Author: Rafael Moscatel, CRM, IGP

7 Ways To Prepare Data In The Age Of Privacy and Information Governance

7 Ways To Prepare Data In The Age Of Privacy and Information Governance

7 Tips for Data Preparation in the Age of Information Governance

Content may still be king, but now the rights to some of it may belong to the people! In response to the EU’s General Data Protection Requirement (GDPR) and recent stateside efforts to enshrine data protection including the California Consumer Privacy Act (CCPA), organizations are revisiting the efficacy of their Data and Information Governance (IG) programs. Laws and regulations vary by industry and company size but each intend to protect consumer’s personal data by prescribing technical and governance standards backed by stiff penalties for non-compliance.

Notably, while many companies are already familiar with records retention laws, these latest controls also introduce a duty to destroy data once no longer required for a legitimate business purpose. For entities that have grown accustomed to leveraging cheap digital storage, this new responsibility presents a number of logistical hurdles.

However, directives on how you may use your customer’s data or any other information you store doesn’t necessarily have to be burdensome. In fact, these new guardrails present numerous opportunities to implement better governance, monetize the lifecycle of information assets and foster trustworthy relationships that can actually enhance the customer experience.

These 7 tips can help prepare your data to support an IG strategy:

  1. Automate Retention Schedules – Legal and compliance requirements are the cornerstones of corporate governance programs. Yet tracking the multitude of historical and emerging state, federal and international laws and regulations that affect your data decisions can be a monumental task that even the most robust law departments aren’t prepared for. Consider leveraging SaaS software to keep your Risk, Compliance and Legal staff current on the latest citation changes to these nuanced instructions. These tools empower you to defensibly destroy and cleanse costly data no longer useful to your organization.
  2. Cover Your Assets – Satisfying new compliance requirements like GDPR and CCPA means it’s not enough to simply know what kinds of records you keep, you need to know what systems they’re kept in and how that data flows between them. That’s why Chief Data Officers and Enterprise Architects are increasingly embracing asset management tools that not only perform diagnostics on their application stack but allow them to inventory their attributes and map related processes that inform long-term strategic roadmap planning. Tools like these also help support application rationalization projects which in turn aid in classification and disposal of unneeded data.
  3. Introduce Big Buckets – The biggest challenges with enforcing retention across an enterprise are “event triggers” that complicate how long sets of records must be retained. For example, an employee file might be held X years following a termination “event.” Big Bucket strategies allow you to simplify and group “like” records together to support more efficient destruction actions while assuming some risk. Work with your governance partners to determine reasonable standards for a Big Bucket policy and quantifying the acceptable amount of risk your company is willing to assume to achieve cost and efficiency benefits.
  4. Enforce Legal Holds – Cleansing your data lakes and silos to save costs and minimize risk is an exercise in defensible destruction but requires awareness of outstanding legal holds. A company that spoliates evidence subject to a legal hold, even without malice, can be fined and suffer adverse inference litigation rulings resulting in unfavorable judgments. Additionally, healthy oversight of records under a preservation hold doesn’t just make good legal sense, it can also help better identify opportunities for even more defensible destruction, cost reduction and risk mitigation.
  5. Activate File Analysis – The tricky thing about new laws like the CCPA is that they require companies to find and produce data for the consumer wherever it exists. That can be a cumbersome test for many entities that have hundreds or thousands of repositories. Luckily, advanced File Analysis tools can plug directly into your network and help quickly identify sensitive and personally identifiable information (PII). They can also help you deduplicate records and find redundant, obsolete and trivial data clogging your systems, also known as ROT. These tools produce a tangible ROI that management can point to as a prime example of why IG works.
  6. Embrace Content Migrations – Unless you’ve only lived in one home your entire life, you’ve probably experienced the cathartic process of cleansing your old wares in preparation for a move. Bringing in a new content management system is not much different and it’s a unique opportunity to apply retention to your data, discard ROT and provide employees with more accurate knowledge resources.
  7. Bake-in Best Practices – Information Governance is not a “one and done” proposition, it’s a rinse and repeat discipline that only works when management sees to it that organizational culture is along for the ride. These days a basic understanding about data handling is vital for every new hire. Concepts like records retention, data protection and privacy should be part of any overall corporate training plan.

By complementing policy frameworks and toolsets with the types of Information Governance approaches noted here we can better enable our workforce to hone their knowledge skills, achieve defensible destruction and improve audit outcomes. In effect, we are future proofing ourselves for a business world destined to face increased scrutiny and under siege from data breaches and privacy issues with seemingly no end in sight. IG is the bright light at the end of that tunnel.

Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com to learn more.

Originally published in Document Media Magazine, July 2019.

