Category: Information Governance

5 Ideas To Kickstart Your Governance, Risk and Compliance Program in the New Year!

We’ve all been there. Sitting around the conference room with our compliance teams, droning on about scheduling conflicts, procedural details and strategy about strategy. Here are some actual substantive ideas, initiatives and approaches to privacy, data governance and cyber-security that can get the ball rolling next year.

1. Policies aren’t just documents you keep around in case you might have to show them to a judge one day. Start putting them to work and leveraging their authority to cut costs and reduce operational risks!

For example:

  • Privacy policies, now required to be updated annually by the State of California, can actually help drive data mapping exercises, leading to new insights into structured and unstructured data systems. Use those insights to help patch gaps in your IT infrastructure and even retire costly, redundant systems, classify shadow IT and discard unused shelfware.
  • Retention policies can be used as virtual blueprints to justify and destroy, costly, over-retained paper records and electronic data lingering around the office and waiting to be discovered… by your adversaries!
  • Cyber-security policies like those required by the New York DFS can be used to help IT decision makers prioritize strategic investments in your cyber-defense software.
2. Chief executives realize audits are necessary to continually optimize business processes, but even the sharpest leaders sometimes forget the most sobering, useful assessments are conducted by outside parties who don’t have an inherently biased interest in determining the findings.

Executives need to make sure they are told what they need to hear, not what they want to hear.

3. One of the reasons assurance departments like compliance, risk and internal audit struggle with their annual reviews is because of a lack of policy organization within their OWN departments.

Lack of procedural consistency, ownership of policy and overlap and confusion over a directives authority in can create even more conflict, risk and uncertainty for an organization. But relying on institutional knowledge and spreadsheets just doesn’t cut it anymore. That’s why every regulated company needs a strong technology backbone in the form of a GRC or governance risk and compliance software.

4. These days the risk is not just internal. With so much of our data in the cloud and managed by other parties, some of the greatest risks have moved outside of the firewall.

Organizations need strategies and tools to help them prioritize and manage those vendor risks effectively. Sophisticated and affordable tools that address consumer data privacy requests can also be used to map and streamline an organizations external data, whether it’s private in nature or otherwise.

5. Finally, risk is not a one size fits all problem. Investment needs to be proportional to the exposure. That’s why it’s important to spend enough time planning your long-term strategy rather diving headfirst into solutions that promise the moon and end up creating more infrastructure dependency than you bargained for.

Rafael Moscatel is Managing Director of Compliance and Privacy Partners, a consulting firm specializing in data governance and privacy solutions. He is an award-winning Information Governance Professional (IGP), Certified Records Manager (CRM), Certified Information Privacy Manager (CIPM). Rafael has spent the last twenty years developing large-scale Information Management Programs for the Fortune 500 including Paramount Pictures and Farmers Insurance. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com to learn more.

We’ve Won! 1st place in our 2019 Information Management Today MVP Awards

The people have spoken and our article, “7 Ways to Prepare Data in the Age of Privacy and Information Governance,” has won 1st place in the 2019 Information Management Today MVP Awards Other category! Thank you to all of our subscribers!

Article reprinted below!

Content may still be king, but now the rights to some of it may belong to the people! In response to the EU’s General Data Protection Requirement (GDPR) and recent stateside efforts to enshrine data protection including the California Consumer Privacy Act (CCPA), organizations are revisiting the efficacy of their Data and Information Governance (IG) programs. Laws and regulations vary by industry and company size but each intend to protect consumer’s personal data by prescribing technical and governance standards backed by stiff penalties for non-compliance.

Notably, while many companies are already familiar with records retention laws, these latest controls also introduce a duty to destroy data once no longer required for a legitimate business purpose. For entities that have grown accustomed to leveraging cheap digital storage, this new responsibility presents a number of logistical hurdles.

However, directives on how you may use your customer’s data or any other information you store doesn’t necessarily have to be burdensome. In fact, these new guardrails present numerous opportunities to implement better governance, monetize the lifecycle of information assets and foster trustworthy relationships that can actually enhance the customer experience.

