Log In

Industry Expert

3 Critical Qualities of Resilient Information Leaders

“Resilience” has become a buzzword, as all seemingly simple and intuitive psychological concepts do once they penetrate our public (and commercial) consciousness. The current buzz around resilience, whether applied to the environmentcompanies, or children, originated in the field of psychology with researchers trying to determine what makes one person seemingly bulletproof while another, who appears to have every emotional advantage, crumbles when faced with minor adversity. Resilience even has its own counter-buzz, signaling that it has conclusively reached memetic status.

Studies of resilience focus on how we respond to both “environmental” threats—problems that are chronic and less intense but no less difficult—as well as “acute” threats that cause shorter bursts of intense adversity or trauma.

Information leaders face both types of adversity. “House on fire” emergencies like lawsuits, investigations, and cybersecurity breaches represent acute, intense threats that can be all consuming but relatively short in duration. Information leaders also face chronic adversity and threat, often in the form of problems that continue to emerge and reemerge—including long-term efforts to build and enforce an information governance program; evaluating, purchasing, and implementing enterprise software; or guiding a years-long change management program, to name a few.

What Builds Resilience?

Norman Garmezy was a pioneer in the study of psychological resilience. His critical insight was that studying successful people could yield insights not likely to come from studying failure (the common approach at the time). His research led to the identification of several “protective factors” that resilient people have.

Not surprisingly, this research also found that pure luck is a big factor. Some people with an otherwise tough life find a great mentor, bond with an emotionally mature caregiver, find easy financial success, and so on. Others have no luck other than bad luck and it simply overwhelms them no matter what their other qualities.

Luck is no small factor in the lives of information leaders. Sometimes the server just blows up. Sometimes a crucial staff member falls ill or leaves. Management priorities change. Sometimes “mistakes are made,” and there is nothing that anyone could have done to anticipate or prevent them. Recognizing bad luck and not feeling responsible for it or allowing it to drive magical thinking about being “cursed” is a key “protective factor” exhibited by resilient people generally and resilient information leaders specifically.

All resilient people have common qualities. At the Information Governance Initiative, through our research and experience working with IG professionals—including those leading incredibly stressful projects like e-discovery in “bet-the-company” litigation and security breaches—we have learned that resilient information leaders also share many common qualities.

Here are three of those qualities. Join our webinar where we will reveal more details about these and the other six habits that resilient e-discovery leaders share. The 9 Habits of Resilient e-Discovery Leaders webinar is hosted by EDRM.

1. They don’t try to be heroes.

In the face of acute adversity, resilient e-discovery and information governance leaders avoid the misguided sense of heroism that is often associated with focusing on a crisis to the exclusion of everything else. American business in particular has canonized and internalized the image of the cowboy: the rugged individual with a complete absence of emotional need, a singular focus on getting the job done no matter what, and a superhuman ability to do it all himself. The lie of this myth is born out in study after study showing stress levels going up and productivity, health, and job satisfaction levels going down in workplaces that implicitly encourage, and explicitly reward, this behavior.

Neglecting personal relationships and sacrificing wellbeing by eating poorly and shirking exercise have real consequences over the long term—something that resilient information leaders recognize and incorporate into their working life, even when “the house is on fire."

Although times of crisis may demand periods of extreme intensity and long hours, they are not sustainable; nor, in most cases, is the damage of trying to sustain this posture—anxiety, insomnia, elevated cholesterol, depression—worth the reward.

2. They play to their strengths—and acknowledge their weaknesses.

Resilient people do not need to be gifted people. In fact, research from developmental psychologist Emmy Werner has shown that a more reliable predictor of resilience is the ability to put your skills to work effectively. For an information professional in the early part of your career, this means learning what your real strengths and weaknesses are, and seeking roles that play to your strengths and minimize opportunities for your weaknesses to limit you. This does not mean avoiding new challenges—in fact, a predictable quality of resilient people is that they seek out new experiences and challenges. However, it does mean understanding your strengths and seeking ways to learn about, identify, and apply them at their full potential.

