Log In

Commentary

Guest Post: Big Data From Employees Lead to Big Risk For Employers

This article was originally published on The Relativity Blog. It was written by Sam Bock, editor of The Relativity Blog and a member of the marketing communications team at kCura.

Between Wikileaks, tech experts, and the Federal Trade Commission, we have no shortage of sources reminding us on an almost daily basis that the Information Age brings both invaluable new resources and technology, and a significant threat to personal privacy. Data is everywhere, and it’s accessible by more entities than ever—including employers.

To get to the heart of how employees understand data privacy and how their online behavior at work can impact it, kCura recently commissioned a survey conducted by Harris Poll among 1,013 US adults age 18 and older who were employed full-time or part-time, working in a traditional office setting for at least 50 percent of the time, and are not freelancers (referred to as “employees” throughout).

We learned that although nearly all employees (98 percent) say their privacy is important to them, the majority (60 percent) have used their personal device in some way while connected to their company’s WiFi, which potentially sacrifices that privacy while at work. Here’s a look at the results and how employers can protect themselves against excess data proliferation.

Check out the full report for more insight into the data, a method statement for the survey, and more insights.

 

Guest Post – Information Governance and the Social Enterprise

Information Governance and the Social Enterprise
by Robert Cruz, Senior Director, Product Marketing of Actiance, Inc.

Another terrific gathering of information governance and records management thought leaders at the MER Conference and the IGI’s awesome Chief Information Governance Officer (CIGO) Summit in Chicago.

MER provided a great opportunity to present our thoughts on “Information Governance and the Social Enterprise”, reflecting upon the massive changes underway in the ways that organizations are communicating and collaborating through tools like Slack, WeChat, Skype for Business, and a dizzying number of new messaging tools appearing almost daily. This was not exactly mainstream MER content, leading to quite a few comments and inquiries before the session along the lines of:

“what does social media have to do with records management?”

“is there an information governance for the anti-social enterprise?”

“we don’t govern social content… our policy is to block it”

Which I attempted to address during the session, and will summarize here.

Key Point 1: Your employees are using LinkedIn, Twitter, Skype for Business – and WhatsApp and WeChat.

Today, more organizations are sanctioning the use of LinkedIn to reach prospects. They’re enabling Skype for Business conversations with customers that include video, voice, messaging, and app sharing. They are engaged in selling efforts with information delivered uniquely across mobile devices. In fact, one major bank indicates that they sent more IM than email last year. A recent survey from PwC indicates that more than 40% of respondents indicated a social media presence is important in their choice of a health care provider. And, today, WeChat has over 1 billion users around the world. Great, but why does this matter? It matters because governance is about managing information according to its value or risk. And the reality today is that more firms and employees are communicating and collaborating on channels outside of managed email and content management repositories – in some cases over channels that are not currently under governance controls.

Key Point 2: This is not just an issue for regulated companies. Business records are everywhere.

The idea that one can control social media or encrypted instant messaging tools is a new concept for some. And while it is true that regulated firms have progressed further with the idea of proactively capturing these non-email content sources to meet industry retention requirements, they are not alone. Public corporations should take note of SEC regulation Fair Disclosure (FD) and the case of Netflix. All organizations are no doubt aware of employment and contract laws and personal data privacy protections. The key point being that social content can not only trigger regulatory action based upon misuse, but also as a source in US civil litigation where judges are ruling that social and messaging sources are discoverable, and where those who haven’t taken appropriate steps to preserve these sources have suffered the consequences. Unfortunately, the reality of business records expressed as 140 character Tweets has arrived (and, yes, even excluding those emanating from Pennsylvania Avenue at 2:30am)

Key Point 3: Your policies should be applicable to your communication tools.

Have you touched your employee communications or records retention policies lately? If not, it may be time to ensure that your policies are keeping up with the ways individuals are doing their job today. Policies designed for email may need to reviewed to ensure these rich tools can be used by specific job holders. Similarly, retention policies may be worth a touch up as you consider the possibility that a conversation that includes information covered under a non-disclosure may be taking place right now on Skype for Business.

Key Point 4: Your governance tools must be designed for today’s communications.

Equally important, organizations should be asking whether the technologies they currently use to capture, retain, supervise, and discover business records (or data that might be responsive to civil litigation) were designed for the communications of a different era. Those continuing to leverage technology designed 10-15 years ago may be in for a big headache the first time a large legal matter or regulatory inquiry arrives that requires the review and production of social media, instant messaging, or voice communication.