Finding Genuine Talent in the Artificial World – An Interview with Erick Swaine of Mackenzie Ryan Executive Search

Finding Genuine Talent in the Artificial World – An Interview with Erick Swaine of Mackenzie Ryan Executive Search

Thirteenth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe. From the soon to be released book, “Tomorrow’s Jobs Today.”


Erick Swaine is a practice director for Mackenzie Ryan, a global talent recruiting firm. He specializes in Information Governance, AI and Analytics. He has placed thousands of job candidates across a wide spectrum of industries into mid-level to executive leadership positions and speaks frequently on their journeys and the mechanics of professional development. He received his Bachelor’s in Marketing from the University of North Carolina at Chapel Hill. I spoke with him in July about today’s recruitment process, outsourcing strategies and the nuances of succession planning in the information age.


Erick, you were an early pioneer in helping employers understand the value and talent that information governance, AI, and analytics professionals offered when these disciplines were in their infancy. How has the demand for these emerging fields transformed recruiting in the job market?

There’s a lot to unpack there as it relates to tech itself, the demand for these emerging fields and how that has transformed over the years. I come from the industry myself. Prior to my current role I sold analytics software with built in compliance and document management capabilities. Our firm recognized value in analytics and was looking to build a technology practice. Mackenzie Ryan, which split off from Personify last year (both held under Mackenzie Ryan Holdings) didn’t have it when I came abroad so they went to their private equity VC partners and asked them, “Where are you investing as it relates to technology?” There was a resounding theme around electronically stored information. This was about a dozen years ago. At that point not everyone had a content management system. The players were SharePoint, OpenText, and OnBase and companies like Stellent, which was later picked up by Oracle, and Filenet, which was picked up by IBM. But they hadn’t penetrated all the markets. Early on the investment was in Content Management and overall repositories. It was really a soup-to-nuts storage of data, you know, manipulating workflows for all components of information management.

Overall, the human capital demand is there because of the efficiency that you can create by understanding your data. The newfound efficiency is driving advanced analytics and AI over the last five to six years, with massive amounts of investments around how we make decisions around these resources. This strategy requires the right talent.

As companies started to evolve, and you had social media come into play, around the same time, there were massive amounts of electronically stored data being created. Although storage kept getting cheaper and cheaper, there was a lot of regulation coming out requiring governance of data. Many of them looked at the discipline of Information Governance as a cost only, and then hopped over into advanced analytics. Over the last three or four years, they have moved more into Artificial Intelligence.

Yet, it’s all about making sense of the data that we’re already storing, and probably not defensibly disposing of. What the new technology has done for both large and small employers is really allow these companies to make data-driven decisions, and they drive those decisions based on a lot of historical legacy data. We noticed there are several companies that either used advanced analytics platforms or AI for internal knowledge management (to enhance institutional knowledge and train their people better), or they began aggregating and analyzing the data in order to develop additional revenue streams externally.

Overall, the human capital demand is there because of the efficiency that you can create by understanding your data, and that has driven, especially in advanced analytics and AI over the last five to six years, massive amounts of investments around how we drive decisions around these resources. Continue reading “Finding Genuine Talent in the Artificial World – An Interview with Erick Swaine of Mackenzie Ryan Executive Search”

UPCOMING PRIVACY WORKSHOP IN LA 7/31: Leveraging a GDPR Compliance Investment for CCPA / Privacy By Design

UPDATE: Presentation Slides Included Below

 

ARMA-GLA Summer Spotlight Workshop

LEVERAGING A GDPR COMPLIANCE INVESTMENT FOR CCPA / PRIVACY BY DESIGN WORKSHOP

Part I – Join European attorneys and privacy compliance experts from Brussels based law firm Ethikos to learn how to leverage GDPR compliance investments for California’s new Consumer Privacy Act. In this presentation they’ll review key data protection concepts and privacy by design strategies already in place across the EU and explain how they’re now spreading throughout the United States. Find out what you need to know about the rules of transferring data and records internationally, PII records retention requirements, rules for managing content on customer facing websites and the impact of these new records management guidelines in contract negotiations.

SELECT THE LINK BELOW TO VIEW THE WHOLE  PRESENTATION.

ETH-CAPP-2019-LA-PbD

Part II – Meet solutions engineers from Active Navigation who will show you real world examples of how state of the art privacy software helps apply concepts and rules from GDPR and CCPA directly into an information lifecycle program. Learn about machine learning classification, consent validation, uncovering dark data and many more intricacies of implementing a privacy framework as part of your Information Governance roadmap.