For information leaders in mid-career and beyond, this also means having the wisdom to supplement your weaknesses by delegating, building a team that complements each other, and hiring deputies who have the strengths you lack but are necessary for e-discovery success. For example, if you have a deep technical understanding but are terrible at putting together a project plan, seek out those who are amazing project managers.

3. They don’t grant failure undue power.

Fulfilling our potential as people, and as information leaders, is dependent upon our ability to absorb, bounce back from, and learn from mistakes and failures. One of the most powerful predictors of resilience is how we perceive potentially traumatic events. In fact, how you view an event, like a stressful and scary e-discovery demand, actually determines whether or not it is in fact ultimately traumatic.

The research gets even more fascinating, clearly showing that exposure to events that could be very traumatic does not actually predict how well a person will function in the future. Rather, the most reliable predictor is the way that person views, or “construes,” an event. This does not mean that we must be Pollyannas or deify the “power of positive thinking,” but it does demonstrate the objective effect that our response to difficult events actually has on whether or not we are traumatized by them. The best news is that the ability to construe potentially painful events in a way that minimizes their harm can actually be taught and learned—with practice and a lot of patience.

Our ability to bear adversity in both our personal and working lives is ultimately simple math: i.e., is the depth of the adversity greater than our resilience? Everyone has a breaking point. Highly resilient people have a higher breaking point. It is important, and I believe uplifting, to realize that these qualities can in large measure be learned. One powerful learning technique is modeling people we aspire to be like, and in the information governance community we are we are fortunate to have so many great e-discovery leaders who we can learn from as true models of resilience.

 

Presidential Tweets and Self-Destructing Messages Under the Records Laws: The New Normal

Washington, D.C. of counsel Jason R. Baron published an article in Bloomberg Law titled “Presidential Tweets and Self-Destructing Messages Under the Records Laws: The New Normal.”

Jason discusses the recordkeeping challenges and legal developments that result from presidential tweets and other forms of communications used by White House personnel in the Trump administration.

Jason also notes that these legal developments raise a number of information governance issues that have direct applicability to private sector institutes.

Read "Presidential Tweets and Self-Destructing Messages Under the Records Laws: The New Normal."

 

How the General Counsel Can Shape Information Governance

Jake Frazier – Senior Managing Director, FTI Consulting & Sonia Cheng – Senior Director, FTI Consulting
As seen on ethicalboardroom.com

 

Information governance is often thought about in the context of IT efficiency, data security and regulatory compliance. While it is true that these are the most critical drivers for executing data governance programmes, there is an equally important factor that deeply resonates with a corporation’s board and C-suite: reputational risk.

Just as trust is a key and fragile pillar for relationships in our personal lives, it is essential – among shareholders, clients, customers and employees – for a business to thrive. Ultimately, top company leadership is responsible for managing reputational risk and ensuring that the overall direction of the company will uphold trust in the brand.

As we’ve seen countless times, failure to handle data properly often results in damaging data breaches, which beyond legal and compliance violations, break trust and allow doubt to become part of a company’s image. Thus, it is critical that the board views information governance (IG) as being about compliance and legal risk, as it must be, but also as an effort to instil a high standard for ethics and privacy into the company’s culture. By embracing this mindset, a corporation’s leadership can set the correct tone from the top down, building advocacy for actionable programmes that ensure safe and responsible handling of sensitive data, as well as strong compliance and efficiency.

“BECAUSE THE GENERAL COUNSEL HAS HISTORICALLY BEEN THE GO-TO STAKEHOLDER FOR DEALING WITH HIGHLY SENSITIVE ISSUES… THE CORPORATE LEGAL TEAM IS UNIQUELY POSITIONED TO LEAD THE CHARGE TOWARDS PROACTIVE DATA GOVERNANCE”

Because the general counsel (GC) has historically been the go-to stakeholder for dealing with highly sensitive issues – primarily for litigation and investigations – the corporate legal team is uniquely positioned to lead the charge towards proactive data governance. Given this fact, the issue of ethical obligation comes into play. In the US, federal and state laws require companies to implement reasonable security protections to safeguard personal data. There is a wide range of similar requirements around the world.

