Category: Records Management

Meeting Evolving Business Needs: A Conversation Between RIM Educators and Thought Leaders

ICRM will not only conduct their spring Board and Business meetings at the MER Conference next May in Chicago, but will also facilitate a panel discussion  “Meeting Evolving Business Needs: A Conversation Between RIM Educators and Thought Leaders.” 

The panel of experts include: John Isaza, Esq, FAI, Rafael Moscatel, CRM, IGP, CIPM, and Wendy McLain, MLIS, CRM.  The panel of Academic Partners include: Patricia Franks, Ph.D, CRM, CA, IGP – San Jose State University; Gregory S. Hunter, Ph.D, CA, CRM, FSAA – Long Island University, Palmer School of Library and Information Science, and Tao Jin, Ph.D – Louisiana State University, School of Library and Information Science.

The desired outcome is to expand and nurture an ongoing and productive dialogue between our profession and academic institutions to ensure graduates are well prepared to fill current and future positions in key areas of Records and Information Management (RIM) and Information Governance (IG).  If interested in joining us at the MER Conference – go to their website and register for conference.  https://www.merconference.com/

Great Scott! A True Story Illustrating the Importance of Ethics in Privacy and Records Management

Truth is stranger than fiction…

There’s a memorable scene in Back to the Future 3 where Marty receives a Western Union telegraph from Doc almost a century after it was originally mailed, warning him of events to come. Seems an unlikely possibility that any organization would honor such a request to preserve, protect and deliver documents for so long. However, that’s exactly what happens every day, all over the world, and it happened to me only a few years ago when I found out I was adopted at the age of 33! The experience was so life changing that I made a film about it which is finally available this month on Amazon and Itunes.

The Little Girl with the Big Voice, A Documentary on iTunes

The State of California, to whom I wrote a letter verifying my identification, swiftly wrote me back with a manila envelope containing a treasure trove of documents gathered from multiple state agencies. In the package were details from social workers, hospitals, doctors and even notes from my biological parents! They were all free of charge and kept under seal for over three decades! We take these systems for granted nowadays but can you imagine how effective a system must be to protect my information for this long, over so many administrations and to do it largely without computers? What really makes these processes work is not technology of course, it’s people. But what motivates these people to do such a thing?

Adoption details from the State of California

An honorable discipline based on ethics.

I’ll tell you what my own epiphany was, as somebody who works in the fields of Information Governance and Privacy… and that was that record keeping, and those who perform it, are part of the ethical backbone that so much of our society relies on. This often thankless discipline codifies and exemplifies the altruistic commitment we have, and must continue to have to one other. It’s a commitment to value the records and history that tell us who we are and a pledge to protect those records as a matter of ethics ethics and common values. It’s one of the reasons Archives and Records Management has been a passion of mine for so many years.

What can we, as information managers, learn from all of this?

With Joe Franklin

The new era of Privacy is a boon for Records Management because it underscores the truth that the most important data and records are not just necessary for business continuity, death and taxes but are personal. The return of the discussion of privacy as a fundamental right is not new of course. It’s written into the Constitution in the 4th Amendment. It has been defined historically through almost all cultures and even has biblical roots. Privacy a gift that we’re just beginning to learn how to appreciate again and a silver lining in a world struggling so hard to protect it.

Making The Most Out of A Retention Schedule – A New 7-Minute Master Series from CAPP

A Records Retention Schedule is a TOOL that EMPOWERS organizations to GOVERN and DEFENSIBLY DISPOSE of their information.

Records retention is first and foremost about complying with laws and regulations. However, a retention schedule, when properly developed and utilized, is not simply a tool that tells you how long you must keep (or when to destroy) your records, it is a blueprint that provides powerful insight into the information lifecycle and knowledge management capabilities of your company as a whole.  It saves you money on storage and helps shape the way you curate your information enterprise-wide.

Records retention is first and foremost about complying with laws and regulations. However, a retention schedule, when properly developed and utilized, is not simply a tool that tells you how long you must keep (or when to destroy) your records, it is a blueprint that provides powerful insight into the information lifecycle and knowledge management capabilities of your company as a whole.  It saves you money on storage and helps shape the way you curate your information enterprise-wide.

