Category: Information Technology

Reflections on IAPP’s Privacy.Security.Risk. Conference 2019

By Rafael Moscatel, Certified Information Privacy Manager (CIPM)

HEY BOSS, LOOKS LIKE PRIVACY IS KIND OF A BIG DEAL NOW

IAPP’s Privacy.Security.Risk. Conference 2019 took place in Las Vegas over four days at the end of September and was attended by more than 2000 attendees hailing from all over the United States as well as a number of countries. The Fortune 500 was well represented but I also met a number of other astute organizations and took a tour of the industry’s big vendors on the showroom floor. Although I live tweeted the event I’d been waiting to share my complete thoughts until after I passed my CIPM exam, which I did just a couple days ago. More on that later…

THE FIELD OF INFORMATION MANAGEMENT CONFERENCES GROWS MORE CROWDED

First, as a Certified Records Manager (CRM) and Information Governance Professional (IGP), I’ve been to and spoke at my share of conferences touching on best practices for information management, privacy, security and content. What made this one different? Well, besides how well the conference was organized and the venue, The Cosmopolitan, almost all of the workshops were just first rate, chalk full of real take home targeted content and timely. The vast majority of the presenters were seasoned and even the first-timers made the grade. Here we are on the heels of one of the biggest new privacy laws, the California Consumer Privacy Act, and these sessions were speaking directly to its attendees on how to take specific action and plan for additional state directives. The education aspect and sales piece blended well, with technology complementing best practices and not the other way around. And the conference also left me with a lot of questions…

DO WE HAVE THE RIGHT TO BE FORGOTTEN?

I didn’t attend the training sessions on the first two days but made it to the opening keynote by Former Chairman of the FCC, Tom Wheeler who gave the audience a 30,000 foot view and shared thoughts from his new book, From Gutenberg to Google. A great way to set the tone for the conference and then it was followed up by Janelle Shane who focused on rudimentary examples of AI but didn’t really connect her topic that well to Privacy. Nonetheless, it was an interesting takeaway. However, my favorite keynote came in the form of a play by Sharyn Rothstein and directed by Seema Sueko entitled The Right To Be Forgotten. The play examined a concept that we find in Europe but which still hasn’t taken hold in the States. It follows the impact of a young man’s juvenile mistakes and how they follow him around as he gets older, impacting his reputation and his life.

IS THERE A PLACE FOR DIGITAL ETHICS?

I know a number of people who have been personally affected by the internet, both by their own doing and also unfairly, and so this was a terrific way of introducing these challenges to the audience. The problem was that the rest of the conference didn’t really touch on this topic because it was more focused on CCPA and the corporate aspects of privacy program implementation. That’s fine but it left me wondering if in the United States we’re really where we need to be on the privacy front. We seem to only be focused on the issue from a data protection standpoint rather than an ethical one, whereas GDPR and other parts of the world take a more holistic view. Yes, we have HIPAA and the Children’s Online Privacy Protection Act (COPPA) but it feels like many of our laws are still really about breaches and liability and not about the value of privacy.

The conundrum seems to be that while we’re moving, as industries, toward a business culture of privacy, our culture as a whole is moving in the opposite direction, away from arms length communication and behavior and towards oversharing and a lack of discrepancy. How do these two worlds exist? We know that hackers are now using personal information voluntarily shared with the world to design more sophisticated phishing attacks and deep fakes. We know that thieves use location and vacation information shared through social media to know when you’re home and plan robberies. And despite all of these controls supposedly put in place around the world, we continue to give more of our personal information away which ends up being held as ransome against our companies. Yes, we know we have to share this information to enjoy convenience and in many cases now, to simply survive and get daily errands completed, but it still feels like digital sisyphus. In the age of the personal brand, are there even any private people around anymore? What good is all of this data protection if society as a whole has given up on the ethics of privacy? Besides the play at the conference and some of the discussions around children’s privacy, I didn’t see much of a discussion here, but perhaps it wasn’t the venue. I recently had a discussion with noted Data Privacy Professor Anita Allen, who wrote the first casebook on privacy law, on these ethical aspects of privacy that will soon be available in my book, Tomorrow’s Jobs Today.

THE RISE OF THE MACHINES

So, full disclosure, I work with a few vendors in the privacy space but my thoughts on privacy vendors are not influenced by those relationships. I saw some amazing products at P.S.C.19.  The products seem to be maturing and there is a lot of venture funding going into developing large enterprise scale platforms that do an A to Z job in addressing GDPR and CCPA. There are a couple big players in the business and the industry should be grateful for their sponsorship of conferences like this and generally moving the ball forward in terms of conversations around privacy.

