Information is an asset that belongs to the organization. It does not belong to whoever created or used it, the same way that a widget doesn`t belong to the assembly line workers and a bulldozer doesn`t belong to the operator.
Like any other asset, there is a cost to obtaining information and keeping it in peak operating condition. Sometimes it`s fairly easy to quantify the acquisition cost of information (e.g., consumer data used by telemarketers that call you when you`re having dinner or bathing the baby may they all rot in hell!). Sometimes, like when some poor schlub in a software marketing department puts together brochure-ware that nobody pays real attention to, it`s a little tougher. It`s also not always easy to determine whether or not the investment in the information really paid off. The telemarketers can do it quite easily, but how do you figure out the direct impact of brochure-ware to license sales? Does the organization even really care all that much?
In the course of our employment we produce and receive information. It doesn’t belong to us, it belongs to our employers. As such, we need to treat it like any other corporate asset. Even if one uses a personal device to produce the information, it still belongs to the organization.
Assets have acquisition costs, maintenance costs, residual value (sometimes), and get disposed of at the end of their useful lives. What holds true for financial assets holds true for information assets.
This, effectively, means that it is up to the organization to dictate how information is managed and what tools can be used to manage the information. Management of information includes all the ways in which information can be used, shared, secured, and disposed of. If it’s not properly governed, information can become a liability quicker than you can say “no, your honour.”
 It doesn’t really become a liability. It becomes a risk item that needs to be accounted for by setting up a contingent liability – that’s accounting type stuff.