These 7 tips can help prepare your data to support an IG strategy:

  1. Automate Retention Schedules – Legal and compliance requirements are the cornerstones of corporate governance programs. Yet tracking the multitude of historical and emerging state, federal and international laws and regulations that affect your data decisions can be a monumental task that even the most robust law departments aren’t prepared for. Consider leveraging SaaS software to keep your Risk, Compliance and Legal staff current on the latest citation changes to these nuanced instructions. These tools empower you to defensibly destroy and cleanse costly data no longer useful to your organization.
  2. Cover Your Assets – Satisfying new compliance requirements like GDPR and CCPA means it’s not enough to simply know what kinds of records you keep, you need to know what systems they’re kept in and how that data flows between them. That’s why Chief Data Officers and Enterprise Architects are increasingly embracing asset management tools that not only perform diagnostics on their application stack but allow them to inventory their attributes and map related processes that inform long-term strategic roadmap planning. Tools like these also help support application rationalization projects which in turn aid in classification and disposal of unneeded data.
  3. Introduce Big Buckets – The biggest challenges with enforcing retention across an enterprise are “event triggers” that complicate how long sets of records must be retained. For example, an employee file might be held X years following a termination “event.” Big Bucket strategies allow you to simplify and group “like” records together to support more efficient destruction actions while assuming some risk. Work with your governance partners to determine reasonable standards for a Big Bucket policy and quantifying the acceptable amount of risk your company is willing to assume to achieve cost and efficiency benefits.
  4. Enforce Legal Holds – Cleansing your data lakes and silos to save costs and minimize risk is an exercise in defensible destruction but requires awareness of outstanding legal holds. A company that spoliates evidence subject to a legal hold, even without malice, can be fined and suffer adverse inference litigation rulings resulting in unfavorable judgments. Additionally, healthy oversight of records under a preservation hold doesn’t just make good legal sense, it can also help better identify opportunities for even more defensible destruction, cost reduction and risk mitigation.
  5. Activate File Analysis – The tricky thing about new laws like the CCPA is that they require companies to find and produce data for the consumer wherever it exists. That can be a cumbersome test for many entities that have hundreds or thousands of repositories. Luckily, advanced File Analysis tools can plug directly into your network and help quickly identify sensitive and personally identifiable information (PII). They can also help you deduplicate records and find redundant, obsolete and trivial data clogging your systems, also known as ROT. These tools produce a tangible ROI that management can point to as a prime example of why IG works.
  6. Embrace Content Migrations – Unless you’ve only lived in one home your entire life, you’ve probably experienced the cathartic process of cleansing your old wares in preparation for a move. Bringing in a new content management system is not much different and it’s a unique opportunity to apply retention to your data, discard ROT and provide employees with more accurate knowledge resources.
  7. Bake-in Best Practices – Information Governance is not a “one and done” proposition, it’s a rinse and repeat discipline that only works when management sees to it that organizational culture is along for the ride. These days a basic understanding about data handling is vital for every new hire. Concepts like records retention, data protection and privacy should be part of any overall corporate training plan.

By complementing policy frameworks and toolsets with the types of Information Governance approaches noted here we can better enable our workforce to hone their knowledge skills, achieve defensible destruction and improve audit outcomes. In effect, we are future proofing ourselves for a business world destined to face increased scrutiny and under siege from data breaches and privacy issues with seemingly no end in sight. IG is the bright light at the end of that tunnel.

Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com to learn more.

California Dreamin’ – A Free Roadmap For your CCPA Journey

What is the CCPA and why should you care?

In response to recent stateside efforts to enshrine data protection including the California Consumer Privacy Act (CCPA), organizations are revisiting the efficacy of their Data and Information Governance (IG) programs. Laws and regulations vary by industry and company size. Yet each intend to protect consumer’s personal data by prescribing technical and governance standards backed by stiff penalties for non-compliance.


What you need to know and do to ensure compliance with California’s new Consumer Privacy Act

New regulations governing use of customer and personal data needn’t be burdensome.  Rather, they help reduce expenses and monetize the information lifecycle, identify opportunities for better governance to avoid fines and litigation exposure and foster trust to enhance customer experiences. Download this FREE detailed CCPA roadmap to see how you can get your company on the path to compliance.


This slideshow requires JavaScript.

Our CCPA and GDPR engagements include:

  • Data and resource mapping
  • Conducting gap and risk assessments
  • Controls evaluation to standards
  • Establishing governance with clearly defined roles and responsibilities
  • Policies and procedures review
  • Domestic and International legal review of privacy and security policies to fit the organization’s risk profile and culture
  • Consumer data request and delivery mechanism (including website notices)
  • Providing education and training
  • Design of role-based access control (RBAC) rights
  • Privacy impact assessment (PIA/DPIA) during product design

Third Party Due Diligence Support

  • Pre-contract due diligence and consulting
  • Cloud services guidance
  • Managed security services (build or buy guidance)
  • Third-party management program/policy

Our consulting and software solutions enable clients to comply with CCPA provisions 1798.110(a)(4), 1798.100, 1798.105, 1798.110, 1798.120, 1798.145, 1798.140, 1798.150


