12 February 2015

Gleanings from LegalTech NY

It’s easy to get lost in the LegalTech glitz.  There are sumptuous breakfasts, hosted Happy Hours, and late night parties.  On the show floor, there is flashy signage, free cappuccinos, beauteous bootblacks, and ingenious swag.* The conference sessions, despite a penchant for hyperbole, are where the rubber meets the road (to coin a phrase).

At the very end of LegalTech New York, on Feb. 6, ARMA International delivered a three session track on Information Governance (IG).  Nuix sponsored it.  The presenters/panelists ranged from consultants to practitioners to government experts.  Their comments ranged from pithy to profound.  Here, I report to you not what was expressly stated by the speakers, but what I gleaned and interpreted, and what I think you, gentle readers, will want to know. 

1.    IG came to prominence during the Great Recession of 2008.  In a down economy, corporate leaders recognized they could not afford the redundancies, inefficiencies, data loss, risks, and sloppy management that IG addresses.  For some organizations, cutting bloated budgets (perhaps for the storage of advocates of “Keep Everything Forever”) was a survival tactic.  For others, IG offered a competitive advantage, lower risk, and better compliance with ever-more stringent regulations.  CEOs lowered their tolerance of departmental fiefdoms and silos of information.
       The bosses asked probing questions like, “Do Legal and Records each need their own IT staff, or could corporate IT staff meet their needs, improve operations, and save money?”  IG validated their suspicions and offered improvements.
       With the economy improving, the fuel driving IG could run out.  I’m betting not.  The cat is out of the bag.  The ROI is so compelling that organizations seeking excellence will seek IG.
2.       The two hottest issues in IG (and beyond) are Big Data and Security, both for money reasons.  As panelist Alison North stated, corporations are trying to monetize every last bit of data for profit, competitive advantage, and cost-justification of their huge IT investment.  Similarly, the cost of security breaches is so high – and goes beyond money – that many businesses and governments are pouring resources into prevention of data theft, denials of service, etc. 
Of course records management through IG plays a major role here.  Applying a retention schedule and legal holds to Big Data is the antidote to mega-storage and legal risk.  Most Big Data has a short shelf life, and defensible disposal is a key component.  So here’s one for RIM.
The numbers tell the story for Security as well.  Experts such as panelist Andre McGregor, FBI Special Agent for Cyber-security in New York, agree that there is no sure defense against system intrusions by “bad guys”.  However, the value of the target can be minimized through appropriate records retention and disposal.  A smaller target may have lesser value, should a security breach occur.  But IG has other contributions to make, including enlightened policies.  
F    For example, why do my dental and vision insurance work off my social security number?  If they used their own identification numbers and were hacked, well, the intruders are welcome to get their teeth cleaned on my dime.  But if they are hacked and get my SSN, there is a lot more at stake.
3.       Interestingly, there was consensus that the weakest link in cyber-security is human behavior.  Two strategies combat that.  One, of course, is education/change management.  Changing behavior is difficult and imperfect, but helpful.  The second is automation, that is, taking the human factor out of the equation.  Even the best-trained staff members make mistakes, and automation should help lower the errors.  However, automation has been known to be vulnerable as well, so pick your poison.  There is no sure antidote to cyber-security toxins.  One way to mitigate the exposure and possible damage is through an effective IG program that reduces risk and softens the blow, whenever it comes.

Information Governance appears to be on the rise, even when it is not called IG. [See the PositivelyRIM post of 11 Feb.] The need is there.  Theorists, practitioners, and organizations like the Information Governance Initiative are increasingly active, promoting the benefits.

The rapt attention paid by the capacity crowd at the IG track suggest a market that is hungry for Information Governance’s advantages.  The substance enjoyed by those at the sessions outweighed the otherwise ubiquitous LegalTech glitz.

*The no-prize for the cleverest swag goes to Recommind for their complete game of “Cards Against Lawyering”.

11 February 2015

The Curious State of Information Governance at LegalTech: Contradictions Abound

At the New York City LegalTech Feb. 3-6, Information Governance (IG) could be seen as an incidental tag line or a rising star.

I say “incidental tag line” because many exhibitors added IG to their signage in a list of bulleted items.  It was as if they wanted to be sure not to exclude someone because they didn't have a requisite buzz word. ..kind of like Burger King adding a vegetarian patty to their menu so a single herbivore in a group would not 86 the idea of going to Whopperland.

