What may seem like dry data to many is in fact a rich treasure trove of customer information, employee knowledge, business intelligence and innovation. It is also potentially one of the company's greatest legal and reputational vulnerabilities.

Research we have conducted and will shortly publish shows that, while nearly two thirds of IT chiefs (62 per cent) understand the potential value of the information they hold, less than a third have adequate policies and processes in place to manage this information.

This is particularly worrying at a time when employees are producing electronic and paper records at break-neck speed.

Many companies are running out of storage space and CIOs are being forced to make decisions about scanning and digitising, information destruction or deletion, storage, security and back-up.

They are also tasked with company policies to ensure information handling meets increasingly stringent compliance, data protection and data disclosure requirements. You only have to pick up a newspaper to see what might happen should you get it wrong.

As the CIO for an information management company I can see arguments both for and against the IT department holding lead responsibility for information management across the business.

If you find yourself in this position, here are a number of steps that I have found useful:

1 Understand what information you have
Establish the nature of the information your business handles, from customer details and financial transactions to product blueprints and employee communications. Find out how secure it is. Find out whether you have a policy for access, accountability and graded confidentiality, and whether the information tracked throughout its journey through the company. Make sure your IT systems support this approach.

2 Understand the value you want to get from your information
Find out what value the business places on its own informtion. Exlpore ways in which customer data and competitive intelligence be used to influence sales strategy or product development. IT plays a key part in extracting such value, by providing fast, easily searchable content repositories for electronic data. However, CIOs need to be clear about how they implement metadata, as legislation around information security is likely to become increasingly onerous and complex.

3 Make sure everybody is at the table
It's imperative that everyone in a business works together to create and implement an information strategy. It's no use for IT to go down one path, while compliance, records management and legal are heading in another direction, with the IT department left trying to accommodate all these different parameters into its systems. IT can do a lot, but sometimes the most cost-effective route may well involve a compromise between IT-controlled processes and people-controlled processes.

4 Implement policies and attitude from the top
Policies are important, but they won't work unless all employees buy into them. The drive needs to come from the top, not IT, and policies need to be supported by a cultural change that encourages respect and protection for information throughout the business.

5 Know when to say goodbye
In proper storage conditions, data can be preserved for decades. But just because this is possible, doesn't mean it should happen. The best approach is not to save everything, but to have proper, legally compliant controls in place to support information throughout its lifecycle from receipt, processing and storage to certified destruction and deletion.

Nick Jackson is CIO at Iron Mountain and a former IT director of Reed Publishing

Pic: Seattle Municipal Archives cc2.0