Log In


Download Our Newest Deep Dive Case Study on Pandora Media

How Pandora Tuned In to Information Governance
To Take Control of Its Most Sensitive and Valuable Information Assets

An IGI Case Study

Usually when we think "Information Governance," we think traditional, large, litigated and regulated organizations. But as more and more organizations come to understand the value of IG, this image is rapidly changing. Recently, Pandora Media — a juggernaut in the streaming music business — partnered with IGI Supporter Active Navigation and its experts in governance and file analysis on a major IG project. We were fortunate enough to be able to do a deep dive on this project and bring the details to you.

Download the latest entry in our IG At Work series to learn:

  • How Pandora got rid of 60 percent of its unstructured data.
  • What it took for the company to identify and protect its most valuable and sensitive data. 
  • How Pandora developed policies for governing unstructured information.
  • How Pandora built executive support for IG. 
  • How Pandora used file analysis software to reach its IG goals.
  • How Pandora was able to sell the merits of IG to its employees.

The company that emerged on the other side of this critical IG project was more efficient, more versatile and more competitive. And their IG program only continues to grow in its sophistication and impact.

Click here to access the case study in the IGI Community.


Hidden Bias in the Black Box: Info Gov as a Key Check to Algorithmic Bias

by Jason R. Baron, Drinker Biddle & Reath, as seen on Legaltech News

With each passing day, we are 
 increasingly living in an algorithmic universe, due to the easy accumulation of big data. In our personal lives, we experience being in a 24/7 world of "filter bubbles," where Facebook has the ability to customize how liberal or conservative one's newsfeed is based on prior postings; Google personalizes ads popping up on Gmail based on the content of our conversations; and merchants like Amazon and Pandora feed us personalized recommendations based on our prior purchases and everything we click on.

While (at least in theory) we remain free in our personal lives to make choices in continuing to use these applications or not, increasingly often what we see is the result of hidden bias in the software. Similarly, in the workplace, the use of black box algorithms holds the potential of introducing certain types of bias without an employee's or prospective employee's knowledge. The question we wish to address here: From an information governance perspective, how can management provide some kind of check on the sometimes naïve, sometimes sophisticated use of algorithms in the corporate environment?

Algorithms in the Wild

An early, well-known example of the surprising power of algorithms was Target's use of software that, based on purchasing data (e.g., who was buying unscented lotions, cotton balls, etc.), was spookily able to predict whether a customer was likely pregnant. Target sent coupons for baby products to a Minnesota teenager's home before the teenager's father knew about the pregnancy, leading to a bad public relations episode. A different example is Massachusetts' use of a mobile app called Street Bump, where smartphones riding over potholes and the like would automatically report their location for local government to fix. The problem: the resulting map of potholes corresponded closely with the demographically more well-off areas of the city, as those were the areas where individuals knew to download the mobile app and could afford smartphones in the first place.

In workplace hiring decisions, facially neutral algorithms sometimes reveal a hidden bias based on how features are selected and weighted, or where certain variables used in the algorithm essentially function as "proxies" for real world racial or ethnic differences. For example, a software feature using the variable "commuting distance from work" as a factor in deciding which candidates to hire may, depending on local geography, discriminate based on race. As Gideon Mann and Cathy O'Neill stated in Harvard Business Review (12/9/16), "When humans build algorithmic screening software, they may unintentionally determine which applicants will be selected or rejected based on outdated information—going back to a time when there were fewer women in the workforce, for example—leading to a legally and morally unacceptable result."

Once on the job, employees may experience a very different kind of filter bias through software targeting the risk of internal threats to the company. The more advanced programs coming onto the market use sentiment analysis (e.g., algorithms looking at language used in emails) to predict whether certain individuals are more likely to display anger or other inappropriate behavior in the workplace. This capacity can be combined with matching up external sources of data on individuals obtained online, including credit report updates, crime reports, and certain types of medical information, to essentially triage the employee population into "high-risk" and lower risk categories, so as to target the keystrokes made by a few. If this all sounds like we have truly now entered a pre-crime, Minority Report world, it does.

