The Risks and Consequences of Information Mismanagement
In 1997, Forrest Woody Horton and Dennis Lewis wrote "Great Information Disasters." The book has long been out of print but the core message remains: a failure to manage information is the root cause of many (and probably most) disasters. The problems are especially challenging in healthcare (pdf), where adverse events have a devastating impact on all those involved, including patients and family members, as well as health care providers and health care organizations. In many cases the failure isn't a case of information being of poor quality or not discoverable but a result of poor information behaviors. A recent analysis arising from the COVID-19 pandemic concluded that global health crises are also information crises.
My colleagues at the Information School, University of Sheffield conducted an analysis of the 2011 Fukushima Nuclear Disaster, concluding that information avoiding behaviors were a major factor in the disaster. These, influenced by barriers created by a strong commitment to the myth of nuclear safety, resulted in a catastrophic information failure.
Sadly it looks as though the explosion in Beirut last week was another example of poor information management behaviors. An initial assessment by the BBC indicates the storage of the ammonium nitrate was documented. Many officials in Beirut appear to have known of the explosive potential, but it seems no one wanted to take responsibility.
The Dark Side of Information Management Behaviors
A 2019 paper in The Bottom Line titled, "From Information Mismanagement to Misinformation: The Dark Side of Information Management" aimed to summarize the research on information mismanagement and provide guidance to managers on how to minimize the negative consequences of information mismanagement. The authors constructed a typology of misinformation which can be used to analyze project planning and strategic planning processes with an eye towards reducing the chances of failure that result from information mismanagement. The authors provide a seemingly endless list of examples and a good checklist for managers.
In so many cases, information mismanagement isn't a failure of technology so much as a failure of management to understand and take the necessary action. IT supports good practice in information management, but it is only as good as the policies and procedures management puts in place. The key issue is about the responsibilities of the Board, managers, employees and IT teams.
Related Article: Understanding Information Behavior in Your Organization
Internal and External Search Requirements
When it comes to internal search, enterprise applications respect security trimming. While this is important for confidentiality, it also means employees may not have access to information that we assume they have, as managers often have no idea of who can see what. Another concerning factor here is the potential overreliance on AI to support semantic search. AI depends on having a critical mass of prior search information and user intent, but no vendor has ever clearly defined what the critical mass actually is. Can users be certain that the algorithms are picking up very low usage information that could be important in a disaster recover situation?
Enterprise search also has a role in finding external information. Many professional searchers will be using specialist databases, but people other than "professional searchers" also need high quality access to high quality information. Google does not meet that requirement on a dependable basis, if only because much of the information being sought is behind a paywall barrier. We won't get into the merits and challenges of open access publishing here, this was more to note that a failure to understand employee requirements for specialist information could substantially increase corporate information risk.
Related Article: Stop Complicating Information Management
The Actions You Can Take Today
I recommend you take three immediate actions:
- Go through the checklist in the paper on DSIB referred to above.
- Conduct a search for your organization's policies relating to information management risk.
- Compare the outcomes of the checklist review against your internal policies.
Why today? Because you can never know what tomorrow might bring.
About the Author
Martin White is Managing Director of Intranet Focus, Ltd. and is based in Horsham, UK. An information scientist by profession, he has been involved in information retrieval and search for nearly four decades as a consultant, author and columnist.