ICRM will not only conduct their spring Board and Business meetings at the MER Conference next May in Chicago, but will also facilitate a panel discussion “Meeting Evolving Business Needs: A Conversation Between RIM Educators and Thought Leaders.”
The panel of experts include: John Isaza, Esq, FAI, Rafael Moscatel, CRM, IGP, CIPM, and Wendy McLain, MLIS, CRM. The panel of Academic Partners include: Patricia Franks, Ph.D, CRM, CA, IGP – San Jose State University; Gregory S. Hunter, Ph.D, CA, CRM, FSAA – Long Island University, Palmer School of Library and Information Science, and Tao Jin, Ph.D – Louisiana State University, School of Library and Information Science.
The desired outcome is to expand and nurture an ongoing and productive dialogue between our profession and academic institutions to ensure graduates are well prepared to fill current and future positions in key areas of Records and Information Management (RIM) and Information Governance (IG). If interested in joining us at the MER Conference – go to their website and register for conference. https://www.merconference.com/
There’s a memorable scene in Back to the Future 3 where Marty receives a Western Union telegraph from Doc almost a century after it was originally mailed, warning him of events to come. Seems an unlikely possibility that any organization would honor such a request to preserve, protect and deliver documents for so long. However, that’s exactly what happens every day, all over the world, and it happened to me only a few years ago when I found out I was adopted at the age of 33! The experience was so life changing that I made a film about it which is finally available this month on Amazon and Itunes.
The Little Girl with the Big Voice, A Documentary on iTunes
The State of California, to whom I wrote a letter verifying my identification, swiftly wrote me back with a manila envelope containing a treasure trove of documents gathered from multiple state agencies. In the package were details from social workers, hospitals, doctors and even notes from my biological parents! They were all free of charge and kept under seal for over three decades! We take these systems for granted nowadays but can you imagine how effective a system must be to protect my information for this long, over so many administrations and to do it largely without computers? What really makes these processes work is not technology of course, it’s people. But what motivates these people to do such a thing?
Adoption details from the State of California
An honorable discipline based on ethics.
I’ll tell you what my own epiphany was, as somebody who works in the fields of Information Governance and Privacy… and that was that record keeping, and those who perform it, are part of the ethical backbone that so much of our society relies on. This often thankless discipline codifies and exemplifies the altruistic commitment we have, and must continue to have to one other. It’s a commitment to value the records and history that tell us who we are and a pledge to protect those records as a matter of ethics ethics and common values. It’s one of the reasons Archives and Records Management has been a passion of mine for so many years.
What can we, as information managers, learn from all of this?
With Joe Franklin
The new era of Privacy is a boon for Records Management because it underscores the truth that the most important data and records are not just necessary for business continuity, death and taxes but are personal. The return of the discussion of privacy as a fundamental right is not new of course. It’s written into the Constitution in the 4th Amendment. It has been defined historically through almost all cultures and even has biblical roots. Privacy a gift that we’re just beginning to learn how to appreciate again and a silver lining in a world struggling so hard to protect it.
A Records Retention Schedule is a TOOL that EMPOWERS organizations to GOVERN and DEFENSIBLY DISPOSE of their information.
Records retention is first and foremost about complying with laws and regulations. However, a retention schedule, when properly developed and utilized, is not simply a tool that tells you how long you must keep (or when to destroy) your records, it is a blueprint that provides powerful insight into the information lifecycle and knowledge management capabilities of your company as a whole. It saves you money on storage and helps shape the way you curate your information enterprise-wide.
Records retention is first and foremost about complying with laws and regulations. However, a retention schedule, when properly developed and utilized, is not simply a tool that tells you how long you must keep (or when to destroy) your records, it is a blueprint that provides powerful insight into the information lifecycle and knowledge management capabilities of your company as a whole. It saves you money on storage and helps shape the way you curate your information enterprise-wide.
OUR RETENTION SCHEDULES:
Serve as a primary tool for ensuring records compliance with federal, state, local laws, regulations and business requirements
Identify business continuity records
Document all records categories, records formats, systems of record, retention requirements and data classifications
Can be updated automatically and integrate with IT infrastructure
Reach out to us today to schedule a free consultation at 323-413-7432
In response to recent stateside efforts to enshrine data protection including the California Consumer Privacy Act (CCPA), organizations are revisiting the efficacy of their Data and Information Governance (IG) programs. Laws and regulations vary by industry and company size. Yet each intend to protect consumer’s personal data by prescribing technical and governance standards backed by stiff penalties for non-compliance.
What you need to know and do to ensure compliance with California’s new Consumer Privacy Act
New regulations governing use of customer and personal data needn’t be burdensome. Rather, they help reduce expenses and monetize the information lifecycle, identify opportunities for better governance to avoid fines and litigation exposure and foster trust to enhance customer experiences. Download this FREE detailed CCPA roadmap to see how you can get your company on the path to compliance.
This slideshow requires JavaScript.
