News

Solving the Information Governance Gap in the Era of Information Overload

How Artificial Intelligence Is Transforming Information Governance

Organisations today generate more information than ever before. Emails, documents, collaboration tools, and shared workspaces create enormous volumes of digital content every day. While digital transformation has made work faster and more collaborative, it has also made information governance significantly more difficult.

For years, organisations have struggled to keep their records organised, compliant, and easy to manage. Traditional governance approaches relied heavily on employees manually registering and classifying records. As information volumes increased, this approach became harder to sustain.

This article explores how information governance evolved during the digitisation era, why many organisations experienced governance fatigue, and how systems like SharePoint and artificial intelligence (AI) are now helping close the governance gap.

The Digitisation Era: Moving from Paper to Electronic Records

Between 2005 and 2015, many organisations transitioned from predominantly paper-based processes to electronic record keeping. Governments, regulators, healthcare providers, and private organisations invested heavily in electronic document and records management systems (EDRMS) and compliance frameworks.

During this time, record keeping and sharing improved significantly. EDRMS’ allowed organizations to store documents more efficiently, apply classifications, and maintain long-term archives. Sharing documents became much easier too, with request processes being digitised and documents delivered directly to a person’s digital work-tray.

By the late 2010’s, however, something unexpected began to happen. The number of records being registered in mandated recordkeeping systems stopped increasing.

This did not mean organisations were producing fewer documents. In fact, digital content was growing rapidly, particularly through email and collaboration tools. The real issue was that employees were reaching the limits of how much governance work they could realistically manage.

The Rise and Fall of Records Capture

Figure 1 (left) shows record registration trends within a regulatory organization in Victoria. The chart demonstrates steady growth in registered records until 2013. After that point, record registrations plateaued.

This plateau was not caused by a decrease in activity. Instead, it reflected governance fatigue. Employees were required to complete record registration tasks alongside their regular responsibilities, including entering metadata and deciding how documents should be classified and stored.

As document volumes increased, maintaining these processes became increasingly difficult.

Figure 2 (right) shows a similar trend within a health organisation in New South Wales. Record registration increased steadily until reaching a peak in 2016.

After this point, the number of registered records declined slightly or remained flat. Again, this did not indicate reduced organisational activity. Instead, it highlighted the growing challenge of maintaining electronic record keeping as information volumes expanded.

Figure 3 (left) illustrates record registration within a water utility organisation. The chart shows a peak in 2017, followed by a plateau.

The large spike in 2011 represents a one-off bulk import of records rather than normal operational activity. Aside from this anomaly, the pattern closely mirrors other organisations: steady growth followed by stagnation as governance processes became harder to sustain.

Figure 4 (right) provides a final example from another health district in New South Wales. The same pattern is visible once again.

Record registrations initially increase as digital systems are adopted but eventually stabilise as employees reach the limits of manual record management processes.

Across multiple organisations and industries, these figures reveal a consistent pattern: electronic record keeping improved rapidly during digitisation but eventually plateaued due to governance fatigue.

Governance Fatigue and the Rise of Collaborative Systems

At the same time governance fatigue was increasing, collaboration platforms were becoming more widely used across organisations. One platform that became especially common was Microsoft SharePoint.

Originally introduced in the early 2000’s, SharePoint evolved into a major enterprise collaboration platform. By the mid-2010’s, it was widely used for document sharing, team collaboration, and project workspaces.

SharePoint made it easy for teams to create sites, share documents, and collaborate on projects. However, in many organisations these environments were created quickly and often without strong governance controls. As a result, information began flowing into systems that required less effort from employees.

Like water finding the path of least resistance, documents were increasingly stored in collaborative workspaces rather than formal record management systems.

Over time, many organisations developed large collections of documents stored across multiple platforms, including network drives, email systems, and SharePoint environments. While these systems supported collaboration effectively, they often lacked consistent classification and governance.

The Limits of Human-Centric Information Governance

For years, organisations attempted to solve governance challenges by making record registration easier.

Common approaches included:

  • reducing the amount of required metadata
  • automating parts of the registration process
  • simplifying workflows for capturing records

These improvements helped reduce friction, but they could not fully solve the problem. Employees were still responsible for interpreting documents and deciding how they should be classified and managed.

Some organisations attempted to control collaboration platforms by enforcing mandatory metadata or restricting site creation. Others accepted the growth of unstructured content and reduced their governance requirements.

Despite these different approaches, the same fundamental challenge remained:

How can organisations consistently determine what a document is, how long it should be retained, and how it should be governed without relying on manual decisions from employees?

For many years, there was no scalable solution.

