The OxyMorons - Moving IG to Prime Time - S3E1

Today’s guest on The OxyMorons is Mike Salvarezza, Vice President of Content Development for the MER Conference.

Mike is recognized as an industry expert on Information Governance and his extensive Information Technology background enables him to anticipate emerging IG trends and challenges from a Legal, Technical and Operational perspective. Mike’s tenured career includes extensive experience in the complementary disciplines of Information Technology, Records and Information Management, Compliance Systems and Culture and Behavior, enabling Mike to succeed in traditionally difficult areas by combining unique perspective and knowledge.

How did you get involved in Records Management?

Funny story. The Chief Compliance Officer offered me a job in the compliance function. I was intrigued and looking for a way to have a different kind of impact in the company. He told me, “The only catch is that you'll have to take records management and I assure you that it will be maybe 5% of your time.” Well, keep in mind this was records management for the Altria Group, which was a tobacco company during the big tobacco wars with the government. So, records management was extraordinarily important and complex and carried an awful lot of pressure given the big bright light shining on it. So that was my indoctrination, a trial by fire. No pun intended.

What do you like to do for fun? What do you do when you’re not making the world safe for information governance?

The other side of my brain - my passion in life actually - is underwater. I'm a lifelong scuba diver and underwater photographer. I have been doing that for the better part of my life and have traveled pretty much the world - from the Arctic to the Antarctic and everywhere in between. I write very frequently for magazines and periodicals. I speak very frequently on underwater topics. My passion is bringing the underwater world “above the water” to show people what's down there and to show people why that that part of our planet is in danger.

What's different now compared to when you first got involved in governance and records?

My pressure cooker situation with Altria was a little bit unique to that company. The world of information governance at that time was not as complex as it is today. That's really the big difference. And that complexity is driven by technology. It's driven by the always on, always connected world of many, many ways for people to work and interact and exchange information. Back in the day, we had to worry about email. We had to worry about repositories of documents that were on file shares. We had to worry about database systems and that kind of stuff.

Today, an information governance professional must worry about Teams and chats and social media. They must worry about ransomware and privacy and eDiscovery. There's just an enormous complexity to the computing world that all businesses are involved in today. And that complexity makes information governance an extremely challenging profession.

What’s the biggest challenge professionals face in selling information governance into their organization?

I think the biggest challenge that information governance professionals face is that the pace of business and the rate of innovation is incredibly fast. The need for businesses to compete rapidly, and quickly make decisions on the fly makes it very hard to have a conversation with a senior executive about putting in infrastructure that can govern information across the spectrum of technologies that the company is using. They do not want to be associated with something that will slow the business down. And it's not because the business is just trying to be fast for the sake of being fast. This is survival mode.

Businesses coming out of the pandemic realize that the world of business has changed. I don't think COVID created the new world, it just accelerated everything. We have a whole new way of working; we have information flying all over the place. We have new technologies popping up every single day and rising threats. But it's hard to get the business to slow down and say, “Okay, let's put a stop on this new development, this new project, or this new product that we're building because we can't figure out how to govern the data.” That doesn't fly anymore.

It's always been the case that you could make the argument for governance because you don't want to get sued and need to stay ahead of the lawyers. And concern about ransomware and data breaches add additional dimensions to that fear. But that is no longer enough. What information governance needs to get better at is having a clear argument for why it's an accelerant to the business, and how it can help the business derive real value and business advantage from information. And I don't think information governance has gotten that argument down quite yet.

How can information governance help organizations – and society for that matter – sort through the thorny questions of what is real and what is fake?

That’s a topic that I'm very passionate about. At a society level, the erosion of being able to accurately discern what's true and what's not true is contributing to a very significant breakdown in our society. I know that sounds very apocalyptic and hyperbolic, but I think it’s really playing out.

Records management and information, governance have historically focused on data and information authenticity, making sure that once a record is captured, it stays that way and doesn’t change over time. That’s data immutability. But what happens when a record starts out as a piece of false information and can stay that way forever? And can be distributed to hundreds or thousands of people with a click of a button, with a veneer of respectability and legitimacy? Information governance should be focused on this. Combating the dissemination of disinformation and misinformation should be a very, very, very high priority for everyone, not just the tech and social media giants. I think I think all businesses have a stake in this, because I think we all have a stake in this.

When it comes to issues like privacy, do you think organizations are hanging onto vestiges of old practices?

We all have a love-hate relationship with privacy, right? We have extreme – and variable - concerns about privacy. On the one hand, companies that are truly implementing GDPR or adhering to PCI compliance are spending millions and millions of dollars on solutions. But the whole world lives in a place where you're giving up your privacy every day, every time you sign on to a system and you click “Accept.” Sure, you can click “Decline.” But you’re basically opting out of society if you do that.

How do information governance professionals need to change their game habits to become more relevant in this changing world that you're talking about?

First, Information Governance professionals must be extremely IT literate. There's just no way around it. For example, you can't help the organization unless you truly understand Microsoft Teams if that's what your company is using, and most companies are. To understand Microsoft Teams is to understand the technology platform that the whole company is operating upon. You must be IT literate.

Second, I don't think IG professionals can be successful unless they can talk business and really understand how information governance can benefit the business - and not from a “stay out of jail” perspective, but from a “how do we make more money” perspective. And from a “how do we get more market share” perspective and a “how do we convert more clients” perspective. If information governance professionals can't speak in those terms, and speak with authority, then everything will be an uphill battle.

Lastly, information governance professionals cannot be shrinking violets. They must be conveners. They must work with multiple disciplines; they must work across the organization. So that means they must be leaders. They need to they present complex topics in non-complex ways.

——-

Mike Salvarezza leads the content development team. At the MER Conference. He is now soliciting presentations for the 2023 MER Conference, May 22-24 in Chicago. Why not step up and propose a topic and share your knowledge. Here’s the link - https://www.merconference.com/page/2274422/call-for-presenters.

——-

And FYI, if you are in the federal government sector, don’t miss my post of operationalizing the new FADGI-3 permanent record requirements - HERE.