Tag: Information Governance

The Building Blocks of Information Governance

Information Governance (IG) is quite the buzzword these days, yet too many organizations still find themselves struggling with implementing a practical roadmap for success. Here’s a proven strategy and a few tips I picked up while developing board level IG programs for the Fortune 500.

Walk Before You Run

It’s true that your strategy needs to be agile to support the modern workforce but it also must be driven by methodical policy and technology planning when it comes to IG. As a leading practitioner of this discipline at Fortune 500 companies as well as smaller firms, I learned first hand the benefits of careful strategic planning and executing capstone projects under the umbrella of IG. Over time and as a result of tough lessons learned, I began to develop tested strategies essential for enterprise wide adoption and success.

The first strategy is also a lesson… a lesson about cadence and setting expectations. Understanding company culture, its maturity level and appetite for change helps you plan your IG strategy over 1, 3, 5 years. These are not things you alone determine but they are considerations you leverage and may need to influence to get things done. A company that’s behind the curve on IG, or has slipped a little off the slope shouldn’t be perceived as a problem but an opportunity. How you respond to inefficiencies, gaps, audit findings and weaknesses will make the difference between an organization hostile to IG or welcoming to change. Rushing into IG will serve you up a big plate of the former.

Copyright 2019 Compliance and Privacy Partners LLC

For example, many groups that pick up the mantle of IG, excited by its potential, end up taking a scorched earth approach to handling their data projects, hurriedly setting up IG committees, imposing rules, writing up new guidelines, buying shelfware and basically racing towards what they think will be early wins. But IG is not a race, nor is it a repository for IT and Legal’s kitchen sink. It actually requires an initial 30,000 foot view and assessment of the regulatory landscape, a tactful application to core program components. A planned yet flexible cadence covers essential bases and addresses the unique needs of the business.

A clear executive level strategy around IG…

  • Presents opportunities for better governance to avoid fines and litigation exposure

  • Helps to reduce expenses and monetize the information lifecycle

  • Fosters trust to enhance customer experiences

Instead of rushing in, organizations first need to have the types of open, honest discussions that will achieve the goals and end results noted above. That happens by bringing the right people to the table and under the right setting.

Set the SME Table

At Compliance and Privacy Partners we work with highly regulated, US-based companies essential to America’s economic success. However, our solutions are only as effective as the commitment of our clients to their efficiency and compliance goals. Successful governance transformations require both capital investment and executive leadership.

Information Governance is an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.  The Sedona Conference® – Commentary On Information Governance Second Edition

The Sedona Conference, which has done an amazing job of raising the profile of Legal Hold and eDiscovery processes in litigation, offers up a decent definition of Information Governance but it leaves out (or at least does not fully define) one thing… the valuable people that make the whole process work. People are the “coordinated approach” in that definition and their subject matter expertise is the secret sauce in IG. So, what types of people do you want sitting at an IG table or on an IG committee?

Consider these folks for starters:

  • Chief Data Officer
  • Chief Enterprise Architect
  • Chief Compliance Officer
  • Chief Privacy Officer
  • Chief Risk Officer
  • Information Security
  • Internal Audit
  • General Counsel
  • Human Resources
  • Records Management

Now we know people are what make the world go around, and they’re the stakeholders that drive Information Governance, but what’s next? How do we begin building the type of IG program that will last, that will really manage our risks and optimize, or even monetize, our organization’s information and data value?

That next step is a core strategy that lays out the building blocks for establishing a world-class program. Yet this is the point where many companies get sidetracked and wander into the meeting hell desert for forty years. Companies that succeed stick to the basics when they’re starting new IG programs or even breathing life into old ones. At Compliance and Privacy Partners, our experience is that the formula for setting the cornerstones of IG include four basic building blocks.

The 4 Basic Building Blocks of IG

Any company serious about  Information Governance requires:

  1. Knowledge of what data they have and are obligated to retain / destroy
  2. Strategy for defensibly preserving and / or producing that data
  3. Tools to identify / protect those records
  4. Policies that tie that knowledge, strategy and toolset all together

Align Policy with Technology

Information Governance as a discipline has already proven to many corporations around the globe the importance of aligning their policy pillars and best practices with state of the art technology. It is almost a necessity in the high-paced, data driven world we live in. As AI, Machine Learning and Big Data continue to evolve as operational necessities and revenue streams, it becomes even more important to apply governance. But IG is also still a young discipline, exploited by some vendors and consultants as a cure-all with very little practical workmanship behind its practice and execution.

