Back To the Basics of Information Governance: Socks First, AI Second

Back To the Basics of Information Governance: Socks First, AI Second

Samantha R. Poindexter, ESQ, Counsel at Access

Back To the Basics of Information Governance: Socks First, AI Second

Each year, John Wooden, one of the greatest coaches in college basketball history, would gather a roster full of his elite recruits at UCLA and begin their season in an unexpected way:

He taught them how to put on their socks. One at a time.

Not metaphorically. Literally. He showed them how to smooth the wrinkles, and how to avoid folds and creases. Because a wrinkle becomes a blister, a blister becomes a missed practice, and a missed practice becomes a game loss.

Wooden understood something that most overlooked: championships are decided long before the spotlight, in details so small they’re easy to dismiss. And he proved it, leading UCLA to 10 NCAA championships in 12 seasons, including four perfect 30–0 runs.

Now fast forward to today’s enterprise landscape, where AI and automation dominate the conversation. The temptation is to sprint toward these tools, drawn by their promise of speed, efficiency, and transformation. It feels like skipping ahead to the highlight reel.

But here’s the uncomfortable truth: If your information governance program has wrinkles, AI will turn them into blisters.

Without strong fundamentals, AI doesn’t help you achieve your efficiency and transformation goals. In practice, these foundational gaps show up in critical areas:

  • Weak retention policies lead to over-retention or premature deletion.
  • Inconsistent classification produces unreliable outputs.
  • Gaps in defensible disposition increase legal and regulatory risk.

So, what does “putting on your socks” look like in information governance?

Go Back to the Basics Before Adding AI

Before layering on AI, organizations need to revisit the basics—the foundational elements that determine whether a program holds or collapses under pressure. Here’s how to strengthen each element:

Enforceable Retention Schedules

Are your retention policies current, aligned with regulations, and actually applied across systems?

Here’s what to do:

  • Map where records live (physical and digital) and align them to retention rules
  • Standardize retention categories across systems
  • Automate retention triggers where possible

Consistent Classification Frameworks

Do employees know what is and isn’t a record, where it belongs, and how it should be handled?

What to do:

  • Simplify your classification schema so it’s usable in practice
  • Embed classification at the point of creation or ingestion
  • Train teams with real examples, not just policy documents

Defensible Disposition Processes

Can you confidently explain why data was kept or deleted at any point in time?

What to do:

  • Establish clear workflows for review, approval, and destruction
  • Capture audit trails automatically (who, when, why)
  • Align legal, compliance, and operations on disposition criteria

Reliable Metadata and Taxonomy

Is your data structured in a way that machines and humans can understand?

What to do:

  • Standardize core metadata fields across systems
  • Eliminate duplicate or conflicting labels
  • Focus on essential metadata that improves search and retrieval

Ownership and Accountability

Is there clear responsibility for maintaining and evolving the program?

What to do:

  • Assign ownership across records, compliance, IT, and business units
  • Set regular review cadences to keep policies current
  • Tie accountability to measurable outcomes, not just documentation

AI is only as reliable as the foundation it’s built on. When these fundamentals are strong, AI accelerates efficiency and insight. When they’re weak, it accelerates risk, inconsistency, and cost.

Start Building a Foundation for AI implementation

Foundational work isn’t glamorous. It won’t generate headlines. But it’s the difference between a program that scales and a program that blisters. AI is a multiplier.

John Wooden didn’t assume that his players knew the basics, even though they were the best in the country. He took the time to reset every season and build the foundation. Information governance requires the same discipline.

Before investing further into AI-driven solutions, organizations should pause and ask:

  1. Are our fundamentals sound or just assumed?
  2. Can our current program withstand scale?
  3. Are we solving root issues or simply layering technology on top of them?

Going back to basics isn’t a step backward. It’s how you build something that lasts.

Socks first, AI second.

To learn what controls must be in place before AI is deployed, how organizations are accidentally leaking data today, and where low-risk AI use cases can deliver value without triggering compliance or security exposure, watch the recording of Responsible AI in Regulated Environments: How to Innovate Without Losing Control.” 

Related Resources

View all resources
The Disastrous Effects of a Data Breach
The Disastrous Effects of a Data Breach
Blog | 2 min read
From Compliance to Accessibility: 6 Reasons to Perform Document Digitization
From Compliance to Accessibility: 6 Reasons to Perform Document Digitization
Blog | 4 min read
Legal Guidelines for Retaining Electronic Personnel Files
Legal Guidelines for Retaining Electronic Personnel Files
Blog | 5 min read
The Five W’s (and Sometimes How) of Efficient Records Retention: Part Two
Blog | 3 min read