IG and Its Role with Algorithms

What can or should be done? Mann & O'Neill suggest to avoid making decisions solely by use of an algorithm, but include what they call "algorithm-informed" individuals. They further suggest, "[w]e need to audit and modify algorithms so that they do not perpetuate inequities in businesses and society," with audits to be carried out either by inside experts or by hiring outside professionals. These are both sound suggestions.

Advocates of information governance (IG) argue that corporations with an IG program in place have a built-in mechanism to escalate data-related issues to a standing committee, consisting of either C-suite representatives or their delegates. In a growing number of corporate models, an individual with some kind of IG designation in their title will have been given authority to call together ad hoc groups to resolve specific data policy issues.

One could well imagine a chief information governance officer convening an ad hoc task force of the IG council, including a C-suite representative of the corporate human relations (HR) department, along with the person who approved or manages the data analytics software used by HR and a senior counsel, to perform the kind of "audit" of hiring practices envisioned above. Similarly, an ad hoc task force including the chief information security officer, senior HR office personnel, and other IT representatives and senior counsel could be asked to review how well internal monitoring of employees is working, and how much transparency or notice should be given to staff on such monitoring.

Along these lines, organizations might consider tasking a group of individuals—under the auspices either of the IG structure or as a freestanding committee—to perform a similar function to a present-day institutional review board, but limited to predictive software's effect on human subjects. Such an "algorithm review board" (ARB) would be tasked to provide approval and/or oversight of any use of analytics in the workplace aimed at targeting present employees or prospective hires, so as to serve as a check against possible hidden bias or a lack of notice where appropriate.

Some corporations (Microsoft and Facebook) have taken initial steps to implement, at least on a selected basis, an ethics review board being used in an equivalent way to an ARB. However, the practice remains rare across all industry verticals, notwithstanding the growing power of analytics in all aspects of daily life.

In his book, "The Black Box Society: The Secret Algorithms That Control Money and Information," law professor Frank Pasquale states that "authority is increasingly expressed algorithmically," and that "[d]ecisions that used to be based on human reflection are now made automatically." But, as computer scientist Suresh Venkatasubramanian has put it, "The irony is that the more we design artificial intelligence technology that successfully mimics humans, the more that A.I. is learning in a way that we do, with all of our biases and limitations."

This new reality calls for consideration of some kind of human intervention to serve as a quality control check on the black box (even if it means humans employing a second algorithm to check for bias in the first!) In the coming world we live and work in, adoption of some kind of IG framework that includes reviewing the possibility of algorithmic bias in the workplace will be appreciated by an increasingly sophisticated populace.

Jason R. Baron is Of Counsel at Drinker Biddle & Reath LLP in Washington, D.C.


Skytop Strategies: Executive Dialogue Series

IGI has partnered with Skytop Strategies on the upcoming Executive Dialogue Series entitled, "Governance: Building Company Resilience Capacity, on June 13th at Deloitte’s offices in New York. I am proud to be joining the conversation as a facilitator.

This is a full-day, interactive discussion group, limited to 35 senior level executives, designed to allow for a highly engaging exchange on the subject of corporate governance and building resilience through better practice.

Some of the others thought leaders for the program include:

  • Toshiba America, Inc., Timothy Fraser, Vice President, Assistant General Counsel
  • TRUSTe, Hilary Wandall, General Counsel and Chief Data Governance Officer
  • Charter Communications, Jane Rhodes-Wolfe, Head of Corporate Security
  • AT&T, James Grudus, Assistant Vice President, Senior Counsel
  • Nuveen, Matt DiGuiseppe, VP, Stewardship & Corporate Governance


Select agenda topics for the program include:

  • Why Boards Are Avoiding the Subject of Disruptive Threats
  • The Evolving Role of Risk Management: What Should Boards Want Included in their ERM Plan?
  • Corporate Governance: Does Good ESG Enhance Company Resilience?
  • Managing Regulators: How to Minimize Damage and Demonstrate Responsiveness


To learn more about Skytop Strategies' Executive Dialogue Series, click here.