Our CCPA and GDPR engagements include:
Data and resource mapping
Conducting gap and risk assessments
Controls evaluation to standards
Establishing governance with clearly defined roles and responsibilities
Policies and procedures review
Domestic and International legal review of privacy and security policies to fit the organization’s risk profile and culture
Consumer data request and delivery mechanism (including website notices)
Providing education and training
Design of role-based access control (RBAC) rights
Privacy impact assessment (PIA/DPIA) during product design
Third Party Due Diligence Support
Pre-contract due diligence and consulting
Cloud services guidance
Managed security services (build or buy guidance)
Third-party management program/policy
Our consulting and software solutions enable clients to comply with CCPA provisions 1798.110(a)(4), 1798.100, 1798.105, 1798.110, 1798.120, 1798.145, 1798.140, 1798.150
Call us today to see how we can help you with:
California Consumer Privacy Act of 2018, Amendments and Rulemaking
HIPAA/HITECH Security, Privacy and Breach Notification Rules
Generally Accepted Privacy Principles (GAPP)
EU’s General Data Protection Regulation (GDPR)
ISO/IEC 27001-2:2013
CIS Top 20 Critical Security Controls (CA AG requires)
SEC OCIE Cybersecurity Initiative
NIST Cybersecurity Framework
U.S. Sentencing/DOJ/OIG Guidelines for Effective Compliance (program foundation)
Applying Risk Management Program Management and Principles
Information Governance (IG) is quite the buzzword these days, yet too many organizations still find themselves struggling with implementing a practical roadmap for success. Here’s a proven strategy and a few tips I picked up while developing board level IG programs for the Fortune 500.
Walk Before You Run
It’s true that your strategy needs to be agile to support the modern workforce but it also must be driven by methodical policy and technology planning when it comes to IG. As a leading practitioner of this discipline at Fortune 500 companies as well as smaller firms, I learned first hand the benefits of careful strategic planning and executing capstone projects under the umbrella of IG. Over time and as a result of tough lessons learned, I began to develop tested strategies essential for enterprise wide adoption and success.
The first strategy is also a lesson… a lesson about cadence and setting expectations. Understanding company culture, its maturity level and appetite for change helps you plan your IG strategy over 1, 3, 5 years. These are not things you alone determine but they are considerations you leverage and may need to influence to get things done. A company that’s behind the curve on IG, or has slipped a little off the slope shouldn’t be perceived as a problem but an opportunity. How you respond to inefficiencies, gaps, audit findings and weaknesses will make the difference between an organization hostile to IG or welcoming to change. Rushing into IG will serve you up a big plate of the former.
Copyright 2019 Compliance and Privacy Partners LLC
For example, many groups that pick up the mantle of IG, excited by its potential, end up taking a scorched earth approach to handling their data projects, hurriedly setting up IG committees, imposing rules, writing up new guidelines, buying shelfware and basically racing towards what they think will be early wins. But IG is not a race, nor is it a repository for IT and Legal’s kitchen sink. It actually requires an initial 30,000 foot view and assessment of the regulatory landscape, a tactful application to core program components. A planned yet flexible cadence covers essential bases and addresses the unique needs of the business.
A clear executive level strategy around IG…
Presents opportunities for better governance to avoid fines and litigation exposure
Helps to reduce expenses and monetize the information lifecycle
Fosters trust to enhance customer experiences
Instead of rushing in, organizations first need to have the types of open, honest discussions that will achieve the goals and end results noted above. That happens by bringing the right people to the table and under the right setting.
Set the SME Table
At Compliance and Privacy Partners we work with highly regulated, US-based companies essential to America’s economic success. However, our solutions are only as effective as the commitment of our clients to their efficiency and compliance goals. Successful governance transformations require both capital investment and executive leadership.
The Sedona Conference, which has done an amazing job of raising the profile of Legal Hold and eDiscovery processes in litigation, offers up a decent definition of Information Governance but it leaves out (or at least does not fully define) one thing… the valuable people that make the whole process work. People are the “coordinated approach” in that definition and their subject matter expertise is the secret sauce in IG. So, what types of people do you want sitting at an IG table or on an IG committee?
Consider these folks for starters:
Chief Data Officer
Chief Enterprise Architect
Chief Compliance Officer
Chief Privacy Officer
Chief Risk Officer
Information Security
Internal Audit
General Counsel
Human Resources
Records Management
Now we know people are what make the world go around, and they’re the stakeholders that drive Information Governance, but what’s next? How do we begin building the type of IG program that will last, that will really manage our risks and optimize, or even monetize, our organization’s information and data value?
That next step is a core strategy that lays out the building blocks for establishing a world-class program. Yet this is the point where many companies get sidetracked and wander into the meeting hell desert for forty years. Companies that succeed stick to the basics when they’re starting new IG programs or even breathing life into old ones. At Compliance and Privacy Partners, our experience is that the formula for setting the cornerstones of IG include four basic building blocks.