We look forward to continuing to help organizations meet these new InfoGov challenges created as your organization’s patterns of communication and collaboration continue to evolve.

 

Guest Post: Valuation of Information

The following is part of our guest blog series.

Jane C. Allen and Brian Fox, who advise organizations on e-discovery, forensics, and a broad range of additional IG topics in their roles at PwC, wrote this piece, and it is published as it was provided. PwC is an IGI Supporter

Information valuation is the topic of the keynote address at the CIGO Summit. PwC will also be there talking about their model, and we also have a deep dive session on models and calculators that are in use now at several organizations. There are still a few seats left -  register here. 

The Information Economy

It’s often been said that we are in an information economy. But what is the actual value of the information that’s driving it, and how do you measure it?

Is your information an intangible asset such as goodwill? Is it related to the volume or recency of data? Setting aside the accounting implications of information value measurement on balance sheets and overall company valuation, the idea of being able to use valuation as a means of weighing the economics of our own efforts around information governance is compelling.

That’s why we created this framework, which we call VOI — valuation of information.

(Some) Information Has Value

The notion of information having business value is not new.

Consider the willingness of investors to buy stocks in companies that hold information — even in apparent contravention of their financial performance. Or the large-scale IPOs or acquisitions of data-based companies (often devoid of significant physical assets), even with formal accompanying statements that the company may never make a profit.

There are countless other examples (both legal and illegal) where data is valued — bought and sold, for commercial purposes. But there’s a missing piece to the discussion, which is the implication that information is somehow a monolithic thing. Anyone who works in the field of information governance knows that nothing could be further from the truth.

All Information Is Not Created Equal

Let’s look at some examples. Some information is highly valuable: Think customer buying activity data or the explosive growth of “Internet of Things” devices carefully collecting and curating data on our every move. These are the data we expend significant effort and resources maintaining, protecting, mining and analyzing.

Some information could be highly valuable, if only the attributes of the data were a little better — better quality, a larger population, a little more normalized, a little better managed. (Think of the potential, for example, of activity trackers that collect geolocation, activity, weight, demographics, etc.)

Some information has no value, or at least none that you can perceive today. (We’ve never met a company that argued when we showed them that a very large percentage of their enterprise information went unused for five years or longer.) Even if there were some “secret gems” hiding in the oceans of dead data, expensive work would need to be done — in forms of both time and money — before you knew if you could extract a net value.

Some information costs you money, either because it is misleading, inaccurate, too inaccessible or has too great a noise-to-signal ratio and therefore impairs your ability to find truly valuable information.

No Assets Without Liabilities: It’s True of Information, Too

Many companies employ third parties at significant cost to perform data analysis that is too difficult for them to produce on their own. Many are mindful of the potential risk exposure that could arise in the wake of a cyber-breach, and are forearming themselves with cyber-insurance.

Clearly, information valuation is fraught with practical difficulties. If the aim is to value information assets, we must also be willing to consider information liabilities. We must consider the ways in which information can be improved (or can deteriorate) — and how that could impact its value over time. And crucially, we must account for one of the particularities of information: the fact that, unlike other assets, the same information can be used in many different cases — with a commensurately accretive value.

What’s needed is a systematic approach that enables a company to evaluate units of information — one that acknowledges imperfections, reveals opportunities and guides our resource allocation in a rational way. In this spirit, we offer a framework for the Valuation of Information (VOI).

The VOI Framework

Our VOI framework is composed of twelve dimensions grouped into four categories. The attributes are used to measure the business value of the information in the service of a specific use case.

The four categories are:

  1. Information Scope. How closely does the breadth (in time and population), depth and completeness of the information match the ideal data set for a given use case?
  2. Information Quality. How well does the quality of data elements, their structure and the traceability of the information support confidence in the analysis for a given use case?
  3. Information Accessibility. How easy is it to access, analyze and manipulate the information for a given use case, and how easy is it to integrate the information with other key systems in that use case?
  4. Information Scarcity. Sometimes it is the scarcity of information that drives its value. In such use cases, this category measures how unique the information at hand is, both today and into the future.

PwC Valuation of Information Model

Put VOI to Good Use

We hope this new VOI framework will help companies think differently about their information and explore new use cases that could bring needed attention to potentially hidden value, previously unexplored. And while we acknowledge that there is much room for debate and refinement, we think this is a meaningful first step to the process of credibly tackling information valuation — with potential for real-world, short-term benefits.

Information valuation is the topic of the keynote address at the CIGO Summit. PwC will also be there talking about their model, and we also have a deep dive session on models and calculators that are in use now at several organizations. There are still a few seats left -  register here. 