When questioned, many booth personnel had no idea how to define IG.  Some equated it with data management, others called it eDiscovery/predictive coding, still others said it was defensible disposition, and a final group said The Dead Man in Yossarian’s Tent could answer my question, if I would just return later.  This was disappointing and dismaying, but it speaks to the noted (if misunderstood) significance of IG.  (To be fair, a couple vendors were on board with real IG, but they stood out as exceptions that prove the rule.)

Other evidence points to IG as a rising star.  The Information Governance Initiative celebrated its first anniversary with a well-attended pre-con “Boot Camp”.  Notable in attendance was the first known Chief Information Governance (and Privacy) Officer, JoAnn Stonier of MasterCard.  At ARMA International, last October, Drinker Biddle’s Jason Baron had predicted such a sighting in 2015.  It took just over a month to make him prophet in his own time.

Specific reasons that corporations should establish a “C” level IG positions were voiced at LegalTech:
·         IG is part of corporate governance, so it should be a vocal part of “C” suite meetings (Alison North)
·         CIOs don’t own information; they own infrastructure (Barclay Blair)
·         Creating a CIGO develops corporate clout for a discipline that, in some organizations, has been devalued
·         Politics do matter, and a CIGO will develop alliances with peer Chiefs, combating or befriending antagonists to develop IG and effect measurable change

ARMA sponsored a conference track on IG that filled every seat, certainly more than 100. A show of hands revealed a healthy balance of attendees from sometimes siloed industries: Legal, Records, IT, Compliance, Security, and others.  The Information Governance Initiative had just released the print version of its survey study on “IG in 2020”, and Executive Director Blair opined that CIGOs would be common in six or seven years.

Blair also shared springtime plans for an eight-chapter manual on how to be a CIGO, with chapters on goals, responsibilities, navigating corporate governance, qualifications to be a CIGO, and more. 

Panel moderator Julie Colgan, of ARMA and Nuix, posed the question, “Is Information Governance a buzz word?”  That is, is it a fad, a flash in the pan, or an ephemeral phenomenon?  The question is valid in the wake of a regatta of technologies that caught wind and sailed one moment before drifting in irons the next.

Panelists North and others had the right answer:  It doesn’t matter whether the term “Information Governance” achieves longevity or not.  The term may morph or fade but the work that the term describes and addresses will not go away.  Lauren Barnes of Credit Suisse posited, “It is a writing term, a branding.”

You can call a screw a “threaded fastener”, but it is still needed to hold things together.  Whatever you call IG, organizations will still need to harvest synergies and eliminate redundancies between their information’s stakeholders.  Also, they will still need enhanced cooperation between, say,  IT and RIM, or Legal and Security.  And they will still need the competitive advantage of higher efficiencies and lower risks.

Information Governance is a good term…until a better term comes along.  Now if only the exhibitors at LegalTech that display the phrase could define it.  

17 November 2014

Is IG a new package and labeling of RIM?

Recently, the Records Management ListServ hosted a spirited discussion on the above question.  Here was my response:

Information Governance means coordinating all the records' stakeholders, focusing them on their organizations' goals.  The role requires team building across disciplines and the ability to forge potent alliances.  An Information Governor must be able to speak Legalese to the attorneys and techno-babble to IT, as well as being adept with records.  Historically, many records managers were not skilled in this, nor were they eager to try it.

The Information Governor is an ambassador or statesperson who can break down walls, silos, hegemonies, and fiefdoms.  And, of course, it requires a profound understanding of RIM and the information lifecycle.  The job is difficult --- not just conceptually, but socially -- because many attorneys want to "keep everything forever" and many technologists perceive records managers as document librarians without technical understanding.  (And truly, what percentage of records managers are comfortable managing records in databases, in clouds, or in the custody of social media/mobile app hosts?)  [I am preparing a presentation with the working title, "Records Is from Venus; Legal Is from Mars; IT Is from Jupiter.]

If an organization changes a job title from "Records Manager" to "Information Governance Manager", perhaps leadership is saying the organization needs more synergy between Records, Legal, IT, and maybe Security, Compliance, Finance, and other groups.

Your thoughts?

10 November 2014

New Records Technology: Structured Data Archiving

Care for an example of how IT, Legal, and Records need to work together (commonly known as Information Governance?)  Here’s one development:

Technology at ARMA International is a fascinating mélange.  Each year, we see incremental improvements.  There are faster scanners, increasingly subtle analytics, greater capacities, more resolution, less-volatile media, and more.

