For this edition of the Konica Minolta blog, we are pleased to welcome a special guest contributor. Dr. Phyllis Elin is an industry‑recognized expert in Information Governance who brings deep insights into the challenges and opportunities shaping modern information management.

I have spent more than four decades working inside the world of information, compliance, records and policy scaffolding that keeps large organizations upright. I have trained teams, led engagements across every vertical market and sat with hundreds of executives on steering committees from New York to Zurich to Singapore.

And after all of that time, I can say one thing with absolute clarity: I have never seen a large enterprise whose information governance was truly in good shape. Not once.

It is the quiet truth every Fortune 1000 leader needs to hear.

Because the real risk is not that your program is broken, it’s that, in most cases, no one has pointed it out yet.

Reality is Scale Breaks Governance

When organizations grow, merge, diversify or expand into new jurisdictions, information does not neatly reorganize itself. Policies do not miraculously update. Systems do not reconcile their histories. And people – capable, diligent people – begin improvising.

In every large organization we assess, we see the same pattern:

1. No one has been trained in information governance

Teams do their best. They rely on habits, oral history and assumptions. But every department handles information differently, every jurisdiction follows its own “version” of what feels right. None of it adds up to a coherent or defensible enterprise program.

2. Retention schedules are outdated or incomplete

A Fortune 1000 organization needs a retention schedule that reflects every functional area and every jurisdiction in which it operates. I have yet to see one that does. Most schedules are copied, inherited or stitched together and are not legally defensible, not current and certainly not global.

3. Policies and procedures do not reflect the organization’s actual life

Mergers and Acquisition events. New offices of record. System migrations. Restructuring. Downsizing. These events reshape how information is created, who owns it and how long it must be retained, but policies rarely catch up.

4. Redundant, Obsolete, and Trivial (ROT) data is a real thing

Redundant, obsolete and trivial information fills out shared drives, archives, databases and physical storage. Inside the same department, sometimes on the same day, two teams are convinced they hold the “final copy” of a document. They usually don’t.

5. Litigation and audit exposure is silently growing

Courts do not reward improvisation. Regulators do not excuse good intentions. A poorly maintained retention schedule, or one copied from a peer, is not defensible. And in litigation, that matters.

This is the lived state of governance across the Fortune 1000. But it is not inevitable. It is inherited. The good news is that it can be rebuilt.

Why This Matters More Now Than It Did 20 Years Ago

When I began this work, information governance was often treated as administrative housekeeping. Today, it is the backbone of regulatory compliance, legal defensibility, cost control, data quality and AI-readiness.

And the regulatory environment has intensified. Fortune 1000 enterprises operate under an interlocking web of mandates:

• FDA (for pharmaceutical, life sciences, medical devices)
• FSMA (for food safety and supply chain traceability)
• OSHA (workplace health and safety)
• ISO standards (quality, environmental, security)
• And dozens of industry-specific regulations layered on top

Even when political climates shift, regulatory risk does not disappear. Your customers still expect compliance. Your partners still assume accuracy. Your reputation still depends on discipline.

In other words: governance is not optional because trust is not optional.

The Core Problem: Leaders Think They’re Fine Until They’re Not

Most executives do not wake up thinking, “Our information governance is in disarray.”
In fact, they believe the opposite until something happens.

The most common “on-ramps” to realizing something is wrong include:

• A merger or acquisition where no one knows who now owns the records
• A litigation event that exposes a maze of outdated information
• A storage invoice that suddenly doubles
• A regulator requesting documents that cannot be located
• A disgruntled employee whose files are impossible to reconstruct

By the time these triggers surface, the underlying issues have been building for years.

Where Good Governance Actually Begins

If you are a Fortune 1000 leader, let me offer a simple truth:

Information governance must begin and be owned at the C-suite level.

Not in IT.
Not in Legal alone.
Not in Compliance alone.

It begins with a cross-functional steering committee empowered to set enterprise-wide direction across:

• Legal
• IT
• Compliance and Risk
• Finance
• Business Operations
• Any functional area with regulatory exposure

With that structure in place, the work begins at a foundational level with a needs assessment and gap analysis.

