Category: Information Management

The Building Blocks of Information Governance

Information Governance (IG) is quite the buzzword these days, yet too many organizations still find themselves struggling with implementing a practical roadmap for success. Here’s a proven strategy and a few tips I picked up while developing board level IG programs for the Fortune 500.

Walk Before You Run

It’s true that your strategy needs to be agile to support the modern workforce but it also must be driven by methodical policy and technology planning when it comes to IG. As a leading practitioner of this discipline at Fortune 500 companies as well as smaller firms, I learned first hand the benefits of careful strategic planning and executing capstone projects under the umbrella of IG. Over time and as a result of tough lessons learned, I began to develop tested strategies essential for enterprise wide adoption and success.

The first strategy is also a lesson… a lesson about cadence and setting expectations. Understanding company culture, its maturity level and appetite for change helps you plan your IG strategy over 1, 3, 5 years. These are not things you alone determine but they are considerations you leverage and may need to influence to get things done. A company that’s behind the curve on IG, or has slipped a little off the slope shouldn’t be perceived as a problem but an opportunity. How you respond to inefficiencies, gaps, audit findings and weaknesses will make the difference between an organization hostile to IG or welcoming to change. Rushing into IG will serve you up a big plate of the former.

Copyright 2019 Compliance and Privacy Partners LLC

For example, many groups that pick up the mantle of IG, excited by its potential, end up taking a scorched earth approach to handling their data projects, hurriedly setting up IG committees, imposing rules, writing up new guidelines, buying shelfware and basically racing towards what they think will be early wins. But IG is not a race, nor is it a repository for IT and Legal’s kitchen sink. It actually requires an initial 30,000 foot view and assessment of the regulatory landscape, a tactful application to core program components. A planned yet flexible cadence covers essential bases and addresses the unique needs of the business.

A clear executive level strategy around IG…

  • Presents opportunities for better governance to avoid fines and litigation exposure

  • Helps to reduce expenses and monetize the information lifecycle

  • Fosters trust to enhance customer experiences

Instead of rushing in, organizations first need to have the types of open, honest discussions that will achieve the goals and end results noted above. That happens by bringing the right people to the table and under the right setting.

Set the SME Table

At Compliance and Privacy Partners we work with highly regulated, US-based companies essential to America’s economic success. However, our solutions are only as effective as the commitment of our clients to their efficiency and compliance goals. Successful governance transformations require both capital investment and executive leadership.

Information Governance is an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.  The Sedona Conference® – Commentary On Information Governance Second Edition

The Sedona Conference, which has done an amazing job of raising the profile of Legal Hold and eDiscovery processes in litigation, offers up a decent definition of Information Governance but it leaves out (or at least does not fully define) one thing… the valuable people that make the whole process work. People are the “coordinated approach” in that definition and their subject matter expertise is the secret sauce in IG. So, what types of people do you want sitting at an IG table or on an IG committee?

Consider these folks for starters:

  • Chief Data Officer
  • Chief Enterprise Architect
  • Chief Compliance Officer
  • Chief Privacy Officer
  • Chief Risk Officer
  • Information Security
  • Internal Audit
  • General Counsel
  • Human Resources
  • Records Management

Now we know people are what make the world go around, and they’re the stakeholders that drive Information Governance, but what’s next? How do we begin building the type of IG program that will last, that will really manage our risks and optimize, or even monetize, our organization’s information and data value?

That next step is a core strategy that lays out the building blocks for establishing a world-class program. Yet this is the point where many companies get sidetracked and wander into the meeting hell desert for forty years. Companies that succeed stick to the basics when they’re starting new IG programs or even breathing life into old ones. At Compliance and Privacy Partners, our experience is that the formula for setting the cornerstones of IG include four basic building blocks.

The 4 Basic Building Blocks of IG

Any company serious about  Information Governance requires:

  1. Knowledge of what data they have and are obligated to retain / destroy
  2. Strategy for defensibly preserving and / or producing that data
  3. Tools to identify / protect those records
  4. Policies that tie that knowledge, strategy and toolset all together

Align Policy with Technology

Information Governance as a discipline has already proven to many corporations around the globe the importance of aligning their policy pillars and best practices with state of the art technology. It is almost a necessity in the high-paced, data driven world we live in. As AI, Machine Learning and Big Data continue to evolve as operational necessities and revenue streams, it becomes even more important to apply governance. But IG is also still a young discipline, exploited by some vendors and consultants as a cure-all with very little practical workmanship behind its practice and execution.

