Log In

News from the IGI

Guest Post: Big Data From Employees Lead to Big Risk For Employers

This article was originally published on The Relativity Blog. It was written by Sam Bock, editor of The Relativity Blog and a member of the marketing communications team at kCura.

Between Wikileaks, tech experts, and the Federal Trade Commission, we have no shortage of sources reminding us on an almost daily basis that the Information Age brings both invaluable new resources and technology, and a significant threat to personal privacy. Data is everywhere, and it’s accessible by more entities than ever—including employers.

To get to the heart of how employees understand data privacy and how their online behavior at work can impact it, kCura recently commissioned a survey conducted by Harris Poll among 1,013 US adults age 18 and older who were employed full-time or part-time, working in a traditional office setting for at least 50 percent of the time, and are not freelancers (referred to as “employees” throughout).

We learned that although nearly all employees (98 percent) say their privacy is important to them, the majority (60 percent) have used their personal device in some way while connected to their company’s WiFi, which potentially sacrifices that privacy while at work. Here’s a look at the results and how employers can protect themselves against excess data proliferation.

Check out the full report for more insight into the data, a method statement for the survey, and more insights.


Guest Post – Information Governance and the Social Enterprise

Information Governance and the Social Enterprise
by Robert Cruz, Senior Director, Product Marketing of Actiance, Inc.

Another terrific gathering of information governance and records management thought leaders at the MER Conference and the IGI’s awesome Chief Information Governance Officer (CIGO) Summit in Chicago.

MER provided a great opportunity to present our thoughts on “Information Governance and the Social Enterprise”, reflecting upon the massive changes underway in the ways that organizations are communicating and collaborating through tools like Slack, WeChat, Skype for Business, and a dizzying number of new messaging tools appearing almost daily. This was not exactly mainstream MER content, leading to quite a few comments and inquiries before the session along the lines of:

“what does social media have to do with records management?”

“is there an information governance for the anti-social enterprise?”

“we don’t govern social content… our policy is to block it”

Which I attempted to address during the session, and will summarize here.

Key Point 1: Your employees are using LinkedIn, Twitter, Skype for Business – and WhatsApp and WeChat.

Today, more organizations are sanctioning the use of LinkedIn to reach prospects. They’re enabling Skype for Business conversations with customers that include video, voice, messaging, and app sharing. They are engaged in selling efforts with information delivered uniquely across mobile devices. In fact, one major bank indicates that they sent more IM than email last year. A recent survey from PwC indicates that more than 40% of respondents indicated a social media presence is important in their choice of a health care provider. And, today, WeChat has over 1 billion users around the world. Great, but why does this matter? It matters because governance is about managing information according to its value or risk. And the reality today is that more firms and employees are communicating and collaborating on channels outside of managed email and content management repositories – in some cases over channels that are not currently under governance controls.

Key Point 2: This is not just an issue for regulated companies. Business records are everywhere.

The idea that one can control social media or encrypted instant messaging tools is a new concept for some. And while it is true that regulated firms have progressed further with the idea of proactively capturing these non-email content sources to meet industry retention requirements, they are not alone. Public corporations should take note of SEC regulation Fair Disclosure (FD) and the case of Netflix. All organizations are no doubt aware of employment and contract laws and personal data privacy protections. The key point being that social content can not only trigger regulatory action based upon misuse, but also as a source in US civil litigation where judges are ruling that social and messaging sources are discoverable, and where those who haven’t taken appropriate steps to preserve these sources have suffered the consequences. Unfortunately, the reality of business records expressed as 140 character Tweets has arrived (and, yes, even excluding those emanating from Pennsylvania Avenue at 2:30am)

Key Point 3: Your policies should be applicable to your communication tools.

Have you touched your employee communications or records retention policies lately? If not, it may be time to ensure that your policies are keeping up with the ways individuals are doing their job today. Policies designed for email may need to reviewed to ensure these rich tools can be used by specific job holders. Similarly, retention policies may be worth a touch up as you consider the possibility that a conversation that includes information covered under a non-disclosure may be taking place right now on Skype for Business.

Key Point 4: Your governance tools must be designed for today’s communications.

Equally important, organizations should be asking whether the technologies they currently use to capture, retain, supervise, and discover business records (or data that might be responsive to civil litigation) were designed for the communications of a different era. Those continuing to leverage technology designed 10-15 years ago may be in for a big headache the first time a large legal matter or regulatory inquiry arrives that requires the review and production of social media, instant messaging, or voice communication.

We look forward to continuing to help organizations meet these new InfoGov challenges created as your organization’s patterns of communication and collaboration continue to evolve.


Skytop Strategies: Executive Dialogue Series

IGI has partnered with Skytop Strategies on the upcoming Executive Dialogue Series entitled, "Governance: Building Company Resilience Capacity, on June 13th at Deloitte’s offices in New York. I am proud to be joining the conversation as a facilitator.

This is a full-day, interactive discussion group, limited to 35 senior level executives, designed to allow for a highly engaging exchange on the subject of corporate governance and building resilience through better practice.

