned in my recent webinar entitled: Using Classification to Achieve Enterprise Data Privacy:

• First, we must recognize that Information Management is a business strategy. It must be a strategic ongoing business initiative that must be driven from the top. It cannot be treated as another IT department initiative. This is important because everyone must know about the business value of managing information and the risk associated with not properly managing this critical asset.
  
• Second, we need to define rules and policies for classifying and managing our data; that we need to establish common definitions for classify this information (I oftentimes refer to this as a classification schema).
  
• Finally, we need to employ a solution that can automate the classification and management. At scale. Across all of our data. Everywhere.
  

These are exciting times. Information is becoming the critical business asset. We are now starting to see solutions that can address these pressing challenges – at scale. Because of this, I expect to see information management as being the next major enterprise software rollout (following the wave of ERP and CRM). With diligence and perseverance, we will be able to avoid that collision.