Copyright 2019 Compliance and Privacy Partners

Don’t put the cart before the horse when making a serious commitment to transforming your organization with the power of Information Governance. Spend time developing your strategy, setting the table with the right stakeholders, planning around the basic building blocks of IG and aligning your policies with your technology. Don’t just take our word for it, we’ve seen these principles in action and they work!

Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com

You Think You Don’t Know Enough About GDPR? You Are Right and Here’s How

The EU has taken the first step in protecting the data and privacy of its residents. Through the enactment of the General Data Protection Regulation (GDPR), people are now able to have the protection they are looking for online. This means changes for businesses everywhere that are planning to reach consumers in the EU.

Companies need to look at the way that they are handling the personal data of their customers and have an action plan in place to ensure their privacy is protected. Without a strong understanding of what the GDPR means and how it affects your business, you could find yourself in a situation with the EU that you didn’t count on.

Fifteen members of Forbes Technology Council discuss some of the more unexpected consequences of the new GDPR regulation. Here’s what they had to say:

1. Restriction Of Privacy And Innovation

GDPR is the latest version of Y2K compliance — long on speculation and fear, short on reality. In my opinion, regional enforcement of global technology is an impossibility and will restrict — not enhance — privacy, freedom and innovation. The result will be regions of non-compliance (GDPR havens), enormous expense and uncertainty. – Wayne LonsteinVFT Solutions

2. Roadblocks For Blockchain Data Storage

GDPR could impact the decisions and data sets being stored and collected in emerging private and public blockchains. This may create roadblocks for companies looking to embrace blockchain to store any data that may fall under GDPR. – Aaron VickCicayda

3. Opt-In Fatigue

One of the most unexpected consequences of GDPR is the wave of new regulations in jurisdictions outside of Europe, including California, New York and perhaps soon in Asia. Another unintended impact is “check the box” fatigue where opt-in consent language is presented so frequently on websites and apps that consumers don’t read the consents and just check the box, waiving their privacy rights. – Silvio Tavares, CardLinx Association

4. Poor Customer Service

One GDPR byproduct distortion or unintended consequence is excessive regulation leading to poor customer service. The pendulum has swung too far and will be moderated by citizen feedback. – Jeff BellLegalShield

5. Small Businesses Getting Hurt

The companies that are best prepared for GDPR are the big ones: Facebook, Google, Amazon — those that have the money to pour into their tech and legal teams for ultimate compliance. The small and medium-sized businesses, however, may be less prepared, making them more vulnerable to potential fines and penalties. – Thomas GriffinOptinMonster

6. The Slow Death Of Free Services

If a service is free, then your data is the product. We all love using Facebook, YouTube and the many other social media platforms. However, we fail to realize how these businesses operate. If regulations strangle business, then the alternative is a paid model. Just look at YouTube and how it’s strugglingwith its paid subscriptions. – Daniel Hindi, BuildFire

7. Talk About Similar Regulation In The U.S.

The most unintended consequence has been the multitudes of discussions about a similar impending regulation in the U.S. In fact, reading between the lines of Facebook’s testimony to Congress, it is clear to me that tech leaders realize more care ought to be given to sensitive data, and users should have more rights. They are preparing for coming regulation stateside. – Michael RoytmanKenna Security

Read more on Forbes:

https://www.forbes.com/sites/forbestechcouncil/2018/08/15/15-unexpected-consequences-of-gdpr/#2ce5537f94ad 

 

Emerging From The Dense, Digital Fog – An Interview with Dr. Ulrich Kampffmeyer

GDPR - General Data Protection Requirement - Information Governance Perspectives

Third in a series of interviews with leaders in the fields of Risk, Compliance and Information Governance across the globe.

IMG_992_kff_400x400

Dr. Ulrich Kampffmeyer is the Managing Director of Project Consult in Hamburg, Germany and a renowned expert on digital transformations, business intelligence and enterprise content management. I had the opportunity to sit down with him in May and discuss the GDPR, artificial intelligence and social issues emerging from the dense, digital fog we all find ourselves in.

Ulrich, you write and teach extensively about the cultural and social changes in work environments that are a direct result of the emergence of digital transformations. Now that data is at the fingertips of everyone, what changes should society expect that the business world may have already?