Presenters

Miguel Mairlot, Ethikos Law Firm, Brussels

Miguel Mairlot is a trusted compliance expert, with significant breadth of experience across Europe. He provides clients with advice and support on all aspects of their compliance program. His areas of expertise include Asset Management, Wealth and Insurance businesses to cover cross-border regulatory issues, risk management, contractual documentation and product development, advising and influencing senior stakeholders at executive committee level, enabling them to meet their responsibilities across a range of group policies and local requirements, including MiFID II, GDPR, AML, ABC and Sanctions. Before Ethikos, Miguel has worked for prestigious international law firms and financial institutions as Head of Compliance. Miguel speaks English, French, Dutch and is a Certified Compliance Officer (Febelfin Academy) since 2013 and a Data Protection Officer. He has written and spoken widely on compliance and financial law topics and teaches at the Cooremans Institute. He also serves on the Editorial Board of “la Revue de Droit Bancaire et Financier”.

No comments

The Building Blocks of Information Governance

Information Governance (IG) is quite the buzzword these days, yet too many organizations still find themselves struggling with implementing a practical roadmap for success. Here’s a proven strategy and a few tips I picked up while developing board level IG programs for the Fortune 500.

Walk Before You Run

It’s true that your strategy needs to be agile to support the modern workforce but it also must be driven by methodical policy and technology planning when it comes to IG. As a leading practitioner of this discipline at Fortune 500 companies as well as smaller firms, I learned first hand the benefits of careful strategic planning and executing capstone projects under the umbrella of IG. Over time and as a result of tough lessons learned, I began to develop tested strategies essential for enterprise wide adoption and success.

The first strategy is also a lesson… a lesson about cadence and setting expectations. Understanding company culture, its maturity level and appetite for change helps you plan your IG strategy over 1, 3, 5 years. These are not things you alone determine but they are considerations you leverage and may need to influence to get things done. A company that’s behind the curve on IG, or has slipped a little off the slope shouldn’t be perceived as a problem but an opportunity. How you respond to inefficiencies, gaps, audit findings and weaknesses will make the difference between an organization hostile to IG or welcoming to change. Rushing into IG will serve you up a big plate of the former.

Copyright 2019 Compliance and Privacy Partners LLC

For example, many groups that pick up the mantle of IG, excited by its potential, end up taking a scorched earth approach to handling their data projects, hurriedly setting up IG committees, imposing rules, writing up new guidelines, buying shelfware and basically racing towards what they think will be early wins. But IG is not a race, nor is it a repository for IT and Legal’s kitchen sink. It actually requires an initial 30,000 foot view and assessment of the regulatory landscape, a tactful application to core program components. A planned yet flexible cadence covers essential bases and addresses the unique needs of the business.

A clear executive level strategy around IG…

  • Presents opportunities for better governance to avoid fines and litigation exposure

  • Helps to reduce expenses and monetize the information lifecycle

  • Fosters trust to enhance customer experiences

Instead of rushing in, organizations first need to have the types of open, honest discussions that will achieve the goals and end results noted above. That happens by bringing the right people to the table and under the right setting.

Set the SME Table

At Compliance and Privacy Partners we work with highly regulated, US-based companies essential to America’s economic success. However, our solutions are only as effective as the commitment of our clients to their efficiency and compliance goals. Successful governance transformations require both capital investment and executive leadership.

Information Governance is an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.  The Sedona Conference® – Commentary On Information Governance Second Edition

The Sedona Conference, which has done an amazing job of raising the profile of Legal Hold and eDiscovery processes in litigation, offers up a decent definition of Information Governance but it leaves out (or at least does not fully define) one thing… the valuable people that make the whole process work. People are the “coordinated approach” in that definition and their subject matter expertise is the secret sauce in IG. So, what types of people do you want sitting at an IG table or on an IG committee?

Consider these folks for starters:

  • Chief Data Officer
  • Chief Enterprise Architect
  • Chief Compliance Officer
  • Chief Privacy Officer
  • Chief Risk Officer
  • Information Security
  • Internal Audit
  • General Counsel
  • Human Resources
  • Records Management

Now we know people are what make the world go around, and they’re the stakeholders that drive Information Governance, but what’s next? How do we begin building the type of IG program that will last, that will really manage our risks and optimize, or even monetize, our organization’s information and data value?

That next step is a core strategy that lays out the building blocks for establishing a world-class program. Yet this is the point where many companies get sidetracked and wander into the meeting hell desert for forty years. Companies that succeed stick to the basics when they’re starting new IG programs or even breathing life into old ones. At Compliance and Privacy Partners, our experience is that the formula for setting the cornerstones of IG include four basic building blocks.

The 4 Basic Building Blocks of IG

Any company serious about  Information Governance requires:

  1. Knowledge of what data they have and are obligated to retain / destroy
  2. Strategy for defensibly preserving and / or producing that data
  3. Tools to identify / protect those records
  4. Policies that tie that knowledge, strategy and toolset all together

Align Policy with Technology

Information Governance as a discipline has already proven to many corporations around the globe the importance of aligning their policy pillars and best practices with state of the art technology. It is almost a necessity in the high-paced, data driven world we live in. As AI, Machine Learning and Big Data continue to evolve as operational necessities and revenue streams, it becomes even more important to apply governance. But IG is also still a young discipline, exploited by some vendors and consultants as a cure-all with very little practical workmanship behind its practice and execution.