Beyond the duty to disclose, legal teams also have an ethical obligation to maintain a level of technical knowledge. In Day v. LSI Corp., in-house counsel was sanctioned for failing to document and supervise the discovery collection process and for allowing the company’s document retention policy to be ignored. In the context of IG, this is important, as legal teams must have a clear understanding about data sources and retention practices, the impact of how they choose to handle electronically stored information, and accuracy of how facts are represented to regulators, opposing parties and the courts. Ultimately, these points illustrate the fact that ethical obligations cannot be overlooked when considering the GC’s role in IG efforts.

Click here to continue reading about the top issues for 2017...

 

Getting Past Some of the Top Barriers to IG Success

Recently, the IGI caught up with Scott Burt, President and CEO of Integro, one of IGI’s newest supporters to discuss some of the IG challenges they see in the market and how organizations are overcoming them. Integro, a Gartner “Cool Vendor” and recipient of IBM’s Worldwide Business Partner Governance Excellence Award, joined the Information Governance Initiative (IGI) this year. IGI Supporters, like Integro, provide an annual financial contribution that enables the activities of the IGI, and by doing so demonstrate their commitment to the advancement of information governance (IG).

Executive Support Is Key

We asked Scott what he thought were the biggest challenges organizations face today in terms of their ability to implement successful IG programs and projects.

“I believe the biggest challenge is having the consensus and the broad executive support to affect the culture and to effect change on the company to mature to the next level. Often IG initiatives don’t become a big enough priority or the cultural challenges seem too difficult. It’s hard to imagine IG having less of a priority when I see all the risk and exposure that I do, but not all companies recognize IG’s potential, not only in reducing risk, but also greatly improving business decision-making,” says Scott.

The good news is, challenges like this can be overcome and successful change management is possible, explains Scott. He’s witnessed and helped foster success across a variety of IG projects. Scott sees high level support and goal-setting as key elements to success.

“Support from the executive level makes a huge difference in a successful project. I recommend forming an executive level, cross-functional committee that has support from the Board or CEO. When chartered with goals and metrics that are effective for the company, this cross-functional leadership group can lead and direct and delegate to an executive who runs the program.

Likewise, it’s important to have goals and objectives that matter for the company. If the initiative and its goals don’t hold value for executives, they aren’t going to give it the time of day. With a cross functional executive team and goals that matter, the benefits can be huge,” he added.

Scott’s observations are consistent with IGI’s research results as reported in the 2015-16 IGI Annual Report. Change management was the third most commonly reported barrier to successful IG; 60% of IG practitioners identified it as a barrier to IG progress at their organizations. Additionally, more than one third of practitioners identified lack of executive support as a barrier.

IG Results Are Achievable: A Customer Success Story

One of Integro’s specialties is email governance, an area in which change management can be very tricky. All too often, Scott shares, he hears organizations and stakeholders within them making all types of excuses as to why they can’t effectively govern their emails.

“The thought of trying to change users’ email habits scares a lot of company executives. But it doesn’t need to be complicated or controversial. I’ve seen companies of all sizes, from small firms to large, multinational corporations, have success. explains Scott.

Scott points to a large email governance initiative as an example of a customer who achieved IG success by effectively garnering executive support and developing strong goals, as he recommends.

“We have a global, fortune 500 client with tens of thousands of users in dozens of countries. They have had tremendous success with an enterprise-wide email management solution Integro helped the company implement. The solution, which leverages Integro’s product, Integro Email Manager and Microsoft Exchange, enables the company to organize and manage email by its value. They retain a small percentage of corporate email that has value, while at the same time regularly, defensibly and soundly disposing of the transient content. The end result for the client has been millions saved on eDiscovery and storage costs. They are achieving the goal that so many think is too big of a challenge,” Scott says.

