Tagged: regulation

Observations on AIIM 2010

I’m on my way home from Philadelphia after an interesting and useful AIIM 2010 Expo, and thought I would share some observations. I had many good meetings, saw some good products, learned some new things, and met a bunch of good people. I hope everyone else had a useful trip, and got home safe and sound.

Attendance

The subject of the weather was replaced by the subject of attendance levels as the de rigueur conference small talk. Although I heard varying opinions, the consensus view seemed to be that attendance and the number of exhibitors was low. I talked to a representative from Questex, the show operator, who claimed that this was not the case, with over 12K attendees expected to show up and exhibitor levels better than last year. Who knows? My observation is that it seemed busier than last year, at the height of the recession. Many exhibitor booths (like EMC’s) seemed to be constantly busy.

None of this answers the question whispered in the hallways of almost any big conference in the last couple of years –  is the trade show still a viable form of marketing and education? Does anybody learn anything? Does anybody sell anything? Is it just a “vendor echo chamber?”  Are we all just going out of some sense of obligation? Do attendees just go to get out of the office, and vendors because they are more afraid of the negative consequences of their absence than they are excited by the ROI of their presence?

I like events like the AIIM Expo for the simple reason that it is energizing and affirming to be surrounded by tangible markers of my profession. I have worked outside a traditional office for a decade, and don’t often have the opportunity to just hang out with people who have the same background or interest in this space. So, I find that rewarding.

But, the biggest reason I find some events useful is that I strive to have a clearly-defined purpose for going. For any event, I define that purpose and use it as a measuring stick: will the event help me achieve my goal, and is achieving my goal worth the cost of going? You goal may be to “get up to date with best practices in my profession,” or “learn what other companies are doing,” or “see the latest technologies” –  it doesn’t matter. But, asking whether or not a particular conference – or conferences in general –  are “worth it” is the wrong question. The right question is: what is my goal, and is attending the event the best way to achieve it?

You’re Not Keeping Everything Forever?

The last message one might expect to hear at a conference devoted to topics such as “the lifecycle of records and related concepts such as Classification Schemes, Metadata, Security, Retention, Preservation and Disposal,” is that companies should simply keep all information forever. But heard it, I did – in not one, but two, separate keynotes. I have written about this topic many times, including here, and it is truly one of my favorite topics. As you may guess I, ahem, beg to differ with this position.

To be fair, the first time I heard it, the speaker actually used the term “data” and she was really mostly talking about “research data” and she was from a research organization. So, I’ll give that one a pass.

The second time I heard it, it came from a senior Google representative who apparently been asked to come to Philly to provide a sixty minute commercial. Because, you know, they have a hard time getting their message out otherwise . . . Anyway, like many others, I’m a fan of many Google services, and they have increasingly become a big part of my personal and business life, from Gmail to the fabulous Google Voice. Clearly they are doing transformative work in the consumer space.

But, do they get the enterprise?

The presentation left little doubt that they have a pretty good understanding of their own enterprise. Cyrus Mistry, the speaker, did a funny and engaging presentation about life at Google. Some of the highlights were:

  • By default (at least, culturally) all information is published to everyone at Google seconds after it is created
  • All information is stored in the cloud and instantaneously available on any platform –  including your smartphone
  • Nothing is ever thrown away, e.g., Cyrus mentioned that he has 200 or 300 GB of email in the Google cloud

But, the primary message was not just, “this is way Google works,” but, this is the obvious and inevitable way that all organizations should work – and will work in the future. Anything less is laughably complex, outdated, stodgy, unnecessarily controlling, and stifling to innovation and to the very soul of the employee.

Apparently, in the coming information utopia:

  • Nobody is lazy.
  • Nobody is malicious.
  • Nobody sues anyone.
  • Nobody creates any information that shouldn’t be shared instantly with everyone in the entire organization.
  • There is no risk associated with information – only value and upside.
  • You are completely free as an organization to manage information as you please – no-one outside the company is dictating this to you.
  • Nobody wants to browse through information to find what is relevant to them.

In this vision, the lifecycle of a record is less of a cycle, and more of an infinity symbol. The content is created, it is shipped to the cloud, and there it resides in a big pile –  forever.

Do I think there are compelling elements to this vision?