Copyright 2019 Compliance and Privacy Partners

Don’t put the cart before the horse when making a serious commitment to transforming your organization with the power of Information Governance. Spend time developing your strategy, setting the table with the right stakeholders, planning around the basic building blocks of IG and aligning your policies with your technology. Don’t just take our word for it, we’ve seen these principles in action and they work!

Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com

20 Years After Google: In Search of a Better Way to Search

From its inception the internet has always been about search…. searching for that answer, that perfect example, that one you love? But search has also changed the way we think about information, about primary sources and really about each other in wildly different ways that aren’t always, well….helpful.

In the wrong data steward’s hands the integrity of our records and information, both in the style and context in which it is delivered, can be easily and unfairly distorted. This has worsened over time and is horrifying when you consider the extent of “deep fakes,” “fake news” and other purposeful misleading propaganda being spread. A trend towards misinformation and bias is clearly what has happened over time with Google’s search results and it’s having disastrous unintended consequences on the pursuit and preservation of knowledge, wisdom and the humanities around the entire world.

With exciting new A.I. tools like Alexa and Siri becoming commonplace, search has entered a second renaissance and results have even more power to shape hearts and minds. Yet nobody, no one monopoly, should be in the business of brokering access to facts or opinions.

We need new tools that deliver intelligent results that protect the privacy of its users and promote resources which enrich our lives, communities and world around us without exploiting our vulnerabilities.

With proper regulation of monopolies like Google there’s going to be a better way to find what you “need” without being subtly persuaded how to believe and incessantly pestered about what you should “want” along the way. In other words, a return to search that offers a wealth of information minus manipulation.

True search results should provide access to knowledge you can rely on for personal, professional and academic growth. A search engine should steer you away from groupthink and encourage critical thinking, not bully you into becoming a “follower.” We need independent thinkers to reclaim their independence as information consumers, as teachers and students, as citizens, as moms, dads, brothers, sisters and yes, even as politicians. After all, the internet has the power to be the great equalizer in spreading knowledge. But that knowledge can only bring light to our present darkness if it can shine through the praetorian ideologues that have begun to guard its boundless prism.

Google was perfect for its time and helped both connect and open the world to itself. Yet now, as our collective tastes become more refined, we realize our search time is equally as valuable as increasingly for-profit algorithms. Rather than wasting another moment sifting through information curated through a corporate or political filter, knowledge seekers should demand to be able to create their own!

We deserve new tools that deliver intelligent results that protect the privacy of its users and promote resources which enrich our lives, communities and world around us without exploiting our vulnerabilities.

My Hope for ARMA International

My Hope for ARMA International

For almost 65 years, ARMA International has provided an exceptional level of educational value, professional resources and guidance to members of the information management field and business community. Those efforts have aided organizations in recognizing the importance of RIM/IG practitioners’ unique skillsets and helped incorporate them into their IT and governance programs. Indeed, both public and private entities benefit enormously from the mission of this organization, which much like its subject matter, has swiftly transformed to meet evolving civic and corporate demands. This rich history and dedication to its members, the business community and the public is exactly what I’d like to see continue in the coming decade. But my hope would also be for all of our membership, from fellows on down, to more enthusiastically apply the insight, lessons and strategies they’ve acquired over their careers to help ARMA in both achieving its long-term strategic plans and in exceeding its annual goals.

ARMA can lead the way by developing and fostering cutting edge information strategies that sit on the peaks of this new horizon and by driving the conversations that illuminate the valleys in between.

For the last twenty years I’ve held prominent leadership roles at both Fortune 500 companies and revered legal firms including Farmers Insurance, Paramount Pictures, Relativity Media and Kilpatrick Townsend. My work history has taken me from the trenches of service bureaus to the hot seat of penthouse boardrooms. Along the path I’ve attained a set of credentials beginning with a CRM from the Institute of Certified Records Managers in 2013, followed by an IGP from ARMA International in 2014. In June of 2016 ARMA International selected me for its Member Profile and in 2017 my team’s efforts at Farmers Insurance earned us ARMA’s coveted Excellence for an Organization Award. Because of all this I am eternally grateful for the opportunities which ARMA has provided along my career path. I’ve also been affiliated with the local ARMA-GLA chapter for the better part of the last decade and had the chance to see how powerful and influential a local chapter can be in bringing education and awareness to members of the organization as a whole. Those chapters need our resilient support and their leaders deserve most of the credit for keeping ARMA together all these years. They are the pillars of this intellectual edifice.