Artificial Intelligence and Automated Document Understanding

Artificial intelligence is often associated with content generation tools. However, one of its most practical applications lies in analysing and understanding documents.

Modern AI systems can examine the contents of documents and determine their meaning and context. This capability allows organisations to automatically identify document types and apply governance rules.

In practical terms, AI can help organisations answer an important question: “What is this document?”

By analysing the text, structure, and context of a document, AI systems can determine:

  • the type of record it represents
  • how it should be classified
  • how long it should be retained
  • which governance rules apply

Historically, these decisions required trained records managers or knowledgeable employees to review documents manually. AI now makes it possible to perform this analysis automatically at scale.

This allows organisations to:

  • discover records across different systems
  • understand the business value of documents
  • apply classification and retention rules automatically

By removing the need for manual interpretation, AI reduces the administrative burden placed on employees while enabling records and compliance experts to focus on high value strategic initiatives.

Closing the Information Governance Gap

Structured governance did not fail because it lacked importance. Instead, it struggled because it relied heavily on manual human effort while the volume of digital information continued to grow. The rapid expansion of collaborative platforms and unstructured repositories made this challenge even greater.

Today, artificial intelligence provides a new approach to information governance. By automatically analysing and classifying documents, organisations can restore governance controls without relying entirely on employees to manage records manually. AI governance processes can maintain human-in-the-loop controls to ensure classification of documents and policy application is correct.

As digital information continues to grow, intelligent automation will play an increasingly important role in maintaining compliance, improving information management, and restoring trust in organisational records. Appropriate and considered application of AI can be used to augment the knowledge and skills of records and information management professionals, driving better business outcomes for all stakeholders.

About Informotion

For over 25 years, Informotion’s team has specialised in compliance and records management, guiding regulated organisations globally through complexity with clarity, confidence, and proven expertise. Today, as data moves to Cloud, AI, and automation, Informotion bridges heritage governance with future-ready innovation, to help organisations transform complex data into actionable insights, wherever they operate.

Would you like to know more? Start a conversation and Contact Us

Next Article

The Purview + Data Discovery Security Model: Why It Matters in the Age of AI

A Practical Blueprint for AI-Ready Organizations

Most organizations are moving quickly into AI. But the ones seeing real, repeatable value share a common discipline: they treat data as a strategic asset. Not just storage. Not just a cost center. An asset that must be secure, discoverable, governed, and ready for intelligent use.

That shift is where Microsoft Purview becomes critical. It enables organizations to move from fragmented tools and reactive security controls to a unified operating model grounded in visibility, control, and trust.

At Informotion, we refer to this as the Purview + Data Discovery Security Model. It’s based on what we consistently see across engagements—Google Workspace to Microsoft 365 transitions, Content Manager to SharePoint Online migrations, AI readiness assessments, discovery workshops, and the growing demand for secure, scalable Copilot adoption.

The reason this model works is simple: it reflects how data actually moves in modern organizations.

The Reality: Your Data Boundary No Longer Exists

Data no longer lives in one environment. It spans Microsoft 365, Azure services, SaaS platforms, business applications, legacy repositories, and an expanding layer of AI tools.

In most environments we assess, visibility is partial at best. Shadow data flows are common. Governance often lags behind collaboration and innovation.

In one early scoping engagement involving Google Workspace, a customer’s data was spread across unmanaged Google Drive workspaces, specialized third-party tools, and years of archived email. Before AI or Copilot could even be discussed, we had to establish a clear baseline:

  • What data existed
  • Where it lived
  • What was sensitive
  • Where governance controls were missing

Microsoft Purview addresses this fragmentation by unifying three core domains under a single architecture:

  • Data Security
  • Data Discovery and Governance
  • Compliance and Lifecycle Management

All of this is powered by a shared backbone: the Data Map, connectors, classification engines, sensitivity labels, and audit capabilities.

That shared architecture is what makes the model scalable. It’s one integrated framework—not a collection of loosely connected tools stitched together over time.

1. Data Security that follows the data

Security can no longer rely on perimeter defences. It must travel with the data—inside Microsoft 365, across browsers, into SaaS platforms, and increasingly into AI endpoints.

Across migration and security uplift programs, the same risks consistently surface:

  • Sensitive data remains unlabelled
  • Data Loss Prevention (DLP) policies fail to account for cloud-to-AI interactions
  • Network protections are inconsistent
  • Insider risk indicators exist but go undetected

Microsoft Purview addresses these gaps by enabling:

  • Sensitivity labelling at scale to enforce encryption and access restrictions
  • DLP and insider risk controls across endpoints, browsers, and cloud traffic
  • Network Data Security controls that prevent risky AI uploads and unsanctioned sharing
  • AI-powered investigation tools that surface exposure and behavioural anomalies quickly

This shifts organizations from reactive investigations to proactive defence. Instead of chasing incidents, security teams gain continuous visibility and control.

