Category: E-Discovery

Was This The Phone Call With IT When Hillary Clinton Refused an Official Email Account?

Interesting times the past couple of day, with revelations that Hillary Clinton exclusively used a personal email account and also a private email server in her home to conduct business while she was Secretary of State. Illegal? Election politics? Bad practice? Why was it necessary? All valid questions.

There must have been a conversation between executives and the IT department at the Secretary of State’s office about this, and it’s fascinating to imagine how that conversation went. What reasons were offered? Did anybody push back? Was there a discussion of why this was a bad idea for everyone except Hillary (or maybe her as well – time will tell).

Federal Records Act or not, it is nearly impossible for me to imagine the same conversation happening in the private sector –  a high-powered executive who comes into a company and demands to use their own email server and their Gmail account to conduct all company business. It just wouldn’t happen, at least not any any company that has read a newspaper in the past 20 years.

I’ve been listening to vintage Bob Newhart lately, specifically “The Button-Down Mind of Bob Newhart,” which amazingly was his first big standup performance, recording, and the one that made him a star. In the spirit of Bob, here’s how that phone call might go.

Hey Steve, Barry here. How are things in IT? Good? Good.
I need to talk to you about getting the new VP of Sales set up. Yeah, she’s starting Monday.
Yeah, that Hilary. Yeah from the New York office. Right, big promotion.
Anyway, let’s see if we can get her all set up for Monday . . .
What’s that?
A call from her? What she she say?
She doesn’t want an email account? Well why not?
She didn’t say? How are we going to communicate with her?
She wants to only use a personal Gmail account?!?  And she has her own email server at her house . . . you said no, of course . . .
You didn’t?  What the hell, Steve . . . . yeah . . . yeah . . . authority from who?
She didn’t say?
She was scary? Like scary how?
Hmm. Right. And there’s no way we can talk her out of it?
She wouldn’t take the job?!
She sounded serious did she?
OK, fine, fine.
Don’t we have policies on this kind of thing, Steve?
Nobody takes them seriously?
I know the email system is terrible, Steve . . . yeah I know you need more budget . . .  right, right . . . but listen, I use the damn thing.
What the hell are we going to do if we get sued?  How do we get her email from Gmail? How do we make sure she isn’t spreading our stuff all over the place?
We can’t?
Nothing?
What did the lawyers say?
Haven’t returned your calls?
Just as well, you remember what happened last time those bastards stuck their fingers . . .
Yes, I know I’m a lawyer, Steve. That’s why I can make those jokes.

Breaking: Christmas 2014 Is Cancelled!

Christmas IGI

Here’s the Christmas Story That The North Pole Does Not Want You to Read!

No Reason to Rejoice – Information Governance Scrooge Ups Widely Believed to Freeze North Pole Operations

A North Pole Business Insider Exclusive

the npbi snapshot™

  • Christmas 2014 cancelled
  • Big Data & information governance woes to blame
  • Belief in Santa at all-time low
  • Avalanche of mismanaged data reported
  • Key accounts frozen by hacking attacks at critical manufacturing facilities
  • Elvin workforce in open revolt

North Pole Business Insider has exclusively learned that United Christmas Consolidated Corporation (UCCC) has scheduled an emergency press conference for December 24th where it is expected to announce that Christmas 2014 is cancelled.

The shocking announcement is expected to receive a frosty reception from families and retailers alike, although some harried shoppers we spoke to this morning reported experiencing an astonishing sense of relief and deep well-being upon hearing the news.

According to internal documents obtained by NPBI, the cancellation is a result of “wholesale failure of manufacturing and logistics systems as a result of unforeseen exigencies in our Big Data 2020 program.”

Our attempts to speak directly with beleaguered UCCC CEO, Santa, have been unsuccessful.

However, company insiders have revealed exclusively to NPBI that their efforts to become a “data-driven” institution have largely failed, bringing Christmas 2014 to an unceremonious end.

Rumors of large-scale hacking attacks in the company’s frozen data lake have also plagued the company. Executives from The Halloween Industrial Concern, Valentines Conglomerated, Thanksgiving Partners LLC, and other proto-nation-states have been angered by the continuing encroachment of UCCC. In particular, The Halloween Industrial Concern vehemently protested the upcoming distribution by UCCC of a gift depicting a pumpkin head exploding.

It is widely suspected that UCCC email messages recently provided to the media were stolen by disgruntled Christmas crackers working for Halloween. These communications shockingly revealed UCCC executives to be completely normal and flawed people rather than the fictional heroes portrayed by the toys the company manufactures and distributes.

