We’re often told today that “information is the lifeblood of an organization” and that “data is a company’s most valuable asset.” It’s true that the era of big data promises significant new insights into market trends and customers that can fuel innovation and make companies more agile and resilient. But there’s one hitch that many companies aren’t considering. What if all that information costs more money and creates more risk than the benefits it delivers?
For example, saddled with ever-sprawling and siloed data stores, many companies can never be certain they are complying with an e-discovery request to turn over all relevant information. Similarly, they cannot be sure of their ability to comply with all the different and evolving privacy regulations in the various jurisdictions in which they operate. Added to this uncertainty is the fact that very few organizations know the full cost of the information they manage, including how much it costs to collect, process, store and access it, how much it costs to retain and produce it to regulators and how much it costs to preserve and deliver it in litigation.
If your company lacks these insights into information risks and costs, there’s a good chance it is also suffering from poor information economics. What is information economics? Think of it this way: if economics is “the discipline of analyzing the production, distribution and consumption of goods and services,” then information economics is the discipline of analyzing the production, distribution and consumption of information.
We know that organizations obtain value from the information they produce and collect, but this value is offset by the risks associated with it, including growing privacy risks, and by the costs to access and manage it. Research conducted by the Compliance Governance and Oversight Council (CGOC) has led to a painful truth: over time, the value of information declines while the associated costs remain constant and the compliance and legal risks actually rise. What’s worse, the research also found that at any given time, typically 1 percent of corporate information is on litigation hold, 5 percent is subject to a regulatory retention requirement, and 25 percent has current business value. This means that approximately 69 percent of the data that most organizations are currently managing, protecting and storing is “data debris,” unnecessary information that only increases risk and cost.
Therefore, companies can dramatically improve their information economics—that is, increase the profit margin on information—by managing information risks and controlling information costs while increasing information value.
Managing Information Risk
As data ages, it becomes increasingly difficult and expensive to find, process, restore and review in investigations and civil litigation. Typical causes for this include the inability to locate information within different silos, the decommissioning of the technology to access or restore it, the difficulty of understanding the nature of it without first restoring it and the absence of any context for understanding it after it is restored. Compliance managers face similar issues when attempting to validate regulatory compliance, especially across multiple jurisdictions. What information exists; where is it located; who controls it; how and when is it moved around, archived or deleted and what regulations apply to it? Clearly, eliminating data debris would reduce risk of compliance violations.
Controlling Information Costs
Many people assume that declining storage hardware costs means that the total cost of storing information will also go down. Unfortunately, in the era of big data, the growth rate of information in most organizations far exceeds the unit cost decline. Besides, in addition to storage hardware, the costs associated with information retention include recurring application and infrastructure costs (e.g. licenses, servers, bandwidth, etc.) and soaring administration costs, especially given the ever-increasing level of IT complexity. In addition, Gartner (Gartner IT Key Metrics Data 2012) estimates the annual cost of e-discovery at $18,000 per gigabyte, while in Hoarders: The Corporate Edition, Jake Frazier argues that the real total cost could be even higher.
As a result, retaining information that has lost its value places a huge burden on a company’s information economy. For example, a company in the financial services, life sciences or energy industry with 25 petabytes of storage capacity is likely spending between $1 billion and $1.5 billion annually on information technology and $500 million in litigation costs. Yet these companies may have as few as 5 petabytes of information with any current value. Even a mere 10 percent reduction in information costs could contribute $100 million annually to the bottom line, but the potential for savings is far greater.
Defensible Disposal and Compliance
An Information Lifecycle Governance (ILG) program provides a framework and processes for aligning information risk and cost with the changing value of information over time. Given the amount of data debris that most companies generate, this alignment permits a massive reduction in the total amount of stored data through the implementation of an organization-wide defensible disposal program that automatically eliminates information with no legal, compliance or business value. When fully operational, a defensible disposal program systematically reduces risk and cost, frees existing storage capacity and perhaps most importantly, facilitates access to the remaining valuable information by compliance and legal departments and business users.
Information Economics and Opportunity Cost
In information economics, opportunity cost is based on what a company could do with the capital it is currently wasting on retaining data debris. Investing in new research and product development certainly tops the list, but also important is supporting innovative initiatives, such as “bring your own device” (BYOD) and social media. When e-discovery penalties and regulatory fines are factored in—not to mention the potential loss of reputation—the lost opportunity cost associated with poor information economics can be staggering.
For companies that want to explore how to begin the journey of improving their information economics, the “Information Lifecycle Governance Leader Reference Guide,” a resource developed by the CGOC, lays out the key levers, processes and capabilities required to operationalize a defensible disposal program.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Deidre Paknad, founder of the Compliance, Governance and Oversight Counsel (CGOC) and Vice President of Information Lifecycle Governance solutions business at IBM, is widely credited with having launched the first commercial applications for legal holds, retention management and defensible disposal; she is a recognized thought leader in legal and information governance with numerous patents in the field. She has authored many papers in the e-discovery and governance field, has been a member of several Sedona working groups since 2005, and co-leads the EDRM IGRM initiative. Ms. Paknad is a seasoned entrepreneur and executive with 25 years’ experience applying technology to inefficient business processes to reduce cost and risk. She was inducted into the Smithsonian Institution for innovation in 1999 and again in 2000.
Today, Ms. Paknad leads IBM’s Information Lifecycle Governance business, which includes its e-discovery, records and retention, archiving and defensible disposal solutions.