Copyright 2019 Compliance and Privacy Partners

Don’t put the cart before the horse when making a serious commitment to transforming your organization with the power of Information Governance. Spend time developing your strategy, setting the table with the right stakeholders, planning around the basic building blocks of IG and aligning your policies with your technology. Don’t just take our word for it, we’ve seen these principles in action and they work!

Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com

Document Strategy Forum Next Week! My Session – Executing the Information Governance Strategy for the Post-Cloud World

Content. Communication. Strategy.

I’ve attended and spoken at many different “information management” conferences over the years and each has their strengths and weaknesses. But I’m especially excited to speak at DSF ’19 this year, sponsored by companies like OpenText, Quadient, Adobe, PitneyBowes and Doculabs. Why am I so thrilled? Besides the fact that I get to share my thoughts and experiences for the first time representing Compliance & Privacy Partners, this conference is practitioner driven, with a stellar board of advisors that has spent time with its presenters, making sure the content fits the program tracks AND elevates the conversation.

At the very heart of all the buzz surrounding “big data and artificial intelligence (AI) lives a universal truth- Information is the critical asset of every organization. Information flows through people and applications at such a rapid pace that it demands effective management. Enterprises are flying blind if they don’t have an information management strategy. It is impossible to understand customer needs and improve their experiences without the right information feeding decision making systems. Without proper management of info, employee engagement is doomed. The bottom line is that effective information management will dictate critical decisions for both internal and external facing processes that bring the intersection of employees and customers into context. –David Mario Smith in the latest Document Strategy Magazine

I’ll be presenting a best practices deck on Executing the Information Governance Strategy for the Post-Cloud World in the Automation of Information track, covering Records Compliance, Legal Hold Software and Enterprise Architecture Tools.

Agenda:

  • How to build and automate your Information Governance strategy using the right policies, technology, and stakeholders
  • How to recognize the right collaboration opportunities and strategically partner on the projects most likely to support and advance your agenda
  • What approaches to take when introducing your plans to senior leadership and how to effectively manage the optics around your contributions to your company’s bottom line

Tickets may be available if you act now but the event is quickly selling out. You can learn more here.

This slideshow requires JavaScript.

Strengthening Protections and Embracing Connections – An Interview with Douglas C. Williams of Williams Data Management

Williams Records Management - Information Governance Solutions

Strengthening Protections and Embracing Connections – An Interview with Douglas C. Williams of Williams Data Management

Tenth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


DougWilliams - Information Governance PerspectivesDouglas C. Williams is CEO of Williams Data Management and Chairman of the Board for the Vernon Chamber of Commerce. He has over thirty years of experience helping Fortune 500 clients with their document storage, destruction and data security needs. I had an opportunity to sit down with him earlier this year in Los Angeles and collect his thoughts on data protection, business continuity, civic responsibility and professional growth.


Doug, your family has been involved in the Records and Data Management business for the better part of a century and you’ve seen a lot of players come and go. How do small businesses like Williams remain resilient in the disruptive world of digital transformation, and what should executives be thinking about in terms of their long-term information management strategies?

Commercial Records Management, the holistic approach at 50,000’, includes the digital component, as well as the legacy hard copy component.  Our transition in the early 1980s into the commercial records center business from industrial freight warehousing and distribution, witnessed similar disruptions.  Those disruptions had mostly to do with the shift to the service economy from the industrial/manufacturing economy.  Our client base includes enterprise size businesses as well as mid-size businesses and SMBs.  Executives in charge of information assets need to recognize the holistic scope of those information assets, whether they be structured or unstructured, and apply the information governance and regulatory guidelines to each equally.  Knowing that digital technologies will change at light-speed, CEOs and their executive teams need to be fully knowledgeable and ready for changes in forensic discovery and know the impact of retention milestones for each type of information asset.  We all know that text messages, email, and all social media posts have a permanent residency somewhere to be found.  Each and every business, large or small, has to accept a contingent liability regarding the action or inaction of maintaining a strict policy regarding their information management policies – irrespective of the resident media.

In 2015, you were interviewed by Adam Burroughs of Smart Business Los Angeles and highlighted a growing alarm over data breaches. Here we are just a few years later and data protection is a daily news flash. With California recently passing the California Consumer Privacy Act, do you still feel the majority of organizations are taking security and privacy for granted or are you now starting to see a trend toward proactive management of data?