As widely suspected by parents worldwide, internal company documents provided to NPBI reveal that the failed 2013 big data and information governance program resulted in bad children receiving 10,000 Instagram followers and a YouTube production deal, and good children receiving coal. As previously reported – exclusively by NPBI – both the coal lobby and environmental groups have surprisingly found common cause in battling the coal program, which UCCC continued to defend on the basis of “tradition and nostalgia for a time that never really existed.”

This has been a troubled year for the company, with global turmoil arising from its “Disruptortation” division that uses a network of mobile device-enabled contract delivery drivers to replace incumbent government-supported systems. As we reported in October, a senior manager of the Disruptortation division threatened to permanently put one of our reporters who has been fiercely critical of the company on the permanent naughty list. The reporter and her family have been forced to move every few days, to ensure that UCCC will not be able to track her and deliver the rancid egg nog and fetid mincemeat pies that those on the list famously receive.

In a recent AMA (Ask Me Anything) on Reddit, an anonymous member of the UCCC logistics team fought back against accusations that “these supposed IG failures” were in fact a ploy to “extort the world” by “holding the holidays hostage” in hopes of influencing ongoing wage negotiations. The Elvin manager also fielded several questions regarding her stature, skin color, mating habits, and views on the people who were “truly behind” a decade-old terrorist attack on one of the North Pole’s most famous manufacturing towers. A coordinated group of commenters frequently disrupted the AMA by claiming that female elves should not be in the game and toy manufacturing business at all.

Insiders tell NPBI that the company’s information governance program has been chilled by executive jockeying and political resistance. Santa himself has been described as outwardly supportive but bureaucratically resistant, ensuring that the program moves at a glacial pace. Insiders say dreams of “big data sugar plums” have been iced by “almost complete ignorance” of legal, compliance and risk issues, immature corporate governance programs, and outdated technologies.

Reached for comment, Eöl the 117th, Chief Data Officer at UCCC, said, “Big Data allows us to move past the dark days of gut-based decision making and into the era of clear-eyed, data-driven rationality.” When pressed on how he decides which data to include in UCCC’s analytics programs or how he determines that its algorithmic outputs are reliable, Mr. Eöl responded, “Intuition and years of experience.”

In addition, the company’s ill-fated Christmas 2013 initiative to install self-destructing RFID sensors in every gift delivered worldwide resulted in an avalanche of contradictory and confusing data that the firm was ill prepared to tackle. Insiders say that it was never clear if the company had the legal right to collect the data and to transfer it to the North Pole – a legal jurisdiction that does not align with tougher privacy protections found in many jurisdictions, including the European Union.

Critics of the program pointed out that it was also unclear what the company intended to do with the data.

Company spokesman Aegnor, son of Finarfin, claims such data is only used to “to serve our community better, by bringing joy and love to the world.”

Critics do not mince words about UCCC’s well-known motto, “We Put Evil on a Toboggan and Push it to the South Pole,” dismissing the claim as a hoary chestnut.

While UCCC will not confirm reports of a full-scale elf rebellion and attempted coup d’état, Mr. Aegnor did allow that workforce productivity been negatively affected by the company’s efforts to transform itself.

Several of UCCC’s contract workers have been injured in ongoing civil strife over the future of its data center operations. Older manufacturing workers in the Western sector, rallying behind their apparent leader, See Eye Oh, are fiercely opposed to moving core systems to the cloud. The Eastern sector, populated by a younger and more hirsute demographic and dominated by artisanal egg nog shops and Whitmanesque locavore hotspots serving grass-fed reindeer and organic heirloom lingonberries, favors a transition to systems focused on mobility, access, and collaboration.

Mediators from UCCC’s legal department have held high-level talks between the two factions with little progress.

@2014 North Pole Business Insider, not a real thing and certainly not a division of Barclay T. Blair LLC.

The Emergence of the IG Professional

IG-Professionals

Unlike many buzzwords, however, IG is not old concept dressed up in new clothes—it’s a new way of looking at information management that combines the best of what’s come before with new perspectives and approaches to keeping information secure, accessible and available.

Bryn and Samantha do a great job in the latest issue of Legal Technology News describing the emerging executive role for IG professionals in law firms. Bryn has been working with several law firm clients to proselytize the role of the Chief Information Governance Officer, with some success. I would not be surprised to hear from Bryn about a CIGO being appointed in a law firm in 2015.

