Log In

Industry Expert

E-Discovery and IG in 2017 and Beyond: The Recording of Our Online Discussion Now Available

We had a great online discussion this week with IGI Charter Supporter OpenText about trends in e-discovery and IG for 2017 and beyond. We also talked about the significance of their recent acquisition of Recommind and what it says about OpenText's product strategy and the market in general.

The video will be available here on our public site for a week, at which point it will move to the Resources section of our growing online community, where you can create a profile and interact with your IG peers. The slides from this online event will also be available there shortly.

 

Eight Reasons It’s Time for a Data Map

A data map is an inventory and visualization of your company’s data and information assets. The rising number and severity of data breaches is generating strong demand for maps, and there are other reasons to create, improve, and sustain one.

  1. Data Maps Make Chief Information Security Officers (CISOs) More Effective. The newly hired CISO, on day one, wants to see the company’s data map. Without one, how would they know what they’re supposed to protect? Not all information is created equal, so it does not all require the same level of protection. How will your CISO identify and find the sensitive data? Without a data map, the CISO flies blind.
  2. Data Maps Drive Business. We live in the golden age of data analytics. Your teams want to harness vast stores of structured and unstructured data to develop needle-moving insights. However, they need the comprehensive awareness that a data map provides to know where the most accurate and trustworthy data lives.
  3. Your Board Wants a Data Map. The National Association of Corporate Directors, in its Cyber-Risk Oversight Handbook, instructs board members to ask management for a data map. Your board will not take kindly to being told “no” because data maps are an “ocean boiling” or “Golden Gate Bridge painting” exercise. Data maps are both of those when you do it wrong, but something else entirely when you do it right.
  4. Data Maps are Essential for Compliance. FINRA regulations in the financial markets, PCI for retailers, 21 CFR Part 11 for pharmaceuticals, and HIPAA in healthcare are some well known examples of the massive and growing volume of laws, regulations and standards focused on data protection. Frankly, it is very difficult to achieve compliance with these kinds of directives without a data map.
  5. Data Maps Let Us Actually Treat Data as an Asset. Data needs a sponsor at the corporate table, much like the head of HR has responsibility for the people in an organization. Most organizations do not have this role because – candidly – most of us blithely talk about information as an “asset” but few of us have the tools or the mandate to actually inventory, assess, and manage this asset. This needs to change, and the data map provides a central tool that this new kind of information leader needs to drive the change. This mandate might be given to an existing CIO, CFO, General Counsel, COO, or to an entirely new role that is emerging called the Chief Information Governance Officer (CIGO).
  6.  Data Maps Create Data-Centric Organizations. The process of data mapping involves people from across the organization, including IT, Finance, Legal, and business unit leaders, among others. This process engages employees and helps stakeholders across the organization think and act in a data-centric way. Critical questions emerge, such as: what data are we collecting and why; how do we use the data to make better-informed business decisions that create incremental value; and what can we do to ensure that the data is of high quality?
  7. Data Maps Make Good Housekeeping. Studies show that about two-thirds of an an average knowledge worker’s data is redundant, obsolete or trivial (ROT). Eliminating ROT lowers storage costs, and it’s easier to find and protect the useful data that remains. However, as many organizations hauled into court have discovered, getting rid of the wrong thing at the wrong time can result in enormous penalties and even criminal charges. Good housekeeping in the data environment is not possible without an accurate, comprehensive, and up-to-date data map.
  8. Data Maps are Doable. Data get balkanized within lines of business and in functional areas across organizations, creating unnecessary risk and limiting our ability to realize value from them. These assets reside in data centers; in devices such as cell phones, tablets, laptops and thumb drives; in the cloud; on paper; and elsewhere. New technology and techniques to locate, identify, track, and visualize data makes the job of building and sustaining a data map within the reach of every company.

Craig Callé is a member of the IGI Advisory Board, a small group of senior professionals and subject matter experts representing the disciplines that together comprise Information Governance. The Advisory Board provides feedback and direction on the IGI's agenda and strategy.

 
CIGO Task Force Report

Join Us for the Launch of the Chief Information Governance Officer Task Force Report

Introducing the CIGO–A New Information Leader for a New Era

We are very pleased to announce that the first best practice document created by the IGI Community is finished and will be published on December 7 during an online launch event. During the event we will host a discussion with CIGO Task Force members about the most important insights about the Chief Information Governance Officer (CIGO)  from their publication.

