Challenges of Information Governance in the age of BYOD

Shadow IT and Bring Your Own Device (BYOD) strategies have the potential to derail well-structured corporate strategies if groundwork isn’t laid out from the beginning, and from a top-down perspective. In the present era, many individuals are adept at downloading and operating applications, with no involvement from their company’s IT department. These individuals often use a variety of cloud services on personal devices, encompassing collaboration, content-sharing, and file-sharing services. These new tools have transformed how employees function, and concurrently altered how businesses generate, control, and discard information. 

The clarity of records is no longer the norm. Today’s organisations need to consider all the information they produce and collect, such as emails, social media posts, online data and more, and figure out how to manage these new types of records in an increasingly regulated environment. It’s not enough to just have a Records and Information Management (RIM) strategy—companies need to incorporate records management into a broader, more strategic Information Governance (IG) plan. 

Shadow IT refers to hardware or software (or both) used within a business that is not related to or supported by the company’s IT department. This technology isn’t approved by the company’s IT professionals, and sometimes they may not even know it’s being used. 

The evolution of BYOD and Shadow IT is predominantly employee-driven. Tools like smartphones, applications, and other cloud computing devices have undergone significant transformations, and employees have embraced the convenience these tools provide. However, not all organisations have a well-defined policy permitting the use of these devices. 

Despite potential utility and cost-effectiveness, Shadow IT hardware or software can introduce more significant security risks if business security protocols aren’t established in advance. Such scenarios can lead to potential risks like loss of control and visibility of company data, potential data leaks, accidental data exposure due to physical loss or theft of BYOD devices, compromised device integrity, and compliance issues. 

Further, new concerns related to emails, text messages, social media posts and more are now part of the BYOD landscape. Many organisations are yet to create an appropriate IG plan that defines or addresses how this information is classified. 

RIM and IG, although often grouped together, are different. RIM focuses on the lifecycle of a document from creation to destruction, while an IG strategy takes responsibility for the successful management of electronic files created or collected within an organisation. IG must adopt a wider, more strategic approach to ensure all information is created, organized, managed, and destroyed in ways that align with the organisations objectives. 

Given that BYOD devices are commonplace in most workplaces, IG leaders need to adapt their frameworks to address the rising concerns of using these devices. They also need to determine the right cloud computing software and providers for their organisation. Solutions need to manage digital records and documents while mitigating compliance issues and improving operational efficiencies. Plus, the chosen records management solution needs to capture and record information disseminated via BYOD. 

In today’s rapidly expanding data landscape, IG doesn’t stand alone. While Shadow IT and BYOD introduce new challenges, RIM leaders also face similar issues as workplace technology evolves. By collaborating with IG leaders, RIM professionals can play a strategic role in identifying the records and information produced by employees and in developing the needed strategies and policies to support both RIM and IG programs. 

Successful coexistence of BYOD and IG is possible, provided a consistent IG program is instituted within an organisation. Such a plan should clearly outline the organisations commitment to managing its information stores and guide employees on best practices. 

Mitigating Risks and Ensuring IG 

Using a robust cloud computing records management system allows businesses to safeguard and control digital documentation while still giving employees the ability to access and collaborate on information from anywhere. Pairing an effective records management system with a comprehensive IG program centralises data and allows for consistent enforcement, retention, and disposal policies, thus keeping everyone compliant with regulations.