Of course.

Do I think this is the way information should be managed inside the developer community of a software company?

Sure.

I worked for many years in the software business and learned that the high tech world and its engineers often have a charmingly naive view that the way they work is the way that everyone should work. In fact, this tendency has been the downfall of many brilliant software companies as engineers diligently developed the most incredible solutions for problems that didn’t exist – fighting with sales and marketing all the way as they flew the plane into the crash site.

Now, am I saying that Google’s vision of information management won’t be be successful, or at least highly influential? Hey, I’m not that charmingly naive (well, maybe naive, but certainly not charming). However, the information reality for most of my clients is something more like this:

  • Some people make mistakes.
  • Some people are malicious.
  • They are getting sued all the time, and suing other parties all the time.
  • There are tens of thousands of external regulations, requirements, contractual obligations, industry standards and other factors that dictate they way they need to manage information.
  • Information creates risk – as well as value – and they want to get rid of the stuff that has no value.
  • They create terabytes of information that cannot be shared with everyone all the time  and they will experience serious weeping and gnashing of teeth if even the smallest amount of this information is shared.
  • At least some of the organization wants and needs to browse through information by category.

I want information management to get much much better and much simpler. Innovation and new approaches are needed.  I’m not arguing for complexity and command-and-control. But, I think that information management for many – if not most – large companies is very complex and the problem is not solved by keeping everything forever.

All SharePoint All the Time

The AIIM Expo was a coming out party for SharePoint 2010 in the AIIM community, and generated a lot of interest and discussion. Microsoft bolstered its vision of SharePoint-as-platform by hosting several partners with value-added products and services in stand-up kiosks. In addition, there was a SharePoint-specific track at the show that seemed pretty well attended.

SharePoint continues to rapidly penetrate the information management market, with an increasing number of organizations seeking to leverage the platforms’ records management capabilities –  especially the new features of SharePoint 2010.

I see this causing some pretty interesting conflicts at client organizations.

The success of the product and its growing records management feature set has brought it to the attention of stakeholders that in the past were not likely to be involved in a SharePoint implementation project. These stakeholders include professionals like lawyers who are concerned about e-discovery; records managers concerned about retention schedule compliance; and compliance and governance professionals who see both opportunity and risk in the platform.

In many cases, this new-found interest in SharePoint is not welcome by the IT professionals actually tasked with implementing, configuring, and managing the product. This can result in significant friction that can delay, derail, or otherwise cause a SharePoint project to underachieve. Often, the new stakeholders are looking for centralized control, closed systems, and detailed oversight, whereas IT is seeking to leverage the intuitive information sharing capabilities of the platform and the ease with which end-users can create and self-administer sites.

SharePoint governance will only be successful if these two camps can find a middle ground, and take a practical approach that focuses on maximizing the business value of the platform while minimizing the compliance and business risk.  I advise clients to lock the stakeholders in a room and hammer out the 3-5 governance controls that they can’t live without, and start with that.

Wrap Up

AIIM 2010 was useful for me, and I hope I provided some value here to those that couldn’t make it. To those who did, safe travels, and I will see you soon. In the meantime, let me know what you think of my observations.

10 Reasons Information Governance Make Sense: Reason # 5

It Ain’t Gonna Get Any Easier

“By far the biggest mistake people make when trying to change organizations is to plunge ahead without establishing a high enough sense of urgency in fellow managers and employees. This error is fatal because transformations always fail to achieve their objectives when complacency levels are high.”

John P. Kotter, “Leading Change,” Harvard Business School Press, 1996, p. 4.

In Brief: IG makes sense because it is a proven way for organizations to respond to new laws and technologies that create new requirements and challenges.  The problem of IG will not get easier over time, so organizations should get started now.

Every day the pile of unmanaged information in your organization grows. Every day the habits of your knowledge workers get more ingrained. Every day new technologies enter your enterprise and create new sources of unmanaged risk. Every day technology gets more complex. Every day courts and regulators grow more sophisticated and demanding when it comes to information management. Time will not make the information management problem any easier.

More regulation of information management is expected.

“It’s now ‘inevitable that more regulation will come, forcing companies to be more ethical, more compliant and overall better corporate citizens.’”