Call us today to see how we can help you with:

  • California Consumer Privacy Act of 2018, Amendments and Rulemaking
  • HIPAA/HITECH Security, Privacy and Breach Notification Rules
  • Generally Accepted Privacy Principles (GAPP)
  • EU’s General Data Protection Regulation (GDPR)
  • ISO/IEC 27001-2:2013
  • CIS Top 20 Critical Security Controls (CA AG requires)
  • SEC OCIE Cybersecurity Initiative
  • NIST Cybersecurity Framework
  • U.S. Sentencing/DOJ/OIG Guidelines for Effective Compliance (program foundation)
  • Applying Risk Management Program Management and Principles

Williams Data Management to Host Data Protection Lunch with Compliance and Privacy Partners at Century City Chamber of Commerce

Media Contact: Ally Bertik ally@marketingmaven.com (310) 405-0358  

Williams Data Management to Host Data Protection Lunch at Century City Chamber of Commerce

Leader in Data Protection Partners with Cyber Hygienist and Technology Expert to Discuss How Fiduciaries Can Prepare and Protect Their Businesses for Data Breaches

­­­­­­­­­­­­­­­­­­­­­­ _____________________________________________________________________________

LOS ANGELES.  – (September 18, 2019)  Williams Data Management, southern California’s leader in data protection, has partnered with Rafael Moscatel, managing director of Compliance and Privacy Partners, and George Baldonado, president and CEO of Oasis Technology, Inc. to host a “Data Protection, A Primer For Your Fiduciary: It’s Your Business, Protect It!” lunch​ in conjunction with the Century City Chamber of Commerce. The panel will take place from 11:30 a.m. to 1 p.m. on October 3, 2019 at Greenberg Glusker, 1900 Avenue of the Stars, Suite 1400 in Century City, California.

Data Protection Pro, Douglas C. Williams, president and CEO of Williams Data Management will discuss how small businesses can take advantage of a data breach reporting service powered by CSR Privacy Solutions, Inc. to enable companies to protect Personally Identifiable Information (PII). Other topics will include the California Consumer Privacy Act (CCPA), cyber security protection and data governance.

“We are thrilled to lead the conversation for fiduciaries on how to better protect their businesses,” said Williams. “Our goal is to keep your information safe, secure and available regardless of what it is or where it is stored. We hope to provide a clear solution for companies in all industries moving forward, especially with our new data protection suite that provides a pathway for self-assessment and structural gap analysis for internal management.”

Guests will have the opportunity to network with business professionals, engage in this informative panel with expert sources and enjoy lunch provided by Williams Data Management.

To learn more or register for the data protection lunch, please visit https://business.centurycitycc.com/events/details/data-protection-a-primer-for-your-fiduciary-it-s-your-business-protect-it-1704.  

About Williams Data Management

Williams Data Management is southern California’s leading source for data protection management. The company educates, consults, has the source materials, and provides the structure for self-assessment and corporate plan structure for information breach notifications in the United States. Over the last decade, the firm has become an expert solution provider, offering professional records management, data protection, imaging and digitization, cloud storage and certified data destruction services to all sectors and sizes of businesses.

Williams holds numerous certifications for data compliance and destruction including SSAE16, NAID “AAA” Certification, and is a member of PRISM. For more information, visit www.williamsdatamanagement.com or call 888-478-FILE.

About Century City Chamber of Commerce

The Century City Chamber of Commerce is one of Los Angeles’ most active, involved and relationship-driven chambers. The chamber places a special emphasis on its members working together to build effective relationships and relevant programs that help individuals and companies expand their marketplace reach. Under the clear and powerful guidance of many energetic committees and councils, the Century City Chamber has grown to encompass representatives from virtually every industry, helping to make Century City one of Los Angeles’ most prestigious business communities. From the largest corporations to mid-sized businesses and emerging entrepreneurs, its diverse members thrive with one another and with key decision makers.

#           #           #

Finding Genuine Talent in the Artificial World – An Interview with Erick Swaine of Mackenzie Ryan Executive Search

Thirteenth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe. From the soon to be released book, “Tomorrow’s Jobs Today.”


Erick Swaine is a practice director for Mackenzie Ryan, a global talent recruiting firm. He specializes in Information Governance, AI and Analytics. He has placed thousands of job candidates across a wide spectrum of industries into mid-level to executive leadership positions and speaks frequently on their journeys and the mechanics of professional development. He received his Bachelor’s in Marketing from the University of North Carolina at Chapel Hill. I spoke with him in July about today’s recruitment process, outsourcing strategies and the nuances of succession planning in the information age.


