Intelligent Information Management (IIM) – like a civilized society – cannot exist without rules and regulations. Within the IIM context, we then quickly speak of Information Governance. But is having rules and regulations enough?
No. There are many aspects involved. One of them is us: human beings. And that sometimes makes it a disaster in disguise. Precisely to showcase this complexity, I’ve been looking around a bit more recently and have found some appealing examples.
Caught up with technology
It was recently revealed that our Prime Minister Mark Rutte had deleted text messages from his cell phone and had not have them all saved. Wrong said the opposition! Correct said the Prime Minister! Without getting bogged down in a political discussion (because of course there was also a political game at play), it seems that there were gaps in the rules that created a gray area. And since that gray area is obviously not included in the training, the user – in this case, Mark Rutte – acts in good conscience as it suits him best. You and I would not have done otherwise.
Chances are, when you are active with heart and soul in the center of governance, you wonder how this is possible. There are rules and they are explained and they are controlled by the House of Representatives. But were the rules current and unambiguous? After all, the rules predate the existence of text messages on a phone. And was there continuous training? And shouldn’t an audit have determined that allowing the user to decide which message to delete is a major risk – especially in a political organization with multiple agendas?
When you take the political context out of the example, you have a person who, for lack of clarity, in the spirit of what he does know, tries to make the best of it. And especially the best for this particular specimen of homo sapiens. The lesson to be learned from this is to keep Information Governance in line with the technology used in the workplace.
Summer is here and everyone is going to enjoy a well-deserved vacation. More often I do get ahead of the rest, so I’ve already been on vacation. Refuel in a beautiful hotel under the Spanish sun. Pool, lounger, drink. Who can stand against me?
At the hotel, there was a Hotel Governance to say the least. There were a number of rules established and they were nicely explained at check-in. The first was a dress code.
Dinner is a special occasion of the day. Therefore, we kindly request that you dress appropriately for it. For men, we recommend long pants and shirts with sleeves. For ladies: elegant. We appreciate your good taste.
A delightful rule where you can do nothing wrong and everything is allowed and that is precisely what is not meant. One person will conform to the request. The other thinks: I have a vacation and do what I want. No obligation. The latter group was in the majority. As a man, I do have to get off my chest that I have issues with the rule. It is absolutely true that many men do not know how to dress for the occasion. A helping hand is not so bad. So I can easily go along with that. Where I turn away, based on what I’ve seen, is that in the case of the ladies, “elegant” is sufficient. Let me just say that my standard for elegant in a hotel-restaurant does not include a see-through beach dress over a bikini.
The moral is: If your information governance leaves room for interpretation or is not mandatory, you should not be surprised that your users will be very creative with it. And fair is fair: you can’t blame them for that. The second rule dealt with a well-known irritation among many vacationers: reserving sunbeds.
Please do not reserve sunbeds. Any towels left unattended for more than 40 minutes may be removed by our staff.
Again, not a mandatory rule, but a request. It will not surprise you that around 10 o’clock all the sunbeds – if not actually occupied – were reserved. As long as there are sunbeds left, that doesn’t have to be a big problem. Maybe you won’t lie in your favorite spot but let it go, you’re on vacation. But what if you are short of sunbeds? I have seen several cases where sunbeds were reserved with a towel before 10:00 am and the guest did not arrive for the first time until after 3:00 pm. The problem was, there was no control. The staff did not know which sunbed had been left unattended for more than 40 minutes. The other guests did, but yeah, you don’t say that….
Another observation was, that guests who first did not reserve sun beds with their towels, at a certain moment started to do so. Indeed, they learned that there was no monitoring and no enforcement.
The moral is: If you have governance sanctions for undesirable behavior, you obviously need to both monitor and enforce. After all, you can’t blame your users that if there are no consequences for unwanted behavior, they will abandon the rules over time.
How should you do it?
The starting point for governance should be a biblical proverb: The spirit is willing, but the flesh is weak (Matthew 26:41). If you don’t want your governance to become a disaster in disguise, you’ll need to design the rules so that they are current, complete and clear to users. It helps tremendously when you continue to educate users on an ongoing basis. You will have to monitor compliance with the rules and attach consequences to undesirable behavior. You should not assume that rules alone will make things right. Everyone will do their best, in good conscience, to choose the path that is most convenient and least strenuous for that person.
Implementation of Information Governance
Therefore, in my view, there is no one-size-fits-all answer to how to implement Information Governance. It depends very much on your organization, the culture, and most importantly: the people. Do what fits into that unique context. And we may well exchange ideas about that.
Sometimes that unique context plays tricks on you in other places as well. That’s also why a concept like agile doesn’t fit every organization. By the way, did you know that creating good User Stories is a lot like being able to create good governance?
Even deploying Citizen Developers requires a healthy dose of organizational self-knowledge and clear agreements with both an Application Governance and an Information Governance. I’ll talk more about that next time.