The next few years will see organizations in all industries balancing a world ripe with business opportunities with an evolving universe of risk and regulations. Technology, processes, people and the associations they subscribe to are being forced to adapt to this dynamic new digital landscape in both their personal and professional lives. ARMA can lead the way by developing and fostering cutting edge information strategies that sit on the peaks of this new horizon and by driving the conversations that illuminate the valleys in between.ARMA International

As we dive into the second decade of the 21st century, I want ARMA to emerge as a defining voice in the global digital disruption and transformation discussion. By the same token, the professional development and success of ARMA’s members is central to that voice being heard loud and clear. The imminent need for effective information governance throughout the software and document lifecycle will likely broaden ARMA’s appeal to groups, professionals and verticals once unfamiliar with its offerings. In continuing to partner with and perhaps exploring mergers or acquisitions of like-minded organizations and businesses, ARMA can enhance its niche, enrich the knowledge offering and bolster its network.

With the right choices, ARMA is poised to stand as a premier educational and professional service offering for this brave new world, in part by having established itself as the knowledge and resource mecca for Information Governance standards, but equally as a promoter and champion of its members, helping them connect to tangible digital transformation solutions. This means enabling and encouraging our colleagues to rise to the challenges that will shape and define the newest careers in the Information Age.

ARMA should also find new ways to play an instrumental role in highlighting and refining best practices and approaches around not just Enterprise Content Management but Big Data, Blockchain, AI, Privacy, the Internet of Things and Quantum Computing. It must pursue unique engagements with new corporate sponsors who are at the forefront of much of the change and innovation we’re witnessing. I would hope ARMA would want to have a valued and notable sponsorship level presence at the major technology conferences in the coming years including BoxWorks and BlackHat which are hungry for our narrative and talent. ARMA must strive to remain platform agnostic but must also accept the realities of dominant technologies and embrace their significance.

The association should work closely with the legal, regulatory and ethical bodies and communities that study the impact of digital transformations on businesses as well as the individual in society. This need is evidenced by the increase in privacy regulations and laws recently passed in the EU and in the United States. Building on these relationships will lend credibility to our certifications and designations. That credibility should in turn be used by ARMA leaders and members to participate in media commentary on newsworthy information management events and issues. ARMA should strive to have those perspectives sourced by popular media and journalists alike, thus bringing further recognition to the organization and marketing its relevance. ARMA should act to elevate its experienced speakers as well as new disruptive voices. Our expertise is newsworthy and needs to be heard!

The next few years really are a once-in-a-lifetime opportunity to seize on this demand for Information Governance solutions and tap the potential of the professional community that supports it. My hope is that community will be the people that love and celebrate ARMA.


Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com

Building the Bridge Between Strategy and Governance Aboard the IT Enterprise – An Interview with Kevin Gray of the City of Burbank

Building a Bridge Between Strategy and Governance Aboard the IT Enterprise – An Interview with Kevin Gray, CIO of the City of Burbank

Eleventh in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Kevin Gray is the Chief Information Officer for the City of Burbank, leading an IT department responsible for administrative and network management, geographic information systems and technical services for more than 1400 city employees across 15 departments. Before assuming this role he served as VP of Global Media and IT for Viacom, one of the world’s premier entertainment companies, overseeing an international team located across six continents. He received his Bachelor of Science from California State University, Long Beach and is a certified Scrum Master and PMP. I spoke with him over lunch this May about aligning governance with business strategy, balancing risks and opportunities in AI and his insights on career growth.


Kevin, you began your career path at Orion Pictures administering Unix systems and then directed data center ops for DreamWorks. How did this early hands-on experience with application design and DB administration prepare you for future IT leadership positions at Viacom and ultimately the CIO role with the City of Burbank?

Well I started out on a service desk actually, really at the entry levels in IT, and I’ve been lucky to have grown up through all aspects of it. I think climbing that ladder one rung at a time definitely helped give me a clear vision to see across all the disciplines of technology.  It enabled me to see the forest through the trees, the big picture, gave me the ability to design operations, develop strategy… and equipped me with a vision to incorporate it all. And now I can more thoughtfully pull together a clear plan for how to run an organization, understand how to innovate, how to drive change through both a specific business unit or an organization. Experience is what best prepared me to lead.

One of your focal points has always been the importance of properly aligning IT governance with an organization’s business strategy. What are some of the practical ways IT teams accomplish this goal and how critical is the relationship building component that accompanies that synchronicity?