Erick, you were an early pioneer in helping employers understand the value and talent that information governance, AI, and analytics professionals offered when these disciplines were in their infancy. How has the demand for these emerging fields transformed recruiting in the job market?

There’s a lot to unpack there as it relates to tech itself, the demand for these emerging fields and how that has transformed over the years. I come from the industry myself. Prior to my current role I sold analytics software with built in compliance and document management capabilities. Our firm recognized value in analytics and was looking to build a technology practice. Mackenzie Ryan, which split off from Personify last year (both held under Mackenzie Ryan Holdings) didn’t have it when I came abroad so they went to their private equity VC partners and asked them, “Where are you investing as it relates to technology?” There was a resounding theme around electronically stored information. This was about a dozen years ago. At that point not everyone had a content management system. The players were SharePoint, OpenText, and OnBase and companies like Stellent, which was later picked up by Oracle, and Filenet, which was picked up by IBM. But they hadn’t penetrated all the markets. Early on the investment was in Content Management and overall repositories. It was really a soup-to-nuts storage of data, you know, manipulating workflows for all components of information management.

Overall, the human capital demand is there because of the efficiency that you can create by understanding your data. The newfound efficiency is driving advanced analytics and AI over the last five to six years, with massive amounts of investments around how we make decisions around these resources. This strategy requires the right talent.

As companies started to evolve, and you had social media come into play, around the same time, there were massive amounts of electronically stored data being created. Although storage kept getting cheaper and cheaper, there was a lot of regulation coming out requiring governance of data. Many of them looked at the discipline of Information Governance as a cost only, and then hopped over into advanced analytics. Over the last three or four years, they have moved more into Artificial Intelligence.

Yet, it’s all about making sense of the data that we’re already storing, and probably not defensibly disposing of. What the new technology has done for both large and small employers is really allow these companies to make data-driven decisions, and they drive those decisions based on a lot of historical legacy data. We noticed there are several companies that either used advanced analytics platforms or AI for internal knowledge management (to enhance institutional knowledge and train their people better), or they began aggregating and analyzing the data in order to develop additional revenue streams externally.

Overall, the human capital demand is there because of the efficiency that you can create by understanding your data, and that has driven, especially in advanced analytics and AI over the last five to six years, massive amounts of investments around how we drive decisions around these resources. Continue reading “Finding Genuine Talent in the Artificial World – An Interview with Erick Swaine of Mackenzie Ryan Executive Search”

UPCOMING PRIVACY WORKSHOP IN LA 7/31: Leveraging a GDPR Compliance Investment for CCPA / Privacy By Design

UPDATE: Presentation Slides Included Below

ARMA-GLA Summer Spotlight Workshop

LEVERAGING A GDPR COMPLIANCE INVESTMENT FOR CCPA / PRIVACY BY DESIGN WORKSHOP

Part I – Join European attorneys and privacy compliance experts from Brussels based law firm Ethikos to learn how to leverage GDPR compliance investments for California’s new Consumer Privacy Act. In this presentation they’ll review key data protection concepts and privacy by design strategies already in place across the EU and explain how they’re now spreading throughout the United States. Find out what you need to know about the rules of transferring data and records internationally, PII records retention requirements, rules for managing content on customer facing websites and the impact of these new records management guidelines in contract negotiations.

SELECT THE LINK BELOW TO VIEW THE WHOLE  PRESENTATION.

ETH-CAPP-2019-LA-PbD

Part II – Meet solutions engineers from Active Navigation who will show you real world examples of how state of the art privacy software helps apply concepts and rules from GDPR and CCPA directly into an information lifecycle program. Learn about machine learning classification, consent validation, uncovering dark data and many more intricacies of implementing a privacy framework as part of your Information Governance roadmap.

Presenters

Miguel Mairlot, Ethikos Law Firm, Brussels

Miguel Mairlot is a trusted compliance expert, with significant breadth of experience across Europe. He provides clients with advice and support on all aspects of their compliance program. His areas of expertise include Asset Management, Wealth and Insurance businesses to cover cross-border regulatory issues, risk management, contractual documentation and product development, advising and influencing senior stakeholders at executive committee level, enabling them to meet their responsibilities across a range of group policies and local requirements, including MiFID II, GDPR, AML, ABC and Sanctions. Before Ethikos, Miguel has worked for prestigious international law firms and financial institutions as Head of Compliance. Miguel speaks English, French, Dutch and is a Certified Compliance Officer (Febelfin Academy) since 2013 and a Data Protection Officer. He has written and spoken widely on compliance and financial law topics and teaches at the Cooremans Institute. He also serves on the Editorial Board of “la Revue de Droit Bancaire et Financier”.