This is not a perfunctory exercise. It is the moment where the real picture emerges around what information exists, where it lives, who owns it, how long it should be retained and how it is being handled today.

And every time we conduct this assessment, we find the same thing:

Organizations believe they have a governance program.
What they actually have is a collection of well-intentioned habits.

The gap between the two is where risk lives.

What a Modern Governance Program Looks Like

After hundreds of assessments globally, the same components surface repeatedly as essential:

1. A legally defensible, jurisdiction-aware retention schedule – Built from primary research, updated regularly and customized to your vertical, footprint and risk profile.
2. Clear policies and procedures that reflect the organization’s present reality – Including new offices of record, new systems, new regulatory expectations and new operational structures.
3. Training is the most overlooked success factor – Training is not a “nice-to-have.”
   It is the difference between compliance on paper and compliance in practice.
4. Implementation grounded in discipline – This includes smart scanning, ROT cleanup, alignment of physical and electronic records and tech selection that supports (not replaces) governance.
5. Ongoing oversight and refinement – Governance is not static. Organizations evolve, as they must, and the policies must evolve with them.

This is the architecture that reduces risk, improves audit readiness and keeps large enterprises from drowning in their own information.

And What About AI?

Artificial intelligence is often discussed as a solution to information complexity. It can assist with scale, speed and pattern recognition, and in that sense, it will likely become a useful tool within many organizations.

But AI does not establish governance.

It does not determine what information should exist, how long it should be retained or who is accountable for it. Those decisions require legal interpretation, organizational context and executive judgment.

AI reflects the information environment it is given. When that environment is well governed, AI can help teams work more efficiently. When it is not, AI simply amplifies inconsistency.

For enterprise organizations, the sequence matters. Governance must come first, and automation follows.

A Word to Enterprise Leaders

If you lead a large organization, you are already operating with structural information risk whether you see it or not. That risk touches your audits, your litigation posture, your AI initiatives, your regulatory standing and your brand.

Information governance is not a back-office discipline. It is an executive responsibility.

And the organizations that recognize this now; before litigation, before a recall, before a breach are the ones that will lead the next decade with confidence.

Because in the world we operate in, the question is not whether you have problems.
The question is whether you are willing to find them before someone else does.

If you’re ready to understand where your organization truly stands, the next step is a structured data governance needs assessment and gap analysis. Schedule a 30-minute conversation.

FAQ

The State of Information Governance FAQs

Q1: What is information governance in an enterprise context?
Information governance is the set of policies, accountability structures, and operational practices that determine how information is created, classified, retained, protected, and disposed of across the organization. In large enterprises, it connects legal defensibility, compliance obligations, audit readiness, and information reliability across systems and regions.

Q2: What are the most common signs an organization has governance risk?
Common indicators include inconsistent practices across departments or regions, outdated retention schedules, unclear offices of record, growing ROT across systems, escalating storage costs, difficulty locating authoritative documents, and heightened exposure during audits or litigation due to missing or contradictory records.

Q3: What is a records retention schedule and why does it matter?

A records retention schedule is a defensible rule set that defines how long different record types must be kept and when they should be disposed of, based on legal, regulatory, and operational requirements. For global enterprises, retention schedules must reflect both functional areas and jurisdictional obligations. When retention schedules are incomplete or outdated, organizations increase legal exposure and weaken audit and litigation readiness.

Q4: What is the difference between data governance and information governance?

Data governance typically focuses on structured data, definitions, ownership, and quality across systems. Information governance is broader. It includes records, documents, unstructured content, retention, legal defensibility, privacy obligations, and the policies and procedures that govern information across its lifecycle. In large enterprises, both disciplines are necessary and should reinforce each other.

Q5: How can Konica Minolta help with enterprise information governance?

Konica Minolta, along with partners like Knowledge Preservation with deep expertise in record retention and information governance can help organizations assess current governance maturity, identify risk and operational gaps, and support improvements across retention, documentation practices, and information lifecycle management. This includes structured needs assessments and gap analysis, enabling better defensibility, audit readiness, and readiness for advanced initiatives such as automation and AI.