iSchool alumna Ilona Koti is hosting a webinar with us on May 4. Before she gives her webinar, Ilona answered some questions for iSchool Graduate Recruitment Manager Erin Bartolo in order to help people better understand her area of expertise, information governance. Ilona is currently a Principal Consultant in Information Governance & Risk Management at ARK-IGC Information Governance Consulting.
What do all professionals need to know about information governance right now?
Information governance is an emerging field. When I was at Syracuse University completing my Masters of Library and Information Science in 2001, I decided to venture more into technology, so I completed my Masters in Information Management in 2004. Even back then, I always thought to myself, all of these tech people are creating all of this data. Who is going to manage this information in the future?
Welcome information governance (IG), which is a strategic approach to managing information and focuses on five core areas – records & information management, legal, privacy & security, information technology (IT), and business operations. The Information Governance Reference Model (IGRM) provides an excellent visual diagram.
As an IG professional, you need to have experience in several of the aforementioned areas to help your organization mitigate risk and increase operational efficiency with their data, therefore a new role is also emerging – the role of the Chief Information Governance Officer (CIGO). The role of the CIO is no longer enough in the information age. CIOs in most cases are really CTOs, which is why the CIGO role is needed to clearly delineate between information and technology.
I should also mention that the salary of a CIGO will typically range from $150,000 to $350,000+, depending on the size of the organization and complexity of the role.
Why should anyone care about information governance?
If you are in charge of managing any sort of information at your organization, you need to care about information governance – particularly if you are in a more senior role, since you may be held legally liable for mismanagement of company information. Given that fines for privacy and data breaches, let alone corporate litigation, start in the millions of dollars, having a proper records management and information governance strategy in place at your company is vital.
On average, the cost of hiring a person(s) to oversee the program and purchasing the associated technology to initiate or update your current information program is typically less than it would cost to respond to a breach, litigation, or recover from reputation damage.
If your information program is properly implemented, you will also see increases in employee productivity, minimize offsite data storage costs, and start to use your organization’s information as an asset. Information governance is as much about risk mitigation as it is about obtaining a return on investment (ROI) on your company’s data.
How do you communicate the importance of information governance to those who are less concerned?
If others in your organization are less concerned with managing information and say things such as, “data storage is cheap” or “we’re fine, we’ve always done things this way,” think again.
A great example is Pacific Gas & Electric (PG&E). A few decades ago they halted their records management program and told staff to throw away records of existing gas pipelines. Several years ago, one of these pipelines exploded in San Bruno, killing eight people and destroying significant surrounding property. What resulted was a very long court battle, and the legal discovery process and court testimonies returned detrimental information about PG&E.
In addition to hundreds of millions in previous fines, PG&E was just assessed a $1.3 billion penalty for their inappropriate and unsafe conduct. I can certainly tell you that after the San Bruno incident, the majority of oil and gas industry stepped up their records and information management programs to ensure that company information was being properly managed in conjunction with applicable laws and regulations.
With a case study such as PG&E, it still amazes me that only about 40% of organizations have at least a baseline information governance strategy in place. Corporate executives need to start not only allocating budget to their information governance program, but taking an active role by participating in steering committees and by ensuring that all staff in the organization comply with good records and information management practices.
With the ever-increasing fines for mismanaging or misallocating data, executives can no longer afford to not give full attention to how data in their organization is (or is not) being managed.
What advice do you have for students and professionals getting into information governance?
As information governance is vast and rapidly expanding, being a subject matter expert in all areas of IG is difficult. If you are looking at a career in IG, pick what area you think that you would like to work in, and then develop and work towards a college degree in that area. Ideally, try to obtain at least a masters degree if you plan on reaching an executive level in your career to make it easier on yourself, as most senior-level officers have a post-secondary education.
If you are interested in other areas of IG, look to certifications in the foundation areas, but start with one area to become an expert and go from there so you don’t overwhelm yourself. There will always be something new to learn in IG.
What organizations or communities are leading in information governance? Any associations, resources or groups people should follow?
There are several fantastic resources and professional associations available for anyone who is interested in learning more about information governance and the associated disciplines. A few of the top sources are as follows (in no particular order):
- ARMA International – http://www.arma.org/
- Institute of Certified Records Managers (ICRM) – http://www.icrm.org/
- International Association of Privacy Professionals (IAPP) – https://iapp.org/
- Association for Information and Image Management (AIIM) – http://www.aiim.org/
- American Health Information Management Association (AHIMA) – http://www.ahima.org/
- Project Management Institute (PMI) – http://www.pmi.org/
- Information Governance Initiative (IGI) – http://iginitiative.com/
- Information Governance Reference Model (IGRM) – http://www.edrm.net/projects/igrm
- Sedona Conference – https://thesedonaconference.org/
- National Cyber Security Alliance (NCSA) – https://staysafeonline.org/ncsam/
- Cloud Security Alliance (CSA) – https://cloudsecurityalliance.org/
Want to know more about information governance? Ilona is hosting a live iSchool webinar with more this topic on Wednesday, May 4 at 12:00pm EST. This webinar, like all iSchool webinars, is open to anyone – all you need to do is sign up.
The iSchool has one webinar a month, hosted by faculty, staff, or alumni. You can watch past webinars or sign up for webinars on other topics on our iSchool Webinars page.