No comments

The Building Blocks of Information Governance

Information Governance (IG) is quite the buzzword these days, yet too many organizations still find themselves struggling with implementing a practical roadmap for success. Here’s a proven strategy and a few tips I picked up while developing board level IG programs for the Fortune 500.

Walk Before You Run

It’s true that your strategy needs to be agile to support the modern workforce but it also must be driven by methodical policy and technology planning when it comes to IG. As a leading practitioner of this discipline at Fortune 500 companies as well as smaller firms, I learned first hand the benefits of careful strategic planning and executing capstone projects under the umbrella of IG. Over time and as a result of tough lessons learned, I began to develop tested strategies essential for enterprise wide adoption and success.

The first strategy is also a lesson… a lesson about cadence and setting expectations. Understanding company culture, its maturity level and appetite for change helps you plan your IG strategy over 1, 3, 5 years. These are not things you alone determine but they are considerations you leverage and may need to influence to get things done. A company that’s behind the curve on IG, or has slipped a little off the slope shouldn’t be perceived as a problem but an opportunity. How you respond to inefficiencies, gaps, audit findings and weaknesses will make the difference between an organization hostile to IG or welcoming to change. Rushing into IG will serve you up a big plate of the former.

Copyright 2019 Compliance and Privacy Partners LLC

For example, many groups that pick up the mantle of IG, excited by its potential, end up taking a scorched earth approach to handling their data projects, hurriedly setting up IG committees, imposing rules, writing up new guidelines, buying shelfware and basically racing towards what they think will be early wins. But IG is not a race, nor is it a repository for IT and Legal’s kitchen sink. It actually requires an initial 30,000 foot view and assessment of the regulatory landscape, a tactful application to core program components. A planned yet flexible cadence covers essential bases and addresses the unique needs of the business.

A clear executive level strategy around IG…

  • Presents opportunities for better governance to avoid fines and litigation exposure

  • Helps to reduce expenses and monetize the information lifecycle

  • Fosters trust to enhance customer experiences

Instead of rushing in, organizations first need to have the types of open, honest discussions that will achieve the goals and end results noted above. That happens by bringing the right people to the table and under the right setting.

Set the SME Table

At Compliance and Privacy Partners we work with highly regulated, US-based companies essential to America’s economic success. However, our solutions are only as effective as the commitment of our clients to their efficiency and compliance goals. Successful governance transformations require both capital investment and executive leadership.

Information Governance is an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.  The Sedona Conference® – Commentary On Information Governance Second Edition

The Sedona Conference, which has done an amazing job of raising the profile of Legal Hold and eDiscovery processes in litigation, offers up a decent definition of Information Governance but it leaves out (or at least does not fully define) one thing… the valuable people that make the whole process work. People are the “coordinated approach” in that definition and their subject matter expertise is the secret sauce in IG. So, what types of people do you want sitting at an IG table or on an IG committee?

Consider these folks for starters:

  • Chief Data Officer
  • Chief Enterprise Architect
  • Chief Compliance Officer
  • Chief Privacy Officer
  • Chief Risk Officer
  • Information Security
  • Internal Audit
  • General Counsel
  • Human Resources
  • Records Management

Now we know people are what make the world go around, and they’re the stakeholders that drive Information Governance, but what’s next? How do we begin building the type of IG program that will last, that will really manage our risks and optimize, or even monetize, our organization’s information and data value?

That next step is a core strategy that lays out the building blocks for establishing a world-class program. Yet this is the point where many companies get sidetracked and wander into the meeting hell desert for forty years. Companies that succeed stick to the basics when they’re starting new IG programs or even breathing life into old ones. At Compliance and Privacy Partners, our experience is that the formula for setting the cornerstones of IG include four basic building blocks.

The 4 Basic Building Blocks of IG

Any company serious about  Information Governance requires:

  1. Knowledge of what data they have and are obligated to retain / destroy
  2. Strategy for defensibly preserving and / or producing that data
  3. Tools to identify / protect those records
  4. Policies that tie that knowledge, strategy and toolset all together

Align Policy with Technology

Information Governance as a discipline has already proven to many corporations around the globe the importance of aligning their policy pillars and best practices with state of the art technology. It is almost a necessity in the high-paced, data driven world we live in. As AI, Machine Learning and Big Data continue to evolve as operational necessities and revenue streams, it becomes even more important to apply governance. But IG is also still a young discipline, exploited by some vendors and consultants as a cure-all with very little practical workmanship behind its practice and execution.

