Tag: MER Conference 2020

CCPA Privacy

Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance

By Rafael Moscatel, CIPM, CRM, IGP on
In May of 2020 I was honored to speak at the MERv conference with John Frost of Box on the topic of Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous ComplianceBelow are some excerpts from my transcribed remarks.
Session Description: Tackling data privacy and maintaining consumer trust is harder than ever, especially with the sheer amount of information you need to manage and with constantly evolving privacy laws (CCPA, GDPR, etc) moving the goalposts. The usual checkbox compliance, ad-hoc governance, and reactive information security policies will fail, if they haven’t already, and create too much organizational risk. To achieve a state of consistent compliance and minimize corporate risk you must provide three things to your business: transparent governance, frictionless security, and continuous validation. To provide these things, you must build a strong information governance framework and privacy compliance plan to succeed.
ON KEY PRIVACY ISSUES TODAY…

What’s important to remember here, overall, is that making your privacy plan a key component in your compliance program isn’t just helpful. These days it’s really a strategic imperative. That’s not only because it’s a hot topic or because it’s a growing regulatory requirement, but because it naturally enhances the way our organizations, and specifically our compliance and infosec groups, treat and value ALL of the data they’re responsible for testing and for securing, and in validating and protecting PII, we’re actually adding a layer of assurance that improves both internal operations and the customer experience.

Privacy makes data governance ethical and tangible, and compliance leaders understand that. Today, what we’re going to walk you through is what that awareness and proactive approach look like through the eyes of project leaders during three stages of compliance, prevention, maintenance, and retrospective.

What’s important to remember here, overall, is that making your privacy plan a key component in your compliance program isn’t just helpful. These days it’s really a strategic imperative.

I just want to point out that privacy, conceptually, is, of course, ancient really. People tend to forget that. I mean it has been written into legal codes even before the constitution as a Records and Information Governance community we’ve been dealing with it, from HIPPA to SOX, in one form or another. What’s different today at least in the business world is that the thresholds that trigger compliance these days aren’t industry-specific. Instead, they’re related to annual revenue and the number of data subjects you interact with, so that’s why we see a broader cut of industry’s being looped into these new demands of GDPR and the CCPA.

ON UNDERSTANDING TODAY’S REGULATORY COMPLEXITIES…

Privacy leaders have been asked about the volatile regulatory environment and a clear majority of privacy leaders rank keeping pace with the new regulatory landscape as a pretty important factor in their strategy…. Research also that a minority also are not confident that they have a framework for helping them adjust to that change. So, that’s what we’re aiming to address here today in terms of strengthening that IG program so that it helps buttress or even drive your privacy goals.

[Another] insight we’re sharing with you involves metrics. And we all know metrics is the heart and soul of compliance to a large degree. And we see that finding those metrics to measure their programs is somewhat lacking for the majority of those surveyed. And that results in the majority of leaders being unable to effectively report on their program outcomes.

Continue reading “Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance”

Posted in: , ,
No comments
Professional Development

Meeting Evolving Business Needs – A Conversation Between RIM Educators and Thought Leaders

By Rafael Moscatel, CIPM, CRM, IGP on
Earlier this month I had the honor and privilege of speaking at the MERv conference with Dr. Gregory S. Hunter, Dr. Tao Jin, Dr. Patricia Franks, Rae Lynn Haliday, Cheryl Pederson, and Wendy McLain on the topic of Meeting Evolving Business Needs – A Conversation Between RIM Educators and Thought Leaders. In response to requests, below are some excerpts from my transcribed remarks.

Session Description: This special, two-part panel discussion facilitated by the ICRM will compare current academic curricula with the existing ICRM exam to identify gaps and areas of improvement for both academia and the ICRM. University Professors will discuss their programs and IG industry leaders will add perspective from the business world.

ON THE QUESTION OF WHAT DO MANY JOB SEEKERS STUDENTS WANT TO KNOW?…

It’s really a surreal time to be having a discussion about meeting evolving business needs don’t you think? Of course, we’re doing this conference virtually for the first time, and pivoting towards presenting in this fashion is kind of representative of that evolution we’re here to talk about. You know one thing I think Records and Information Governance professionals excel at though is supporting organizations through digital transformation initiatives, and I imagine the reason that so many companies are able to move forward at such an accelerated pace today, despite COVID, is because they’ve already experienced in getting their records and information online. And I see more of that demand in the days and years ahead but also see significant risks.

But first I want to start this discussion with a sampling of questions shared with me by Tao Jin at LSU…. And I would assume it’s similar to the questions asked by students at some of the other schools with curriculums like LSU. Because I think part of framing this discussion is, you know, trying to understand what students and job seekers are actually asking as they consider these programs and navigating the job marketplace. And I’m not surprised that a majority of the questions shared here are related to emerging technologies.

