You are not logged in. Please log in or become a member to unlock your benefits.

Information Coalition Community Blog

Information Coalition: Resources For Your Enterprise Information Success.

Reimagining Information Governance with Blockchain

A Discussion Paper

Authors: Alan Pelz-Sharpe (Deep Analysis) & Steve Weissman (Holly Group)

Statement of Purpose

This discussion paper provides an overview of how future information governance (IG) platforms may be envisaged and built utilizing blockchain – perhaps the key point being that all the technologies necessary to do so are already available.

Though blockchain is flying well under the radar in this context, it is not too early to begin postulating how it can be used to build a secure information governance management platform. Our hope is that this paper can become a starting point for information management and governance professionals to discuss its potential, as well as some of the challenges to be stared down before it becomes a practical reality.


The questions 'what is a record?' or 'is that the original?' are asked multiple times daily in commercial and legal situations around the world. Absolute, incontrovertible proof of the veracity of a transaction, activity, file, or document is difficult to come by and often form the basis for disputes. Over the decades, as information has become more and more digitized, providing that absolute proof has in parallel become ever more difficult. Yet a technology today does exist to provide a level of absolute trust and indisputable evidence every single time, that technology is called blockchain. Though best known for its pioneering use in financial transactions via Bitcoin, the underlying platform and structure of blockchain (a distributed ledger) has huge potential beyond financial services, including (and especially) in the worlds of document, records, and asset management.

A New Model for Information Governance

Below (Figure 1) is a proposed simplified framework architecture for Information Governance. The framework leverages existing P2P blockchain public ledgers and proposes that information governance applications can be built atop this in decentralized manner.

Figure 1 Proposed Information Governance Model

Each element of this model is explained below.

Unified Rules & AI-Driven Content Lifecycle Management Application – Today, this layer consists of multiple information silos and applications – they could be ECM repositories or CRM systems or email systems – wherever content is created, managed, and/or stored. Here, though, it is depicted as a single unit, proposing a possible future unified platform. Today, enterprise information is disjointed and held in multiple unintegrated silos and repositories. That is unlikely to change in the foreseeable future, but new approaches to information management are on the way.

APIs – APIs (Application Programming Interfaces) are the connectors that provide integration points between the content applications and the governance protocol layer. Again, as above, in this diagram we have depicted a single API though in reality there would likely be multiple APIs.

Decentralized Information Governance Protocol Layer – This layer of the stack provides the rules and analytics that drive governance. To the best of our knowledge, no firm has yet built such a layer to drive governance to the blockchain. Technology vendors have, though, built similar platforms to apply governance to content and drive that content to their own repositories. A good example of such a platform/application is Microsoft Office 365 Advanced Data Governance, which leverages artificial intelligence (AI) to predict and and make recommendations on how certain files or sets of data should be managed.

The Blockchain – Blockchain provides a non-repudiable, irreversible, cryptographically secure block to the chain of custody every time a bit of critical information is touched. Fundamentally a distributed ledger technology, it decentralizes control and verification of the custody chain. This, plus the presence of hashing at its core, eliminates the ability for something to ever be tampered with without first being detected.

A Simplified Process

In practical terms, the model described above would work in the following manner (see Figure 2):

Figure 2 Simplified information governance blockchain process

For example:

A contract is created to detail an agreement to acquire a custom piece of engineering for an offshore oil platform. In reality, that "contract" consists of a number of documents, drawings, and data sheets. Each element has been created by different people, in different departments, different organizations, in different locations. As the contract as a whole goes through a number of revisions, so does each individual component of the contract also go through a number revisions and reviews.

At a future date, there may be a legal dispute regarding the contract details between supplier and buyer. The audit trail of both the contract and its individual components is critical to resolving the dispute. By reason, no individual of the various parties can either be responsible for nor necessarily trusted to confirm the validity of every component (record) element.

Using blockchain to "lock" every component creates a shared distributed ledger into which all of the records are written, with each record and every transaction (change0 accompanied by a timestamp and proof of origin. In essence, this builds a verified and indisputable shared record, whilst preventing any individual participant from corrupting it.