Former SEC Chairman Harvey Pitt[1. Alexander B. Howard, “Ex-SEC Chief Pitt Decries State of Sarbanes-Oxley and Risk Management,” SearchCompliance.com, June 5, 2009.]

Beginning as early as the 1970s (with privacy law directed at the federal government) and intensifying in the early years of the new millennium (with Sarbanes-Oxley and the revised Federal Rules of Civil Procedure), governments, regulators, and standards bodies have demonstrated an increasing appetite for the regulation of IT and information. Increasing federal and state regulation has driven demand for IG products and services.[2. Nikki Swartz, “Compliance Boosts Records Management Market,” Information Management Journal, Sept/Oct 2006.]

With the recent swearing-in of a new US president and Democratic control of Congress in the US, it is likely that this appetite will only increase, especially in the wake of a global economic recession that is widely seen as having a root cause in inadequate government oversight and regulation. This is likely to drive legal and regulatory changes that will create new IG requirements for organizations.

Information is getting more complex.

“Using a growing set of free and simple tools and applications, it is easy to create customized, personal web-based environments — a personal web — that explicitly supports one’s social, professional, learning and other activities via highly personalized windows to the networked world.”

The New Horizon Report[3. L. Johnson, A. Levine and R. Smith, “The 2009 Horizon Report,” The New Media Consortium, 2009.]

The growing business use of Web 2.0 technologies such as blogs, wikis, and social networking tools, along with other developments such as Internet “cloud” based applications, are making information management more challenging. The emergence of such technologies is a challenge to the “very strong and entrenched ‘command and control’ ethos that is prevalent in the records management world.[4. Steve Bailey, “Managing the Crowd: Rethinking Records Management for the Web 2.0 World,” Facet Publishing, 2008, p. 68.]

The reality today is that each knowledge worker – like it or not – is his or her own records manager. Responsibility for the creation and management of information has become highly distributed and a new generation of Internet-based tools and applications only encourage this trend.

In addition, technologies like “Google Wave”  create new difficulties. Products that blend together formerly discreet communication, collaboration and content creation tools challenge the long-standing focus on “the document” and usher in a world where we no longer manage discrete piece of information.  The “wave” of information created by these tools is an ever-changing Hydra that pulls information from a variety of sources and blends them together into an environment that cannot be “retained” or managed using traditional approaches.

As technology – and the new forms of information created by that technology – grows more complex, IG provides the foundation from which we can build processes and techniques to properly manage that information. IG isn’t getting any easier – the time to act is now.

What Does Increased Regulatory Enforcement Look Like?

“We recognize the issue of costs to companies to implement robust compliance programs . . . the cost of not being FCPA compliant however can and will be much, much higher.”

Lanny A. Breuer, the assistant attorney general of the DOJ’s criminal division

It seems like everyone with an axe to grind in the information governance world – including yours truly – likes to salt every presentation and whitepaper with the apparent axiom that we are in an era of increasing regulation.

Other than listing a bunch of new-ish laws and proposed laws, it is often hard to quantify what increased regulation looks like. Recently, though, I came across some interesting facts in a speech from an official from the Department of Justice (DOJ), that do just that.[1. You can find the transcript of the speech linked from this WSJ blog post.]  The speech concerns enforcement of the Foreign Corrupt Practice Act (FCPA), a federal law that has been on the books since the 70s and in essence criminalizes bribery of foreign officials by American companies and individuals.

In the past few years, the DOJ has recently focused on aggressively enforcing the FCPA, and the result has been:

  • A record number of trials
  • A record number of individuals charged with violations (” . . . prosecution of individuals is a cornerstone of our enforcement strategy.”)
  • Record corporate fines, including one of $1.6 billion and another of $579 million
  • More enforcement actions between 2005 and 2009 than in the previous 30 years

This is what increased regulatory enforcement looks like. Very respected and senior individuals have gone to jail, name-brand companies have paid millions in fines, and many more individuals and companies have plead guilty to avoid the pain and spectacle of a prolonged investigation or trial.

So, is compliance getting tougher? Factually, in the FCPA world, the answer is clearly yes. However, I think these facts also help to support the larger case that the business operating environment is getting more regulated, and the era of a “compliance program” consisting of a few dusty binders sitting on a shelf are over.

What do you think?