Interesting times the past couple of day, with revelations that Hillary Clinton exclusively used a personal email account and also a private email server in her home to conduct business while she was Secretary of State. Illegal? Election politics? Bad practice? Why was it necessary? All valid questions.
There must have been a conversation between executives and the IT department at the Secretary of State’s office about this, and it’s fascinating to imagine how that conversation went. What reasons were offered? Did anybody push back? Was there a discussion of why this was a bad idea for everyone except Hillary (or maybe her as well – time will tell).
Federal Records Act or not, it is nearly impossible for me to imagine the same conversation happening in the private sector – a high-powered executive who comes into a company and demands to use their own email server and their Gmail account to conduct all company business. It just wouldn’t happen, at least not any any company that has read a newspaper in the past 20 years.
I’ve been listening to vintage Bob Newhart lately, specifically “The Button-Down Mind of Bob Newhart,” which amazingly was his first big standup performance, recording, and the one that made him a star. In the spirit of Bob, here’s how that phone call might go.
Hey Steve, Barry here. How are things in IT? Good? Good.
I need to talk to you about getting the new VP of Sales set up. Yeah, she’s starting Monday.
Yeah, that Hilary. Yeah from the New York office. Right, big promotion.
Anyway, let’s see if we can get her all set up for Monday . . .
A call from her? What she she say?
She doesn’t want an email account? Well why not?
She didn’t say? How are we going to communicate with her?
She wants to only use a personal Gmail account?!? And she has her own email server at her house . . . you said no, of course . . .
You didn’t? What the hell, Steve . . . . yeah . . . yeah . . . authority from who?
She didn’t say?
She was scary? Like scary how?
Hmm. Right. And there’s no way we can talk her out of it?
She wouldn’t take the job?!
She sounded serious did she?
OK, fine, fine.
Don’t we have policies on this kind of thing, Steve?
Nobody takes them seriously?
I know the email system is terrible, Steve . . . yeah I know you need more budget . . . right, right . . . but listen, I use the damn thing.
What the hell are we going to do if we get sued? How do we get her email from Gmail? How do we make sure she isn’t spreading our stuff all over the place?
What did the lawyers say?
Haven’t returned your calls?
Just as well, you remember what happened last time those bastards stuck their fingers . . .
Yes, I know I’m a lawyer, Steve. That’s why I can make those jokes.
Unlike many buzzwords, however, IG is not old concept dressed up in new clothes—it’s a new way of looking at information management that combines the best of what’s come before with new perspectives and approaches to keeping information secure, accessible and available.
Bryn and Samantha do a great job in the latest issue of Legal Technology News describing the emerging executive role for IG professionals in law firms. Bryn has been working with several law firm clients to proselytize the role of the Chief Information Governance Officer, with some success. I would not be surprised to hear from Bryn about a CIGO being appointed in a law firm in 2015.
Law firms are strange creatures. They are not conventional businesses (some might say they are not businesses at all). They are collections of small businesses, each headed by partner with his or her own ideas about how their fiefdom should run. More law firms are trying to modernize their approach to business management, but the incumbent model is dominant.
This makes it particularly challenging to do “enterprise” things at law firms. It is hard – harder even than at traditionally managed corporations – to make anyone do anything. You have the additional challenge that the orthodox impetus for investing in IT – increased efficiency – is often politely acknowledged but bureaucratically resisted in law firms.
Ironically, law firms are organizations who would benefit most from IG. After all the document is the most common and concrete manifestation of what they do everyday. Documents enter in the form of research, evidence, legal instruments, and they go out in the form of pleadings, memos, briefs, and contracts. Improved management, security, access, workflow – the bedrock of content management and other disciplines that form the heart of IG – uniquely benefit law firms.
In addition, law firms have much to lose by not paying attention to IG. Law firms are awash in troves of incredibly sensitive and potentially market-shifting data. The bad guys are starting to wake up to this, as are the regulators.
In the wake of this summer’s massive hack attack at several Wall Street institutions, New York State’s top financial regulator convened a meeting with those institutions to talk about the security holes created by their suppliers – including law firms. In fact, the regulator has requested that the banks provide “any policies and procedures governing relationships with third-party service providers” and has said that banks must describe the process they use to assess the security of those providers.
“It is abundantly clear that, in many respects that a (financial services) firm’s level of cybersecurity is only as good as the cybersecurity of its vendors.”
Benjamin M. Lawsky, New York State financial regulator (as quoted here)
Law firms are called out for special attention, and for good reason. Law firm’s atavistic suspicion of technology must come to an end. When big, powerful clients realize that their gold-plated IG programs have gaping holes skinned only with balsa wood because of poor planning, coordination, and management by their law firm partners, law firms will be in for a shock.