When:  December 7, 2015 at 1:00 PM ET
Where: Online – register here.
Who: An IGI online event moderated by Barclay T. Blair and featuring Task Force members Aaron Crews, Senior Associate General Counsel and Head of eDiscovery at Walmart; Julie J. Colgan, Head of Information Governance Solutions at Nuix (IGI Charter Supporter and CIGO Task Force sponsor); and Ann Snyder, IGI Senior Fellow.

Please join us to participate in the discussion. Ask the Task Force members your big questions about the new role and its purpose, focus, and future. We will explore the full range of issues related to the emerging CIGO role, including:

  • The purpose of the CIGO.
  • Why the CIGO is necessary.
  • How the CIGO interacts with other existing information-related executives.
  • The CIGO’s responsibilities at different levels of organizational maturity.
  • Characteristics and qualifications needed for the CIGO role.

Register today to join the conversation and help us give birth to the Chief Information Governance Officer role.

 
The Best Job That’s Up For Grabs

The Best Job That’s Up For Grabs

Data and other information assets are the lifeblood of any organization; yet, rarely are they comprehensively managed as critical assets. These assets are balkanized within lines of business and in functional areas across organizations. They reside in data centers; in devices such as cell phones, laptops and thumb drives; in the cloud; on paper; and elsewhere. Unless organizations understand these assets, they cannot fully protect and monetize them. One, C-level executive should be empowered to sustain a comprehensive information governance program, and there has been neither a more important time, nor a bigger opportunity, to do so.

Data breaches are on the rise, and they are indicative of weak controls that can ignite regulatory responses and

Photo courtesy of Steve Mitchell-USA TODAY Sports

Photo courtesy of Steve Mitchell-USA TODAY Sports

cost organizations dearly. For the Chief Executive Officer and Chief Financial Officer, breaches can mean much more than just diminished brand value or reputational damage.

Need proof?

First, the recently updated internal control framework that is a foundation of Sarbanes-Oxley makes breaches a cause for possible criminal liability. Second, the Federal Trade Commission (FTC) has brought over 50 cases against companies that have exercised poor housekeeping of consumers’ personal information, leading to expensive settlements. Third, the U.S. Securities and Exchange Commission’s (SEC’s) cybersecurity enforcement actions thus far have been focused on financial institutions, but growing congressional pressure may lead to broader activity. There is an alphabet soup of other regulations that obligate organizations to maintain data more securely. However, regulators are not the bad guys here; it’s the hackers and other bad actors that compromise data security and trigger costs beyond the regulatory pain. Regardless of the motivation, organizations must adjust to a new style of Information Technology by getting visibility and control over their data and information assets.

The opportunities to create value from information governance are tremendous. Organizations are rapidly outgrowing IT architectures built around relational databases and structured data. New platforms and tools can help people collect, prepare, analyze and visualize huge amounts of data, including unstructured data developed from social media, Internet of Things sensors, and other touch points that yield valuable new insights on consumer behavior. These platforms and tools are collaborative and intuitive to operate, so executives and analysts in the lines of business can more quickly make smarter decisions without having to rely on Finance or IT to get them information. Now that organizations can close the books on time, they should more quickly derive richer insights about the future, not just the past.

Information governance technology, people and processes reduce cybersecurity, litigation, compliance and other risks and create value through the use of emerging data analytic tools and practices. A successful information governance program leader would command the respect of the organization’s C-level of executives, and align everyone with interests in data across the lines of business and functional support areas. The Finance, IT and Legal areas produce the most likely candidates for a role in information governance, and the ideal candidate would have familiarity with all three, and perhaps others.

Chief Financial Officers are recognized as the stewards of company assets. They are first in line when it comes to understanding and accommodating the demands of Sarbanes-Oxley, the SEC, the FTC and other regulators. CFOs are familiar to the Board’s Audit Committee, and they must confront the growing evidence of weak controls that data breaches represent. CFOs are the architects of the chart of accounts and key data repositories of data like enterprise resource planning systems. With their Controller, they make sure the books get closed on time each month, and their Internal Audit staff ensures compliance with control procedures. They are naturally data-driven as they not only marshal budgets but also design and review key performance indicators. They develop insights from data in business intelligence and predictive analytics exercises. The CFO’s team also includes enterprise risk managers, who have a vested interest in maintaining secure data and the means by which residual risk can be transferred with insurance.

