How to prepare information governance for the Internet of Things

Adoption of social and collaborative platforms means that organisations have to incorporate social media posts, texts, instant messages, tweets and online file sharing into the formal processes that manage information throughout its lifecycle from creation to destruction.

Organisations must consider security, compliance and employee behaviour, but many are discovering that existing rules are difficult to apply to information types that are unstructured, vast in volume and difficult to categorise.

Many organisations don’t know who owns or who should own the content created through these communications channels. A recent survey of information professionals, by Iron Mountain and AIIM, revealed that a third of businesses have yet to allocate content responsibility for instant messaging (39%), mobile (32%), social media (28%) and cloud-sharing (33%).

>See also: Why the Internet of Things is more than just a smart fridge

But close to one in ten respondents said their organisations fail to regulate even well-established information types such as email, customer data and public online content.

And unfortunately, it’s about to become more complicated – welcome the Internet of Things (IoT). Connected device-to-device communication is already used in businesses across manufacturing, automotive, agriculture, energy and healthcare, as well as being driven into consumer sectors with the likes of connected devices in the home and fitness-related applications.

Estimates of the global number of connected devices by 2020 vary widely, ranging from 20 billion to 50 billion and more. In 2015, the number of connected devices and systems in use is expected to reach 4.9 billion.

This just goes to demonstrate how important it is for businesses to work on their information governance strategies now to accommodate these emerging information types, before the data volumes generated by connected devices to overwhelm.

Another major challenge will be the regulatory and compliance implications of data that will be moving between devices, placing new demands on data protection, security and recovery policies.

Legal frameworks generally lag behind technological capability, and the complexities of the data landscape generated by connected devices and systems will pose interesting legal and regulatory challenges.

For example, a connected device in a domestic fridge could be designed to monitor energy use or shopping needs, but could simultaneously be generating personal information about such things as an individual’s health, lifestyle and changing family structure. This kind of information would need to be regulated and protected.

The third challenge will be the storage and retention of the information. It will be impossible (and not the right thing) to store and keep absolutely everything.

Information governance frameworks are already struggling under the weight of emerging digital channels, and could buckle under IoT unless organisations get better at classifying their data and knowing what to retain and store and what to delete.

This is not always going to be easy. The challenge of determining what information constitutes a record or has potential business value, and applying an appropriate retention rule is no mean feat and may well seem overwhelming for the many businesses already overloaded with growing volumes of information in multiple formats. Yet failure to take on the challenge will to expose many to unacceptable levels of risk.

>See also: Making the Internet of Things a business reality

Information professionals often err on the side of caution when it comes to the data they retain. Businesses are reluctant to destroy data that could at some future point deliver value, and they don’t want to have deleted data which may suddenly required for e-discovery purposes. This results in hesitancy with a keep-it-all-in-case culture.

Judgement calls about record disposition will have to be made but these difficult decisions will be helped considerably by having strong information governance in place; pre-defining and automating categorisation to limit storage and vulnerability, and defining and enforcing clear responsibilities amongst your team.

It’s a daunting prospect, no doubt – but the time to start putting all this in place is now.


Sourced from Sue Trombley, Iron Mountain

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics