The challenge of applying information governance to Yammer and other social media frameworks July 24, 2014

Yammer: "We bought this to illustrate the futility of one-way communication"

Today we had our regular meeting of the EDRMS Implementers Group and the topic for discussion was social media information management.

Managing social media information for all the lovely NSW government records and information managers assembled today is a challenge.

With social media information there is a lot of it, most of it is low level and transactional, some of it is rude and defamatory, a small proportion of it is high risk or significant and needs specific management, and in most organisations there are very few processes, governance arrangements or tools in place to enable all these challenges to be met.

Some people reported having very comprehensive and structured pre-approval processes for all social media posts which result in a defined set of social media information to manage.

Most people however reported having very dynamic and less structured social media operations which are driven by client or community needs or emergency situation demands. Information management is naturally much more complex in these client and business driven environments, where communications can’t be tightly controlled, where many different areas of business are involved and where clients do regularly vent about some of the services being provided to them.

Integrating with business as usual

We talked about how social is being integrated into business process so that when issues or hazards are reported in social channels, staff have established processes for ensuring the information is fed into appropriate business pathways, relevant staff can be notified, the issue can be addressed and information can be captured in appropriate systems.

Non universal access

We also talked about how still in some government organisations, only communications staff have access to social sites such as Facebook. As a consequence information staff cannot monitor the types of corporate business moving to social frameworks and cannot develop solutions for managing necessary information because there is no access to these systems through official channels.

Reactive rather than proactive strategising

We talked too about how social media information management currently lags in many environments because social itself is not generally well understood or utilised in government. Government can tend to be reactive rather than proactive and so can be slow to take a strategic approach to leveraging and managing new technologies.

Outsourcing and social

Some organisations also outsource the transmission and dissemination of some of their social communications and we talked about the information governance that should be referenced in these arrangements. Where a third party is providing these services on behalf of a government organisation and when the government organisation is likely to need to account for what messages were communicated in its name and when, contractual requirements do need to specify the types of information and reporting that the third party needs to produce and maintain in order to enable the appropriate levels of accountability and governance.

Yammer and internal social spaces

Our longest conversations, however, were about internal business tools like Yammer which create social spaces and Facebook-like interfaces to facilitate internal business conversations.

Many of the organisations represented at the meeting today use Yammer and other similar social tools that are designed to enable colleagues to share knowledge, ask questions, collaborate on an issue and have productive virtual business conversations.

One person reported that their corporate Yammer system has been operating for only three weeks and it has effectively gone viral. The volume of genuine business conversations taking place in this environment is extraordinary, with gigabytes of conversations being created in only weeks, and thousands of productive conversations about projects and deliverables taking place across a large and distributed workforce.

Other people reported very similar levels of uptake in their organisations and reported on the nature of the very significant business issues that were being discussed in these internal social networks.

Like the majority of public facing social networks, these internal social networks are usually deployed without the support of corporate information governance frameworks around them. Consequently conversations about high risk active business scenarios are taking place alongside more mundane conversations about the tea room configuration and the same absence of governance applies to all the business information generated.

It could very well be argued that this lack of governance, oversight and management is what contributes to the very effective communication that appears to be happening in these internal social channels.

But, on the other hand, some organisations report that their GIPA processes are struggling to incorporate the volume of information now available in these internal social networks. It is also likely that within short periods of time the sheer volume of conversations will start to overwhelm existing storage environments. There is also no doubt that some decisions about high risk areas of business that are being made on the basis of extensive collaborative Yammer discussions will ultimately need to be accounted for. Some form of information governance will be required in these systems.

As a group today we discussed a variety of options for this, including:

  • exporting and managing conversations in key subject areas that relate to high risk business issues
  • applying broad high level taxonomies or classification structures to internal social sites so that it is easier to pinpoint the location of high and low risk conversations
  • applying standard, high level retention rules to Yammer sites to minimise over retention so that, for instance, all the conversations in the ‘footy tipping’ thread will be purged on 31 December each year, while those in project based areas will have business-appropriate retention and governance rules applied to them.

We all definitely agreed that governance must not stifle collaboration and innovation but we also agreed that where organisational needs and risks justify it, good information management practices must start to evolve in these corporate social environments.

We need good governance

Recent cases of poor email and poor instant messenger management in the IRS in the United States show that regulatory and judicial processes expect information governance to apply in all business environments. Where new technologies have been adopted to replace more formal business channels with their well defined information management processes, governance and accountability frameworks are still expected by regulators, the courts and the community to apply in these new business environments.

The IRS case and many others however, show that these new channels are usually deployed without considerations about these expected accountabilities. So when deploying your social systems for your internal and external communities, it is important to consider where good governance will be expected, what information you will need to support your clients and your business into the future, and what rules will need to be deployed to help you scale, control and manage the information you generate.

Information management must not be heavy handed and it must not be used to stifle or constrain innovation, but innovation must also be deployed with the long term interests of the organisation and the community at its heart.

Leave a Reply

You must be logged in to post a comment.