I do.  They are taking for granted it won’t happen to them, and if it does, they are insured.  But guess what, that is delusional.  Again, the proactive plan requires a holistic approach to information management.  The IT department knows how to protect the data, but typically do not know why, i.e., what are the governing rules for each type of data. That is the province of the CIO or the Director of Information Governance, or the General Counsel if an enterprise size firm. The breaches in the headlines are preventable; however, because of human errors in social media, emails, texts, data sharing, lack of encryption and the like, entryways into personal information data sets are available.  In our case at Williams Data Management, because we are social media users, we installed front end data intrusion software, pioneered and patented by Oasis Technologies, known as TITAN, which blocks over 500,000 intrusions attempts per week from getting into our networks.

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Establishing a Framework to Sustain the Coming IoT Tsunami – An Interview with Priya Keshav of Meru Data

Establishing a Framework to Sustain the Coming IoT Tsunami – An Interview with Priya Keshav of Meru Data

Ninth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.


Priya Keshav is the founder and CEO of Meru Data LLC, a software company focused on building solutions that simplify and achieve corporate information governance goals. Prior to Meru, she was the leader of KPMG’s Forensic Technology Services Practice in the Southwest United States. She received her MBA from University of Florida’s Warrington College of Business Administration. I had the chance to sit down with her this January and discuss IG, the Internet of Things, consulting, and software development.


Priya, you’ve written extensively, often in collaboration with thought leaders in IG including Jason Baron, about the enormous ethical questions emerging from IoT. Do you think there is yet a universal, cross-industry awareness of these challenges or are business drivers in this area primarily the result of European or US regulatory pressures?

I think there is universal recognition that the use of IoT will bring unique challenges and ethical questions. However, I would not call this universal awareness or understanding at this point. The use of IoT is rapidly increasing, the solutions being developed are integrating multiple industries and we are just scratching the surface of what is possible with IoT. I think today, we are at a point where we recognize that some unique challenges are going to arise. I do not believe we have fully understood the nature of these challenges, especially as the uses and applications for IoT are rapidly evolving.

Both industry and regulators are at the same point – thinking about appropriate frameworks for discussing and addressing these challenges. I don’t believe regulatory pressures from either Europe or the US are the primary drivers for the growing awareness. It does seem regulators have more of a focus on the challenges while the industry focus is more around creating newer solutions. There are multiple efforts underway to understand challenges with IoT, driven by both industry and regulatory interest. However, I do not think this is primarily due to regulatory pressure. There is regulatory interest that has industry taking notice but even the industry is realizing the need to manage the unique challenges from the use of IoT. Existing regulations like the GDPR, COPA etc. obviously would apply to IoT. There is increased scrutiny and regulations around data privacy and security in general and that might look like there is increased regulation around IoT. However, there are very few IoT specific regulations like the California SB327.

Regulatory efforts around IoT to date have been more guidelines focused and have tried to not slow down the uptake of IoT. Examples include the recently issued NIST draft report on IoT cyber security standards that provides a great discussion of how risks from IoT are unique and how organizations could adapt their policies to handle this. There have also been integrated efforts with working groups to review existing IoT security standards and initiatives in the US (by the National Telecommunication and Information Administration) and in Europe (Working Group 3 formed by Alliance for Internet of Things Innovation). Other agencies like the the Consumer Products Safety Commission and the FTC have also been gathering comments on their roles in regulating IoT.

With the Meru Data platform, you’ve strived to develop a functional and reporting tool that simplifies and sustains data governance programs for your customers. Is most software today built around policy frameworks, such as FINRA compliance or privacy-by-design, and are these types of approaches even feasible amidst shifting customer wants and seemingly prescriptive laws like GDPR?

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Tapping Into Africa’s IG Potential – An Interview With Amb-Dr. Oyedokun Ayodeji Oyewole

Tapping Into Africa's IG Potential - An Interview With Amb-Dr. Oyedokun Ayodeji Oyewole

Fifth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.

Dr. Oyedokun Ayodeji OyewoleAmb-Dr. Oyedokun Ayodeji Oyewole is the Chairman of the Board at the Institute of Information Management (IIM) based in Nigeria. Prior to leading the institute, he spent years in IT and cyber-security roles for Swedish firms and consulting for the Oil and Gas industry. Dr. Oyewole is both an accomplished Records and Information Management practitioner and a fierce advocate for the discipline. I sat down with him in July to ask him about his journey through the universe of information management, his thoughts about professional development and the emerging opportunities in Africa.