I think the most practical way to accomplish this is to focus on the people. Focus on the people developing the strategy and look at how their business is trying to implement it, because the most important thing is to be in alignment with the shared goal, in alignment with the people you’re partnering with. You have to be a true partner with the business. And that has to be the focus, not the technology. The technology is the secondary piece. Technology is what you use to try to find the solution for the business problems that they’re trying to solve. And those business problems don’t always stay the same, they change. They change based on economic conditions, they change based on market conditions, they may change based on who might be occupying the seat that you’re trying to partner with.

smart-city-1200px

So, you have to stay close and you have to stay connected. That allows you to stay aligned. Then you can figure out the solutions that are going to help solve that business problem. You have to be agile. You have to be able to switch directions. When the business switches direction, you have to be able to switch direction. And I think too many times, IT organizations, they don’t stay connected. They believe that they’re trying to solve this business strategy, that they’re trying to solve the business’ problems. But then the business problems change, the strategies change, and they’re suddenly not connected and eventually they’re heading down the wrong direction for another three to six months, which is a lifetime in technology.

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Document Strategy Forum Next Week! My Session – Executing the Information Governance Strategy for the Post-Cloud World

Content. Communication. Strategy.

I’ve attended and spoken at many different “information management” conferences over the years and each has their strengths and weaknesses. But I’m especially excited to speak at DSF ’19 this year, sponsored by companies like OpenText, Quadient, Adobe, PitneyBowes and Doculabs. Why am I so thrilled? Besides the fact that I get to share my thoughts and experiences for the first time representing Compliance & Privacy Partners, this conference is practitioner driven, with a stellar board of advisors that has spent time with its presenters, making sure the content fits the program tracks AND elevates the conversation.

At the very heart of all the buzz surrounding “big data and artificial intelligence (AI) lives a universal truth- Information is the critical asset of every organization. Information flows through people and applications at such a rapid pace that it demands effective management. Enterprises are flying blind if they don’t have an information management strategy. It is impossible to understand customer needs and improve their experiences without the right information feeding decision making systems. Without proper management of info, employee engagement is doomed. The bottom line is that effective information management will dictate critical decisions for both internal and external facing processes that bring the intersection of employees and customers into context. –David Mario Smith in the latest Document Strategy Magazine

I’ll be presenting a best practices deck on Executing the Information Governance Strategy for the Post-Cloud World in the Automation of Information track, covering Records Compliance, Legal Hold Software and Enterprise Architecture Tools.

Agenda:

  • How to build and automate your Information Governance strategy using the right policies, technology, and stakeholders
  • How to recognize the right collaboration opportunities and strategically partner on the projects most likely to support and advance your agenda
  • What approaches to take when introducing your plans to senior leadership and how to effectively manage the optics around your contributions to your company’s bottom line

Tickets may be available if you act now but the event is quickly selling out. You can learn more here.

This slideshow requires JavaScript.

Strengthening Protections and Embracing Connections – An Interview with Douglas C. Williams of Williams Data Management

Williams Records Management - Information Governance Solutions

Strengthening Protections and Embracing Connections – An Interview with Douglas C. Williams of Williams Data Management

Tenth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


DougWilliams - Information Governance PerspectivesDouglas C. Williams is CEO of Williams Data Management and Chairman of the Board for the Vernon Chamber of Commerce. He has over thirty years of experience helping Fortune 500 clients with their document storage, destruction and data security needs. I had an opportunity to sit down with him earlier this year in Los Angeles and collect his thoughts on data protection, business continuity, civic responsibility and professional growth.


Doug, your family has been involved in the Records and Data Management business for the better part of a century and you’ve seen a lot of players come and go. How do small businesses like Williams remain resilient in the disruptive world of digital transformation, and what should executives be thinking about in terms of their long-term information management strategies?

Commercial Records Management, the holistic approach at 50,000’, includes the digital component, as well as the legacy hard copy component.  Our transition in the early 1980s into the commercial records center business from industrial freight warehousing and distribution, witnessed similar disruptions.  Those disruptions had mostly to do with the shift to the service economy from the industrial/manufacturing economy.  Our client base includes enterprise size businesses as well as mid-size businesses and SMBs.  Executives in charge of information assets need to recognize the holistic scope of those information assets, whether they be structured or unstructured, and apply the information governance and regulatory guidelines to each equally.  Knowing that digital technologies will change at light-speed, CEOs and their executive teams need to be fully knowledgeable and ready for changes in forensic discovery and know the impact of retention milestones for each type of information asset.  We all know that text messages, email, and all social media posts have a permanent residency somewhere to be found.  Each and every business, large or small, has to accept a contingent liability regarding the action or inaction of maintaining a strict policy regarding their information management policies – irrespective of the resident media.

In 2015, you were interviewed by Adam Burroughs of Smart Business Los Angeles and highlighted a growing alarm over data breaches. Here we are just a few years later and data protection is a daily news flash. With California recently passing the California Consumer Privacy Act, do you still feel the majority of organizations are taking security and privacy for granted or are you now starting to see a trend toward proactive management of data?

