From the November 2006 issue of Entrepreneur

A few years ago, Joe Colopy decided his company's way of storing information just didn't compute.

"We used to have what we called the 'dentist's office organizational system,' where each one of our customers had a manila folder, and we'd have order forms we printed out," says Colopy, co-founder of Bronto Software, a Durham, North Carolina, online e-mail marketing products company with annual revenue of $2.6 million. "We knew we had to look at our customer information and how we could manage [it] well so we could add people but not drive the system down."

So Colopy, 35, and co-founder Chaz Felix, 34, created a paperless office by taking all the company's data online. Bronto's 25 employees no longer store files or e-mail on their laptops; instead, they access everything on a central server. Customer information is encrypted, password-protected and stored online so thieves can't access customer data if a laptop is stolen. Colopy feels it's a much more accurate, efficient and secure way of storing and referencing customer information. Employees "have one view of the customer," he says. "That helps keep everyone on the same page."

Technology is a double-edged sword for companies. They can collect truckloads of data, but at the same time, it's getting harder to keep everything straight. The result is information that's incomplete, incorrect or lost in translation. Companies in a recent Experian survey admitted losing 6 percent of their sales as a result of poor handling of customer information.

A recent uptick in high-profile corporate laptop thefts and successful hacking attempts has also put data security on the front page. Security breaches have exposed more than 90 million data records of U.S. citizens since February 2005, according to the Privacy Rights Clearinghouse, a nonprofit consumer organization based in San Diego.

In addition to the public embarrassment of data handling gone wrong, companies must contend with data breach laws on the books in at least 31 states. "The impetus to enforce is certainly there right now," says Andrew Klungness, associate partner and privacy expert with law firm Bryan Cave in Santa Monica, California. "Small [companies] can get themselves into a lot of trouble if they're careless about how they handle personal data."

Filling the Breach
Large companies are revisiting the concept of data governance, which in essence is a set of companywide policies designed to improve the collection, management and disclosure of consumer data. In 2004, IBM put together a 45-member data governance council that meets every quarter to discuss issues ranging from data security to how to put a price tag on the value of data. "When we started talking about data governance two years ago, most companies would say, 'Data what?'" says Steve Adler, program director for data governance solutions at IBM. Companies, he says, are "beginning to recognize that data access, and its availability, can be something really positive in creating value, but it comes with negative consequences."

As a growing company, your first step is to define the data you need to govern, who cares about governing it and why they should care, says John Williams, a data management expert and vice president of Collaborative Consulting, a Burlington, Massachusetts, data consulting firm. "You can make the big statements about [how] information should be 100 percent accurate and usable across the enterprise, but first of all, it's not practical," he says. "Second, it's not all that important. What's important is to identify the information that needs to be shared and who needs to share it, and create governance around that." This is also an opportune time to make sure that important information is still accurate.

Adler suggests putting someone in charge of your data governance efforts, figuring out how much the company's data is worth and identifying the company's potential exposures. Set up some controls around your data, and audit your company's efforts periodically. "Those are simple things almost any organization, small or large, can do," Adler says. "We're not talking about governing data. We're talking about governing people who use data."

Colopy is glad his company dealt with data governance early on. "The longer you wait, the more legacy issues you have," he says. "We did [it] when we had half as many customers as we do now, and it was a pain. But it would have been twice as much of a pain now."

Klungness suggests asking yourself a simple question: Would you want to be a customer of your company, knowing how it handles everything from customer lists to receipts to sticky notes? "Take a survey of your office and see what's there," he says.

Resources are always an issue for small companies, but the payoffs of proper data handling can be huge. "If people can start good habits now, it'll make their lives easier down the road," Colopy says. "It'll also be a competitive advantage."

Chris Penttila is a freelance journalist in the Chapel Hill, North Carolina, area.