What I’m seeing is a lot of enterprise product that is designed specifically for large organizations and a lot of file analysis, enterprise architecture and other similar companies trying to adapt their solutions to solve the problem. The problem is that the problem is constantly evolving and despite a pretty clear prescription in the CCPA legislation, I just don’t think one size fits all. Especially if you’re looking at a capital investment to check a compliance box that might be covered in a more strategic manner. Let me explain…

I had the pleasure of sitting with a team of folks from a major multinational and a peer and I questioned them about their approach to CCPA. It was pretty impressive. They had half a dozen folks attending the conference from a number of their offices. They had hired an industry leader to implement their program. So lots of investment, lots of buy in and it was proportional because their size makes them a natural target for a regulator. One of the more amusing partners in the group casually replied to me after I asked if they were ready by saying, “Yeah, but I’m going to be really pissed if we did all this work and don’t even get one request!” That’s of course what a lot of organizations realized following the GDPR where the flood of data subject requests turned out to be a trickle. So, despite their aversion to risk and likely thorough, appropriate strategy, I still wonder it it’s right for everybody. What about the companies with a smaller footprint and much smaller budget? Does it make sense to have an omnibus-like enterprise product, with dozens of API’s and infrastructure demands take over a section of your IT department?

WHAT ABOUT STRATEGY?

Here’s the truth about privacy programs and tools. There’s no silver bullet. Dumping a ton of money into an existing IT or Records Management program or hiring a team of half a dozen twenty-six year old MBA’s from one of the big four to turn your enterprise upside down (yes I’ve seen that) is not even close to a smart information governance strategy. Unfortunately this is the first time many organizations have had to take a close look at their information and records management programs. In many cases, especially with regulated industries, information management has played a role in meeting regulatory and audit demands but it wasn’t necessarily center stage the way it is now. Many companies have a retention schedule or policy but were probably over-retaining a lot of their data and not taking action on some of the other aspects of it like data classification until the privacy movement came along.

Data Protection Impact Assessment with CAPP using LogicGate

Privacy-centric records management is basically the ideal Information Governance project or initiative. That’s because to accomplish privacy goals, companies need to not simply revise policies, they need to holistically understand how those policies work with other areas of their business like data security and records management. Fortunately, a lot of the groundwork has already been in place at many organizations, specifically in Finance and Health, in order to integrate a privacy-centric framework. If it has been performed you should also complement it with a DPIA or Privacy Impact Assessment.

That said, how do you get the most value of the technology you implement? I think you do that by having the types of conversations that allow the best minds in your organization to become stakeIholders in the ultimate solution. Before you buy product, you need to survey your landscape. It may be that you need a privacy program and privacy protections for your consumers, employees and vendors but your data subject requests are not so cumbersome that you require an overhaul of your inventory and integrations.

Can you use an Enterprise Architecture and data mapping tool in concert with a separate data subject request tools instead of automating everything? Maybe. Consider the investment and time that might go into continuously monitoring a complicated, heavily API dependent and seldom-used privacy tool. Might that effort be better put into maintaining an EA tool that not only supports the mapping requirements of data privacy legislation but also supports other areas of the IT business? Don’t we want our organizations to be agile and be able to swap-in and swap-out tools as needed? Do we really want to tie an entire business process to one solution? Haven’t we learned anything from our legacy mainframe days? Remember how hard it was, and is, to untangle ourselves from those.

Mapping Data for GDPR with CAPP in Ardoq

I’m not saying that an enterprise-wide product isn’t right for large organizations with a lot of risk and endpoint exposure. I just believe that companies need to consider the process as a whole and take their time building these programs. Although California may serve as the baseline, we still don’t know what the rest of the States will do or what the future brings.

BEING A NEWLY MINTED CIPM

I can’t comment on the substance of the exam as I’m prohibited to by the agreement I signed. What I can say is that like most designations the value I find is not necessarily in the certification as much as the legwork and study necessary to achieve it. The reward is in the knowledge you acquire along the way, not just the medal you get at the finish line. If you check out the publicly available study materials and Body of Knowledge (BOK) available on the IAPP site you’ll see that it looks very much like the protocol of other information management organizations.

My belief though is that this BOK is evolved precisely because it’s privacy-centric. It covers many areas familiar to IG and Data Privacy disciplines but it is much more a holistic model and prescription than I’ve ever seen. It’s one of the reasons I’m so impressed with the IAPP.

THE RACE JOURNEY BEGINS

I came back from meeting with data privacy officials and business people in Brussels in 2018 knowing that Privacy was going to change the world. It’s one of the reasons I decided to engage more fully in it professionally. I’ll be spending more time talking about my journey towards privacy and speaking about the CCPA and related issues over the coming months and in my new book which should be available early next year. The concept of privacy is not just important for data protection and to check a compliance box, it’s important because it affects the lives of our colleagues, our friends, our children, our parents and pretty much everything around us. We need to not only protect our data but we need to value it and teach others to value theirs and that’s what I’m dedicated to.

I’m available for consulting opportunities and interviews and would love to discuss your corporate challenges. Feel free to contact me at rafael@capp-llc.com to schedule a free two-hour workshop or just give me a buzz at 323-413-7432.