I do.  They are taking for granted it won’t happen to them, and if it does, they are insured.  But guess what, that is delusional.  Again, the proactive plan requires a holistic approach to information management.  The IT department knows how to protect the data, but typically do not know why, i.e., what are the governing rules for each type of data. That is the province of the CIO or the Director of Information Governance, or the General Counsel if an enterprise size firm. The breaches in the headlines are preventable; however, because of human errors in social media, emails, texts, data sharing, lack of encryption and the like, entryways into personal information data sets are available.  In our case at Williams Data Management, because we are social media users, we installed front end data intrusion software, pioneered and patented by Oasis Technologies, known as TITAN, which blocks over 500,000 intrusions attempts per week from getting into our networks.

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Marketing The Moving Targets of Digital Transformations – An Interview with Dux Raymond Sy of AvePoint®

AvePoint - Migrate Manage Protect

Marketing the Moving Targets of Digital Transformations – An Interview with Dux Raymond Sy of AvePoint

Tenth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Dux Raymond Sy is the Chief Marketing Officer of Avepoint® and has successfully driven business and digital transformation initiatives for commercial, educational and public sector organizations across the globe. He’s a Microsoft Regional Director (RD), a Microsoft Most Valuable Professional (MVP) and has authored numerous books, articles and whitepapers on IT and business process strategy. He received his Bachelor of Science from Southern Polytechnic University in Telecommunications Engineering. I interviewed him recently about the unique challenges of marketing digital products and services, the future of cloud computing, O365 and the shifting IT career landscape.


Dux, Avepoint specializes in leveraging the breadth of Microsoft technologies including SharePoint and Office 365 to help companies migrate and manage their cloud, on-premises and hybrid environments. There are some trend reports indicating a few enterprises have shifted back toward hybrid stacks after overextending themselves in the cloud. Do you believe most enterprises eventually will evolve, or are there factors such as data protection that will always prevent full cloud adoption for certain entities?

When it comes to enterprise technology, we rarely move backwards. The cloud’s cost, scale, efficiency access, and yes, even security advantages, are too great for on-premises  or hybrid infrastructures to prevail long-term.  What I will say is the transformation will take much longer than the advertising of cloud providers would have you believe. Most organizations are not all-in the cloud today. We did a study in 2017 that showed about 70 percent of organizations were still in hybrid architectures. We sponsored a study with AIIM this year that showed 1 in 3 organizations is maintaining at least 2 versions of SharePoint. Attitudes towards the cloud have changed, now the conversation is mainly focused on how to get there rather than the why. 

Lastly, there are capabilities that the cloud offers that cannot be delivered on-premises s. Cloud-based advanced services, like machine learning, artificial intelligence, and data analytics, open new opportunities for technical teams to drive business value.

AvePoint and Office 365 - Information Governance Perspectives

The free e-book “Designed to Disrupt” unpacks this in full detail: https://azure.microsoft.com/en-us/resources/designed-to-disrupt-reimagine-your-apps-and-transform-your-industry/

How is Infrastructure, Platform and Software-as-a-Service changing the organizational hierarchy of IT departments, reporting structures and collaborative teams? Are companies beginning to hire more administrators and get along with fewer developers, architects and support staff? Where will the best IT jobs be in the next few years at the current pace?

This is a great question! My colleague Hunter Willis recent wrote a piece about this that sparked a huge debate on Twitter. What we have found is that people and organizations evolve more slowly than the technology. Right now, most organizations are just shifting on-premises  roles to the cloud. So if you were the SharePoint admin or the Exchange admin, you are now the SharePoint Online admin or Exchange Online admin. But what about applications that don’t exist on-premises ? Who owns PowerApps? This also ignores the advanced workloads and connections between apps that exist in the cloud. What you do in Microsoft Teams impacts your Exchange and vice versa. What organizations need, and we haven’t seen yet, is an Office 365 admin that truly owns the platform and looks at these platform wide issues. If were seeing some of these issues just within Office 365, imagine what we will see as multi-cloud architectures become more popular. The best IT jobs in the next few years will be business enablers who have a love of learning. You will need to be agile in the era of tech intensity.

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Establishing a Framework to Sustain the Coming IoT Tsunami – An Interview with Priya Keshav of Meru Data

Establishing a Framework to Sustain the Coming IoT Tsunami – An Interview with Priya Keshav of Meru Data

Ninth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Priya Keshav is the founder and CEO of Meru Data LLC, a software company focused on building solutions that simplify and achieve corporate information governance goals. Prior to Meru, she was the leader of KPMG’s Forensic Technology Services Practice in the Southwest United States. She received her MBA from University of Florida’s Warrington College of Business Administration. I had the chance to sit down with her this January and discuss IG, the Internet of Things, consulting, and software development.


