Information governance for leaders

A few weeks ago I gave a couple of workshops as part of the Jisc Digital Leaders Programme on the importance of information governance in the digital environment. Initially, I wasn’t too sure how much background the participants had on the matter. It turned out they knew their governance issues pretty well!

Information governance to support digital literacy

As a light start, I opened the discussion with an illustration of how information governance is an important field to support information literacy. Information literacy all too often concentrates on how digital technologies are used to acquire, create and use information in a teaching and learning environment. However, once information has been created and been used successfully it often seems to be forgotten about. But information has a long life well after its initial use in a teaching cycle and needs to be managed well until its eventual disposition. Only when information is properly named, classified, tagged, and safely stored can staff and students take advantage of information in a collaborative environment.

According to the Jisc Digital Capabilities framework, “Digital literacy looks beyond functional IT skills to describe a richer set of digital behaviours, practices and identities”.

And that should include knowing

  • which tools to use for which tasks
  • when and how to share information
  • how to assess the sensitivity of information and related risks
  • and, ultimately, who to ask for advice.

When the right processes, tools, training and guidance are in place for staff and students they will have the confidence to use digital technology and information to their advantage.

Compliance? Only when you manage your information well!

One driver for managing information is often legal compliance and mainly with a view to Freedom of Information Act requests. It became clear that FOI was perceived as quite a burden by most participants given the rising number of requests received each year by their institutions. In addition, the 2014 Jisc Information Legislation and Management survey found that 76% of institutions felt that locating and retrieving information relevant to an FOI was a medium to long effort.

Good information management can help answering those many requests faster and with more confidence because it enables relevant staff to know

  • what information an institution holds
  • where it is and how to access it.

As part of the compliance question we discussed a recent example of case where personally identifiable information had accidentally been shared with unauthorised people when it was distributed back and forth in an email. The focus was not so much on the breach of data protection principles but on the adequacy of the tools used to collaborate on corporate information. Would the error have been avoidable had they used a collaboration platform where staff could work on the same document rather than emailing versions of it around? Almost certainly! Unfortunately, it seemed that most of those present still use email as primary collaboration and information sharing tool in the absence of better alternatives provided by their institutions.

We will never manage ALL the information in our organisation…

Discussing some of the tools that could be used to manage information in institutions, the common response from the room was:

‘We will never be able to manage all the information we hold completely’

‘I can’t tag and classify every single document that I create, I have a day job too.’

The simple answer to both statements is probably: You don’t have to but you can also not continue to do nothing.

Information governance comprises of a set of disciplines that should be used by institutions to enable staff and students to make best use of information while at the same time minimising risk and cost. It should not be a barrier to using and sharing information but provide a consistent framework within which staff and students can operate freely while at the same time keeping themselves and their information safe. Information governance is closely linked to institutional risk management frameworks and which policies, processes and procedures are put in place should reflect the risk environment and the sensitivity of the information at a minimum.

We all agreed that managing information is a game of marginal gains that only works when you have both senior management and the majority of staff on board (you can never win over everyone). Small initiatives can add up and amount to an incremental change in how staff and students not only create and use information but then subsequently manage, store and re-use it successfully. So next time a member of staff needs to share some information with colleagues they will not automatically fire off an email with 10 attachments but log into SharePoint or Google docs or their shared drive and sent colleagues a link to the relevant information.

 

Overall, I think we had some good discussions highlighting some of the issues that institutions face regarding information governance and it certainly gave me food for thought for future activities. Oh, and I haven’t even mentioned the pro’s and con’s of cloud computing yet…I might leave that for another workshop.