Williams Data Management to Host Data Protection Lunch with Compliance and Privacy Partners at Century City Chamber of Commerce

Media Contact: Ally Bertik ally@marketingmaven.com (310) 405-0358  

Williams Data Management to Host Data Protection Lunch at Century City Chamber of Commerce

Leader in Data Protection Partners with Cyber Hygienist and Technology Expert to Discuss How Fiduciaries Can Prepare and Protect Their Businesses for Data Breaches

­­­­­­­­­­­­­­­­­­­­­­ _____________________________________________________________________________

LOS ANGELES.  – (September 18, 2019)  Williams Data Management, southern California’s leader in data protection, has partnered with Rafael Moscatel, managing director of Compliance and Privacy Partners, and George Baldonado, president and CEO of Oasis Technology, Inc. to host a “Data Protection, A Primer For Your Fiduciary: It’s Your Business, Protect It!” lunch​ in conjunction with the Century City Chamber of Commerce. The panel will take place from 11:30 a.m. to 1 p.m. on October 3, 2019 at Greenberg Glusker, 1900 Avenue of the Stars, Suite 1400 in Century City, California.

Data Protection Pro, Douglas C. Williams, president and CEO of Williams Data Management will discuss how small businesses can take advantage of a data breach reporting service powered by CSR Privacy Solutions, Inc. to enable companies to protect Personally Identifiable Information (PII). Other topics will include the California Consumer Privacy Act (CCPA), cyber security protection and data governance.

“We are thrilled to lead the conversation for fiduciaries on how to better protect their businesses,” said Williams. “Our goal is to keep your information safe, secure and available regardless of what it is or where it is stored. We hope to provide a clear solution for companies in all industries moving forward, especially with our new data protection suite that provides a pathway for self-assessment and structural gap analysis for internal management.”

Guests will have the opportunity to network with business professionals, engage in this informative panel with expert sources and enjoy lunch provided by Williams Data Management.

To learn more or register for the data protection lunch, please visit https://business.centurycitycc.com/events/details/data-protection-a-primer-for-your-fiduciary-it-s-your-business-protect-it-1704.  

About Williams Data Management

Williams Data Management is southern California’s leading source for data protection management. The company educates, consults, has the source materials, and provides the structure for self-assessment and corporate plan structure for information breach notifications in the United States. Over the last decade, the firm has become an expert solution provider, offering professional records management, data protection, imaging and digitization, cloud storage and certified data destruction services to all sectors and sizes of businesses.

Williams holds numerous certifications for data compliance and destruction including SSAE16, NAID “AAA” Certification, and is a member of PRISM. For more information, visit www.williamsdatamanagement.com or call 888-478-FILE.

About Century City Chamber of Commerce

The Century City Chamber of Commerce is one of Los Angeles’ most active, involved and relationship-driven chambers. The chamber places a special emphasis on its members working together to build effective relationships and relevant programs that help individuals and companies expand their marketplace reach. Under the clear and powerful guidance of many energetic committees and councils, the Century City Chamber has grown to encompass representatives from virtually every industry, helping to make Century City one of Los Angeles’ most prestigious business communities. From the largest corporations to mid-sized businesses and emerging entrepreneurs, its diverse members thrive with one another and with key decision makers.

#           #           #

The Building Blocks of Information Governance

Information Governance (IG) is quite the buzzword these days, yet too many organizations still find themselves struggling with implementing a practical roadmap for success. Here’s a proven strategy and a few tips I picked up while developing board level IG programs for the Fortune 500.

Walk Before You Run

It’s true that your strategy needs to be agile to support the modern workforce but it also must be driven by methodical policy and technology planning when it comes to IG. As a leading practitioner of this discipline at Fortune 500 companies as well as smaller firms, I learned first hand the benefits of careful strategic planning and executing capstone projects under the umbrella of IG. Over time and as a result of tough lessons learned, I began to develop tested strategies essential for enterprise wide adoption and success.

The first strategy is also a lesson… a lesson about cadence and setting expectations. Understanding company culture, its maturity level and appetite for change helps you plan your IG strategy over 1, 3, 5 years. These are not things you alone determine but they are considerations you leverage and may need to influence to get things done. A company that’s behind the curve on IG, or has slipped a little off the slope shouldn’t be perceived as a problem but an opportunity. How you respond to inefficiencies, gaps, audit findings and weaknesses will make the difference between an organization hostile to IG or welcoming to change. Rushing into IG will serve you up a big plate of the former.

Copyright 2019 Compliance and Privacy Partners LLC

For example, many groups that pick up the mantle of IG, excited by its potential, end up taking a scorched earth approach to handling their data projects, hurriedly setting up IG committees, imposing rules, writing up new guidelines, buying shelfware and basically racing towards what they think will be early wins. But IG is not a race, nor is it a repository for IT and Legal’s kitchen sink. It actually requires an initial 30,000 foot view and assessment of the regulatory landscape, a tactful application to core program components. A planned yet flexible cadence covers essential bases and addresses the unique needs of the business.