One thing I think Records and Information Governance professionals excel is supporting organizations through digital transformation initiatives, and I imagine the reason that so many companies are able to move forward at such an accelerated pace today, despite COVID, is because they’ve already experienced in getting their records and information online.

I’ve had my own CRM designation about 7 years now and I can tell you the exam, and these University offerings go well beyond my original training which, at the time still focused primarily on micrographics, if you can imagine that. The exam has changed since then to address new technology and innovation. But that’s not entirely the role of the Records and Information Governance professional, is it? There are other important areas of course like management…. And I think the next panel will discuss that… But the one thing I want us ALL to think about today is this…. Are we generalists? Or are we specialists? I think it’s maybe a little bit of both…

And I think whatever direction individuals take, businesses are going to want their candidates to be well versed in emerging technologies as well as core ones, which we’re going to ask you about in just a moment.

ON LATEST TRENDS – INCREASED DIVERSIFICATION AND DEMAND…

We’ve all heard about job losses post-COVID, but I wanted to diverge from that headline for a moment and bring up what I see as some good news. And that is, from a career standpoint we are witnessing professionals with IG skillsets increasingly being tapped to lead technology upgrades, digital transformation projects, and cross-functional teams in a number of sectors. I think we’re seeing this trend for a lot of reasons. I’ve put an image up here from LinkedIN. It’s essentially a snapshot of a job search query. And I encourage you all to do this yourselves so you can see how diverse roles have become in just in a short amount of time. It’s not surprising how much of today’s work and technology now requires a solid foundation in good recordkeeping, database, and systems design. And recruiters are looking for that education and experience.

ON LEADERSHIP OPPORTUNITIES AMIDST THE CONVERGENCE OF TECHNOLOGY AND REGULATORY PRESSURES…

Although it’s not yet mainstream in every business, we do know that Big Data, IoT, and other emerging technologies are certainly driving some of the need for IG professionals. But it’s also a desire to find talent that can integrate privacy, data governance, and other best practices into those technologies, isn’t it?

An additional layer of assurance just makes good business sense and that layer is made possible by the talent that understands and can implement IG, especially around data governance.

Specifically, with the convergence of technology and regulatory pressures, we are seeing a specialized need for the RIM or IG professional to come in and ensure that operations, risk, and long-range planning value data governance, and that decisions about data protect the organization and prepare it for the next wave of innovation…. That’s how we make the most impact, by tying together stakeholders, prioritizing goals, and helping the corporate culture as a whole recognize the value of these data-driven initiatives and our individual contributions to them. IG reflects the thirty-thousand-foot view of the business with the experience of having been in the weeds with risk, compliance, and internal audit of its moving parts.

Employers. Their executives… and their attorneys, they all realize this. And the headlines around ransomware, GDPR fines, they’ve all prompted companies to revisit and invest in the way they tackle their biggest challenges. They know that an additional layer of assurance just makes good business sense and that layer is made possible by the talent that understands and can implement IG, especially around data governance, right?

That’s how we make the most impact, by tying together stakeholders, prioritizing goals, and helping the corporate culture as a whole recognize the value of these data-driven initiatives and our individual contributions to them.

So, I think those that succeed are those that try in earnest to gain the respect of their IT counterparts. They demonstrate adequate knowledge of the toolsets they’re working with. It’s not that you need to know how to program or code per se, but you do need to know the vocabulary, the big concepts behind what is going on to get buy-in for your portion, and to exchange ideas efficiently.

ON MOVING FROM GATEKEEPER TO CHANGE AGENT…

My colleagues and I are convinced more each day that closely aligned with these new opportunities created by technology is the personnel function of change. And I don’t think that means IG pros give up their methodologies or best practices or risk-averse perspectives, but they do need to embrace the demands thrust upon them. They have to move from defense to offense.

Ultimately, our role is no longer gatekeeper. Our role is part diplomat, part subject matter expert, part change agent. And I’d like to see educators start shaping those expectations with students and businesses as well.

I talk a lot about this in my new book, Tomorrow’s Jobs Today. Take a look at some of the job openings being put out there on LinkedIn, that I referenced earlier. In each job description, although it might not say Records Manager, you can pretty easily identify that recruiters and companies are looking to fill that type of role, or support the function in one way or another. Privacy Manager, Enterprise Project Lead, Risk Analyst, GRC consultant, etc.

And actually, groups like the ICRM, they play a critical role in communicating to employers exactly how their membership and certification programs deliver the competencies they need to drive new projects forward. But they need to understand. Ultimately, our role is no longer gatekeeper. Our role is part diplomat, part subject matter expert, part change agent. And I’d like to see educators start shaping those expectations with students and businesses as well.