Some of the others thought leaders for the program include:

  • Toshiba America, Inc., Timothy Fraser, Vice President, Assistant General Counsel
  • TRUSTe, Hilary Wandall, General Counsel and Chief Data Governance Officer
  • Charter Communications, Jane Rhodes-Wolfe, Head of Corporate Security
  • AT&T, James Grudus, Assistant Vice President, Senior Counsel
  • Nuveen, Matt DiGuiseppe, VP, Stewardship & Corporate Governance


Select agenda topics for the program include:

  • Why Boards Are Avoiding the Subject of Disruptive Threats
  • The Evolving Role of Risk Management: What Should Boards Want Included in their ERM Plan?
  • Corporate Governance: Does Good ESG Enhance Company Resilience?
  • Managing Regulators: How to Minimize Damage and Demonstrate Responsiveness


To learn more about Skytop Strategies' Executive Dialogue Series, click here.




Guest Post: Valuation of Information

The following is part of our guest blog series.

Jane C. Allen and Brian Fox, who advise organizations on e-discovery, forensics, and a broad range of additional IG topics in their roles at PwC, wrote this piece, and it is published as it was provided. PwC is an IGI Supporter

Information valuation is the topic of the keynote address at the CIGO Summit. PwC will also be there talking about their model, and we also have a deep dive session on models and calculators that are in use now at several organizations. There are still a few seats left -  register here. 

The Information Economy

It’s often been said that we are in an information economy. But what is the actual value of the information that’s driving it, and how do you measure it?

Is your information an intangible asset such as goodwill? Is it related to the volume or recency of data? Setting aside the accounting implications of information value measurement on balance sheets and overall company valuation, the idea of being able to use valuation as a means of weighing the economics of our own efforts around information governance is compelling.

That’s why we created this framework, which we call VOI — valuation of information.

(Some) Information Has Value

The notion of information having business value is not new.

Consider the willingness of investors to buy stocks in companies that hold information — even in apparent contravention of their financial performance. Or the large-scale IPOs or acquisitions of data-based companies (often devoid of significant physical assets), even with formal accompanying statements that the company may never make a profit.

There are countless other examples (both legal and illegal) where data is valued — bought and sold, for commercial purposes. But there’s a missing piece to the discussion, which is the implication that information is somehow a monolithic thing. Anyone who works in the field of information governance knows that nothing could be further from the truth.

All Information Is Not Created Equal

Let’s look at some examples. Some information is highly valuable: Think customer buying activity data or the explosive growth of “Internet of Things” devices carefully collecting and curating data on our every move. These are the data we expend significant effort and resources maintaining, protecting, mining and analyzing.

Some information could be highly valuable, if only the attributes of the data were a little better — better quality, a larger population, a little more normalized, a little better managed. (Think of the potential, for example, of activity trackers that collect geolocation, activity, weight, demographics, etc.)

Some information has no value, or at least none that you can perceive today. (We’ve never met a company that argued when we showed them that a very large percentage of their enterprise information went unused for five years or longer.) Even if there were some “secret gems” hiding in the oceans of dead data, expensive work would need to be done — in forms of both time and money — before you knew if you could extract a net value.

Some information costs you money, either because it is misleading, inaccurate, too inaccessible or has too great a noise-to-signal ratio and therefore impairs your ability to find truly valuable information.

No Assets Without Liabilities: It’s True of Information, Too

Many companies employ third parties at significant cost to perform data analysis that is too difficult for them to produce on their own. Many are mindful of the potential risk exposure that could arise in the wake of a cyber-breach, and are forearming themselves with cyber-insurance.

Clearly, information valuation is fraught with practical difficulties. If the aim is to value information assets, we must also be willing to consider information liabilities. We must consider the ways in which information can be improved (or can deteriorate) — and how that could impact its value over time. And crucially, we must account for one of the particularities of information: the fact that, unlike other assets, the same information can be used in many different cases — with a commensurately accretive value.

What’s needed is a systematic approach that enables a company to evaluate units of information — one that acknowledges imperfections, reveals opportunities and guides our resource allocation in a rational way. In this spirit, we offer a framework for the Valuation of Information (VOI).

The VOI Framework

Our VOI framework is composed of twelve dimensions grouped into four categories. The attributes are used to measure the business value of the information in the service of a specific use case.

The four categories are:

  1. Information Scope. How closely does the breadth (in time and population), depth and completeness of the information match the ideal data set for a given use case?
  2. Information Quality. How well does the quality of data elements, their structure and the traceability of the information support confidence in the analysis for a given use case?
  3. Information Accessibility. How easy is it to access, analyze and manipulate the information for a given use case, and how easy is it to integrate the information with other key systems in that use case?
  4. Information Scarcity. Sometimes it is the scarcity of information that drives its value. In such use cases, this category measures how unique the information at hand is, both today and into the future.

PwC Valuation of Information Model

Put VOI to Good Use

We hope this new VOI framework will help companies think differently about their information and explore new use cases that could bring needed attention to potentially hidden value, previously unexplored. And while we acknowledge that there is much room for debate and refinement, we think this is a meaningful first step to the process of credibly tackling information valuation — with potential for real-world, short-term benefits.