OUR RETENTION SCHEDULES:

Serve as a primary tool for ensuring records compliance with federal, state, local laws, regulations and business requirements
Identify business continuity records
Document all records categories, records formats, systems of record, retention requirements and data classifications
Can be updated automatically and integrate with IT infrastructure

Reach out to us today to schedule a free consultation at 323-413-7432

California Dreamin’ – A Free Roadmap For your CCPA Journey

What is the CCPA and why should you care?

In response to recent stateside efforts to enshrine data protection including the California Consumer Privacy Act (CCPA), organizations are revisiting the efficacy of their Data and Information Governance (IG) programs. Laws and regulations vary by industry and company size. Yet each intend to protect consumer’s personal data by prescribing technical and governance standards backed by stiff penalties for non-compliance.


What you need to know and do to ensure compliance with California’s new Consumer Privacy Act

New regulations governing use of customer and personal data needn’t be burdensome.  Rather, they help reduce expenses and monetize the information lifecycle, identify opportunities for better governance to avoid fines and litigation exposure and foster trust to enhance customer experiences. Download this FREE detailed CCPA roadmap to see how you can get your company on the path to compliance.


This slideshow requires JavaScript.

Our CCPA and GDPR engagements include:

  • Data and resource mapping
  • Conducting gap and risk assessments
  • Controls evaluation to standards
  • Establishing governance with clearly defined roles and responsibilities
  • Policies and procedures review
  • Domestic and International legal review of privacy and security policies to fit the organization’s risk profile and culture
  • Consumer data request and delivery mechanism (including website notices)
  • Providing education and training
  • Design of role-based access control (RBAC) rights
  • Privacy impact assessment (PIA/DPIA) during product design

Third Party Due Diligence Support

  • Pre-contract due diligence and consulting
  • Cloud services guidance
  • Managed security services (build or buy guidance)
  • Third-party management program/policy

Our consulting and software solutions enable clients to comply with CCPA provisions 1798.110(a)(4), 1798.100, 1798.105, 1798.110, 1798.120, 1798.145, 1798.140, 1798.150


Call us today to see how we can help you with:

  • California Consumer Privacy Act of 2018, Amendments and Rulemaking
  • HIPAA/HITECH Security, Privacy and Breach Notification Rules
  • Generally Accepted Privacy Principles (GAPP)
  • EU’s General Data Protection Regulation (GDPR)
  • ISO/IEC 27001-2:2013
  • CIS Top 20 Critical Security Controls (CA AG requires)
  • SEC OCIE Cybersecurity Initiative
  • NIST Cybersecurity Framework
  • U.S. Sentencing/DOJ/OIG Guidelines for Effective Compliance (program foundation)
  • Applying Risk Management Program Management and Principles

The Building Blocks of Information Governance

Information Governance (IG) is quite the buzzword these days, yet too many organizations still find themselves struggling with implementing a practical roadmap for success. Here’s a proven strategy and a few tips I picked up while developing board level IG programs for the Fortune 500.

Walk Before You Run

It’s true that your strategy needs to be agile to support the modern workforce but it also must be driven by methodical policy and technology planning when it comes to IG. As a leading practitioner of this discipline at Fortune 500 companies as well as smaller firms, I learned first hand the benefits of careful strategic planning and executing capstone projects under the umbrella of IG. Over time and as a result of tough lessons learned, I began to develop tested strategies essential for enterprise wide adoption and success.

The first strategy is also a lesson… a lesson about cadence and setting expectations. Understanding company culture, its maturity level and appetite for change helps you plan your IG strategy over 1, 3, 5 years. These are not things you alone determine but they are considerations you leverage and may need to influence to get things done. A company that’s behind the curve on IG, or has slipped a little off the slope shouldn’t be perceived as a problem but an opportunity. How you respond to inefficiencies, gaps, audit findings and weaknesses will make the difference between an organization hostile to IG or welcoming to change. Rushing into IG will serve you up a big plate of the former.

Copyright 2019 Compliance and Privacy Partners LLC

For example, many groups that pick up the mantle of IG, excited by its potential, end up taking a scorched earth approach to handling their data projects, hurriedly setting up IG committees, imposing rules, writing up new guidelines, buying shelfware and basically racing towards what they think will be early wins. But IG is not a race, nor is it a repository for IT and Legal’s kitchen sink. It actually requires an initial 30,000 foot view and assessment of the regulatory landscape, a tactful application to core program components. A planned yet flexible cadence covers essential bases and addresses the unique needs of the business.