Dr. Oyewole, your work developing new practitioners in the Records Management field is substantial and encouraging. You have empowered individuals, young and old, to harness their analytical skills to advance their professional development while instilling pride and confidence in them. Tell us what inspired you to look at Africa and decide how building a community of skilled practitioners could make a difference not just in individual’s lives but in their communities?

My sojourn into the information management space started in 2004, with a very big vision and mission. This was at a time when information management technology was being implemented by only a few organisations in Africa. With the vast opportunities in the RIM space in Africa coupled with the many societal challenges faced by the continent, I saw the need for us to buttress the demand for proper management and security of records and information in both public and private organisations. A very large chunk of organisations were still struggling with managing physical records and certainly not prepared for electronic records. Poverty, corruption and a lack of employment opportunities were crippling. In analyzing all this, I felt the only meaningful solution to both alleviating suffering and empowering people was through advancement of this all important industry, information management, neglected for decades in Africa. Having a society where quality records and information can be easily accessed must be a priority in the face of several challenges ranging from lack of government support, inadequate legislation, poorly trained professionals and practitioners, to the absence of standards and necessary tools for adequate data and information governance.

Most people around the world don’t realize that many parts of Africa, especially in Nigeria, do have sophisticated infrastructures despite being considered developing nations. The history of Africa is varied and rich in so many ways, with much of its potential still yet to be unlocked. What if anything do you feel is unique to African nations in their management of records, information and data that you might not find in places like the U.K. or in the United States?

The information management industry in Nigeria is still evolving with a great deal of potential yet to be tapped. I think what seems to be unique about the records and information management profession in Nigeria and other parts of Africa is the tremendous commitment and passion you find in an average information management professional, in their resolve to take their career to the next level amidst a myriad of social and economic challenges.

You spent quite some time working for Chevron Nigeria Limited on its Agura Independent Power Project designing EDMS systems. Nigeria’s oil reserves are substantial and as this sector develops, just like in the United States, there are social and environmental issues impacted by this progress. How much are projects such as these affected by laws and regulations in African nations and what trends do you expect in the African regulatory landscape over the next five or ten years?

Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.

Directing The Flow Of Information – Interview with Jones Lukose of The International Criminal Court

Second in a series of interviews with leaders in the fields of Risk, Compliance and Information Governance across the globe.

Jones LukoseJones Lukose, MBA, PhD is the Information Management Officer for the Criminal Court in the Hague and has over twenty years of experience developing and implementing strategies to achieve operational effectiveness and regulatory compliance for engineering firms, in energy and utilities sectors as well as for international and judicial organizations in Africa, Europe and the Americas. I interviewed him this past February to learn more about his unique insights into information management fundamentals and our future.

Jones, your work and research has taken you to many corners of the world including Kenya, Rwanda, Botswana, Jamaica, Uganda, the UK and now the Netherlands. It’s there you presently direct an important Information Governance program for the International Criminal Court. What do you consider the most common theme in the information management challenges you’ve faced across so many unique cultures and how has that experience shaped how you think about solutions for international organizations?

I have worked in organisations where data is everywhere but the common challenge has been that it seems no one is directing its flow. There is a lot of evidence of information collected and stored that does not fit with the organisation’s strategy. The organisation may say that it is going in a particular direction but the data it holds does not provide the required evidence or proof.  My experience in this regard has led me to reconsider my role in the organisation as an Information Manager. In such environments, it is my first priority to help determine the real purpose and value of data to the organisation. In other words lend a hand in crafting the strategy of the organisation by leveraging information management.

Read more in the upcoming book, Tomorrow’s Jobs Today.

ARMA Spring Conference

Please join me and some of my esteemed colleagues at the Annual ARMA-GLA Spring conference taking place this April at the Microsoft Technology Center in Playa Vista on April 15th, 2016!

DETAILS:

REGISTRATION CUT OFF:   April 8, 2016
CANCELLATION POLICY:  Full Refund if Canceled before April 8.   $50 cancellation fee if cancelled after April 8.
TRANSFER POLICY:  Registrations are transferrable anytime PRIOR to the event.   Attendance can not be SPLIT.  One attendee per admission only.   Please contact Event Organizer for transfer requests.
LOCATION:
The Microsoft Technology Center