Promising though blockchain is as an IG tool, there are a number of challenges to be overcome before it can become a practical reality:

Cost – Though open and decentralized, the fact is that people perceive blockchain to be expensive to run. It takes a huge amount of processing power to run transactions, and intermediaries to the blockchain want to charge a percentage of each transaction they handle. But for managing a finite number of files costs should not be a real factor.

Forking – In theory there should be one global blockchain. In practice, though, there is one dominant global blockchain (bitcoin). Other proprietary blockchain instances are being created.

Bitcoin – The concept of blockchain is so closely linked to bitcoin that it can be hard for many in the industry to recognize that it has a role and function beyond that.

Mindset – Information management system builders have traditionally had a repository-centric view of the world. Moving to an open and decentralized perspective of information thus will be a philosophically difficult shift to make, and may hinder blockchain's rollout in such contexts.


The most telling takeaway from this short paper may well be that all of the elements described in our proposed framework exist and are running openly today. There is no new technology as such in this framework – only existing technology that could be configured in a manner to challenge and cause a rethink of today's often limited approaches to information governance and management.

The model we propose may have a limited appeal or application for many use cases today. In some situations, even where it has a strong appeal, the cost and complexity of adopting such a framework might be prohibitive or unrealistic to address. There are, though, situations such as medical records, digital evidence, high value media, and transportation and logistics where such a framework would be not only highly relevant, but also effective in bringing about much needed business improvements.

Consider the potential power blockchain has to upend the way:

  • transportation companies document the content and ownership of that content in their container ships, oil tankers and 18-wheelers
  • law firms ensure the integrity of depositions, courtroom transcripts, and client case files
  • hospitals and medical practices share and secure patient records
  • owners of high-value IP (e.g., unreleased films and music) approach digital rights management
  • public companies administer shareholder voting

Today, blockchain for information Governance is more of a discussion than a reality. Even so, there are a number of pilots underway and startup's building applications to meet the challenges and opportunities described in this paper. For sure, blockchain is not for everyone; it's complicated, new, and costly. But we believe there are business cases where its use would be appropriate. Moreover, as the body of learning and expertise grows, more opportunities will arise, and costs will likely fall lowering the bar to adoption.


Records Management is "[the] field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records". Source ISO 15489-1: 2001

Enterprise Content Management (ECM) is the strategies, methods, and tools used to capture, manage, store, preserve, and deliver content and documents related to organizational processes. ECM covers the management of information within the entire scope of an enterprise whether that information is in the form of a paper document, an electronic file, a database print stream, or even an email. Source

Information Governance (IG or infogov) is bringing order and discipline to the use and protection of business-critical information, so the most value possible can be derived from information assets. Source Holly Group


Steve Weissman, The Info Gov Guy™ | 617-383-4655 • | Principal Consultant, Holly Group • Co-Founder, Information Coalition | Member, AIIM Company of Fellows

Rate this blog entry:
2806 Hits

Records Disrupted: Blockchain as a Transformative Force

Authors: Alan Pelz-Sharpe (Deep Analysis) & Steve Weissman (Holly Group)

If records and content management issues such as security, privacy, and compliance seem everlasting, that's because they are! What aren't everlasting though, are the so-called information governance "technologies" we use to bring these matters to heel.

In recent decades, we have cycled through imaging, document management, records management, content management, and endless combinations of the above – only to learn that these, really, are business disciplines, not technical tools.

We have also learned that the effectiveness of these disciplines depend entirely upon best-practices that are so extraordinarily similar as to be essentially identical (e.g., approaches to meta-tagging, etc.). So you would think, that at some point, some new technology would emerge that would enable us to bring these solution stacks together and help us unify our information strategies.

Well guess what? That day is … tomorrow!

Next-Gen Governance, Thy Name is Blockchain

The new technology in question is called blockchain, which actually does exist today and is best known as the engine powering the alternative digital currency Bitcoin. Tomorrow, though, it is likely to utterly transform the way that we approach information security, privacy, compliance, and many of our other infogov bugaboos.

In simple terms, blockchain adds a new, non-repudiable, irreversible, cryptographically-secure block to the chain of custody every time a bit of critical information is touched. (See figure below.)

