well-worn  radioactive sign

The Risks and Consequences of Information Mismanagement

August 11, 2020 Information Management
Martin White
By Martin White

In 1997, Forrest Woody Horton and Dennis Lewis wrote "Great Information Disasters." The book has long been out of print but the core message remains: a failure to manage information is the root cause of many (and probably most) disasters. The problems are especially challenging in healthcare (pdf), where adverse events have a devastating impact on all those involved, including patients and family members, as well as health care providers and health care organizations. In many cases the failure isn't a case of information being of poor quality or not discoverable but a result of poor information behaviors. A recent analysis arising from the COVID-19 pandemic concluded that global health crises are also information crises.

My colleagues at the Information School, University of Sheffield conducted an analysis of the 2011 Fukushima Nuclear Disaster, concluding that information avoiding behaviors were a major factor in the disaster. These, influenced by barriers created by a strong commitment to the myth of nuclear safety, resulted in a catastrophic information failure.

Sadly it looks as though the explosion in Beirut last week was another example of poor information management behaviors. An initial assessment by the BBC indicates the storage of the ammonium nitrate was documented. Many officials in Beirut appear to have known of the explosive potential, but it seems no one wanted to take responsibility.

The Dark Side of Information Management Behaviors

A 2019 paper in The Bottom Line titled, "From Information Mismanagement to Misinformation: The Dark Side of Information Management" aimed to summarize the research on information mismanagement and provide guidance to managers on how to minimize the negative consequences of  information mismanagement. The authors constructed a typology of misinformation which can be used to analyze project planning and strategic planning processes with an eye towards reducing the chances of failure that result from information mismanagement. The authors provide a seemingly endless list of examples and a good checklist for managers.

In so many cases, information mismanagement isn't a failure of technology so much as a failure of management to understand and take the necessary action. IT supports good practice in information management, but it is only as good as the policies and procedures management puts in place. The key issue is about the responsibilities of the Board, managers, employees and IT teams.

Related Article: Understanding Information Behavior in Your Organization

Internal and External Search Requirements

When it comes to internal search, enterprise applications respect security trimming. While this is important for confidentiality, it also means employees may not have access to information that we assume they have, as managers often have no idea of who can see what. Another concerning factor here is the potential overreliance on AI to support semantic search. AI depends on having a critical mass of prior search information and user intent, but no vendor has ever clearly defined what the critical mass actually is. Can users be certain that the algorithms are picking up very low usage information that could be important in a disaster recover situation?

Enterprise search also has a role in finding external information. Many professional searchers will be using specialist databases, but people other than "professional searchers" also need high quality access to high quality information. Google does not meet that requirement on a dependable basis, if only because much of the information being sought is behind a paywall barrier. We won't get into the merits and challenges of open access publishing here, this was more to note that a failure to understand employee requirements for specialist information could substantially increase corporate information risk.

Related Article: Stop Complicating Information Management

The Actions You Can Take Today

I recommend you take three immediate actions:

  • Go through the checklist in the paper on DSIB referred to above.
  • Conduct a search for your organization's policies relating to information management risk.
  • Compare the outcomes of the checklist review against your internal policies.

Why today? Because you can never know what tomorrow might bring.

About the Author

Martin White is Managing Director of Intranet Focus, Ltd. and is based in Horsham, UK. An information scientist by profession, he has been involved in information retrieval and search for nearly four decades as a consultant, author and columnist.


Featured Research

Related Stories

Gold padlock on worn-out blue lock

Information Management

Mitigating the Risk to Personally Identifiable Information in Unstructured Data

Top of building sticking out of the clouds into clear blue sky

Information Management

How Hybrid Cloud Is Enabling the Digital Workplace

graffiti on the wall reading: "trust your struggle"

Information Management

Why Organizations Still Struggle With Deploying AI

Digital Workplace Experience Q4: October 12-13, 2022

DWX22 - Q4