“This customer, like others who have been successful, did a great job of change management and communication. They had strong executive support up to the highest levels, and they followed a thorough change management plan that involved internal marketing and communications about the program and its importance,” he notes.

The customer’s specific approach to change management was so successful that Integro has used best practices from the project to help other companies undertaking similar endeavors.

“With the right amount of planning, forethought, and executive support, IG projects are very doable and can result in tremendous benefit for any company,” comments Scott.

 

About Integro

Integro is an award winning, industry recognized products and services firm specializing in Information Governance, Enterprise Content Management, and Content Security solutions. Since 1995, Integro has been delighting clients with technology solutions that support defensible disposal, minimize risk, reduce eDiscovery and storage costs, ensure compliance, govern email records, and enable auto-classification. Integro is proud to be named a Top ECM Consultant by research firm, Clutch, a “Cool Vendor” by analyst firm, Gartner, and a Worldwide Governance award-winner by IBM. Learn more at www.Integro.com.

 

Information Governance Oversight: Questions for Board Members To Ask

Jason R. Baron, Of Counsel at Drinker, Biddle & Reath LLP and Co-chair of the Information Governance Initiative, has published an article in Ethical Boardroom titled, “Information Governance Oversight: Questions for Board Members To Ask.” The article provides insight into the emergence of a variety of calls for boards of directors to be asking questions of their CEOs, CISOs and CIOs about how companies are preparing for breaches and how they will deal with their aftermath through agreed protocols.

While factoring in cyber risk as an increasingly real part of the corporate world, arguably there is an even more fundamental material weakness across the enterprise that boards of directors should be addressing: the company’s lack of a clear information governance strategy or framework for decision-making.

Information governance has been defined as “the activities and technologies that organizations employ to maximize the value of their information while minimizing risks and costs”. Of course, a part of the overall risk posed by data is the possibility of cyber breach. But there is much more to information governance than simply addressing one’s security concerns. At bottom, there are the questions of why and how data has been left to accumulate in the first place and what policies are in place to manage and control its continued growth.

There are a host of overlapping issues surrounding not only security and preservation of data but also touching on data sensitivities and privacy, access to data in litigation and investigations, regulatory compliance and, increasingly, performing analytics for the purpose of monetizing corporate data assets. Board focus on cyber breach issues alone is a start, but, high-level attention should be paid to a much broader range of technical and policy issues touching on all aspects of the overall corporate data environment.

Read Jason’s full comments in “Information Governance Oversight: Questions for Board Members To Ask.

 

Hidden Bias in the Black Box: Info Gov as a Key Check to Algorithmic Bias

by Jason R. Baron, Drinker Biddle & Reath, as seen on Legaltech News

With each passing day, we are 
 increasingly living in an algorithmic universe, due to the easy accumulation of big data. In our personal lives, we experience being in a 24/7 world of "filter bubbles," where Facebook has the ability to customize how liberal or conservative one's newsfeed is based on prior postings; Google personalizes ads popping up on Gmail based on the content of our conversations; and merchants like Amazon and Pandora feed us personalized recommendations based on our prior purchases and everything we click on.

While (at least in theory) we remain free in our personal lives to make choices in continuing to use these applications or not, increasingly often what we see is the result of hidden bias in the software. Similarly, in the workplace, the use of black box algorithms holds the potential of introducing certain types of bias without an employee's or prospective employee's knowledge. The question we wish to address here: From an information governance perspective, how can management provide some kind of check on the sometimes naïve, sometimes sophisticated use of algorithms in the corporate environment?

Algorithms in the Wild

An early, well-known example of the surprising power of algorithms was Target's use of software that, based on purchasing data (e.g., who was buying unscented lotions, cotton balls, etc.), was spookily able to predict whether a customer was likely pregnant. Target sent coupons for baby products to a Minnesota teenager's home before the teenager's father knew about the pregnancy, leading to a bad public relations episode. A different example is Massachusetts' use of a mobile app called Street Bump, where smartphones riding over potholes and the like would automatically report their location for local government to fix. The problem: the resulting map of potholes corresponded closely with the demographically more well-off areas of the city, as those were the areas where individuals knew to download the mobile app and could afford smartphones in the first place.