 

E-Discovery and IG in 2017 and Beyond: The Recording of Our Online Discussion Now Available

We had a great online discussion this week with IGI Charter Supporter OpenText about trends in e-discovery and IG for 2017 and beyond. We also talked about the significance of their recent acquisition of Recommind and what it says about OpenText's product strategy and the market in general.

The video will be available here on our public site for a week, at which point it will move to the Resources section of our growing online community, where you can create a profile and interact with your IG peers. The slides from this online event will also be available there shortly.

 

Eight Reasons It’s Time for a Data Map

A data map is an inventory and visualization of your company’s data and information assets. The rising number and severity of data breaches is generating strong demand for maps, and there are other reasons to create, improve, and sustain one.

  1. Data Maps Make Chief Information Security Officers (CISOs) More Effective. The newly hired CISO, on day one, wants to see the company’s data map. Without one, how would they know what they’re supposed to protect? Not all information is created equal, so it does not all require the same level of protection. How will your CISO identify and find the sensitive data? Without a data map, the CISO flies blind.
  2. Data Maps Drive Business. We live in the golden age of data analytics. Your teams want to harness vast stores of structured and unstructured data to develop needle-moving insights. However, they need the comprehensive awareness that a data map provides to know where the most accurate and trustworthy data lives.
  3. Your Board Wants a Data Map. The National Association of Corporate Directors, in its Cyber-Risk Oversight Handbook, instructs board members to ask management for a data map. Your board will not take kindly to being told “no” because data maps are an “ocean boiling” or “Golden Gate Bridge painting” exercise. Data maps are both of those when you do it wrong, but something else entirely when you do it right.
  4. Data Maps are Essential for Compliance. FINRA regulations in the financial markets, PCI for retailers, 21 CFR Part 11 for pharmaceuticals, and HIPAA in healthcare are some well known examples of the massive and growing volume of laws, regulations and standards focused on data protection. Frankly, it is very difficult to achieve compliance with these kinds of directives without a data map.
  5. Data Maps Let Us Actually Treat Data as an Asset. Data needs a sponsor at the corporate table, much like the head of HR has responsibility for the people in an organization. Most organizations do not have this role because – candidly – most of us blithely talk about information as an “asset” but few of us have the tools or the mandate to actually inventory, assess, and manage this asset. This needs to change, and the data map provides a central tool that this new kind of information leader needs to drive the change. This mandate might be given to an existing CIO, CFO, General Counsel, COO, or to an entirely new role that is emerging called the Chief Information Governance Officer (CIGO).
  6.  Data Maps Create Data-Centric Organizations. The process of data mapping involves people from across the organization, including IT, Finance, Legal, and business unit leaders, among others. This process engages employees and helps stakeholders across the organization think and act in a data-centric way. Critical questions emerge, such as: what data are we collecting and why; how do we use the data to make better-informed business decisions that create incremental value; and what can we do to ensure that the data is of high quality?
  7. Data Maps Make Good Housekeeping. Studies show that about two-thirds of an an average knowledge worker’s data is redundant, obsolete or trivial (ROT). Eliminating ROT lowers storage costs, and it’s easier to find and protect the useful data that remains. However, as many organizations hauled into court have discovered, getting rid of the wrong thing at the wrong time can result in enormous penalties and even criminal charges. Good housekeeping in the data environment is not possible without an accurate, comprehensive, and up-to-date data map.
  8. Data Maps are Doable. Data get balkanized within lines of business and in functional areas across organizations, creating unnecessary risk and limiting our ability to realize value from them. These assets reside in data centers; in devices such as cell phones, tablets, laptops and thumb drives; in the cloud; on paper; and elsewhere. New technology and techniques to locate, identify, track, and visualize data makes the job of building and sustaining a data map within the reach of every company.

Craig Callé is a member of the IGI Advisory Board, a small group of senior professionals and subject matter experts representing the disciplines that together comprise Information Governance. The Advisory Board provides feedback and direction on the IGI's agenda and strategy.

 
Global Information Governance Day

Global Information Governance Day: Four Years In

Happy Global Information Governance Day, everyone!

It’s hard to believe that today is already the fourth annual Global Information Governance Day (GIGD). This year I saw the date coming up on the calendar and helplessly watched as it approached closer and closer. Yes, GIGD was coming for another year. In prior years, we have done a lot around this day, including Twitter chats and other things, which were fun.
This year, however, we are fortunate enough to be so fully engaged in defining the best practices and the profession of IG that we haven't had as much time for GIGD hijinks s we have in the past.

