Records and Information Management (RIM) Month - Celebrating Michelle Kirk
April is celebrated as the Records and Information Management (RIM) month to spread awareness and exchange different thoughts and opinions within the IG and IM community. In honor of this year’s RIM month, Meru Data would like to showcase a few renowned IG professionals, especially women in IG, and share their professional journey.
We would like to highlight Michelle Kirk, the Director of Information Governance and Chief Privacy Officer at Georgia-Pacific. Michelle is an IG professional with extensive experience in information technology risk and compliance. She specializes in records management and information governance strategy, compliance and ethics, information and technology risk management, and data privacy.
What drew you into IG or information management, and what do you love about what you do?
I was always fascinated by data. I like to understand how data is flowing, how it is stored, what we are doing with it, and why we need it. I think I have always enjoyed it, even before I made this my profession. I remember talking about data in a library science class in graduate school. To me, it’s all about information and data.
How do you think information management as a profession evolved, especially in the last 2-3 years? What parts of this evolution have made it exciting for you?
Over the past few years, we have seen the proliferation of data and electronic communications, the emergence of collaboration technologies, and a digital wave sweeping all industries. These digital transformations have made companies realize a need for an IG leader, who has to understand the various intricacies from a compliance and legal perspective. It has gotten more exciting for me especially because of my current role where I am well-placed to take advantage of this evolution in an innovative environment.
There is a lot of talk about information governance being the same as RIM. It is RIM, but it is also Privacy, Intellectual Property, legal, and Compliance. Fundamentally it is about the types of information we collect, having a deeper understanding of its significance, and also the risks associated with it.
Some of the things that do keep me up at night are the cool things like video, drones, IoT, etc. I have a lot of discussions with the users in my company about these technologies, as they are not always aware of the different risks that come along with the impressive technologies. These technologies are great, and we can leverage them to make our business better, but it's also important to understand the risk associated with them. I find it both challenging and exciting.
What skills do you think are essential for your role? What have you learned over the years to be successful in the IG profession?
It is crucial to understand what actually drives your business and the day-to-day jobs of the folks that are involved in meeting your organization’s goals. I think you need to listen to employees and understand what they are trying to do, and, how the overall business works.
To stand out from the rest, it is important for you to have a broad understanding of the regulatory landscape. It's important to think beyond just records and start to understand laws and regulations, risks associated with non-compliance, what the most critical issues are for your company, and how these fit within your organization’s risk tolerance. A lot of the situations where we have to make decisions are regulated. However, sometimes regulations have not caught up with the rapid changes in technology. I think in our roles, we really need to be thinking about these situations and might need to think out of the box.
For instance, you might know what is appropriate from a risk mitigation perspective right now and how to make that happen, but is it going to be the same the next year? Also, if you are putting procedures or controls in place, will they be viable for the future and in accordance with what we see coming down the pipe from regulators or the government? These factors need to be considered when discussing technology in information management.
If you go back to the beginning of your career, what would you do differently, and what advice would you give yourself?
I have always worked towards being a subject matter expert for the organization. If I went back, I would try to learn more about economics and markets because I think it drives what we do. Whether you work for a for-profit or non-profit organization, the kinds of information that are collected and the trends you’re going to see in information are all driven by economics.
Any suggestions you would like to give to the IG community?
I think it is essential that folks in our roles really partner with information security and data governance professionals because a lot of what we do overlaps with their efforts. We can collaborate to help each other move forward and together mature the overall program.
Information Governance professionals need to be involved in compliance with communications. This mean means understanding how your organization is collaborating, what’s working within the teams, how you’re teaching people to collaborate, and what risks your organization might have around those communications. These are cultural components that can be changed just like RIM practices or information management practices, but they drive what the information looks like, what is found during discovery, and what your overall risks are.