Fundamentally a peer-to-peer technology, blockchain decentralizes control and verification of the custody chain. This, plus the presence of hashing at its core, eliminates the ability for something to ever be tampered with without being detected.

The Game Will Be Changed – Forever

To be sure, the description presented above is a gross simplification of what blockchain is and how it works. And that's OK, because the point of this piece isn't to dissect the underlying technology, but rather to alert you to the potential it has to disrupt our current methods of protecting, updating, auditing, and reporting on information.

Consider the power blockchain has to upend the way:

  • transportation companies document the content and ownership of that content in their container ships and oil tankers and 18-wheelers
  • law firms ensure the integrity of depositions, courtroom transcripts, and client case files
  • hospitals and medical practices to share and secure patient records
  • public companies to administer shareholder voting

It's true that at least some of these organizations are handling these functions just fine at present, but you can't tell me that they wouldn't jump at the chance to bolster their records management to a level approaching inviolable if given the chance.

Maybe …

And maybe that's the question we should leave off with right now: just how near or far is that chance from where we are today? At present, no one knows, and it will be some time before the eternal issues of economics, technology, and risk are understood well enough to prompt forward motion.

One thing is very clear, however: blockchain is real, it is here to stay, and it will disrupt records and information management as we know them. It may not be for everyone, but how will you know it's not for you if you don't start paying it some attention?

Rate this blog entry:
3212 Hits

Fax & InfoGov: An Older Medium at Large

I went back to the Major National Bank yesterday to complete some parents'-estate-related account-opening tasks, and couldn't believe the gal helping me was told by some back-office document people to send a specifically-worded note to them – not by email but by fax.

The surprise wasn't that the bank still relies on this older medium from time to time – I've been writing about this for quite a long while (see this post from 2012, and this one from earlier this year). Rather, I was stunned to learn that the bank requires fax for some of its internal communications.

You would think that email would be the preferred medium to use in such a case given the end-to-end control the bank has over its infrastructure and the protection thereof. OK, maybe the faxing takes place over an internal VoIP connection and is similarly well secured. Why then give up the down-the-road process efficiencies associated with a "born digital" document?

I don't have a good answer for this, and the people yesterday were neither the right people to ask about it nor paying clients, so I simply went along. And in the end, the process worked, and I got done what I needed to do.

But I can't help but think this accomplishment was achieved in spite of some of the information governance decisions the bank made, not because of them.

What say you?

Rate this blog entry:
1859 Hits

Understanding The Information Strategist

Understanding The Information Strategist
The world of associations and groups that serve the enterprise information sector currently looks something like this:

Each association and group has a body of knowledge and a specific profession, that leverages enterprise information, and focuses on that specific profession (e.g. Records Managers are served by ARMA, ECM is served by AIIM, Privacy Professionals by IAPP, etc.). The Information Coalition serves a gap in this structure that isn't quite visible in our typical understanding of associations and groups, let me show it to you...

You can find the gap with me by asking some very simple questions:

  • Which group sets organizational policy?
  • Which group is "in charge" of information?
  • Who coordinates between the various roles?

Who is it that does that cross functional work that aligns enterprise information policy and structure across disciplines? In some companies it's the CIO, in others it's the CTO, in many others (I daresay most), it's no one at all. There's the huge gap. We call the people that fill that gap, whatever their official title, an information strategist.

It's the information strategist, and the people that are de facto Information Strategists, that the Information Coalition serves, and we believe that the real picture of where things are going is something akin to this:

We believe that the information strategist's role is incredibly challenging and incredibly important, whatever their official title may be (CIO, CTO, CIGO, Information Manager, Records Manager, Privacy Director, etc.).

The deep knowledge of the associations and groups that cover our broad sector should be cherished and honored; but let's be clear - we aren't that. The information strategist needs to have knowledge across disciplines, a bit of everything. The information strategist needs to have knowledge about how to align the various disciplines. This is where we serve and it shows in how we operate.

What many don't know is that we invite as many of the groups you see above to speak, present, and display at The Information Governance Conference. A few have taken us up on that offer (ARMA has in the past, the ICRM board has joined us, and IAPP and the PDF Association will be joining us this year).