Technology is the main driver of our evolving profession. And it’s not simply about document management and enterprise content management infrastructures, but now about AI, Blockchain, IoT. This is a direction that the MER conference has illustrated for years now. So, I think it’s imperative for educators and curriculums to offer primers on what a distributed ledger is, the basics of natural language processing, technical requirements of the GDPR, and similar topics.

Rafael Moscatel, CIPM, CRM, IGP, is the Managing Director of Compliance and Privacy Partners. He has developed large-scale information management, privacy, and digital transformation programs for Fortune 500 companies such as Paramount Pictures and Farmers Insurance. His latest book, Tomorrow’s Jobs Today, is available soon from John Hunt Publishing. Contact him at www.capp-llc.com or follow him on Twitter @rafael_moscatel.

Posted in: , , , ,
No comments
Events GDPR Privacy Professional Development

Compliance and Privacy Partners and Ethikos to Speak at the 2020 MER Conference in Chicago

By Rafael Moscatel, CIPM, CRM, IGP on
The 2020 MER Conference Agenda has been announced and conference registration is now available.

This year’s conference takes place May 4-6th in Chicago and features Information Governance sessions on Privacy, eDiscovery, Data Remediation, emerging technologies, and operational best practices from the industry’s leading experts, along with the experiences of knowledgeable practitioners.

Compliance and Privacy Partners is participating in two sessions this year:

Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Compliance – Monday, May 4, 20202:10 – 3:00pm

Tackling data privacy and maintaining consumer trust is harder than ever, especially with the sheer amount of information you need to manage and with constantly evolving privacy laws (CCPA, GDPR, etc) moving the goalposts. The usual checkbox compliance, ad-hoc governance, and reactive information security policies will fail, if they haven’t already, and create too much organizational risk. To achieve a state of consistent compliance and minimize corporate risk you must provide three things to your business: transparent governance, frictionless security, and continuous validation. To provide these things, you must build a strong information governance framework and privacy compliance plan to succeed.

Meeting Evolving Business Needs – A Conversation Between RIM Educators and Thought Leaders – Tuesday, May 5, 202011:45am – 12:35pm

This special, two-part panel discussion facilitated by the ICRM will compare current academic curricula with the existing ICRM exam to identify gaps and areas of improvements for both academia and the ICRM. University Professors will discuss their programs and IG industry leaders will add perspective from the business world. There will be ample time for members of the audience to share their thoughts as well. It is time to close any gaps between what is taught at the university level and what is needed in the world of business. More effective preparation of the next generation of IG professionals will benefit all organizations that depend on these practitioners to address the business opportunities and challenges of the future and it will provide more fulfilling careers for those emerging from school into the world of business.

Also, our partners at Ethikos will be coming all the way from Brussels to present on GDPR.

GDPR – Two Years On -Monday, May 4, 202012:50 – 1:40pm

The GDPR will celebrate its second anniversary on 25 May 2020 – a good time for US companies impacted by this regulation to understand what they should expect in the coming months.  In this presentation, Legal professionals working in Europe will discuss how the GDPR has been enforced so far in Europe, what the regulators’ future direction might be, and the key areas US organizations will need to focus on in the coming months. Is there a higher risk of enforcement on the horizon? What is the level of privacy awareness among Internet users, consumers and individuals in Europe? Should US organizations that collect and process personal data of EU data subjects be worried about these regulatory trends?

Posted in: ,
No comments
Professional Development Records Management

Meeting Evolving Business Needs: A Conversation Between RIM Educators and Thought Leaders

By Rafael Moscatel, CIPM, CRM, IGP on

ICRM will not only conduct their spring Board and Business meetings at the MER Conference next May in Chicago, but will also facilitate a panel discussion  “Meeting Evolving Business Needs: A Conversation Between RIM Educators and Thought Leaders.” 

The panel of experts include: John Isaza, Esq, FAI, Rafael Moscatel, CRM, IGP, CIPM, and Wendy McLain, MLIS, CRM.  The panel of Academic Partners include: Patricia Franks, Ph.D, CRM, CA, IGP – San Jose State University; Gregory S. Hunter, Ph.D, CA, CRM, FSAA – Long Island University, Palmer School of Library and Information Science, and Tao Jin, Ph.D – Louisiana State University, School of Library and Information Science.

The desired outcome is to expand and nurture an ongoing and productive dialogue between our profession and academic institutions to ensure graduates are well prepared to fill current and future positions in key areas of Records and Information Management (RIM) and Information Governance (IG).  If interested in joining us at the MER Conference – go to their website and register for conference.  https://www.merconference.com/

Posted in: ,
No comments