But the one technological breakthrough I saw in San Diego filled a glaring abyss in Records & Information capabilities.  While the technology is not “must have” for all organizations, it is a game-changer for those that do.

I’m talking about records management in Structured Data Archiving.  At least two vendors offered it at ARMA.

Why is SDA needed? Well, databases contain record-quality information that is subject to an organization’s retention schedule.  Sometimes that data needs to be off-loaded from the database, for various reasons.
1.       The database may be full to the point of diminished performance.  Overload may “bring a system to its knees”.
2.        A system may be retired before the retention requirements on the data are fulfilled
3.       Data being archived may be on legal hold
4.       A database containing records may be inactive, with little prospect for reenactment

When I last looked at Structured Data Archiving, a couple years ago, there were plenty of products on the market.  However, none that I saw had a facile capability to apply the Generally Accepted Recordkeeping Principles to the archived data.  Oh, there were workarounds, but they were either unacceptably expensive or architecturally contorted.

Now there is software that can apply disposal dates to data as it goes into the archive – even if the original database did not offer that capability.  Legal holds applied to the data are maintained as the data is archived, later to be lifted while the disposal clock to go right on ticking.

A caveat: any migration requires meticulous care to protect the records’ integrity.

Nonetheless, for organizations with many outdated systems, SDA can pay for itself because archived storage is cheaper than data on active systems.  At the same time, it lowers the risk of losing record data or keeping it beyond its disposal date.  This is a significant step forward.

Legal can have access to pertinent records, while the Records department enforces its retention schedule, and IT makes it happen.  That sounds like Information Governance to me.

31 October 2014

ARMA's Morph to IG Positive

ARMA International is all-in on Information Governance.  I am not privy to ARMA Board meetings, nor have I talked about this with the staff HQ.  But walking into the annual conference in San Diego this week, the switch from RIM to IG was inescapable.

Traditionalists may bemoan the blurring focus, seeing it as a dilution of discipline or a paean to fashionable modernity.

I see it as ARMA’s devotion to its mission: improving the professional lives of its members.  That’s not new.

The Generally Accepted Recordkeeping Principles were more than the latest codification of the millennia-old discipline of records management.  The Principles were designed to show other professional disciplines, such as Law and Accounting, that RIM is a counterpart deserving a seat at the Board table.  The Principles aligned RIM in a way that made it comparable, understandable, and estimable to other professions.

The move to Information Governance is the next step.  It goes beyond the assertion, “We’re equal.”  Now ARMA is bold to say, “Not only are we equally important, we are essential to organizational success.  Further, that success requires creative interaction between RIM and other disciplines.”

The result is twofold:

  •       RIMmers practicing IG rise in status and influence.  The rise includes respect and salary.
  •    Organizations endorsing IG enjoy an advantage over competitors who employ the old, dysfunctional siloed style of operation.  

I don’t know if the old stereotype of records managers was ever true.  You know, the introvert who went to library school to get a quiet, out-of-the-way job, checking records in and out.  If it ever was true, it went the way of physical card catalogs.

Today’s Information Governors (neé Records Managers) are Three Musketeers, along with Legal and IT.  And D’Artagnan may be Accounting, Security, Compliance, or others.

ARMA has seen this and pushed it.  Not everyone wants to move forward and wear this mantel.  But it is the path to success for both ARMA members and the organizations they serve.

29 October 2014

Toward Goals

ARMA 2014 – the conference and expo – met in San Diego this week. Here's my initial impression and a differentiator from past meetings:

More devotees of Records & Information Management/Governance now recognize that their efforts must enhance and support movement toward their organizations’ goals.  In the private sector, that generally means contributing to black ink on the balance sheet.

In past years, records purists tried to perfect their discipline:

  •        The data map and records inventory must be complete and comprehensive
  •       The retention schedule must have the optimum number of classifications and be refreshed on an aggressive schedule
  •       The taxonomy must be optimized and current
  •        The numbers on the Generally Accepted Recordkeeping Principles Maturity Model must rise each year

These were always important, but now there is a greater realization that the goal is a successful organization, not a pure practice of the discipline.

This may reflect the rise of Information Governance in the RIM community.  IG is more holistic, reflecting a concern with organization success.  It gets RIM practitioners out of their silo (or Records Center) and closer to the C-suite.  There, they share or buy into the overall goal of the organization – commercially speaking, more profits or a rising stock price.

Stay tuned for more from ARMA 2014.