Copyright 2019 Compliance and Privacy Partners

Don’t put the cart before the horse when making a serious commitment to transforming your organization with the power of Information Governance. Spend time developing your strategy, setting the table with the right stakeholders, planning around the basic building blocks of IG and aligning your policies with your technology. Don’t just take our word for it, we’ve seen these principles in action and they work!

Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com

20 Years After Google: In Search of a Better Way to Search

From its inception the internet has always been about search…. searching for that answer, that perfect example, that one you love? But search has also changed the way we think about information, about primary sources and really about each other in wildly different ways that aren’t always, well….helpful.

In the wrong data steward’s hands the integrity of our records and information, both in the style and context in which it is delivered, can be easily and unfairly distorted. This has worsened over time and is horrifying when you consider the extent of “deep fakes,” “fake news” and other purposeful misleading propaganda being spread. A trend towards misinformation and bias is clearly what has happened over time with Google’s search results and it’s having disastrous unintended consequences on the pursuit and preservation of knowledge, wisdom and the humanities around the entire world.

With exciting new A.I. tools like Alexa and Siri becoming commonplace, search has entered a second renaissance and results have even more power to shape hearts and minds. Yet nobody, no one monopoly, should be in the business of brokering access to facts or opinions.

We need new tools that deliver intelligent results that protect the privacy of its users and promote resources which enrich our lives, communities and world around us without exploiting our vulnerabilities.

With proper regulation of monopolies like Google there’s going to be a better way to find what you “need” without being subtly persuaded how to believe and incessantly pestered about what you should “want” along the way. In other words, a return to search that offers a wealth of information minus manipulation.

True search results should provide access to knowledge you can rely on for personal, professional and academic growth. A search engine should steer you away from groupthink and encourage critical thinking, not bully you into becoming a “follower.” We need independent thinkers to reclaim their independence as information consumers, as teachers and students, as citizens, as moms, dads, brothers, sisters and yes, even as politicians. After all, the internet has the power to be the great equalizer in spreading knowledge. But that knowledge can only bring light to our present darkness if it can shine through the praetorian ideologues that have begun to guard its boundless prism.

Google was perfect for its time and helped both connect and open the world to itself. Yet now, as our collective tastes become more refined, we realize our search time is equally as valuable as increasingly for-profit algorithms. Rather than wasting another moment sifting through information curated through a corporate or political filter, knowledge seekers should demand to be able to create their own!

We deserve new tools that deliver intelligent results that protect the privacy of its users and promote resources which enrich our lives, communities and world around us without exploiting our vulnerabilities.

Building the Bridge Between Strategy and Governance Aboard the IT Enterprise – An Interview with Kevin Gray of the City of Burbank

Building a Bridge Between Strategy and Governance Aboard the IT Enterprise – An Interview with Kevin Gray, CIO of the City of Burbank

Eleventh in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Kevin Gray is the Chief Information Officer for the City of Burbank, leading an IT department responsible for administrative and network management, geographic information systems and technical services for more than 1400 city employees across 15 departments. Before assuming this role he served as VP of Global Media and IT for Viacom, one of the world’s premier entertainment companies, overseeing an international team located across six continents. He received his Bachelor of Science from California State University, Long Beach and is a certified Scrum Master and PMP. I spoke with him over lunch this May about aligning governance with business strategy, balancing risks and opportunities in AI and his insights on career growth.


Kevin, you began your career path at Orion Pictures administering Unix systems and then directed data center ops for DreamWorks. How did this early hands-on experience with application design and DB administration prepare you for future IT leadership positions at Viacom and ultimately the CIO role with the City of Burbank?

Well I started out on a service desk actually, really at the entry levels in IT, and I’ve been lucky to have grown up through all aspects of it. I think climbing that ladder one rung at a time definitely helped give me a clear vision to see across all the disciplines of technology.  It enabled me to see the forest through the trees, the big picture, gave me the ability to design operations, develop strategy… and equipped me with a vision to incorporate it all. And now I can more thoughtfully pull together a clear plan for how to run an organization, understand how to innovate, how to drive change through both a specific business unit or an organization. Experience is what best prepared me to lead.

One of your focal points has always been the importance of properly aligning IT governance with an organization’s business strategy. What are some of the practical ways IT teams accomplish this goal and how critical is the relationship building component that accompanies that synchronicity?

