· Features

Is your information governance plan ready for the Internet-of-Things?

Emerging types of data are presenting a significant challenge to the information governance strategies of many businesses.

The widespread adoption of social and collaborative platforms means that businesses have to incorporate social media posts, texts, instant messages, tweets and online file sharing into the formal processes that manage information, from its creation and handling through to its storage and secure destruction.

Along the way organisations must consider security, compliance, and employee behaviour. As a consequence many businesses are discovering that existing rules are difficult to apply to information types that are unstructured, ephemeral, vast in volume and difficult to categorise.  

In fact things are about to become more complicated. Few companies will be unaffected by the imminent arrival of the Internet-of-Things (IoT). Connected device-to-device communication is already used in sectors such as manufacturing, automotive, agriculture, energy and healthcare, and is being driven into consumer markets through the fast take-up of connected devices in the home and fitness-related applications

It is important that organisations start adjusting their information governance strategies to accommodate emerging information types now, before the data volumes generated by connected devices threaten to overwhelm them. 

Areas that need to be addressed include lack of designated responsibility. Someone – an individual or a team – needs to be given ownership of the content generated by connected devices. 

The second major challenge will be the regulatory and compliance implications of data that will be moving between devices; placing new demands on data protection, security and recovery policies. Legal frameworks generally lag behind technological capability, and the complexities of the data landscape generated by connected devices and systems will likely pose interesting legal and regulatory challenges. For example, a connected device in a domestic fridge could be designed to monitor energy use or shopping needs, but could simultaneously be generating personal information about such things as an individual’s health and lifestyle. Consequently, information of this nature would need to be regulated and protected.

The third challenge will be storage and retention of the information. It will be impossible to store and retain everything. Information governance frameworks are already struggling under the weight of emerging digital channels, and could buckle under IoT unless organisations get better at classifying their data and knowing what to retain and what to delete. 

This is not always going to be easy. The challenge of determining what data points constitute a record or have potential business value, and applying an appropriate retention rule is going to seem overwhelming for the many firms already overloaded with growing volumes of information in multiple formats. Yet failure to take on the challenge is going to expose many to unacceptable levels of risk. 

Organisations often err on the side of caution when it comes to the information they retain. Businesses are reluctant to destroy data that could at some future point deliver value, nor would they wish to have deleted records or messages that are suddenly required for e-discovery purposes. The resultant hesitancy is creating a keep-it-all-in-case culture. 

Making challenging judgement calls about record disposition will be helped considerably by having strong information governance in place; pre-defining and automating categorisation to limit storage and vulnerability, and defining and enforcing clear responsibilities. As hard as it may seem, the time to start putting all this in place is now.

Sue Trombley is managing director of professional services at Iron Mountain, an information management services company