January 15, 2021

The 7 Deadly Sins of Information Governance

If you’re like me the mere mention of information management evokes a somewhat glazed and wholly disinterested response.  I would rather call into a technical support phone tree for a dial-up modem than discuss the theory behind multidisciplinary structures, policies and procedures to manage information.  That said, proper information management, which is now more accurately referred to as information governance, is the one true solution to the chaos of data which seems only to continue accelerating.

Eric Schmidt, the then CEO of Google, claimed in 2010 that in two days we create as much information as the human race has done since the dawn of civilization until 2003. Schmidt is obviously accounting for the repetitive mutterings of my three year old.  Two years later we are certainly experiencing an even wider mouth of this fire hose.  So, as boooorring as information governance is for many of us, it is very much a necessity to continue functioning in the current environment and on the white board of priorities for many GCs.

Some months ago I was involved in an “information management” (IG was not in vogue) project that encompassed – what was thought at the time – a robust set of deliverables including disposition schedules, storage quotas and categorization of business data.   [For the record a proper definition of “business data” was never agreed upon.]   We toiled for seven weeks to define what exactly to accomplish and then moved on to a 15 week period trying to define how to get it done. This was all kicked off due to a somewhat disassociated e-discovery request that uncovered the complexity of the existing email archiving process. That existing process included moving more than a terabyte of data from spindle disk to tape backup…..twice a month.

ARMA International recently held their 57th annual conference in Chicago and one of the panels titled, “The 7 Habits of Highly Effective Information Governance,” brought this project back to memory.  The panel, which should have been sponsored in neon lights by IBM, brought together four certified records managers from Big Blue to discuss paths towards a successful information governance program.  The panel also spawned the title to this blog post.  Tip of the hat to the fine people at IBM.

So, what are the 7 Deadly Sins of Information Governance?  They’re an attempt to outline those habits and/or activities to avoid when undertaking an IG project.  Back in undergrad, I was fortunate enough to take two semesters of organic chemistry (different career path).  During the review for the exams I was always the wiseacre that asked what we should NOT focus on for the test.  I found this to be not only mildly entertaining, but equally informative.

So here are the seven things to avoid in your next IG program:

  1. Failure to obtain executive buy-in and sponsorship – Someone in the organization has to act as the cheerleader by setting the example, eating their own dog food and be high enough in the food chain to obtain budget and resources.  Any IG project worth its salt is a change that impacts an organization’s culture.  Cultural changes require support from the players, but more importantly from the coaches.
  2. Lack of participation from all stakeholders – I’m not in the business of making guarantees, but I can warrant failure with near perfect foresight if all stakeholders don’t actively participate in the IG program.  I am not suggesting buy-in be obtained.  Buy-in is something you get to update the corporate business card template.  You need active and dedicated participation from all represented groups.  These groups will be different for many organizations but you can start with: Records/Knowledge Management, General Counsel, HR and IT.  Add to this group, but at a minimum make sure these groups are at the table.
  3. No well-defined and documented program scope – The bane of any project manager; scope creep.  This is what happens when there is lack of analysis and planning going into a project.  The project I participated in was one of the most comprehensive programs of work the organization had ever undertaken.  Many weeks were spent in a planning and analysis phase to ensure we knew, for example, what exactly we were able to enforce when it came to the company’s Blackberry infrastructure.  (Seems very 2009 to even mention Blackberry….sorry RIM….the company, not the discipline.)  There was also considerable analysis given to the categorization of all the data under examination.  In the end, have a well defined list and stick to it.  Without a list an IG program can very quickly turn into a never-ending tale.  Keep a good list of phase two items; you’ll have a few of those too.
  4. Absence of distinct benchmarks from which to measure success – Much of the program will not have a binary switch.  For example, there simply isn’t going to be a magic button that allows you to eliminate storage of email that doesn’t have business value.  People will want to keep pictures of their grandkids and the Zumba schedule at the local gym.  Instead set a goal to reduce email storage by 60%.  The goal cannot be to eliminate or simply reduce email storage. SMART goals apply here.
  5. Insufficient Marketing – Even before the experience of running a marketing team, I knew the IG program had to be sold to the masses.  You must be able to translate the benefits of an IG program; risk and cost reduction, cost avoidance making valuable business data more obvious and available, etc…  The marketing specifics will of course be unique to the organization, but telling the team in shipping, for example, that by categorizing their invoices they will save the company $XX every year does not make for a successful program. Increasing their ability to focus on tasks that contribute to their performance evaluation will resonate however.  I’m personally not above throwing a contest either…..
  6. No long term execution and management – An IG program is a cultural change and any change of that magnitude requires a permanent seat at the executive table.  An IG program is not a project that will just stay in place like a new set of pearly white veneers.  The program needs to be measured, reported upon and matured.  It is a living, breathing part of the business and often means a new and partially dedicated team.  If this commitment is not clearly understood it’s best not to get started.  
  7. Objectives are not realistic and/or ambiguous – Many IG programs are embarked upon due to some identified risk.  The risk could be a litigation risk or a risk to the administration of intellectual property or a more sinister information security risk.  Other programs are started for cost control or efficiency reasons, but a risk assessment should never be excluded. These motivations must be realistic and aligned with the risk tolerance level of the organization.  Objectives/what is planned to be achieved with the program is different than scope, but equally critical – especially for the operational step and initial executive commitment.

For old harried project managers, this list is bread and butter for a successful project of any sort. However, as the business of e-discovery is more fully understood by those outside of the litigation department and law firms continue to embrace a wider swathe of the process, similarities between these classic IG issues and the e-discovery process will become more evident.  One could argue that the core objective of an IG program and e-discovery is the same.  Aren’t both intent on removing the irrelevant and valueless records and categorizing what’s left for a better and more focused understanding?  You can extend this comparison onto other business functions like information security as well.  That group is also chartered with aggregating important facts and weeding out the chaff when conducting an investigation.  I foresee a convergence of tools and practices to handle the business of information in a much more comprehensive manner. Silos of subject expertise will always be necessary, but going about the business of managing information with many solutions and uninformed interests is simply unsustainable.  An IG program is a great place to begin making this critical transition.

Devin Krugly

Devin Krugly is the VP of Marketing and Business Development at AccessData. He joined AccessData from ExxonMobil to guide the growth of the company’s marketing initiatives, lead generation and to modernize the company’s global VAR and partnership network. Prior to his current role, Devin led several large multi-million dollar solution design and implementation projects for the world’s largest publically traded company, ExxonMobil. His most recent experience was a three year effort to grow an in-house e-discovery team with proper tools to successfully execute data collection and processing related to litigation. The scope of that project included a year-long process to evaluate potential vendors which led to 24 months of assessing fit and purpose of an e-discovery team and design of an IT infrastructure to support the team’s activities. Prior to his role with ExxonMobil, Devin held a position with Halliburton in their Global IT Security department working on NISPOM compliance and developing best practices related to government classified information. Devin also served in the US Army and was deployed to Bosnia-Herzegovina in support of operation Joint Endeavor/Joint Guard during peace-keeping operations in that region.

More Posts


  1. Mary says:

    You have to find the comedy in the chaos of the field of Information Governance. It truely is a comedian’s playground!


  1. […] Krugly published a very interesting blog/article, describing the “The 7 Deadly Sins of Information Governance“. I enjoyed the article, and I can’t find anything to disagree with, but I have to […]

  2. […] organization, and it requires a permanent shift in how information is processed.  The following Seven Deadly Sins of Information Governance are quoted from an article with that name at the eDiscovery Insight blog.  It delves into further […]

Speak Your Mind