Who Should Attend the 2017 CIGO Summit? Here’s our list…

Beginning with the inaugural CIGO Summit in 2015, IGI and its partners have worked hard to establish and define the playbook of information management, the role of a Chief Information Governance Officer (CIGO) and the mission critical role they play in the success of his/her company.

As we move closer and closer to the CIGO Summit in the windy city, we continue to work to ensure not only that the right information is being shared, but also that the right people are getting it at the right time.

So who should be attending the CIGO Summit? Below you will find examples of personnel that would likely benefit from attending this Summit.

  1. Legal leaders

A high performing CIGO must have a keen understanding of the compliance matters his/her company operates under to perform with excellence in this role. Because of this, general counsel and other legal leaders are ideal candidates for the Summit, as they will be working alongside, and sometimes overseeing, the CIGO should their organization adapt this newly created C-level position.

  1. Technology Executives

Much like legal leaders, technology executives work side-by-side and often as superiors and direct reports to an organization's CIGO. While a CIGO will not generally have an extensive background in technology, they must understand and be current with the changing technologies on the market that impact their company and their business. Learning this key role of a CIGO from the other side will prove invaluable in proper execution along this significant business intersection.

  1. Business Operation Heads

The final piece of the most clearly visible multi-discipline intersection of a CIGO’s job lies in business operations. Just like the CIGO must understand, if not have a full background in business operation, so too should leaders in this space have a keen sense of the perspective and viewpoint from which a CIGO is likely to come from.

  1. CEOs

The ideal direct report for a CIGO and ultimately the biggest decision maker in any organization. If your company is considering or is at least open to considering creating the position of CIGO, having the CEO there is a must. Not only will he/she need to know what this newly created executive does, but the CIGO may very well be a direct report to the CEO.

  1. CIOs

Alongside the CEO, the CIO may be the most important individual within a company to attend the CIGO Summit. Due to the close knit nature of their respective jobs, it’s vital CIOs and CIGOs understand the differences in responsibility and perspective between these seemingly similar positions. In many organizations the CIGO reports directly to the CIO, so that is yet another reason CIOs do themselves and their companies a great service by attending this summit.

Join us May 10-11, 2017 in Chicago for another fabulous, ideas-rich event with some of the best and brightest minds in IG. To learn more about this year’s CIGO Summit and to register, please click here. We look forward to seeing you!


What Will You Learn at the 2017 CIGO Summit?

Since bursting onto the scene in 2015, the CIGO Summit, held this year in Chicago May 10-11, has worked to define the playbook of this critically emerging and ever-evolving C-level officer, dubbed the Chief Information Governance Officer (CIGO), and how a person in this role plays a significant part in his/her company’s success.

As we move forward into the 2017 conference, we plan to take this event’s building momentum to new levels. There are many reasons to attend the 3rd annual CIGO conference, but the biggest is the acquisition of knowledge. Below are some of the speakers and the topics they will cover at this year’s summit.

1. Accounting for the Value of Information – Mark Milone – Boeing Company
Mark is the lead attorney advising Boeing’s Information & Analytics organization. Boeing is the world’s largest aerospace and defense contractor.

A major theme for the 2017 CIGO Summit is information accounting: how do we calculate the value, risk, and cost of information, and how do we use that insight to drive responsible and informed business decisions about the fate of our information?

We are privileged to have Mark come to our CIGO Summit and share his story about:
• The approach he is developing to valuing information and determining information risk and cost
• What he has learned so far on his journey at the world’s largest aerospace and defense contractor
• The leadership lessons he has learned on his journey that you can use as you move forward as an information leader

2. Information Management & Governance – Roman Coleman – Options Clearing Corporation
Roman V. Coleman is an attorney who has led and consulted on numerous engagements to deliver compliant technical solutions for records management, litigation readiness, e-discovery, data governance, master data management and information compliance programs with leading publicly traded companies: Zurich, Coca-Cola, GE Capital, SunTrust Banks, and CenturyLink.

