Log In

Industry Expert

Getting Past Some of the Top Barriers to IG Success

Recently, the IGI caught up with Scott Burt, President and CEO of Integro, one of IGI’s newest supporters to discuss some of the IG challenges they see in the market and how organizations are overcoming them. Integro, a Gartner “Cool Vendor” and recipient of IBM’s Worldwide Business Partner Governance Excellence Award, joined the Information Governance Initiative (IGI) this year. IGI Supporters, like Integro, provide an annual financial contribution that enables the activities of the IGI, and by doing so demonstrate their commitment to the advancement of information governance (IG).

Executive Support Is Key

We asked Scott what he thought were the biggest challenges organizations face today in terms of their ability to implement successful IG programs and projects.

“I believe the biggest challenge is having the consensus and the broad executive support to affect the culture and to effect change on the company to mature to the next level. Often IG initiatives don’t become a big enough priority or the cultural challenges seem too difficult. It’s hard to imagine IG having less of a priority when I see all the risk and exposure that I do, but not all companies recognize IG’s potential, not only in reducing risk, but also greatly improving business decision-making,” says Scott.

The good news is, challenges like this can be overcome and successful change management is possible, explains Scott. He’s witnessed and helped foster success across a variety of IG projects. Scott sees high level support and goal-setting as key elements to success.

“Support from the executive level makes a huge difference in a successful project. I recommend forming an executive level, cross-functional committee that has support from the Board or CEO. When chartered with goals and metrics that are effective for the company, this cross-functional leadership group can lead and direct and delegate to an executive who runs the program.

Likewise, it’s important to have goals and objectives that matter for the company. If the initiative and its goals don’t hold value for executives, they aren’t going to give it the time of day. With a cross functional executive team and goals that matter, the benefits can be huge,” he added.

Scott’s observations are consistent with IGI’s research results as reported in the 2015-16 IGI Annual Report. Change management was the third most commonly reported barrier to successful IG; 60% of IG practitioners identified it as a barrier to IG progress at their organizations. Additionally, more than one third of practitioners identified lack of executive support as a barrier.

IG Results Are Achievable: A Customer Success Story

One of Integro’s specialties is email governance, an area in which change management can be very tricky. All too often, Scott shares, he hears organizations and stakeholders within them making all types of excuses as to why they can’t effectively govern their emails.

“The thought of trying to change users’ email habits scares a lot of company executives. But it doesn’t need to be complicated or controversial. I’ve seen companies of all sizes, from small firms to large, multinational corporations, have success. explains Scott.

Scott points to a large email governance initiative as an example of a customer who achieved IG success by effectively garnering executive support and developing strong goals, as he recommends.

“We have a global, fortune 500 client with tens of thousands of users in dozens of countries. They have had tremendous success with an enterprise-wide email management solution Integro helped the company implement. The solution, which leverages Integro’s product, Integro Email Manager and Microsoft Exchange, enables the company to organize and manage email by its value. They retain a small percentage of corporate email that has value, while at the same time regularly, defensibly and soundly disposing of the transient content. The end result for the client has been millions saved on eDiscovery and storage costs. They are achieving the goal that so many think is too big of a challenge,” Scott says.

“This customer, like others who have been successful, did a great job of change management and communication. They had strong executive support up to the highest levels, and they followed a thorough change management plan that involved internal marketing and communications about the program and its importance,” he notes.

The customer’s specific approach to change management was so successful that Integro has used best practices from the project to help other companies undertaking similar endeavors.

“With the right amount of planning, forethought, and executive support, IG projects are very doable and can result in tremendous benefit for any company,” comments Scott.


About Integro

Integro is an award winning, industry recognized products and services firm specializing in Information Governance, Enterprise Content Management, and Content Security solutions. Since 1995, Integro has been delighting clients with technology solutions that support defensible disposal, minimize risk, reduce eDiscovery and storage costs, ensure compliance, govern email records, and enable auto-classification. Integro is proud to be named a Top ECM Consultant by research firm, Clutch, a “Cool Vendor” by analyst firm, Gartner, and a Worldwide Governance award-winner by IBM. Learn more at www.Integro.com.


Information Governance Oversight: Questions for Board Members To Ask

Jason R. Baron, Of Counsel at Drinker, Biddle & Reath LLP and Co-chair of the Information Governance Initiative, has published an article in Ethical Boardroom titled, “Information Governance Oversight: Questions for Board Members To Ask.” The article provides insight into the emergence of a variety of calls for boards of directors to be asking questions of their CEOs, CISOs and CIOs about how companies are preparing for breaches and how they will deal with their aftermath through agreed protocols.

While factoring in cyber risk as an increasingly real part of the corporate world, arguably there is an even more fundamental material weakness across the enterprise that boards of directors should be addressing: the company’s lack of a clear information governance strategy or framework for decision-making.

Information governance has been defined as “the activities and technologies that organizations employ to maximize the value of their information while minimizing risks and costs”. Of course, a part of the overall risk posed by data is the possibility of cyber breach. But there is much more to information governance than simply addressing one’s security concerns. At bottom, there are the questions of why and how data has been left to accumulate in the first place and what policies are in place to manage and control its continued growth.

There are a host of overlapping issues surrounding not only security and preservation of data but also touching on data sensitivities and privacy, access to data in litigation and investigations, regulatory compliance and, increasingly, performing analytics for the purpose of monetizing corporate data assets. Board focus on cyber breach issues alone is a start, but, high-level attention should be paid to a much broader range of technical and policy issues touching on all aspects of the overall corporate data environment.

Read Jason’s full comments in “Information Governance Oversight: Questions for Board Members To Ask.