2. Data Discovery & Governance:
The Intelligence Layer

Data discovery used to be treated as optional. Today, it is foundational to AI readiness, regulatory compliance, and operational insight.

During early assessment phases of Content Manager to SharePoint Online migrations, structured discovery consistently eliminates weeks of guesswork. Data Map insights reveal stale repositories, duplicate structures, unmanaged shared drives, and informal record systems that evolved without oversight.

Microsoft Purview provides:

  • Continuous discovery across Microsoft 365, Azure, on-premises environments, and SaaS platforms
  • Unified data cataloguing and metadata management
  • Data Estate Health insights that highlight stewardship gaps and quality risks

This layer forms the backbone of modern Data Security Posture Management (DSPM) and underpins responsible AI adoption.

Without strong discovery and governance, organizations risk deploying Copilot or large language models against data that is inconsistent, unlabelled, outdated, or high-risk.

3. Compliance & Lifecycle Management Without the Complexity

Compliance is no longer a box-checking exercise. It directly shapes enterprise risk posture.

Across government agencies and regulated industries, pressure continues to increase around defensibility, retention schedules, audit readiness, and controlled disposal. In Content Manager to SharePoint migration programs, lifecycle governance challenges typically surface as soon as classification and disposal planning begins.

Microsoft Purview enables:

  • Enterprise-scale retention, disposition, and lifecycle governance
  • Structured audit and eDiscovery workflows
  • Alignment with frameworks such as ISM, PSPF, and ISO 27001

It brings consistency and defensibility to areas that historically depended on manual processes, siloed teams, or best-effort controls.

The Unified Model That Cuts Through Complexity

The strength of the Purview + Data Discovery Security Model lies in its simplicity.

Data is discovered, classified, protected, monitored, and governed within a single platform.

Not through overlapping point solutions. Not through spreadsheets. Not through institutional “tribal knowledge.”

This unified approach brings ICT, Security, Data Governance, and Records Management into the same operational rhythm.

One of the most consistent outcomes clients report after implementing Purview properly is clarity. They gain a single narrative, a unified control plane, and a shared understanding of their data estate.

Why It Matters Now:
Preparing for AI & Copilot

Microsoft 365 Copilot, Copilot Studio, and custom large language models only perform effectively when the underlying data is secure, structured, and governed.

We have already seen the consequences of skipping foundational work:

  • Copilot generating inaccurate responses because it pulled from outdated or duplicate repositories
  • Sensitive information appearing in prompts due to missing labels
  • Legacy permissions unintentionally exposing restricted content
  • AI surfacing records that should have been disposed of years earlier

Purview’s discovery capabilities, DSPM insights, sensitivity labelling, network controls, and investigation tools provide the guardrails required to operationalize AI responsibly.

For organizations operating in regulated environments, this integrated model aligns strongly with public sector and industry compliance expectations while enabling innovation.

 

The Direction Forward

Microsoft Purview has evolved beyond a compliance toolset. It now functions as the security and governance fabric of the modern digital workplace.

The Purview + Data Discovery Security Model provides a practical blueprint for organizations seeking to:

  • Strengthen their security posture
  • Modernize data governance
  • Prepare for AI adoption at scale
  • Reduce operational complexity across data, security, and records teams

At Informotion, we are implementing this model across major government and regulated sectors. Whether transitioning from on-premises environments, consolidating public cloud platforms, modernizing records management, or building secure AI foundations, the pattern remains consistent: clarity, consistency, and control.

If your organization is preparing for AI, restructuring governance, or expanding into Microsoft 365, this model provides the most effective starting point.

Contact Us

Next Article

AI Governance: Turning Risk into Trust and Strategic Advantage

As organisations accelerate their adoption of AI, many are deploying powerful tools without the governance structures needed to manage accuracy, privacy, ethics, and compliance.

This gap exposes organisations to unnecessary risk, ranging from poor decision making and data leakage to reputational damage, and erodes confidence among customers, employees, and the public.

Establishing a practical, organisation wide approach to AI governance is essential to ensuring AI can be used safely, responsibly, and at scale.

The Case for Strong AI Governance

AI plays a growing role in operational decision making, content generation, service delivery, and customer engagement. Research consistently shows that organisations are already experiencing negative consequences from unmanaged AI use, including accuracy failures, cyber risks, intellectual property issues, and reputational incidents. Public trust in AI remains fragile, with concerns focused on accountability, transparency, and the potential for harmful or biased outcomes.