I think the most practical way to accomplish this is to focus on the people. Focus on the people developing the strategy and look at how their business is trying to implement it, because the most important thing is to be in alignment with the shared goal, in alignment with the people you’re partnering with. You have to be a true partner with the business. And that has to be the focus, not the technology. The technology is the secondary piece. Technology is what you use to try to find the solution for the business problems that they’re trying to solve. And those business problems don’t always stay the same, they change. They change based on economic conditions, they change based on market conditions, they may change based on who might be occupying the seat that you’re trying to partner with.

smart-city-1200px

So, you have to stay close and you have to stay connected. That allows you to stay aligned. Then you can figure out the solutions that are going to help solve that business problem. You have to be agile. You have to be able to switch directions. When the business switches direction, you have to be able to switch direction. And I think too many times, IT organizations, they don’t stay connected. They believe that they’re trying to solve this business strategy, that they’re trying to solve the business’ problems. But then the business problems change, the strategies change, and they’re suddenly not connected and eventually they’re heading down the wrong direction for another three to six months, which is a lifetime in technology.

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Document Strategy Forum Next Week! My Session – Executing the Information Governance Strategy for the Post-Cloud World

Content. Communication. Strategy.

I’ve attended and spoken at many different “information management” conferences over the years and each has their strengths and weaknesses. But I’m especially excited to speak at DSF ’19 this year, sponsored by companies like OpenText, Quadient, Adobe, PitneyBowes and Doculabs. Why am I so thrilled? Besides the fact that I get to share my thoughts and experiences for the first time representing Compliance & Privacy Partners, this conference is practitioner driven, with a stellar board of advisors that has spent time with its presenters, making sure the content fits the program tracks AND elevates the conversation.

At the very heart of all the buzz surrounding “big data and artificial intelligence (AI) lives a universal truth- Information is the critical asset of every organization. Information flows through people and applications at such a rapid pace that it demands effective management. Enterprises are flying blind if they don’t have an information management strategy. It is impossible to understand customer needs and improve their experiences without the right information feeding decision making systems. Without proper management of info, employee engagement is doomed. The bottom line is that effective information management will dictate critical decisions for both internal and external facing processes that bring the intersection of employees and customers into context. –David Mario Smith in the latest Document Strategy Magazine

I’ll be presenting a best practices deck on Executing the Information Governance Strategy for the Post-Cloud World in the Automation of Information track, covering Records Compliance, Legal Hold Software and Enterprise Architecture Tools.

Agenda:

  • How to build and automate your Information Governance strategy using the right policies, technology, and stakeholders
  • How to recognize the right collaboration opportunities and strategically partner on the projects most likely to support and advance your agenda
  • What approaches to take when introducing your plans to senior leadership and how to effectively manage the optics around your contributions to your company’s bottom line

Tickets may be available if you act now but the event is quickly selling out. You can learn more here.

This slideshow requires JavaScript.

Strengthening Protections and Embracing Connections – An Interview with Douglas C. Williams of Williams Data Management

Williams Records Management - Information Governance Solutions

Strengthening Protections and Embracing Connections – An Interview with Douglas C. Williams of Williams Data Management

Tenth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


DougWilliams - Information Governance PerspectivesDouglas C. Williams is CEO of Williams Data Management and Chairman of the Board for the Vernon Chamber of Commerce. He has over thirty years of experience helping Fortune 500 clients with their document storage, destruction and data security needs. I had an opportunity to sit down with him earlier this year in Los Angeles and collect his thoughts on data protection, business continuity, civic responsibility and professional growth.


Doug, your family has been involved in the Records and Data Management business for the better part of a century and you’ve seen a lot of players come and go. How do small businesses like Williams remain resilient in the disruptive world of digital transformation, and what should executives be thinking about in terms of their long-term information management strategies?

Commercial Records Management, the holistic approach at 50,000’, includes the digital component, as well as the legacy hard copy component.  Our transition in the early 1980s into the commercial records center business from industrial freight warehousing and distribution, witnessed similar disruptions.  Those disruptions had mostly to do with the shift to the service economy from the industrial/manufacturing economy.  Our client base includes enterprise size businesses as well as mid-size businesses and SMBs.  Executives in charge of information assets need to recognize the holistic scope of those information assets, whether they be structured or unstructured, and apply the information governance and regulatory guidelines to each equally.  Knowing that digital technologies will change at light-speed, CEOs and their executive teams need to be fully knowledgeable and ready for changes in forensic discovery and know the impact of retention milestones for each type of information asset.  We all know that text messages, email, and all social media posts have a permanent residency somewhere to be found.  Each and every business, large or small, has to accept a contingent liability regarding the action or inaction of maintaining a strict policy regarding their information management policies – irrespective of the resident media.