In workplace hiring decisions, facially neutral algorithms sometimes reveal a hidden bias based on how features are selected and weighted, or where certain variables used in the algorithm essentially function as "proxies" for real world racial or ethnic differences. For example, a software feature using the variable "commuting distance from work" as a factor in deciding which candidates to hire may, depending on local geography, discriminate based on race. As Gideon Mann and Cathy O'Neill stated in Harvard Business Review (12/9/16), "When humans build algorithmic screening software, they may unintentionally determine which applicants will be selected or rejected based on outdated information—going back to a time when there were fewer women in the workforce, for example—leading to a legally and morally unacceptable result."

Once on the job, employees may experience a very different kind of filter bias through software targeting the risk of internal threats to the company. The more advanced programs coming onto the market use sentiment analysis (e.g., algorithms looking at language used in emails) to predict whether certain individuals are more likely to display anger or other inappropriate behavior in the workplace. This capacity can be combined with matching up external sources of data on individuals obtained online, including credit report updates, crime reports, and certain types of medical information, to essentially triage the employee population into "high-risk" and lower risk categories, so as to target the keystrokes made by a few. If this all sounds like we have truly now entered a pre-crime, Minority Report world, it does.

IG and Its Role with Algorithms

What can or should be done? Mann & O'Neill suggest to avoid making decisions solely by use of an algorithm, but include what they call "algorithm-informed" individuals. They further suggest, "[w]e need to audit and modify algorithms so that they do not perpetuate inequities in businesses and society," with audits to be carried out either by inside experts or by hiring outside professionals. These are both sound suggestions.

Advocates of information governance (IG) argue that corporations with an IG program in place have a built-in mechanism to escalate data-related issues to a standing committee, consisting of either C-suite representatives or their delegates. In a growing number of corporate models, an individual with some kind of IG designation in their title will have been given authority to call together ad hoc groups to resolve specific data policy issues.

One could well imagine a chief information governance officer convening an ad hoc task force of the IG council, including a C-suite representative of the corporate human relations (HR) department, along with the person who approved or manages the data analytics software used by HR and a senior counsel, to perform the kind of "audit" of hiring practices envisioned above. Similarly, an ad hoc task force including the chief information security officer, senior HR office personnel, and other IT representatives and senior counsel could be asked to review how well internal monitoring of employees is working, and how much transparency or notice should be given to staff on such monitoring.

Along these lines, organizations might consider tasking a group of individuals—under the auspices either of the IG structure or as a freestanding committee—to perform a similar function to a present-day institutional review board, but limited to predictive software's effect on human subjects. Such an "algorithm review board" (ARB) would be tasked to provide approval and/or oversight of any use of analytics in the workplace aimed at targeting present employees or prospective hires, so as to serve as a check against possible hidden bias or a lack of notice where appropriate.

Some corporations (Microsoft and Facebook) have taken initial steps to implement, at least on a selected basis, an ethics review board being used in an equivalent way to an ARB. However, the practice remains rare across all industry verticals, notwithstanding the growing power of analytics in all aspects of daily life.

In his book, "The Black Box Society: The Secret Algorithms That Control Money and Information," law professor Frank Pasquale states that "authority is increasingly expressed algorithmically," and that "[d]ecisions that used to be based on human reflection are now made automatically." But, as computer scientist Suresh Venkatasubramanian has put it, "The irony is that the more we design artificial intelligence technology that successfully mimics humans, the more that A.I. is learning in a way that we do, with all of our biases and limitations."

This new reality calls for consideration of some kind of human intervention to serve as a quality control check on the black box (even if it means humans employing a second algorithm to check for bias in the first!) In the coming world we live and work in, adoption of some kind of IG framework that includes reviewing the possibility of algorithmic bias in the workplace will be appreciated by an increasingly sophisticated populace.




Jason R. Baron is Of Counsel at Drinker Biddle & Reath LLP in Washington, D.C.