Chief Information Officers are closely associated with data, especially with regard to the infrastructure and operating systems that carry the data and store it when it’s at rest. Security is a natural and all-consuming function and, at larger organizations, Chief Information Security Officers also get involved. They apply technology management standards and frameworks from NIST, SANS, COBIT (ISACA), ISO and ITIL, among others. CIOs assess and deploy data analytics tools that lead to value creation. They are responsible for managing the licensed software and hardware assets, as well as software as a service applications (SaaS apps) and cloud hosts. Data is really just another asset they need to manage.

General Counsels bring a pronounced sensitivity to privacy and compliance issues that make them comfortable with information governance responsibilities. Records and information management, including retention policies, often originate from this group. Operating with a ‘lean data’ mentality, they drive lower storage costs, as well as greater efficiency and accuracy in accessing content. Their central role in litigation and due diligence make them no strangers to evolving eDiscovery, archiving and other technologies to manage data and information assets. Armed with knowledge of the law, they carry weight in any organization, and can drive policy enforcement in ways that other groups respect. They shepherd the innovation process when they work with developers of intellectual property.

The person running information governance will confront conflicts when balancing the interests of risk mitigation and value creation. For example, the legal side of the house generally advocates ‘less is more.’ They are more likely to champion records retention policies that eliminate the potentially embarrassing email that they would prefer not be discovered one day. Business analysts, on the other hand, are never quite sure what data they might need one day, so they would just as soon keep it all, especially as storage costs continue to decline rapidly and analytical tools become more powerful and user friendly.

Chief Information Governance Officers are starting to emerge at large organizations today, and their role in risk mitigation and value creation can be tremendous. More prevalent, but narrower, roles include Chief Digital Officers, who tend to come from Marketing backgrounds, and Chief Data Officers, who tend to concentrate on structured data and analytics. Many organizations feel they cannot afford yet another C-level position but, at the very least, one C-level executive should carry the responsibility for comprehensive information governance. Who should “own” data and the information governance process at your organization?

Craig Callé – CEO, Source Callé LLC

Craig CalléCraig Callé is a Data Advocate. He runs Source Callé LLC, a Philadelphia-based consulting firm that helps organizations mitigate risk and create value by treating Data as the critical asset. Boards of Directors, as well as CFOs, CIOs, GCs, and their teams, turn to them to prevent, detect and remediate cybersecurity incidences, unlock the value of their data, and create comprehensive information governance programs. They have a special focus on the large, growing, and remarkably under-addressed attack surfaces that originate from employee use of cloud-based services and third party vendors with network access.

Most recently, he was SHI International Corp’s Chief Strategy Officer and also was responsible for all pre-sales support, partner management and service delivery functions, including its IT Asset Management Group.  SHI is one of the largest IT solutions providers, with 2014 revenue of $6.0 billion.

He has been the CFO at Amazon.com responsible for Digital Media, including Kindle and Audible.com, and the North American Books e-commerce businesses. He also was divisional CFO and Treasurer at Gateway, helping to lead the turnaround and sale of the company to Acer.  As SVP-Finance and Treasurer at Crown Cork & Seal, he helped transform the company into the global consumer packaging industry leader.  He began his career as an investment banker at Salomon Brothers, where he completed numerous  transactions for Fortune 500 and emerging companies.

He holds BA and BS Econ (Wharton) degrees from the University of Pennsylvania and an MBA from Harvard University.

 
A New Information Governance Leader

INDUSTRY EXPERT: WE NEED A NEW TYPE OF INFORMATION LEADER

A new type of information leaderIn a recent article entitled ‘Why information governance needs top-down leadership’, author Susan Bennett, Principal of Sibenco Legal & Advisory, looks at information governance in the context of the current challenges of exponential growth of data, the effect on businesses due to digital disruption and the challenges for boards and senior management.

Susan discusses why effective leadership of information governance is key to ensuring that appropriate strategies, priorities, policies and processes are successfully embedded in an organisation, both to maximise the opportunities and minimise the risks arising from the information it holds. The article looks at the reasons and benefits of taking a holistic approach driven from the board and the C-level down. The role of executive leadership and models of IG leadership are considered, noting that the type of information governance leadership will vary between organisations depending on strategic priorities, size, resources and the current position of information management within the organisation.

Susan also shares in her article an Information Governance checklist to help IG practitioners get started.

The article published in the May 2015 issue of Governance Directions, the official journal of the Governance Institute of Australia can be viewed at https://lnkd.in/bFH9aBR