A clear executive level strategy around IG…

  • Presents opportunities for better governance to avoid fines and litigation exposure

  • Helps to reduce expenses and monetize the information lifecycle

  • Fosters trust to enhance customer experiences

Instead of rushing in, organizations first need to have the types of open, honest discussions that will achieve the goals and end results noted above. That happens by bringing the right people to the table and under the right setting.

Set the SME Table

At Compliance and Privacy Partners we work with highly regulated, US-based companies essential to America’s economic success. However, our solutions are only as effective as the commitment of our clients to their efficiency and compliance goals. Successful governance transformations require both capital investment and executive leadership.

Information Governance is an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.  The Sedona Conference® – Commentary On Information Governance Second Edition

The Sedona Conference, which has done an amazing job of raising the profile of Legal Hold and eDiscovery processes in litigation, offers up a decent definition of Information Governance but it leaves out (or at least does not fully define) one thing… the valuable people that make the whole process work. People are the “coordinated approach” in that definition and their subject matter expertise is the secret sauce in IG. So, what types of people do you want sitting at an IG table or on an IG committee?

Consider these folks for starters:

  • Chief Data Officer
  • Chief Enterprise Architect
  • Chief Compliance Officer
  • Chief Privacy Officer
  • Chief Risk Officer
  • Information Security
  • Internal Audit
  • General Counsel
  • Human Resources
  • Records Management

Now we know people are what make the world go around, and they’re the stakeholders that drive Information Governance, but what’s next? How do we begin building the type of IG program that will last, that will really manage our risks and optimize, or even monetize, our organization’s information and data value?

That next step is a core strategy that lays out the building blocks for establishing a world-class program. Yet this is the point where many companies get sidetracked and wander into the meeting hell desert for forty years. Companies that succeed stick to the basics when they’re starting new IG programs or even breathing life into old ones. At Compliance and Privacy Partners, our experience is that the formula for setting the cornerstones of IG include four basic building blocks.

The 4 Basic Building Blocks of IG

Any company serious about  Information Governance requires:

  1. Knowledge of what data they have and are obligated to retain / destroy
  2. Strategy for defensibly preserving and / or producing that data
  3. Tools to identify / protect those records
  4. Policies that tie that knowledge, strategy and toolset all together

Align Policy with Technology

Information Governance as a discipline has already proven to many corporations around the globe the importance of aligning their policy pillars and best practices with state of the art technology. It is almost a necessity in the high-paced, data driven world we live in. As AI, Machine Learning and Big Data continue to evolve as operational necessities and revenue streams, it becomes even more important to apply governance. But IG is also still a young discipline, exploited by some vendors and consultants as a cure-all with very little practical workmanship behind its practice and execution.

Copyright 2019 Compliance and Privacy Partners

Don’t put the cart before the horse when making a serious commitment to transforming your organization with the power of Information Governance. Spend time developing your strategy, setting the table with the right stakeholders, planning around the basic building blocks of IG and aligning your policies with your technology. Don’t just take our word for it, we’ve seen these principles in action and they work!

Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com

Building the Bridge Between Strategy and Governance Aboard the IT Enterprise – An Interview with Kevin Gray of the City of Burbank

Building a Bridge Between Strategy and Governance Aboard the IT Enterprise – An Interview with Kevin Gray, CIO of the City of Burbank

Eleventh in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Kevin Gray is the Chief Information Officer for the City of Burbank, leading an IT department responsible for administrative and network management, geographic information systems and technical services for more than 1400 city employees across 15 departments. Before assuming this role he served as VP of Global Media and IT for Viacom, one of the world’s premier entertainment companies, overseeing an international team located across six continents. He received his Bachelor of Science from California State University, Long Beach and is a certified Scrum Master and PMP. I spoke with him over lunch this May about aligning governance with business strategy, balancing risks and opportunities in AI and his insights on career growth.


Kevin, you began your career path at Orion Pictures administering Unix systems and then directed data center ops for DreamWorks. How did this early hands-on experience with application design and DB administration prepare you for future IT leadership positions at Viacom and ultimately the CIO role with the City of Burbank?

Well I started out on a service desk actually, really at the entry levels in IT, and I’ve been lucky to have grown up through all aspects of it. I think climbing that ladder one rung at a time definitely helped give me a clear vision to see across all the disciplines of technology.  It enabled me to see the forest through the trees, the big picture, gave me the ability to design operations, develop strategy… and equipped me with a vision to incorporate it all. And now I can more thoughtfully pull together a clear plan for how to run an organization, understand how to innovate, how to drive change through both a specific business unit or an organization. Experience is what best prepared me to lead.

One of your focal points has always been the importance of properly aligning IT governance with an organization’s business strategy. What are some of the practical ways IT teams accomplish this goal and how critical is the relationship building component that accompanies that synchronicity?

