There is a lot of talk about information governance these days by vendors, customers and analysts. It is definitely the right discussion but there seems to be a lot of confusion about what it means. Here’s my definition: managing the data you need as you need to as efficiently as possible. [Read: managing only the data you need to and no more while complying with applicable legal duties at the lowest total cost to the company.]

Let’s face it, companies really have zero interest in discovery; being able to discover per se has little business value. Discovery is predominantly triggered by an adversary and more often than not, it’s used as a weapon by that adversary. The real objective is to meet this legal obligation at the lowest possible cost to the company.

Likewise with retention regulations. These regulations are designed to protect adversaries and investigators. They are enacted to get companies to save information longer than its useful life to the company and longer than the company’s self interest. No government agency passes a law to save the company from hurting itself with sloppy record keeping! Companies don’t have any interest in retaining useless data in perpetuity -- just the government agencies that regulate them do.  Privacy and data protection laws follow the same logic. They exist to protect individuals, not corporations. To do so, they impose requirements for securing and destroying data at a cost to the company.

Companies have been distracted with ballooning data volume and expanding e-discovery obligations for the past five years, and most were caught off guard with antiquated retention programs focused only on sequestering physical records. In the rush to react to new electronic discovery challenges, it was easy to forget that all data isn’t valuable data and e-discovery isn’t a value-creating business process. In fact, they both reduce profit by hundreds of millions of dollars.... and that's the value recovered with good information governance.