Caught in the middle?

What is it about?

Distributed trust technologies, such as blockchain, can allow individuals to verify ownership and authenticate peer-to-peer transactions without trusted third-parties. This has significant implications for information professionals, who play an important role in deciding whether and how to effectively integrate distributed trust technologies into their organization’s information governance framework. However, we still have a limited understanding of what distributed trust technologies mean for information governance, and how information professionals successfully achieve effective decentralized information governance configurations. Our paper contributes threefold to better understand these challenges. We first elaborate a framework that conceptualizes a centralized-decentralized information governance continuum along three distinct dimensions: Custody, Ownership, and Right to Access Data. We then apply this framework to two illustrative blockchain case studies – a pilot Brazilian land transfer recording solution and a Canadian health data sharing consent project – and reveal how these generate new information governance risks. We follow ISO 31000 - Risk Management (2018) and ISO 18128 - Information and documentation - Risk assessment for records processes and systems (2014) in defining risks as the effect of uncertainty, with an effect being a deviation from expected outcome. In the cases we examine, these deviations caused the organizations to fall short of their respective plans to decentralize, which resulted in hybrid solutions that straddled both the old (centralized) and new (decentralized) worlds. We outline the novel information governance challenges that come with these hybrid approaches, and outline what information professionals should do to navigate a thorny transition period to novel forms of distributed trust-based recordkeeping. We emphasize the importance of a holistic risk-focused view to approaching decentralization through the implementation of distributed trust technologies. We argue that a hybrid ‘caught in the middle’ model could offer the worst of both the centralized and future decentralized worlds when considering the balance between information governance risks and new strategic business opportunities.

Featured Image