I think the most practical way to accomplish this is to focus on the people. Focus on the people developing the strategy and look at how their business is trying to implement it, because the most important thing is to be in alignment with the shared goal, in alignment with the people you’re partnering with. You have to be a true partner with the business. And that has to be the focus, not the technology. The technology is the secondary piece. Technology is what you use to try to find the solution for the business problems that they’re trying to solve. And those business problems don’t always stay the same, they change. They change based on economic conditions, they change based on market conditions, they may change based on who might be occupying the seat that you’re trying to partner with.

smart-city-1200px

So, you have to stay close and you have to stay connected. That allows you to stay aligned. Then you can figure out the solutions that are going to help solve that business problem. You have to be agile. You have to be able to switch directions. When the business switches direction, you have to be able to switch direction. And I think too many times, IT organizations, they don’t stay connected. They believe that they’re trying to solve this business strategy, that they’re trying to solve the business’ problems. But then the business problems change, the strategies change, and they’re suddenly not connected and eventually they’re heading down the wrong direction for another three to six months, which is a lifetime in technology.

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Document Strategy Forum Next Week! My Session – Executing the Information Governance Strategy for the Post-Cloud World

Content. Communication. Strategy.

I’ve attended and spoken at many different “information management” conferences over the years and each has their strengths and weaknesses. But I’m especially excited to speak at DSF ’19 this year, sponsored by companies like OpenText, Quadient, Adobe, PitneyBowes and Doculabs. Why am I so thrilled? Besides the fact that I get to share my thoughts and experiences for the first time representing Compliance & Privacy Partners, this conference is practitioner driven, with a stellar board of advisors that has spent time with its presenters, making sure the content fits the program tracks AND elevates the conversation.

At the very heart of all the buzz surrounding “big data and artificial intelligence (AI) lives a universal truth- Information is the critical asset of every organization. Information flows through people and applications at such a rapid pace that it demands effective management. Enterprises are flying blind if they don’t have an information management strategy. It is impossible to understand customer needs and improve their experiences without the right information feeding decision making systems. Without proper management of info, employee engagement is doomed. The bottom line is that effective information management will dictate critical decisions for both internal and external facing processes that bring the intersection of employees and customers into context. –David Mario Smith in the latest Document Strategy Magazine

I’ll be presenting a best practices deck on Executing the Information Governance Strategy for the Post-Cloud World in the Automation of Information track, covering Records Compliance, Legal Hold Software and Enterprise Architecture Tools.

Agenda:

  • How to build and automate your Information Governance strategy using the right policies, technology, and stakeholders
  • How to recognize the right collaboration opportunities and strategically partner on the projects most likely to support and advance your agenda
  • What approaches to take when introducing your plans to senior leadership and how to effectively manage the optics around your contributions to your company’s bottom line

Tickets may be available if you act now but the event is quickly selling out. You can learn more here.

This slideshow requires JavaScript.

Marketing The Moving Targets of Digital Transformations – An Interview with Dux Raymond Sy of AvePoint®

AvePoint - Migrate Manage Protect

Marketing the Moving Targets of Digital Transformations – An Interview with Dux Raymond Sy of AvePoint

Tenth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Dux Raymond Sy is the Chief Marketing Officer of Avepoint® and has successfully driven business and digital transformation initiatives for commercial, educational and public sector organizations across the globe. He’s a Microsoft Regional Director (RD), a Microsoft Most Valuable Professional (MVP) and has authored numerous books, articles and whitepapers on IT and business process strategy. He received his Bachelor of Science from Southern Polytechnic University in Telecommunications Engineering. I interviewed him recently about the unique challenges of marketing digital products and services, the future of cloud computing, O365 and the shifting IT career landscape.


Dux, Avepoint specializes in leveraging the breadth of Microsoft technologies including SharePoint and Office 365 to help companies migrate and manage their cloud, on-premises and hybrid environments. There are some trend reports indicating a few enterprises have shifted back toward hybrid stacks after overextending themselves in the cloud. Do you believe most enterprises eventually will evolve, or are there factors such as data protection that will always prevent full cloud adoption for certain entities?

When it comes to enterprise technology, we rarely move backwards. The cloud’s cost, scale, efficiency access, and yes, even security advantages, are too great for on-premises  or hybrid infrastructures to prevail long-term.  What I will say is the transformation will take much longer than the advertising of cloud providers would have you believe. Most organizations are not all-in the cloud today. We did a study in 2017 that showed about 70 percent of organizations were still in hybrid architectures. We sponsored a study with AIIM this year that showed 1 in 3 organizations is maintaining at least 2 versions of SharePoint. Attitudes towards the cloud have changed, now the conversation is mainly focused on how to get there rather than the why. 

Lastly, there are capabilities that the cloud offers that cannot be delivered on-premises s. Cloud-based advanced services, like machine learning, artificial intelligence, and data analytics, open new opportunities for technical teams to drive business value.