Priya, you’ve written extensively, often in collaboration with thought leaders in IG including Jason Baron, about the enormous ethical questions emerging from IoT. Do you think there is yet a universal, cross-industry awareness of these challenges or are business drivers in this area primarily the result of European or US regulatory pressures?

I think there is universal recognition that the use of IoT will bring unique challenges and ethical questions. However, I would not call this universal awareness or understanding at this point. The use of IoT is rapidly increasing, the solutions being developed are integrating multiple industries and we are just scratching the surface of what is possible with IoT. I think today, we are at a point where we recognize that some unique challenges are going to arise. I do not believe we have fully understood the nature of these challenges, especially as the uses and applications for IoT are rapidly evolving.

Both industry and regulators are at the same point – thinking about appropriate frameworks for discussing and addressing these challenges. I don’t believe regulatory pressures from either Europe or the US are the primary drivers for the growing awareness. It does seem regulators have more of a focus on the challenges while the industry focus is more around creating newer solutions. There are multiple efforts underway to understand challenges with IoT, driven by both industry and regulatory interest. However, I do not think this is primarily due to regulatory pressure. There is regulatory interest that has industry taking notice but even the industry is realizing the need to manage the unique challenges from the use of IoT. Existing regulations like the GDPR, COPA etc. obviously would apply to IoT. There is increased scrutiny and regulations around data privacy and security in general and that might look like there is increased regulation around IoT. However, there are very few IoT specific regulations like the California SB327.

Regulatory efforts around IoT to date have been more guidelines focused and have tried to not slow down the uptake of IoT. Examples include the recently issued NIST draft report on IoT cyber security standards that provides a great discussion of how risks from IoT are unique and how organizations could adapt their policies to handle this. There have also been integrated efforts with working groups to review existing IoT security standards and initiatives in the US (by the National Telecommunication and Information Administration) and in Europe (Working Group 3 formed by Alliance for Internet of Things Innovation). Other agencies like the the Consumer Products Safety Commission and the FTC have also been gathering comments on their roles in regulating IoT.

With the Meru Data platform, you’ve strived to develop a functional and reporting tool that simplifies and sustains data governance programs for your customers. Is most software today built around policy frameworks, such as FINRA compliance or privacy-by-design, and are these types of approaches even feasible amidst shifting customer wants and seemingly prescriptive laws like GDPR?

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Harnessing Analytical Insights and Illuminating the Physical Realm of Dark Data – An Interview with Markus Lindelow of Iron Mountain

Harnessing Analytical Insights and Illuminating the Physical Realm of Dark Data – An Interview with Markus Lindelow of Iron Mountain

Eighth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Markus Lindelow leads the IG and Content Classification Practice Group at Iron Mountain, the world’s largest information management company, where he’s been pioneering breakthrough analytic techniques for over a decade. He holds a Master of Science degree in Computer Information Systems from Saint Edwards University and consults across a broad set of industries. I interviewed him in November to discuss his thoughts on the evolution of metadata, content classification, AI, and how organizations are using the new pillars of data science to break down their silos, help customers get lean and discover the hidden value in their big data sets.

Markus, you work with all kinds of companies to help them better understand and address the often incomplete metadata tied to some of their most valuable information assets in the form of historical paper records and materials retained over decades. In many cases, institutional memory has been completely lost and they’re struggling to figure out whether to dispose of these business records, balancing costs of over retention with risks of untimely destruction. How does your team leverage diagnostic, predictive and prescriptive analytics to make sense of what little data they might have to make informed decisions?

Our content classification process focuses on making the best use of the available metadata. This means classifying records with meaningful metadata as well as analyzing the classified inventory in order to create classification rules for records with little or no metadata. We have identified a number of attributes within the data that tend to correlate with classification conclusions. We assess the classified records associated with an attribute to create a profile that may inform a rule to classify the unclassified records sharing that same attribute…

If, for example, there are 100 cartons associated with pickup order XYZ, 90 of those cartons have been classified, and furthermore all 90 are classified to ABC100, can we create a rule to classify to ABC100 the 10 unclassified cartons belonging to pickup order XYZ? Clients may need to weigh the risk when applying this type of classification rule and the process may include a random sampling of cartons for physical inspection in order to verify the classification.

There’s usually a disconnect between the needs of information managers and legislatures which set retention periods for records. We see this in regulations where the granularity of both fixed and event based retention triggers complicates the practical management of records. Over the years, strategies like “big buckets” have attempted to lessen this challenge but even the best efforts are imperfect and carry their own risks. What can be done to better bridge the divide between the need for due diligence in retaining records and the business case for a more practical solution?

There are two pieces to the puzzle of records management: classification and retention. A records retention schedule needs to be straightforward enough to implement so that users can apply record codes to records. But the retention periods for the record classes need to be specific enough so that some types of records are not being over or under-retained because they are being grouped with other records…

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.