Unfortunately, some have decided to not take us up on our offer, viewing us instead as competition. We'd like to clear the air and help everyone better understand our positioning, so that we can all move forward, together, and help our various professions advance, together. Consider this an open and public call to any and all of the aforementioned groups (and any we might have missed) to come and join us this year. We are paying for the costs of their registration and their tables (which we are charged for by the convention center) ourselves, that's how deep our commitment to this cross-functional work is.

As for the Information Coalition, we're continuing to gain momentum and are growing at a breakneck pace, not because we are fighting against the disciplinary focused associations. We're growing because we are enhancing their offerings, providing guidance on how to move from the tactical roles of a specific discipline into the broad role of an information strategist. If you're seeing your role shift towards the role of an "information strategist", join us, our basic membership is free (and we're committed to your success) and ALSO join the association that serves your specific domain of knowledge, we all have a role to play in the future of our professions.

Rate this blog entry:
711 Hits

3 Truths to Work With (or Against) When You Have to Change Minds

If you've been paying any attention to my posts, columns, and presentations, then you know just how important I believe – nay, I know – managing change is to the success of any information venture. So it won't surprise you to learn that I resonated like a tuning fork to a few of the concepts published yesterday in Fast Company that had nothing overtly to do with information governance.

1. "Many people form their opinions, at least in part, based on whether they think others share those opinions."

The need to "fit in" is hardwired into the human psyche, no doubt because, millennia ago, being outcast from your tribe likely meant your early demise. Today, the risks usually are much less dire, but the instinct to conform persists nonetheless. (Watch this social experiment for a light-hearted look.)

This reflex reaction can be harnessed to your advantage by gathering together like-minded individuals and utilizing that old sales technique in which you ask questions to which you know the answer will be "yes": "Don't you want to be able to find information faster than you do now? Don't you want access to the information you need regardless of which system it lives in? Don't you want to use a technology that lets you work the way you always have?" Properly orchestrated, people's opinions will become self-reinforcing in the direction you desire, and the first part of the battle will be won.

2. "The more frequently you encounter a piece of information, the more favorably disposed you are toward it."

Long substantiated by professional political panderers, this particular principle maps precisely to my time-honored catchphrase "change management = marketing" because it's all about repeating your message, to all of your intended audiences, as often as you can get away with. (This is the underpinning of the marketing Rule of 7, which posits that people need to see a message at least seven times before they will consider taking action.)

In enterprise information terms, this means constantly and creatively promoting the tangible business benefits of the work you are doing (or wanting to do). It means repeatedly distilling those benefits into definitive answers to users' critical question, "what's in it for me?!" It means not talking about "SharePoint" even if that's what you're using, but referring to something more generic so as not to worry the technophobes in the crowd. And it means staying away from uneducated guesstimates like the one made famous in the 1983 movie Mr. Mom: "Yeah, 220, 221. Whatever it takes."

3. "Thanks to handy 'unfollow' and 'mute' buttons, we get to choose what bits of information to attend to."

This may be the toughest nut to crack because we can't control what information people choose to actively filter out. Someone who really doesn't want to accept your new way of organizing information, engaging in a business process, or participating in some other data-based activity will simply delete your emails, block your social media memos, or ignore you at the water cooler.

The trick is to couch your message of change in terms of some other communication that he or she may very well want to hear. Just as we wrap doggie medicine inside a yummy treat, so we need to embed our new best-practices in something alluring – perhaps an invitation to a company-sponsored special event (a ballgame, a show, a trip) that is open only to those who, say, tag/move/manage some significant percentage of their emails by a certain date.

At the end of the day, what you're after is an organization full of people who are receptive – or at least not openly hostile – to the changes you are trying to make. The good news is that human psychology in this regard is fairly well understood. The bad news is that it can be quite challenging to work with and work around. Hopefully the 3 Truths adapted here will help ease your way.

What other techniques have you used to change minds and behaviors in your organization? What worked? What didn't? Let's talk about it.

Steve Weissman | 617-383-4655
- The Info Gov Guy™
- Member, AIIM Company of Fellows
- Co-Founder,
Information Coalition
- Follow me on Twitter! @steveweissman

Rate this blog entry:
655 Hits