Information valuation is the topic of the keynote address at the CIGO Summit. PwC will also be there talking about their model, and we also have a deep dive session on models and calculators that are in use now at several organizations. There are still a few seats left -  register here. 


Who Should Attend the 2017 CIGO Summit? Here’s our list…

Beginning with the inaugural CIGO Summit in 2015, IGI and its partners have worked hard to establish and define the playbook of information management, the role of a Chief Information Governance Officer (CIGO) and the mission critical role they play in the success of his/her company.

As we move closer and closer to the CIGO Summit in the windy city, we continue to work to ensure not only that the right information is being shared, but also that the right people are getting it at the right time.

So who should be attending the CIGO Summit? Below you will find examples of personnel that would likely benefit from attending this Summit.

  1. Legal leaders

A high performing CIGO must have a keen understanding of the compliance matters his/her company operates under to perform with excellence in this role. Because of this, general counsel and other legal leaders are ideal candidates for the Summit, as they will be working alongside, and sometimes overseeing, the CIGO should their organization adapt this newly created C-level position.

  1. Technology Executives

Much like legal leaders, technology executives work side-by-side and often as superiors and direct reports to an organization's CIGO. While a CIGO will not generally have an extensive background in technology, they must understand and be current with the changing technologies on the market that impact their company and their business. Learning this key role of a CIGO from the other side will prove invaluable in proper execution along this significant business intersection.

  1. Business Operation Heads

The final piece of the most clearly visible multi-discipline intersection of a CIGO’s job lies in business operations. Just like the CIGO must understand, if not have a full background in business operation, so too should leaders in this space have a keen sense of the perspective and viewpoint from which a CIGO is likely to come from.

  1. CEOs

The ideal direct report for a CIGO and ultimately the biggest decision maker in any organization. If your company is considering or is at least open to considering creating the position of CIGO, having the CEO there is a must. Not only will he/she need to know what this newly created executive does, but the CIGO may very well be a direct report to the CEO.

  1. CIOs

Alongside the CEO, the CIO may be the most important individual within a company to attend the CIGO Summit. Due to the close knit nature of their respective jobs, it’s vital CIOs and CIGOs understand the differences in responsibility and perspective between these seemingly similar positions. In many organizations the CIGO reports directly to the CIO, so that is yet another reason CIOs do themselves and their companies a great service by attending this summit.

Join us May 10-11, 2017 in Chicago for another fabulous, ideas-rich event with some of the best and brightest minds in IG. To learn more about this year’s CIGO Summit and to register, please click here. We look forward to seeing you!


What Will You Learn at the 2017 CIGO Summit?

Since bursting onto the scene in 2015, the CIGO Summit, held this year in Chicago May 10-11, has worked to define the playbook of this critically emerging and ever-evolving C-level officer, dubbed the Chief Information Governance Officer (CIGO), and how a person in this role plays a significant part in his/her company’s success.

As we move forward into the 2017 conference, we plan to take this event’s building momentum to new levels. There are many reasons to attend the 3rd annual CIGO conference, but the biggest is the acquisition of knowledge. Below are some of the speakers and the topics they will cover at this year’s summit.

1. Accounting for the Value of Information – Mark Milone – Boeing Company
Mark is the lead attorney advising Boeing’s Information & Analytics organization. Boeing is the world’s largest aerospace and defense contractor.

A major theme for the 2017 CIGO Summit is information accounting: how do we calculate the value, risk, and cost of information, and how do we use that insight to drive responsible and informed business decisions about the fate of our information?

We are privileged to have Mark come to our CIGO Summit and share his story about:
• The approach he is developing to valuing information and determining information risk and cost
• What he has learned so far on his journey at the world’s largest aerospace and defense contractor
• The leadership lessons he has learned on his journey that you can use as you move forward as an information leader

2. Information Management & Governance – Roman Coleman – Options Clearing Corporation
Roman V. Coleman is an attorney who has led and consulted on numerous engagements to deliver compliant technical solutions for records management, litigation readiness, e-discovery, data governance, master data management and information compliance programs with leading publicly traded companies: Zurich, Coca-Cola, GE Capital, SunTrust Banks, and CenturyLink.

Mr. Coleman’s legal, business optimization, process improvement, change management, and technical expertise are uniquely valuable to organizations facing complex information management and corporate governance issues.

3. Data Ethics and the CIGO – Bennett B. Borden – Drinker Biddle & Reath
With great power comes great responsibility. Increasingly, information leaders have access to an incredible array of data and tools for extracting insight from that data. This creates a new frontier for information leaders faced with deciding not about whether a particular use of data is compliant or "legal" but rather, whether it is ethical. How can information leaders avoid crossing the "creepy line?" What kinds of insights are available and how should CIGO use those insights in a way that provides value to their customers and their organization? Bennett will lead us on a discussion of these critical issues and we will learn from the experiences from the information leaders in the room.

More Info?
These are just a few of the topics being covered at this year’s summit. For a full list of speakers and topics, visit http://cigosummit.com/program/.

Interested in coming? Register here.