AvePoint and Office 365 - Information Governance Perspectives

The free e-book “Designed to Disrupt” unpacks this in full detail: https://azure.microsoft.com/en-us/resources/designed-to-disrupt-reimagine-your-apps-and-transform-your-industry/

How is Infrastructure, Platform and Software-as-a-Service changing the organizational hierarchy of IT departments, reporting structures and collaborative teams? Are companies beginning to hire more administrators and get along with fewer developers, architects and support staff? Where will the best IT jobs be in the next few years at the current pace?

This is a great question! My colleague Hunter Willis recent wrote a piece about this that sparked a huge debate on Twitter. What we have found is that people and organizations evolve more slowly than the technology. Right now, most organizations are just shifting on-premises  roles to the cloud. So if you were the SharePoint admin or the Exchange admin, you are now the SharePoint Online admin or Exchange Online admin. But what about applications that don’t exist on-premises ? Who owns PowerApps? This also ignores the advanced workloads and connections between apps that exist in the cloud. What you do in Microsoft Teams impacts your Exchange and vice versa. What organizations need, and we haven’t seen yet, is an Office 365 admin that truly owns the platform and looks at these platform wide issues. If were seeing some of these issues just within Office 365, imagine what we will see as multi-cloud architectures become more popular. The best IT jobs in the next few years will be business enablers who have a love of learning. You will need to be agile in the era of tech intensity.

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Establishing a Framework to Sustain the Coming IoT Tsunami – An Interview with Priya Keshav of Meru Data

Establishing a Framework to Sustain the Coming IoT Tsunami – An Interview with Priya Keshav of Meru Data

Ninth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Priya Keshav is the founder and CEO of Meru Data LLC, a software company focused on building solutions that simplify and achieve corporate information governance goals. Prior to Meru, she was the leader of KPMG’s Forensic Technology Services Practice in the Southwest United States. She received her MBA from University of Florida’s Warrington College of Business Administration. I had the chance to sit down with her this January and discuss IG, the Internet of Things, consulting, and software development.


Priya, you’ve written extensively, often in collaboration with thought leaders in IG including Jason Baron, about the enormous ethical questions emerging from IoT. Do you think there is yet a universal, cross-industry awareness of these challenges or are business drivers in this area primarily the result of European or US regulatory pressures?

I think there is universal recognition that the use of IoT will bring unique challenges and ethical questions. However, I would not call this universal awareness or understanding at this point. The use of IoT is rapidly increasing, the solutions being developed are integrating multiple industries and we are just scratching the surface of what is possible with IoT. I think today, we are at a point where we recognize that some unique challenges are going to arise. I do not believe we have fully understood the nature of these challenges, especially as the uses and applications for IoT are rapidly evolving.

Both industry and regulators are at the same point – thinking about appropriate frameworks for discussing and addressing these challenges. I don’t believe regulatory pressures from either Europe or the US are the primary drivers for the growing awareness. It does seem regulators have more of a focus on the challenges while the industry focus is more around creating newer solutions. There are multiple efforts underway to understand challenges with IoT, driven by both industry and regulatory interest. However, I do not think this is primarily due to regulatory pressure. There is regulatory interest that has industry taking notice but even the industry is realizing the need to manage the unique challenges from the use of IoT. Existing regulations like the GDPR, COPA etc. obviously would apply to IoT. There is increased scrutiny and regulations around data privacy and security in general and that might look like there is increased regulation around IoT. However, there are very few IoT specific regulations like the California SB327.

Regulatory efforts around IoT to date have been more guidelines focused and have tried to not slow down the uptake of IoT. Examples include the recently issued NIST draft report on IoT cyber security standards that provides a great discussion of how risks from IoT are unique and how organizations could adapt their policies to handle this. There have also been integrated efforts with working groups to review existing IoT security standards and initiatives in the US (by the National Telecommunication and Information Administration) and in Europe (Working Group 3 formed by Alliance for Internet of Things Innovation). Other agencies like the the Consumer Products Safety Commission and the FTC have also been gathering comments on their roles in regulating IoT.

With the Meru Data platform, you’ve strived to develop a functional and reporting tool that simplifies and sustains data governance programs for your customers. Is most software today built around policy frameworks, such as FINRA compliance or privacy-by-design, and are these types of approaches even feasible amidst shifting customer wants and seemingly prescriptive laws like GDPR?

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Book Review: Infonomics – How to Monetize, Manage, and Measure Information As An Asset For Competitive Advantage by Douglas B. Laney

Are CFO’s finally ready to heed the advice of their Chief Data Officers and begin adding information assets to the balance sheet?

Although the commonly used quote “There is nothing more powerful than an idea whose time has come.” is regularly and erroneously misattributed to Victor Hugo, originating from his account of the French coup d’état of 1851 that brought Napoleon III to power, I feel it’s almost appropriate for Douglas B. Laney’s passionate argument on Infonomics. It’s an idea he’s been meticulously developing and arguing for almost two decades and has at last fully articulated in his latest book published by Taylor & Francis entitled Infonomics: How to Monetize, Manage, and Measure Information As An Asset For Competitive Advantage. Laney previously published his thoughts on Infonomics in Forbes back in 2012.