Law firms are strange creatures. They are not conventional businesses (some might say they are not businesses at all). They are collections of small businesses, each headed by partner with his or her own ideas about how their fiefdom should run. More law firms are trying to modernize their approach to business management, but the incumbent model is dominant.

This makes it particularly challenging to do “enterprise” things at law firms. It is hard –  harder even than at traditionally managed corporations –  to make anyone do anything. You have the additional challenge that the orthodox impetus for investing in IT –  increased efficiency – is often politely acknowledged but bureaucratically resisted in law firms.

Ironically, law firms are organizations who would benefit most from IG. After all the document is the most common and concrete manifestation of what they do everyday. Documents enter in the form of research, evidence, legal instruments, and they go out in the form of pleadings, memos, briefs, and contracts. Improved management, security, access, workflow –  the bedrock of content management and other disciplines that form the heart of IG – uniquely benefit law firms.

In addition, law firms have much to lose by not paying attention to IG. Law firms are awash in troves of incredibly sensitive and potentially market-shifting data. The bad guys are starting to wake up to this, as are the regulators.

In the wake of this summer’s massive hack attack at several Wall Street institutions, New York State’s top financial regulator convened a meeting with those institutions to talk about the security holes created by their suppliers –  including law firms. In fact, the regulator has requested that the banks provide “any policies and procedures governing relationships with third-party service providers” and has said that banks must describe the process they use to assess the security of those providers.

“It is abundantly clear that, in many respects that a (financial services) firm’s level of cybersecurity is only as good as the cybersecurity of its vendors.”

Benjamin M. Lawsky, New York State financial regulator (as quoted here)

Law firms are called out for special attention, and for good reason. Law firm’s atavistic suspicion of technology must come to an end. When big, powerful clients realize that their gold-plated IG programs have gaping holes skinned only with balsa wood because of poor planning, coordination, and management by their law firm partners, law firms will be in for a shock.

Surely we are all realize that a security breach at Company X does not only affect Company X. The current disaster at Sony which revealed private and sensitive information about hundreds of business partners is a stark reminder of that.

Organizations have little hope of tackling the complex morass of information issues without a central, senior coordinating function.

That is why I believe the only way out of this problem is the Chief Information Governance Officer. That is why the IGI will be focusing heavily on this in 2015 and will be hosting our national Chief Information Governance Officer Summit on May 20-21 2015 in Chicago. Come join us.

 

Evidence-Based Information Governance

We Don’t Know Ourselves

Imagine that you want to lose weight. You have tried cutting back, but it hasn’t really helped. Maybe you should get a little more exercise. Maybe you should eat less fat. Or is it sugar? Greek yogurt is supposed to help. Am I really drinking enough coconut water? Who knows? So you mention it to your doctor, or make an appointment with a dietician, or perhaps sign up with a club or clinic that specializes in weight loss. What is the first thing that they ask you to do? Keep a food log. A diary. Write down what you eat, record the exercise you do, and then report back in a couple of weeks so they can give you a customized recommendation.

Great! You have a made a positive decision to take charge of your health.

The first day you are on top of it, and even pretty honest. That corned beef hash that you accidentally ate at the diner when you stopped in for coffee? In the diary. The late-night bowl of sugary flakes? In the diary. Day two, only the good stuff goes in the diary, and a few days later you are still making a half-hearted attempt until finally, you just find yourself scribbling down a bunch of made up stuff in the waiting room moments before your next appointment.

Sound familiar?

For decades, the self-reported diary has been the primary research tool for studying and measuring our eating, sleeping, and other behaviors; the foundation of efforts to help us change those behaviors. But, it doesn’t really work. It is a fantasy.

The Quantified Self

New technology offers a different approach. In the past few years we have spent millions of dollars on a host of devices and apps that passively track our behaviors. Products from FitBit, Nike, Jawbone, Garmin and others. The theory of this technology, or movement (called “The Quantified Self” by some), is that more data –  and more accurate data –  about our behavior will help us understand ourselves better, and thus provide a foundation and methodology for improving ourselves.

Today’s technology tracks our steps, sleep patterns, communication habits, and more. Tomorrow’s technology will automatically log the food we eat, its caloric and nutritional components, and its effect on our bodies. This passive tracking of data clearly is a more realistic approach for us fragile, distracted, willpower-exhausted humans. The machine collects the data in clever way. The algorithms automate the analysis of the data to give us insight into our habits and patterns, and help us track our progress towards a goal.

Of course this approach to problems –  any kind of problem –  is de rigueur. We know it as Big Data and it is prescribed as a solution to everything from unemployment to world hunger.