Surely we are all realize that a security breach at Company X does not only affect Company X. The current disaster at Sony which revealed private and sensitive information about hundreds of business partners is a stark reminder of that.
Organizations have little hope of tackling the complex morass of information issues without a central, senior coordinating function.
That is why I believe the only way out of this problem is the Chief Information Governance Officer. That is why the IGI will be focusing heavily on this in 2015 and will be hosting our national Chief Information Governance Officer Summit on May 20-21 2015 in Chicago. Come join us.
Just published, over on LinkedIn, an exclusive mine case study about how Rio Tinto, one of the world’s largest mining companies, is using Active Navigation to remediate over a petabyte of unstructured content (over a billion files) that’s spread out over 5 continents. So far they have found that at least 40% of it can be thrown away or archived. However, the most interesting part of the story is the deal structure. Rio Tinto and Active Navigation designed a shared risk/reward approach where the vendor only gets paid when it delivers. The money flows when the vendor identifies content that can be deleted or archived to Amazon Web Services. But, it also gets paid when it identifies the good stuff – the content that has true value to the business. In other words, Active Navigation is compensated for generating customer value, whether that value comes from identifying chaff or identifying wheat.
Just a quick post – came across this article when trying to fix a configuration issue with Apple Mail and Gmail, and I thought it nicely summed up the attitude I encounter from IT and others in our information governance engagements. Ask an attorney sometime if there really is “no harm in keeping tiny emails around in this age of ever-expanding storage space.” The drug dealers of the IG world have really done an incredible job convincing the addicts that the drug has no downside.
One of Gmail’s perks is a ridiculous amount of storage space, so Google has set it up to highly encourage archiving your email instead of having to make the decision to delete just some of it. After all, you never know if that rainy day will come next month or four years from now, and there’s no harm in keeping tiny emails around in this age of ever-expanding storage space.
More often that not, here’s what happens on that “rainy day,” in a depressing office park somewhere in the suburbs:
The company spent $900,000 to produce an amount of data that would consume less than one-quarter of the available capacity of an ordinary DVD.
RAND study on e-discovery, 2012
Now, folks outside of the IG and e-discovery bubble might reasonably think that, hey if there is ever a problem, I can just start deleting emails then, right?
Here’s a couple more quotes to consider.
And, my favorite
Three years ago, I sat down in a conference room in Washington, D.C with some really smart people and we quickly realized that we shared a vision for a consortium and think tank devoted to advancing Information Governance. Each of us had seen the incredible value that better information governance could create for their respective clients, but had also witnessed the consequences of information failure first-hand. Without a way for IG practitioners to share their experience across disciplines, it seemed unlikely that the promise of information governance would be fulfilled. Today, thanks to the support of like-minded individuals and organizations, this vision has been realized.
I am so pleased to announce the launch of the Information Governance Initiative (IGI), a cross-disciplinary consortium and think tank focused on advancing information governance. The IGI will publish research, benchmarking surveys, and guidance for practitioners on its website at www.IGInitiative.com. The research will be freely available, and the group will also be providing an online community designed to foster discussion and networking among practitioners.
I am founder and executive director, and it would be great if you would join us.
I believe information can be a positive transformative force in the world – improving business, government, and the lives of people in all walks of life. But I also believe that these benefits are not automatic, and in fact will only be the result of sustained, proactive efforts to understand and manage information in a better way. I believe that there is a need for like-minded people to come together and find this better way. A forum for ideas, facts, and techniques. An initiative that pushes the market forward and builds information literacy.
That’s why we created the Information Governance Initiative – and why we want you to be a part of it.
Who We Are
The IGI Advisory Board is comprised of members drawn from the disciplines that own the facets of information governance including information security, data science and analytics, e-discovery, business management, IT management, compliance, business intelligence, records management, finance and audit, privacy, and risk management. We are also developing a Corporate Council comprised of practitioners working in IG. Contact us if you are interested in participating in the Corporate Council.
At launch, IGI Advisory Board members include Courtney Ingraffia Barton, senior counsel, global privacy at Hilton Worldwide, Inc.; Julie Colgan, president of ARMA International; Leigh Isaacs, VP of the information governance Peer Group at ILTA; and Richard Stiennon, chief research analyst at IT-Harvest and well-known cybersecurity expert. Additional board members are being added on an ongoing basis.
The IGI is launching with broad support from leading providers of information governance products and services, including:
We are also partnering with a variety of organizations to bring IG stakeholders from different disciplines together to work on the information governance problem. For example, we have partnered with The CFO Alliance, a community of over 4,000 senior finance professionals, to bring the IG conversation to the finance community. ARMA International has appointed a representative to the IGI Advisory Board, and the two organizations plan on working together to advance the adoption of information governance. In addition, the IGI will be presenting several sessions on information governance at the Managing Electronic Records conference in Chicago, May 19-21, 2014.