Regulation is increasing in response. The EU AI Act establishes the first broad, risk-based framework for regulating AI across sectors, while other jurisdictions are adopting similar approaches. The regulatory trajectory mirrors the impact of GDPR, where organisations are expected to align policies, processes, and technology with new compliance obligations. A structured governance model becomes essential not only for compliance, but also for maintaining trust and enabling safe transformation.

27.03.26

 

A Structured Approach to Governance

The rapid expansion of AI related tools and services, from data curation platforms to AI usage monitoring and shadow AI detection, has created a complex landscape for organisations to navigate. To maximise value, governance must begin with a clear strategic and regulatory foundation rather than technology alone.

A core first step is the establishment or expansion of an AI governance board. This body provides senior oversight, defines expectations for responsible AI use, and ensures alignment with organisational strategy. It works in partnership with legal, risk, compliance, security, HR, and operational teams to establish policies, safeguards, and oversight mechanisms. These policies form the guardrails for AI adoption and ensure that use remains lawful, ethical, and aligned with organisational goals.

An effective AI policy typically addresses several key areas:

  • Ethical Use AI must uphold fairness, non-discrimination, and respect for human rights.
  • Data Privacy and Security AI systems must protect personal and sensitive data in line with applicable legislation, supported by privacy impact assessments.
  • Accountability Clear ownership for AI decisions must be defined, supported by governance roles to prevent gaps in responsibility.
  • Audit and Compliance Ongoing monitoring and independent audits must demonstrate compliance with internal policy and regulation.
  • Strategic Alignment AI adoption must support long term organisational goals and values.

Risk Based Classification of AI Use

Not all AI systems carry the same level of risk. A classification model, aligned with the EU AI Act and tailored to the organisation, provides a consistent way to assess and govern each use case.

Typical categories include:

Unacceptable Risk or Prohibited:

Uses such as manipulative AI, subliminal techniques, social or religious scoring, and intrusive biometric surveillance. These must be phased out under current regulatory frameworks.

High Risk:

Systems affecting health, safety, recruitment, credit scoring, biometrics, or law enforcement. These require strong controls including human oversight, security measures, and high-quality data to reduce bias.

Limited Risk:

Systems with some potential for manipulation or misunderstanding, such as chatbots or AI generated summaries, which require clear disclosure that users are interacting with AI.

Minimal Risk:

Uses such as spam filters or AI generated images, which fall under general legal obligations but may still benefit from basic data management practices.

General Purpose AI (GPAI):

Broad models incorporated into downstream systems. These require documentation, transparency of training data, and adherence to copyright requirements.

This classification framework enables consistent application of controls across audit, content moderation, monitoring, incident management, and security.

The Role of an AI Register

A centralised AI register is fundamental to demonstrating responsible use. While the EU AI Act mandates registration of certain high-risk systems with regulators, an internal register serves a broader purpose.

It provides a single view of all AI applications and use cases, maps accountability, and supports the execution of classification specific processes. Integration with existing service management or configuration management systems enables governance to operate within existing organisational workflows.

The AI register also provides the evidence base required for reporting to the AI governance board, ensuring ongoing compliance, transparency, and oversight.

Building a Roadmap for Safe AI Adoption

With an AI policy, classification model, and register in place, organisations are positioned to make informed decisions about risk mitigation and investment. These may include enhancing data quality pipelines, implementing content moderation services, strengthening cyber security controls, or selecting technical tools that support compliant and effective AI use.

A structured roadmap ensures the organisation can scale AI safely and confidently, enabling teams to innovate while maintaining strong safeguards.

A Call to Action

AI use is rapidly expanding, and the organisations that lead will be those that govern it effectively. Clear policies, risk-based classifications, and a comprehensive AI register form the foundation for trustworthy, compliant, and strategically aligned AI adoption. Informotion supports organisations in building governance frameworks that are practical, scalable, and tailored to regulatory and operational realities.

For organisations seeking expert support in establishing or strengthening their AI governance capability, an advisory conversation is available.

For more information and to connect Contact Us

Speak with our team about tailored data solutions.
Contact UsContact UsContact Us

Subscribe

Sign up to our Newsletter.

Contact

Australia
T - 1300 474 288

L12, 50 Carrington St,
Sydney NSW 2000.

United Kingdom
T - +44 2080 890 523

United Kingdom Office
Waterside
1650 Arlington Business Park
Theale Reading
Berkshire, RG7 4SA

Back to Top up