This brilliantly researched book, supported by industry giant Gartner, is steeped in both a mastery of information technology as well as economics, in particular accounting methodology and complementing business disciplines that range from supply chain economics to compliance frameworks.

Laney, with brevity and unfailing pragmatism, weaves his impressive understanding of the business of information, it’s flow and it’s enormous potential into a convincing pleading that I believe is a must read for not just the aspiring digerati, but any CFO, Chief Data Officer or executive hoping to survive and thrive in the Information Age.

Continue reading “Book Review: Infonomics – How to Monetize, Manage, and Measure Information As An Asset For Competitive Advantage by Douglas B. Laney”

You Think You Don’t Know Enough About GDPR? You Are Right and Here’s How

The EU has taken the first step in protecting the data and privacy of its residents. Through the enactment of the General Data Protection Regulation (GDPR), people are now able to have the protection they are looking for online. This means changes for businesses everywhere that are planning to reach consumers in the EU.

Companies need to look at the way that they are handling the personal data of their customers and have an action plan in place to ensure their privacy is protected. Without a strong understanding of what the GDPR means and how it affects your business, you could find yourself in a situation with the EU that you didn’t count on.

Fifteen members of Forbes Technology Council discuss some of the more unexpected consequences of the new GDPR regulation. Here’s what they had to say:

1. Restriction Of Privacy And Innovation

GDPR is the latest version of Y2K compliance — long on speculation and fear, short on reality. In my opinion, regional enforcement of global technology is an impossibility and will restrict — not enhance — privacy, freedom and innovation. The result will be regions of non-compliance (GDPR havens), enormous expense and uncertainty. – Wayne LonsteinVFT Solutions

2. Roadblocks For Blockchain Data Storage

GDPR could impact the decisions and data sets being stored and collected in emerging private and public blockchains. This may create roadblocks for companies looking to embrace blockchain to store any data that may fall under GDPR. – Aaron VickCicayda

3. Opt-In Fatigue

One of the most unexpected consequences of GDPR is the wave of new regulations in jurisdictions outside of Europe, including California, New York and perhaps soon in Asia. Another unintended impact is “check the box” fatigue where opt-in consent language is presented so frequently on websites and apps that consumers don’t read the consents and just check the box, waiving their privacy rights. – Silvio Tavares, CardLinx Association

4. Poor Customer Service

One GDPR byproduct distortion or unintended consequence is excessive regulation leading to poor customer service. The pendulum has swung too far and will be moderated by citizen feedback. – Jeff BellLegalShield

5. Small Businesses Getting Hurt

The companies that are best prepared for GDPR are the big ones: Facebook, Google, Amazon — those that have the money to pour into their tech and legal teams for ultimate compliance. The small and medium-sized businesses, however, may be less prepared, making them more vulnerable to potential fines and penalties. – Thomas GriffinOptinMonster

6. The Slow Death Of Free Services

If a service is free, then your data is the product. We all love using Facebook, YouTube and the many other social media platforms. However, we fail to realize how these businesses operate. If regulations strangle business, then the alternative is a paid model. Just look at YouTube and how it’s strugglingwith its paid subscriptions. – Daniel Hindi, BuildFire

7. Talk About Similar Regulation In The U.S.

The most unintended consequence has been the multitudes of discussions about a similar impending regulation in the U.S. In fact, reading between the lines of Facebook’s testimony to Congress, it is clear to me that tech leaders realize more care ought to be given to sensitive data, and users should have more rights. They are preparing for coming regulation stateside. – Michael RoytmanKenna Security

Read more on Forbes:

https://www.forbes.com/sites/forbestechcouncil/2018/08/15/15-unexpected-consequences-of-gdpr/#2ce5537f94ad 

 

No comments

Digital Bondage and the Fallacy Of Work-Life Integration

Forget your elder’s sage advice on maintaining a good work-life balance. There’s a new patently absurd approach (promoted here by the time-strapped PhD’s at Berkeley Haas), and it’s spreading like wildfire throughout the business world. They call it… “Work-Life Integration!”

Digital Bondage

The term “Work-Life Integration” is so misleading because at this point we’re all enduring an increasing degree of overlap between our personal and professional lives. It may be sold to us as “convenience” but much of it is not exactly “optional.” This obsessive and all-in-one approach to time-management ends up usurping the little personal, spontaneous and family time we still have left.

It reminds me a little of Chris Rock’s famous bit on “Job v. Career.”