Get Involved in the IGI
Members of the leadership team are speaking about information governance at nine different sessions during the LegalTech NY 2014 conference between February 4-6th. If you are there, come see us and also visit our Charter Supporters in the exhibit halls.
Learn how you can get involved in the IGI at, www.IGInitiative.com
I also invite organizations interested in supporting the advancement of Information Governance to contact me at 646 450 4468 or barclay.blair@IGIniative.com.
Trends Driving Information Governance Strategies in 2014
In 2013, many organizations successfully launched information governance initiatives, and saw positive progress from those efforts in attaining executive sponsorship, engaging key stakeholders, and executing pilot projects. As we enter 2014, new challenges emerge as organizations look for demonstrable business value amidst unrelenting challenges of information growth, regulatory compliance complexity, and legal discovery.
Join me and Robert A. Cruz as we assess these challenges and discuss what we can expect for Information Governance in 2014. The live webinar, presented by Proofpoint, is on January 23 at 11AM PST/ 2PM EST
“Information retrieval is a significant problem for businesses. Further, the extent of the problem worsens with increasing size of the document collection [and] the less formal the information stored.”
Information Retrieval in Business: An Unmet Challenge[i]
Unstructured information, at its simplest, is information that does not reside in the rows and columns of a database. Any database user understands that the meaning of a field in a database is a combination of what the row and the column each mean, such as the price of a widget on a certain date. However, unlike the structured information that resides in databases, unstructured information does not always have a predetermined form, business purpose, use, value, or security classification.
As a result, managing unstructured information is tricky. Many long-established techniques for database administration simply do not apply. This complexity also makes calculating the total cost of unstructured information difficult.
Unstructured information comes in many forms, including word processing documents, spreadsheets, social media posts, and log files automatically generated by computer servers. Some unstructured information has more structure than others (email messages, for example, all have a header, subject line, and message body). Some call this information semi-structured information, but for our purposes, we will use the term unstructured information to include semi-structured information as well.
The volume of unstructured information is growing dramatically. Analysts estimate that, over the next decade, the amount of data worldwide will grow by 44 times (from .8 Zetabytes to 35 Zetabytes: 1 Zetabyte = 1 trillion Gigabytes).[ii] However, the volume of unstructured information will actually grow 50% faster than structured data. Analysts also estimate that fully 90% of unstructured information will require formal governance and management by 2020. In other words, the problem of unstructured information governance is growing faster than the problem of data volume itself.
What makes unstructured information so challenging? There are several factors, including
- Horizontal vs. Vertical. Unstructured information is typically not clearly attached to a department or a business function. Unlike the vertical focus of an ERP database, for example, an email system serves multiple business functions – from employee communication to filing with regulators – for all parts of the business. Unstructured information is much more horizontal, making it difficult to develop and apply business rules.
- Formality. The tools and applications used to create unstructured information often engender informality and the sharing of opinions that can be problematic in litigation, investigations, and audits – as has been repeatedly demonstrated in front page stories over the past decade. This problem is not likely to get any easier as social media technologies and mobile devices become more common in the enterprise.
- Management Location. Unstructured information does not have a single, obvious home. Although email systems rely on central messaging servers, email is just as likely to be found on a file share, mobile device, or laptop hard drive. This makes the application of management rules more difficult than the application of the same rules in structured systems, where there is a close marriage between the application and the database.
- “Ownership” Issues. No employee thinks that they “own” data in an accounts receivable system like they “own” their email, or documents stored on their hard drive. Although such information generally has a single owner, i.e., the organization itself, this mindset can make the imposition of management rules for unstructured information more challenging than structured data.
- Classification. The business purpose of a database is generally determined prior to its design. Unlike structured information, the business purpose of unstructured information is difficult to infer from the application that created or stores the information. A word processing file stored in a collaboration environment could be a multi-million dollar contract or a lunch menu. As such, classification of unstructured content is more complex and expensive than structured information.
Taken together, these factors reveal a simple truth: managing unstructured information is a separate and distinct discipline from managing databases. Moreover, determining the costs and benefits of owning and managing unstructured information is a unique – but essential – challenge.
[i] Michael D. Gordon, “Information Retrieval in Business: An Unmet Challenge,” The University of Michigan, 1991. Online at, http://deepblue.lib.umich.edu/handle/2027.42/35654
[ii] International Data Corporation, “The 2011 Digital Universe Study,” June 2011. Online at, http://www.emc.com/collateral/demos/microsites/emc-digital-universe-2011/index.htm