Reflecting on this, I think our experience mirrors that of the IG professionals we work with in our community. Like theirs, our heads are down—laser-focused—on actually doing IG, as opposed to thinking about it, trying to define it, or just talking about it. And, even though I may be a characteristically humble Canadian, I'm not too humble to avoid letting the IGI take credit for a huge part of this transition.

Four years ago, as Tamir Sigal, Garth Landers, and I stood in the back room of Faces & Names in New York, (now the headquarters of our annual cocktail reception—thanks to the 350 people who managed to squeeze in a couple weeks ago—and riffed on Tamir's idea for GIGD, I have to be honest with you, we were laughing at the idea of having the audacity of just, well, declaring that GIGD was a thing. In hindsight, I guess audacity was probably the most important element of that discussion.

Barclay T. Blair, Founder and Executive Director of the Information Governance Initiative (IGI) and co-creator of Global Information Governance Day (GIGD).

Four years later, it's kind of crazy to see GIGD become a thing, with a lot of chatter and announcements happening in our industry. At the time we invented GIGD, the Information Governance Initiative wasn't even a gleam in my eye, unless you count a set of messy slides I created in a fever dream as a "plan."

Standing in that same spot a couple weeks ago, I was frankly kind of amazed at what has happened to IG in the past four years, and what we have accomplished at the IGI in only two.

    • Yesterday, I presented our annual report on a webinar for AHIMA, a valued IGI partner and professional association for 60,000 information professionals in health care that has gone all in on IG.
    • Last month, we partnered with Skytop Strategies at an event with an audience that I have never discussed IG with before. They are so hungry for knowledge and best practices around IG. These are the people who design, sit on, and build public company boards. A cool triangulation occurred at that event, where a great speaker from one of our events, Scott Ernst, a VP at Wells Fargo Insurance (and all round good guy), was a major contributor to an animated discussion around the role of IG in cyber insurance policies.
    • Next month, we're doing an event with Skytop focused on the connection between cyber security and governance for institutional investors and shareholders.
    • We have also done events and research with partners in the chief data officer world, in big data analytics, and in cyber security.

It's still hard for me to believe that I am talking about IG with these and so many other amazing communities in privacy, cyber security, big data, analytics, and the list goes on. Here is more of what we have achieved this year:

    • We recently met with senior executives from one of the world’s largest hedge funds, who are being asked to incorporate IG into their assessments and valuations of the companies they invest in.
    • Today, there are IG leaders in our corporate counsel group who now have IG staffs of dozens of people and budgets of tens of millions of dollars. (Check out the roster from our Chief Information Governance Officer (CIGO) Summit last year, and mark your calendar for May 25-26 for this year’s event, which will be even bigger and better.)
    • Over the last year, our engaged audience at the IGI has doubled to more than 11,000. The number of providers supporting us also more than doubled.
    • We created the IGI Awards and handed out our first CIGO of the Year Award to an amazing leader at MasterCard. Check out her acceptance video here.
    • Our in-person events reached more than 1400 people, and our webinars reach thousands. In 2015, we held 7 boot camps; numerous dinners, webinars, partner events; the first annual CIGO Summit, and a national conference on IG.
    • We have created numerous resources and publications, too, including, e.g.,
      • Stories in Information Governance—The IGI 2015 Benchmarking Report.
      • The IGI Annual Report 2015-2016—Based on our survey of the IG community.
      • Information Governance 2020-2020 Vision on Information Governance—looking at the predictions of IG leaders for the future of IG.
      • Introducing the Chief Information Governance Officer: A New Information Leader for a New Era.
      • And much more. Check out all of our publications available at our online community.

Our signature piece, the IGI Annual Report, now in its second year, shows how the discipline has grown and that the work of IG is getting done. This is worth a deep-dive read to bring you up to speed with what is happening today in IG. Among other things, it shows that most providers in the space predict rapid growth this year, and over one third predict at least 30%. The community is also coalescing around the need for a designated IG leader—which we had anticipated and have championed in the idea of the CIGO.

In short, we have, four years after the idea for GIGD was birthed in the kind of punch drunk conversation you have with your friends during marathon conferences, a true IG industry, market, and profession have emerged.

OK, that's about all the time we can spare for reflection. Back to work, everyone.

But, for those of you paying attention at home, don't worry, I will not disappoint. As has become the established tradition on this day, I close with the ceremonial viewing of goats yelling like people.

Happy GIGD!
Barclay