A clear executive level strategy around IG…

  • Presents opportunities for better governance to avoid fines and litigation exposure

  • Helps to reduce expenses and monetize the information lifecycle

  • Fosters trust to enhance customer experiences

Instead of rushing in, organizations first need to have the types of open, honest discussions that will achieve the goals and end results noted above. That happens by bringing the right people to the table and under the right setting.

Set the SME Table

At Compliance and Privacy Partners we work with highly regulated, US-based companies essential to America’s economic success. However, our solutions are only as effective as the commitment of our clients to their efficiency and compliance goals. Successful governance transformations require both capital investment and executive leadership.

Information Governance is an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.  The Sedona Conference® – Commentary On Information Governance Second Edition

The Sedona Conference, which has done an amazing job of raising the profile of Legal Hold and eDiscovery processes in litigation, offers up a decent definition of Information Governance but it leaves out (or at least does not fully define) one thing… the valuable people that make the whole process work. People are the “coordinated approach” in that definition and their subject matter expertise is the secret sauce in IG. So, what types of people do you want sitting at an IG table or on an IG committee?

Consider these folks for starters:

  • Chief Data Officer
  • Chief Enterprise Architect
  • Chief Compliance Officer
  • Chief Privacy Officer
  • Chief Risk Officer
  • Information Security
  • Internal Audit
  • General Counsel
  • Human Resources
  • Records Management

Now we know people are what make the world go around, and they’re the stakeholders that drive Information Governance, but what’s next? How do we begin building the type of IG program that will last, that will really manage our risks and optimize, or even monetize, our organization’s information and data value?

That next step is a core strategy that lays out the building blocks for establishing a world-class program. Yet this is the point where many companies get sidetracked and wander into the meeting hell desert for forty years. Companies that succeed stick to the basics when they’re starting new IG programs or even breathing life into old ones. At Compliance and Privacy Partners, our experience is that the formula for setting the cornerstones of IG include four basic building blocks.

The 4 Basic Building Blocks of IG

Any company serious about  Information Governance requires:

  1. Knowledge of what data they have and are obligated to retain / destroy
  2. Strategy for defensibly preserving and / or producing that data
  3. Tools to identify / protect those records
  4. Policies that tie that knowledge, strategy and toolset all together

Align Policy with Technology

Information Governance as a discipline has already proven to many corporations around the globe the importance of aligning their policy pillars and best practices with state of the art technology. It is almost a necessity in the high-paced, data driven world we live in. As AI, Machine Learning and Big Data continue to evolve as operational necessities and revenue streams, it becomes even more important to apply governance. But IG is also still a young discipline, exploited by some vendors and consultants as a cure-all with very little practical workmanship behind its practice and execution.

Copyright 2019 Compliance and Privacy Partners

Don’t put the cart before the horse when making a serious commitment to transforming your organization with the power of Information Governance. Spend time developing your strategy, setting the table with the right stakeholders, planning around the basic building blocks of IG and aligning your policies with your technology. Don’t just take our word for it, we’ve seen these principles in action and they work!

Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com

Less is more, gaps are opportunities and relationships matter: A Case Study in Information Governance at #AIIM2018!

AIIM 2018 is just around the corner and I’m thrilled to be presenting my Case Study at this great conference which takes place April 10-13th, in San Antonio! Hope you can join me and so many like-minded in San Antonio this year or later in May when I’ll also be speaking about a program which was recently honored by ARMA International with its Excellence for an Organization Award!  Here are a few slides from my session which will be held on April 12th at 5PM.

This slideshow requires JavaScript.

Farmers Insurance Wins Trade’s Highest Award For Records And Information Governance

Earlier this month, Farmers Insurance Group, Inc. was honored with the highest award for Records Management and Information Governance, “Excellence for an Organization,” by ARMA International. The award recognized the achievements that our organization has made in the implementation and enhancement of our Records and Information Governance program as defined by the Generally Accepted Recordkeeping Principles® and the ARMA Maturity Model®. ARMA announced the award in InfoPro Magazine and at the ARMA Live Conference in Orlando.