In 2015, you were interviewed by Adam Burroughs of Smart Business Los Angeles and highlighted a growing alarm over data breaches. Here we are just a few years later and data protection is a daily news flash. With California recently passing the California Consumer Privacy Act, do you still feel the majority of organizations are taking security and privacy for granted or are you now starting to see a trend toward proactive management of data?

I do.  They are taking for granted it won’t happen to them, and if it does, they are insured.  But guess what, that is delusional.  Again, the proactive plan requires a holistic approach to information management.  The IT department knows how to protect the data, but typically do not know why, i.e., what are the governing rules for each type of data. That is the province of the CIO or the Director of Information Governance, or the General Counsel if an enterprise size firm. The breaches in the headlines are preventable; however, because of human errors in social media, emails, texts, data sharing, lack of encryption and the like, entryways into personal information data sets are available.  In our case at Williams Data Management, because we are social media users, we installed front end data intrusion software, pioneered and patented by Oasis Technologies, known as TITAN, which blocks over 500,000 intrusions attempts per week from getting into our networks.

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Marketing The Moving Targets of Digital Transformations – An Interview with Dux Raymond Sy of AvePoint®

AvePoint - Migrate Manage Protect

Marketing the Moving Targets of Digital Transformations – An Interview with Dux Raymond Sy of AvePoint

Tenth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Dux Raymond Sy is the Chief Marketing Officer of Avepoint® and has successfully driven business and digital transformation initiatives for commercial, educational and public sector organizations across the globe. He’s a Microsoft Regional Director (RD), a Microsoft Most Valuable Professional (MVP) and has authored numerous books, articles and whitepapers on IT and business process strategy. He received his Bachelor of Science from Southern Polytechnic University in Telecommunications Engineering. I interviewed him recently about the unique challenges of marketing digital products and services, the future of cloud computing, O365 and the shifting IT career landscape.


Dux, Avepoint specializes in leveraging the breadth of Microsoft technologies including SharePoint and Office 365 to help companies migrate and manage their cloud, on-premises and hybrid environments. There are some trend reports indicating a few enterprises have shifted back toward hybrid stacks after overextending themselves in the cloud. Do you believe most enterprises eventually will evolve, or are there factors such as data protection that will always prevent full cloud adoption for certain entities?

When it comes to enterprise technology, we rarely move backwards. The cloud’s cost, scale, efficiency access, and yes, even security advantages, are too great for on-premises  or hybrid infrastructures to prevail long-term.  What I will say is the transformation will take much longer than the advertising of cloud providers would have you believe. Most organizations are not all-in the cloud today. We did a study in 2017 that showed about 70 percent of organizations were still in hybrid architectures. We sponsored a study with AIIM this year that showed 1 in 3 organizations is maintaining at least 2 versions of SharePoint. Attitudes towards the cloud have changed, now the conversation is mainly focused on how to get there rather than the why. 

Lastly, there are capabilities that the cloud offers that cannot be delivered on-premises s. Cloud-based advanced services, like machine learning, artificial intelligence, and data analytics, open new opportunities for technical teams to drive business value.

AvePoint and Office 365 - Information Governance Perspectives

The free e-book “Designed to Disrupt” unpacks this in full detail: https://azure.microsoft.com/en-us/resources/designed-to-disrupt-reimagine-your-apps-and-transform-your-industry/

How is Infrastructure, Platform and Software-as-a-Service changing the organizational hierarchy of IT departments, reporting structures and collaborative teams? Are companies beginning to hire more administrators and get along with fewer developers, architects and support staff? Where will the best IT jobs be in the next few years at the current pace?

This is a great question! My colleague Hunter Willis recent wrote a piece about this that sparked a huge debate on Twitter. What we have found is that people and organizations evolve more slowly than the technology. Right now, most organizations are just shifting on-premises  roles to the cloud. So if you were the SharePoint admin or the Exchange admin, you are now the SharePoint Online admin or Exchange Online admin. But what about applications that don’t exist on-premises ? Who owns PowerApps? This also ignores the advanced workloads and connections between apps that exist in the cloud. What you do in Microsoft Teams impacts your Exchange and vice versa. What organizations need, and we haven’t seen yet, is an Office 365 admin that truly owns the platform and looks at these platform wide issues. If were seeing some of these issues just within Office 365, imagine what we will see as multi-cloud architectures become more popular. The best IT jobs in the next few years will be business enablers who have a love of learning. You will need to be agile in the era of tech intensity.

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.