We are bringing the Quantified Life philosophy to companies, governments, and to entire nations. Tomorrow we will have the Quantified Organization, with the promise that decisions based on tradition and superstition are replaced by decisions based on facts and evidence.

The Quantified Organization

It is easy to be cynical about Big Data. Sometimes I am. But mostly I get it and I believe it. Clearly it raises a host of business, policy, legal, ethical, and societal issues. In any case, it doesn’t matter whether I get it or not: it will be the way that we function as organizations –  and increasingly, as individuals –  moving forward.

The idea that we should make decisions based on facts or evidence as opposed to tradition, intuition, and superstition of course derives from the Enlightenment and the scientific method itself. But even in areas where you might expect that this approach is already baked in, there has been a push to focus on the evidence. In the 1990s, for example, the concept of “evidence-based medicine” (or “evidence-based practice”) was introduced into the medical field and has since taken hold as an operating philosophy in branches of medicine from optometry to dentistry.

Evidence-based practice is defined as:

Applying the best available research results (evidence) when making decisions about health care. Health care professionals who perform evidence-based practice use research evidence along with clinical expertise and patient preferences. Systematic reviews (summaries of health care research results) provide information that aids in the process of evidence-based practice.

If the practice of medicine  –  which has embraced the scientific method for over a century – can benefit from a heightened focus on evidence-based decisions and policy, then surely there are other practices that could benefit from it as well. Any come to mind?

How about Information Governance?

Evidence-Based Practice and Information Governance

Today in IG we make so many decisions, and craft so many policies, based on nothing more that tradition and superstition. This is especially prevalent in the records and information management (RIM) facet of IG, but it exists elsewhere as well. Why do we have 1000 categories in our records retention schedule? Because that’s the way the last guy did it. Because we inherited the schedule from a company we acquired. Because Janice liked it that way. Because that’s the right way. Because that’s what makes the most sense to me. Because that’s what my old boss told us to do. Because that is what the consulting company sold us.

Where is the evidence?

What is true?

Are these justifications based on anything more than tradition, superstition, or office politics?

I propose a new focus for IG practitioners – a focus on Evidence-Based Information Governance. This philosophy should be embedded in everything we do in IG. It is egregious that we wave our hands magically and use purely anecdotal evidence to create fear around information risk. The risk of a spoliation charge in a litigation, for example. How often does it happen? What is the risk of it happening? Go look it up for yourself.

We need to bring evidence into the practice of IG. We need evidence to quantify value. To quantify risk. Evidence to make decisions about how much time, money and effort we should put into managing specific kinds of information.

It is shameful that today, in 2014, this is the exception rather than the rule in IG.

Today we have incredible tools that can easily shed light on our information to give us the visibility and the evidence we need to make good decisions. Go take a look at the providers who support the IGI as an example, as a starting point.

Anyway this post is getting a little long.

But I am passionate about this idea, and will write and work to advance this idea.

Let me know what you think.

Pulling out the red pencil: one more last time on the definition of Information Governance?

Yesterday I published my first blog post on LinkedIn about the most fascinating subject known to people-kind: the definition of information governance. Believe me, this wasn’t my first blog post on the topic, just the first time I had published on LinkedIn. Anyway, in the post I discussed the definition we are advancing at the Information Governance Initiative and talked a little about my history with IG. My post came in the midst of some great back and forth among folks like , , and  on Twitter and great blog posts  by George, James, John, Laurence and others about the core concepts of IG. Who knows if anyone outside this circle finds the subject as fascinating as us, but what the hell, long tail and all that.

Anyway, today George published a thoughtful critique of the definition. Earlier in the day I was reading about a back and forth between a New York Times columnist and Walmart that has gone viral. It’s pretty interesting and funny (I mean the exchange, not the underlying issues being discussed) and feels like an important moment in how social media is radically changing the way that organizations interact with the media outlets who cover them. In any case, I was inspired (not that my output is “inspired) to steal the technique, and pulled out my virtual red pencil to respond to George’s post,  hopefully with less snark that the Walmart exchange. I’ve never met George but I’m sure we are almost certainly much, much closer in our positions that the NYT columnist and the Walmart PR flack. Below is the relevant portion of George’s post, and my response. You can read the whole post here.

The Definition of Information Governance Debated

Publishing on LinkedIn: The Information Governance Initiative Definition of Information Governance

I was invited to participate in the LinkedIn publishing program, so I thought I would give it a shot, with my first post about the definition of information governance developed at the Information Governance Initiative, with the support of 93% of those we surveyed. Check it out here.

IGI Definition of Information Governance