Mr. Coleman’s legal, business optimization, process improvement, change management, and technical expertise are uniquely valuable to organizations facing complex information management and corporate governance issues.

3. Data Ethics and the CIGO – Bennett B. Borden – Drinker Biddle & Reath
With great power comes great responsibility. Increasingly, information leaders have access to an incredible array of data and tools for extracting insight from that data. This creates a new frontier for information leaders faced with deciding not about whether a particular use of data is compliant or "legal" but rather, whether it is ethical. How can information leaders avoid crossing the "creepy line?" What kinds of insights are available and how should CIGO use those insights in a way that provides value to their customers and their organization? Bennett will lead us on a discussion of these critical issues and we will learn from the experiences from the information leaders in the room.

More Info?
These are just a few of the topics being covered at this year’s summit. For a full list of speakers and topics, visit http://cigosummit.com/program/.

Interested in coming? Register here.


Need a Reason to Attend the 2017 CIGO Summit? Well, Here Are Ten.

The CIGO Summit, held May 10-11 in Chicago, has defined the critical and emerging role of the Chief Information Governance Officer (CIGO). In our third annual event, we will continue to drive into the details of what it means to be an information leader.

    1. Your Peers
      Nowhere else can you find a gathering of the people like those who come to the CIGO Summit – both those who control millions in IG budget and lead large teams and those information leaders who are just beginning their journey. Information leaders from the world’s leading companies (e.g., Walmart, Pfizer and MasterCard) help make the CIGO Summit what it is.


    1. Groundbreaking
      Much like the evolution of the CIO as a standalone role in the 1980s, we believe the CIGO is beginning to do that today. Come be a part of helping modern businesses redefine how their organizational information is managed, governed and deployed.


    1. Help Define a New Path
      The role of the CIGO is still very much being written. We focus on the cutting edge of information governance by helping to refine the role of the CIGO and deploy more of these new age executives into the marketplace.


    1. Stay Ahead of Your Competitors
      Due to the ever-developing nature of this information governance revolution, many companies are simply not up to speed. We help provide insight to gain a significant advantage over your competitors in the area of information governance knowledge and best practices.


    1. The Experience
      “The single most important industry event I have yet attended; densely packed with immediately useable approaches, methodologies and best practices; staffed by passionate and supremely experienced SMEs – both within and extraneous to the discipline – providing a 360-degree view of the imminent CIGO revolution; overall a grand slam. A definite repeat for next year!” – Richard Kessler, Executive Director Information Lifecycle Governance, Group Information Security Office UBS


    1. We Get to the Point
      If there is one thing we hate, it’s wasted time. It’s a resource that simply can’t be replaced. CIGO is jam-packed with useful and actionable knowledge pertaining to information governance. All this is packed into 1.5 fast-paced days.


    1. The Experts
      This year’s CIGO Summit features speakers like: Mark Milone of The Boeing Company, Aaron Murphy of McCormick & Co., Roman Coleman of The Options Clearing Corporation, Ajay Asthana of Pretium Analytics, Bennett B. Borden of Drinker, Biddle & Reath as well as many more. For a complete list of speakers, click here.


    1. The Depth
      As an interdisciplinary pursuit, there is so much to talk about in IG. Our fast-paced format allows us to cover a broad range of topics while drilling down on the ones that we believe are the most important for CIGOs in 2017, including information valuation, cybersecurity, and strategies for finding and building your IG team.


    1. The Location
      Every time we return to Chicago we are reminded what a beautiful city it truly is. And your fortieth floor conference space with floor-to-ceiling glass windows affords a view of that city that is second to none. CIGO Summit is easy to get to and in the heart of the action.


  1. The Trends
    There is no better way to keep pace with the legal, technological, political and economic trends that are affecting IG now and in the future than to sit together with the experts and your peers and hear what's on their minds.

Join us May 10-11, 2017 in Chicago for another fabulous, ideas-rich event with some of the best and brightest minds in IG. To learn more about this year’s CIGO Summit and to register, please follow the link below.