The 4 Basic Building Blocks of IG
Any company serious about Information Governance requires:
Strategy for defensibly preserving and / or producing that data
Tools to identify / protect those records
Policies that tie that knowledge, strategy and toolset all together
Align Policy with Technology
Information Governance as a discipline has already proven to many corporations around the globe the importance of aligning their policy pillars and best practices with state of the art technology. It is almost a necessity in the high-paced, data driven world we live in. As AI, Machine Learning and Big Data continue to evolve as operational necessities and revenue streams, it becomes even more important to apply governance. But IG is also still a young discipline, exploited by some vendors and consultants as a cure-all with very little practical workmanship behind its practice and execution.
Copyright 2019 Compliance and Privacy Partners
Don’t put the cart before the horse when making a serious commitment to transforming your organization with the power of Information Governance. Spend time developing your strategy, setting the table with the right stakeholders, planning around the basic building blocks of IG and aligning your policies with your technology. Don’t just take our word for it, we’ve seen these principles in action and they work!
Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com
Earlier this month, Farmers Insurance Group, Inc. was honored with the highest award for Records Management and Information Governance, “Excellence for an Organization,” by ARMA International. The award recognized the achievements that our organization has made in the implementation and enhancement of our Records and Information Governance program as defined by the Generally Accepted Recordkeeping Principles® and the ARMA Maturity Model®. ARMA announced the award in InfoPro Magazine and at the ARMA Live Conference in Orlando.
ARMA received the following nomination from April Dmytrenko, CRM, FAI, for the Member Spotlight:
Meet Rafael Moscatel, IGP, CRM
Rafael Moscatel is a Certified Records Manager (CRM) and Information Governance Professional (IGP) with more than 20 years of experience implementing world-class records retention, data governance, and compliance programs for large enterprises. He designed process transformations, led team-building efforts, and spearheaded change management initiatives in a variety of complex and highly regulated industries. His expertise includes developing document management strategies, decommissioning legacy systems, performing risk assessments, and performing audit remediation.
Rafael truly understands his field and specifically IG and technology. He was instrumental in rolling out the enterprise-wide program at Paramount Pictures. Now he is working for Farmers Group, where he has established an outstanding IG framework from which to continue to support an effective program. He is proactive, strategic, and not only a talented RIM professional but an excellent business professional. He develops outstanding collaborative relationships, understands the value of senior management support and involving the business units, and is a strategic risk taker.
Moscatel lives and works in Los Angeles. He serves as the director of information governance for Farmers Group, Inc. He has been an ARMA member for 12 years.
As you can tell, Rafael is a great fit for the Member Spotlight, an honor meant to recognize members’ involvement within the profession and the association. If you would like to network with him, you can contact him through LinkedIn www.linkedin.com/in/rafaelmoscatel or at rafaelmoscatelcrm.wordpress.com
Please join me and some of my esteemed colleagues at the Annual ARMA-GLA Spring conference taking place this April at the Microsoft Technology Center in Playa Vista on April 15th, 2016!
DETAILS:
REGISTRATION CUT OFF: April 8, 2016 CANCELLATION POLICY: Full Refund if Canceled before April 8. $50 cancellation fee if cancelled after April 8. TRANSFER POLICY: Registrations are transferrable anytime PRIOR to the event. Attendance can not be SPLIT. One attendee per admission only. Please contact Event Organizer for transfer requests. LOCATION:
The Microsoft Technology Center
The extent to which any organization can reduce its dependency on paper is largely determined by laws and the industry regulations it faces, the technology available to it and how well its leaders manage change, internally as well as for customers.
Here are some thoughts on how to begin solving the paper problem around your office:
Understand the affordances of paper –One of the most thorough examinations of the issue of paper and its role in our lives and workplaces came in 2002 when MIT press published The Myth of the Paperless Office. The book’s findings make a case for the “affordances of paper” and stress that to reduce paper production and consumption we must understand the underlying habits and processes driving how our clients and colleagues work.
Attorneys for example often require a contextual or “case at a glance” perspective that a chronological or issue focused file offers… a “story telling” approach to presenting information which can’t always be matched even with the best software. Similarly, auditors or project managers will often work with and create aggregated records which serve a specific purpose for which imaging might be overkill or too costly. And contrary to popular belief, there still exist quite a few scenarios where it remains more affordable, practical and efficient to even store information in paper form. Conversion costs and risks required to maintain the digital lifecycle of infrequently referenced documents and avoid bitrot* can often exceed those associated with retaining the same materials in paper form.
Make the right policy changes with executive level support –Every Records or Information Governance policy initiative or project your business undertakes should have senior level executive support and reflect the best practices within your industry.
Here are some policy and procedural ideas to consider that can act as catalysts for change.
Get a Retention Policy / Schedule, implement it and regularly enforce it -A Retention Schedule (often in line with a data map) is the most effective tool for properly managing records and information and its necessity cannot be understated. It not only protects an organization and keeps paper and electronic storage costs low, it gives executives a tool for understanding and navigating the massive network of silos and records their businesses create.
Institute an E-signature Policy for all contracts under a specified financial threshold
De-duplicate emails and all other electronic content repositories systematically
Identify where duplicates are created, determine why and what can be done to prevent them going forward