ARMA 8

June 2016 Member Spotlight: Rafael Moscatel, IGP, CRM

Very proud to be featured by ARMA’s Info Pro publication this month!

Jun 15, 2016

ARMA received the following nomination from April Dmytrenko, CRM, FAI, for the Member Spotlight:

Meet Rafael Moscatel, IGP, CRM

Rafael Moscatel is a Certified Records Manager (CRM) and Information Governance Professional (IGP) with more than 20 years of experience implementing world-class records retention, data governance, and compliance programs for large enterprises. He designed process transformations, led team-building efforts, and spearheaded change management initiatives in a variety of complex and highly regulated industries. His expertise includes developing document management strategies, decommissioning legacy systems, performing risk assessments, and performing audit remediation.

Rafael truly understands his field and specifically IG and technology. He was instrumental in rolling out the enterprise-wide program at Paramount Pictures. Now he is working for Farmers Group, where he has established an outstanding IG framework from which to continue to support an effective program. He is proactive, strategic, and not only a talented RIM professional but an excellent business professional. He develops outstanding collaborative relationships, understands the value of senior management support and involving the business units, and is a strategic risk taker.

Moscatel lives and works in Los Angeles. He serves as the director of information governance for Farmers Group, Inc. He has been an ARMA member for 12 years.

As you can tell, Rafael is a great fit for the Member Spotlight, an honor meant to recognize members’ involvement within the profession and the association. If you would like to network with him, you can contact him through LinkedIn www.linkedin.com/in/rafaelmoscatel or at rafaelmoscatelcrm.wordpress.com

Read More Here….

ARMA Spring Conference

Please join me and some of my esteemed colleagues at the Annual ARMA-GLA Spring conference taking place this April at the Microsoft Technology Center in Playa Vista on April 15th, 2016!

DETAILS:

REGISTRATION CUT OFF:   April 8, 2016
CANCELLATION POLICY:  Full Refund if Canceled before April 8.   $50 cancellation fee if cancelled after April 8.
TRANSFER POLICY:  Registrations are transferrable anytime PRIOR to the event.   Attendance can not be SPLIT.  One attendee per admission only.   Please contact Event Organizer for transfer requests.
LOCATION:
The Microsoft Technology Center

The Paperless Office

By Rafael Moscatel

The extent to which any organization can reduce its dependency on paper is largely determined by laws and the industry regulations it faces, the technology available to it and how well its leaders manage change, internally as well as for customers.

Here are some thoughts on how to begin solving the paper problem around your office:

Understand the affordances of paper  One of the most thorough examinations of the issue of paper and its role in our lives and workplaces came in 2002 when MIT press published The Myth of the Paperless Office.  The book’s findings make a case for the “affordances of paper” and stress that to reduce paper production and consumption we must understand the underlying habits and processes driving how our clients and colleagues work.

Attorneys for example often require a contextual or “case at a glance” perspective that a chronological or issue focused file offers… a “story telling” approach to presenting information which can’t always be matched even with the best software. Similarly, auditors or project managers will often work with and create aggregated records which serve a specific purpose for which imaging might be overkill or too costly. And contrary to popular belief, there still exist quite a few scenarios where it remains more affordable, practical and efficient to even store information in paper form. Conversion costs and risks required to maintain the digital lifecycle of infrequently referenced documents and avoid bitrot* can often exceed those associated with retaining the same materials in paper form.

Make the right policy changes with executive level support  Every Records or Information Governance policy initiative or project your business undertakes should have senior level executive support and reflect the best practices within your industry.

Here are some policy and procedural ideas to consider that can act as catalysts for change.

  • Get a Retention Policy / Schedule, implement it and regularly enforce it -A Retention Schedule (often in line with a data map) is the most effective tool for properly managing records and information and its necessity cannot be understated.  It not only protects an organization and keeps paper and electronic storage costs low, it gives executives a tool for understanding and navigating the massive network of silos and records their businesses create.
  • Institute an E-signature Policy for all contracts under a specified financial threshold
  • De-duplicate emails and all other electronic content repositories systematically
  • Identify where duplicates are created, determine why and what can be done to prevent them going forward
  • Take a “final draft and / or executed version” approach to your document lifecycle rules Continue reading “The Paperless Office”