Interesting times the past couple of day, with revelations that Hillary Clinton exclusively used a personal email account and also a private email server in her home to conduct business while she was Secretary of State. Illegal? Election politics? Bad practice? Why was it necessary? All valid questions.
There must have been a conversation between executives and the IT department at the Secretary of State’s office about this, and it’s fascinating to imagine how that conversation went. What reasons were offered? Did anybody push back? Was there a discussion of why this was a bad idea for everyone except Hillary (or maybe her as well – time will tell).
Federal Records Act or not, it is nearly impossible for me to imagine the same conversation happening in the private sector – a high-powered executive who comes into a company and demands to use their own email server and their Gmail account to conduct all company business. It just wouldn’t happen, at least not any any company that has read a newspaper in the past 20 years.
I’ve been listening to vintage Bob Newhart lately, specifically “The Button-Down Mind of Bob Newhart,” which amazingly was his first big standup performance, recording, and the one that made him a star. In the spirit of Bob, here’s how that phone call might go.
Hey Steve, Barry here. How are things in IT? Good? Good.
I need to talk to you about getting the new VP of Sales set up. Yeah, she’s starting Monday.
Yeah, that Hilary. Yeah from the New York office. Right, big promotion.
Anyway, let’s see if we can get her all set up for Monday . . .
A call from her? What she she say?
She doesn’t want an email account? Well why not?
She didn’t say? How are we going to communicate with her?
She wants to only use a personal Gmail account?!? And she has her own email server at her house . . . you said no, of course . . .
You didn’t? What the hell, Steve . . . . yeah . . . yeah . . . authority from who?
She didn’t say?
She was scary? Like scary how?
Hmm. Right. And there’s no way we can talk her out of it?
She wouldn’t take the job?!
She sounded serious did she?
OK, fine, fine.
Don’t we have policies on this kind of thing, Steve?
Nobody takes them seriously?
I know the email system is terrible, Steve . . . yeah I know you need more budget . . . right, right . . . but listen, I use the damn thing.
What the hell are we going to do if we get sued? How do we get her email from Gmail? How do we make sure she isn’t spreading our stuff all over the place?
What did the lawyers say?
Haven’t returned your calls?
Just as well, you remember what happened last time those bastards stuck their fingers . . .
Yes, I know I’m a lawyer, Steve. That’s why I can make those jokes.
Unlike many buzzwords, however, IG is not old concept dressed up in new clothes—it’s a new way of looking at information management that combines the best of what’s come before with new perspectives and approaches to keeping information secure, accessible and available.
Bryn and Samantha do a great job in the latest issue of Legal Technology News describing the emerging executive role for IG professionals in law firms. Bryn has been working with several law firm clients to proselytize the role of the Chief Information Governance Officer, with some success. I would not be surprised to hear from Bryn about a CIGO being appointed in a law firm in 2015.
Law firms are strange creatures. They are not conventional businesses (some might say they are not businesses at all). They are collections of small businesses, each headed by partner with his or her own ideas about how their fiefdom should run. More law firms are trying to modernize their approach to business management, but the incumbent model is dominant.
This makes it particularly challenging to do “enterprise” things at law firms. It is hard – harder even than at traditionally managed corporations – to make anyone do anything. You have the additional challenge that the orthodox impetus for investing in IT – increased efficiency – is often politely acknowledged but bureaucratically resisted in law firms.
Ironically, law firms are organizations who would benefit most from IG. After all the document is the most common and concrete manifestation of what they do everyday. Documents enter in the form of research, evidence, legal instruments, and they go out in the form of pleadings, memos, briefs, and contracts. Improved management, security, access, workflow – the bedrock of content management and other disciplines that form the heart of IG – uniquely benefit law firms.
In addition, law firms have much to lose by not paying attention to IG. Law firms are awash in troves of incredibly sensitive and potentially market-shifting data. The bad guys are starting to wake up to this, as are the regulators.
In the wake of this summer’s massive hack attack at several Wall Street institutions, New York State’s top financial regulator convened a meeting with those institutions to talk about the security holes created by their suppliers – including law firms. In fact, the regulator has requested that the banks provide “any policies and procedures governing relationships with third-party service providers” and has said that banks must describe the process they use to assess the security of those providers.
“It is abundantly clear that, in many respects that a (financial services) firm’s level of cybersecurity is only as good as the cybersecurity of its vendors.”
Benjamin M. Lawsky, New York State financial regulator (as quoted here)
Law firms are called out for special attention, and for good reason. Law firm’s atavistic suspicion of technology must come to an end. When big, powerful clients realize that their gold-plated IG programs have gaping holes skinned only with balsa wood because of poor planning, coordination, and management by their law firm partners, law firms will be in for a shock.
Surely we are all realize that a security breach at Company X does not only affect Company X. The current disaster at Sony which revealed private and sensitive information about hundreds of business partners is a stark reminder of that.
Organizations have little hope of tackling the complex morass of information issues without a central, senior coordinating function.
That is why I believe the only way out of this problem is the Chief Information Governance Officer. That is why the IGI will be focusing heavily on this in 2015 and will be hosting our national Chief Information Governance Officer Summit on May 20-21 2015 in Chicago. Come join us.
Just published, over on LinkedIn, an exclusive mine case study about how Rio Tinto, one of the world’s largest mining companies, is using Active Navigation to remediate over a petabyte of unstructured content (over a billion files) that’s spread out over 5 continents. So far they have found that at least 40% of it can be thrown away or archived. However, the most interesting part of the story is the deal structure. Rio Tinto and Active Navigation designed a shared risk/reward approach where the vendor only gets paid when it delivers. The money flows when the vendor identifies content that can be deleted or archived to Amazon Web Services. But, it also gets paid when it identifies the good stuff – the content that has true value to the business. In other words, Active Navigation is compensated for generating customer value, whether that value comes from identifying chaff or identifying wheat.
Just a quick post – came across this article when trying to fix a configuration issue with Apple Mail and Gmail, and I thought it nicely summed up the attitude I encounter from IT and others in our information governance engagements. Ask an attorney sometime if there really is “no harm in keeping tiny emails around in this age of ever-expanding storage space.” The drug dealers of the IG world have really done an incredible job convincing the addicts that the drug has no downside.
One of Gmail’s perks is a ridiculous amount of storage space, so Google has set it up to highly encourage archiving your email instead of having to make the decision to delete just some of it. After all, you never know if that rainy day will come next month or four years from now, and there’s no harm in keeping tiny emails around in this age of ever-expanding storage space.
More often that not, here’s what happens on that “rainy day,” in a depressing office park somewhere in the suburbs:
The company spent $900,000 to produce an amount of data that would consume less than one-quarter of the available capacity of an ordinary DVD.
RAND study on e-discovery, 2012
Now, folks outside of the IG and e-discovery bubble might reasonably think that, hey if there is ever a problem, I can just start deleting emails then, right?
Here’s a couple more quotes to consider.
And, my favorite