The pace of digital transformation accelerates day by day. Cloud technologies, artificial intelligence, IoT and other developments are happening so fast that there is a danger they’ll get out of control. The mightier AI becomes the larger the danger that it gets uncontrollable. Consider Soshana Zuboff (one of the first tenured women at Harvard Business School) and her three laws:

  1. Everything that can be automated will be automated.
  2. Everything that can be informated will be informated.
  3. Every digital application that can be used for surveillance and control will be used for surveillance and control.

Neither our businesses or society are currently prepared for this change. Just have a look at the GDPR discussions. Data protection as general necessity, data safety as the requirement for continuity, data privacy by default, information governance to keep control, keep the value, keep information accessible – these are basic requirements that should not be ignored like in the past. Future historians will call our era the dark age of the early information society.

You spent quite a bit of time at the Fraunhofer Institute developing imaging systems and processes to support archaeological studies. Given that images provide so much of the fuel for artificial intelligence engines, do you envision some of our older legacy systems and indexes ever providing value to future AI efforts?

In the mid-80’s I worked on pattern recognition, image processing, database systems and expert systems for archaeologists and prehistorians. Too early. Today, taking a computer, drones and sensor systems to an excavation is standard. The capabilities of software, hardware and self-learning algorithms are far more sophisticated than in those days. But lets consider so-called old fashioned methods of organizing information. You mentioned the terms “legacy” and “indexes.” Metadata is not legacy. It is a question of quality, control and governance. Controlled metadata, vocabularies and taxonomies are of special value to big data analytics, artificial intelligence and machine learning. Controlled data sets work as guide poles to train new technologies with high quality information. This is important for automated indexing when capturing information, when sharpening enterprise search for qualified results, and managing your repositories in regard to compliance requirements. Especially when it comes to compliance, straightly organized high quality information is an asset. But AI will change the game as well in the near future. Currently classification schemes and file plans are developed manually by academic rules. In the future software will analyse all information and organize itself by protection guidelines, user models, processes, value, retention.

This series of interviews with global leaders in information governance, risk and compliance seeks to find common values and themes in these disciplines across disparate cultures. I know that you are major advocate of standardization. Are there one or two common threads that run between all of the projects and people you’ve worked with that you also believe should be universal aims?

Continue reading “Emerging From The Dense, Digital Fog – An Interview with Dr. Ulrich Kampffmeyer”

June 2016 Member Spotlight: Rafael Moscatel, IGP, CRM

Very proud to be featured by ARMA’s Info Pro publication this month!

Jun 15, 2016

ARMA received the following nomination from April Dmytrenko, CRM, FAI, for the Member Spotlight:

Meet Rafael Moscatel, IGP, CRM

Rafael Moscatel is a Certified Records Manager (CRM) and Information Governance Professional (IGP) with more than 20 years of experience implementing world-class records retention, data governance, and compliance programs for large enterprises. He designed process transformations, led team-building efforts, and spearheaded change management initiatives in a variety of complex and highly regulated industries. His expertise includes developing document management strategies, decommissioning legacy systems, performing risk assessments, and performing audit remediation.

Rafael truly understands his field and specifically IG and technology. He was instrumental in rolling out the enterprise-wide program at Paramount Pictures. Now he is working for Farmers Group, where he has established an outstanding IG framework from which to continue to support an effective program. He is proactive, strategic, and not only a talented RIM professional but an excellent business professional. He develops outstanding collaborative relationships, understands the value of senior management support and involving the business units, and is a strategic risk taker.

Moscatel lives and works in Los Angeles. He serves as the director of information governance for Farmers Group, Inc. He has been an ARMA member for 12 years.

As you can tell, Rafael is a great fit for the Member Spotlight, an honor meant to recognize members’ involvement within the profession and the association. If you would like to network with him, you can contact him through LinkedIn www.linkedin.com/in/rafaelmoscatel or at rafaelmoscatelcrm.wordpress.com

Read More Here….

ARMA Spring Conference

Please join me and some of my esteemed colleagues at the Annual ARMA-GLA Spring conference taking place this April at the Microsoft Technology Center in Playa Vista on April 15th, 2016!

DETAILS:

REGISTRATION CUT OFF:   April 8, 2016
CANCELLATION POLICY:  Full Refund if Canceled before April 8.   $50 cancellation fee if cancelled after April 8.
TRANSFER POLICY:  Registrations are transferrable anytime PRIOR to the event.   Attendance can not be SPLIT.  One attendee per admission only.   Please contact Event Organizer for transfer requests.
LOCATION:
The Microsoft Technology Center