But not everybody is as fortunate as Chris and there’s a bigger impact to his lifestyle than he’s letting on in the above clip. And so “Work-Life Integration” also makes me think about Cecil DeMille’s classic The Ten Commandments and the famous scene where a worker is about to be trampled by a giant stone moved by “her colleagues.” Moses’ character, played by Charlton Heston, comes down from his managerial pedestal to save the poor soul, who later turns out is his own Mother! It’s a metaphor for how easily, often and unfairly, we as society, put work before family, friends and for believers, even God. And when it negatively impacts others it is arguably immoral.

I was most recently educated on this 24/7 mindset by an executive who boasted, “Say I’m on flight to Hawaii with my family for the weekend, and I’ve got to approve a purchase order for half-a-million. I can do it right here from my iPhone!” Well, that’s nice, but it highlights the disconnect between those who literally have the world at their fingertips and those who get interrupted with email from their boss on the weekends. The same technology fix that feeds the workaholic is now invading the space of almost everyone, not just the guy or gal with a “career.” It’s affecting their partner, their children, their social circle, people on the road. And in many cases it is invasive, counter-productive and unhealthy for the family and the self. Do we really want to live in digital bondage?

In many ways, this digital bondage is reminiscent of the days when men and women of all ages built the Pyramids until they dropped dead. Sure, the Pyramids still stand as a testament to architecture and ingenuity, but to many they will also always represent a chapter in history when there was seldom a break from work. Luckily today we have a choice.

We must stand firmly behind the importance of rest and personal space. Sure, working remotely through technology has given us flexibility. There’s no denying that. But half-baked ideas like “Work-Life Integration” have adversely impacted the very relationships and working-conditions they were meant to improve.

Some in the Jewish faith believe that one of the Ten Commandments, to observe a day of rest on the Sabbath, is a cornerstone of not just spiritual growth, but what ultimately may lead to success in other areas of one’s life. Most cultures share this important value but as it erodes across the globe and the lines between work and rest are blurred, we all suffer.

Stay off the devices this weekend as much as you can. Find true balance by freeing yourself from digital bondage.

Directing The Flow Of Information – Interview with Jones Lukose of The International Criminal Court

Second in a series of interviews with leaders in the fields of Risk, Compliance and Information Governance across the globe.

Jones LukoseJones Lukose, MBA, PhD is the Information Management Officer for the Criminal Court in the Hague and has over twenty years of experience developing and implementing strategies to achieve operational effectiveness and regulatory compliance for engineering firms, in energy and utilities sectors as well as for international and judicial organizations in Africa, Europe and the Americas. I interviewed him this past February to learn more about his unique insights into information management fundamentals and our future.

Jones, your work and research has taken you to many corners of the world including Kenya, Rwanda, Botswana, Jamaica, Uganda, the UK and now the Netherlands. It’s there you presently direct an important Information Governance program for the International Criminal Court. What do you consider the most common theme in the information management challenges you’ve faced across so many unique cultures and how has that experience shaped how you think about solutions for international organizations?

I have worked in organisations where data is everywhere but the common challenge has been that it seems no one is directing its flow. There is a lot of evidence of information collected and stored that does not fit with the organisation’s strategy. The organisation may say that it is going in a particular direction but the data it holds does not provide the required evidence or proof.  My experience in this regard has led me to reconsider my role in the organisation as an Information Manager. In such environments, it is my first priority to help determine the real purpose and value of data to the organisation. In other words lend a hand in crafting the strategy of the organisation by leveraging information management.

Read more in the upcoming book, Tomorrow’s Jobs Today.

June 2016 Member Spotlight: Rafael Moscatel, IGP, CRM

Very proud to be featured by ARMA’s Info Pro publication this month!

Jun 15, 2016

ARMA received the following nomination from April Dmytrenko, CRM, FAI, for the Member Spotlight:

Meet Rafael Moscatel, IGP, CRM

Rafael Moscatel is a Certified Records Manager (CRM) and Information Governance Professional (IGP) with more than 20 years of experience implementing world-class records retention, data governance, and compliance programs for large enterprises. He designed process transformations, led team-building efforts, and spearheaded change management initiatives in a variety of complex and highly regulated industries. His expertise includes developing document management strategies, decommissioning legacy systems, performing risk assessments, and performing audit remediation.

Rafael truly understands his field and specifically IG and technology. He was instrumental in rolling out the enterprise-wide program at Paramount Pictures. Now he is working for Farmers Group, where he has established an outstanding IG framework from which to continue to support an effective program. He is proactive, strategic, and not only a talented RIM professional but an excellent business professional. He develops outstanding collaborative relationships, understands the value of senior management support and involving the business units, and is a strategic risk taker.

Moscatel lives and works in Los Angeles. He serves as the director of information governance for Farmers Group, Inc. He has been an ARMA member for 12 years.

As you can tell, Rafael is a great fit for the Member Spotlight, an honor meant to recognize members’ involvement within the profession and the association. If you would like to network with him, you can contact him through LinkedIn www.linkedin.com/in/rafaelmoscatel or at rafaelmoscatelcrm.wordpress.com

Read More Here….