Hidden Bias in the Black Box: Info Gov as a Key Check to Algorithmic Bias

by Jason R. Baron, Drinker Biddle & Reath, as seen on Legaltech News

With each passing day, we are 
 increasingly living in an algorithmic universe, due to the easy accumulation of big data. In our personal lives, we experience being in a 24/7 world of "filter bubbles," where Facebook has the ability to customize how liberal or conservative one's newsfeed is based on prior postings; Google personalizes ads popping up on Gmail based on the content of our conversations; and merchants like Amazon and Pandora feed us personalized recommendations based on our prior purchases and everything we click on.

While (at least in theory) we remain free in our personal lives to make choices in continuing to use these applications or not, increasingly often what we see is the result of hidden bias in the software. Similarly, in the workplace, the use of black box algorithms holds the potential of introducing certain types of bias without an employee's or prospective employee's knowledge. The question we wish to address here: From an information governance perspective, how can management provide some kind of check on the sometimes naïve, sometimes sophisticated use of algorithms in the corporate environment?

Algorithms in the Wild

An early, well-known example of the surprising power of algorithms was Target's use of software that, based on purchasing data (e.g., who was buying unscented lotions, cotton balls, etc.), was spookily able to predict whether a customer was likely pregnant. Target sent coupons for baby products to a Minnesota teenager's home before the teenager's father knew about the pregnancy, leading to a bad public relations episode. A different example is Massachusetts' use of a mobile app called Street Bump, where smartphones riding over potholes and the like would automatically report their location for local government to fix. The problem: the resulting map of potholes corresponded closely with the demographically more well-off areas of the city, as those were the areas where individuals knew to download the mobile app and could afford smartphones in the first place.

In workplace hiring decisions, facially neutral algorithms sometimes reveal a hidden bias based on how features are selected and weighted, or where certain variables used in the algorithm essentially function as "proxies" for real world racial or ethnic differences. For example, a software feature using the variable "commuting distance from work" as a factor in deciding which candidates to hire may, depending on local geography, discriminate based on race. As Gideon Mann and Cathy O'Neill stated in Harvard Business Review (12/9/16), "When humans build algorithmic screening software, they may unintentionally determine which applicants will be selected or rejected based on outdated information—going back to a time when there were fewer women in the workforce, for example—leading to a legally and morally unacceptable result."

Once on the job, employees may experience a very different kind of filter bias through software targeting the risk of internal threats to the company. The more advanced programs coming onto the market use sentiment analysis (e.g., algorithms looking at language used in emails) to predict whether certain individuals are more likely to display anger or other inappropriate behavior in the workplace. This capacity can be combined with matching up external sources of data on individuals obtained online, including credit report updates, crime reports, and certain types of medical information, to essentially triage the employee population into "high-risk" and lower risk categories, so as to target the keystrokes made by a few. If this all sounds like we have truly now entered a pre-crime, Minority Report world, it does.

IG and Its Role with Algorithms

What can or should be done? Mann & O'Neill suggest to avoid making decisions solely by use of an algorithm, but include what they call "algorithm-informed" individuals. They further suggest, "[w]e need to audit and modify algorithms so that they do not perpetuate inequities in businesses and society," with audits to be carried out either by inside experts or by hiring outside professionals. These are both sound suggestions.

Advocates of information governance (IG) argue that corporations with an IG program in place have a built-in mechanism to escalate data-related issues to a standing committee, consisting of either C-suite representatives or their delegates. In a growing number of corporate models, an individual with some kind of IG designation in their title will have been given authority to call together ad hoc groups to resolve specific data policy issues.

One could well imagine a chief information governance officer convening an ad hoc task force of the IG council, including a C-suite representative of the corporate human relations (HR) department, along with the person who approved or manages the data analytics software used by HR and a senior counsel, to perform the kind of "audit" of hiring practices envisioned above. Similarly, an ad hoc task force including the chief information security officer, senior HR office personnel, and other IT representatives and senior counsel could be asked to review how well internal monitoring of employees is working, and how much transparency or notice should be given to staff on such monitoring.

Along these lines, organizations might consider tasking a group of individuals—under the auspices either of the IG structure or as a freestanding committee—to perform a similar function to a present-day institutional review board, but limited to predictive software's effect on human subjects. Such an "algorithm review board" (ARB) would be tasked to provide approval and/or oversight of any use of analytics in the workplace aimed at targeting present employees or prospective hires, so as to serve as a check against possible hidden bias or a lack of notice where appropriate.

Some corporations (Microsoft and Facebook) have taken initial steps to implement, at least on a selected basis, an ethics review board being used in an equivalent way to an ARB. However, the practice remains rare across all industry verticals, notwithstanding the growing power of analytics in all aspects of daily life.

In his book, "The Black Box Society: The Secret Algorithms That Control Money and Information," law professor Frank Pasquale states that "authority is increasingly expressed algorithmically," and that "[d]ecisions that used to be based on human reflection are now made automatically." But, as computer scientist Suresh Venkatasubramanian has put it, "The irony is that the more we design artificial intelligence technology that successfully mimics humans, the more that A.I. is learning in a way that we do, with all of our biases and limitations."

This new reality calls for consideration of some kind of human intervention to serve as a quality control check on the black box (even if it means humans employing a second algorithm to check for bias in the first!) In the coming world we live and work in, adoption of some kind of IG framework that includes reviewing the possibility of algorithmic bias in the workplace will be appreciated by an increasingly sophisticated populace.

Jason R. Baron is Of Counsel at Drinker Biddle & Reath LLP in Washington, D.C.


Guest Post: Preventing the Surprise Attack of the Email Monster

An Integro White Paper

When one thinks of a monster, you likely drudge up some sort of creature that wreaks havoc at will, always lurking behind the scenes waiting for the most inopportune time to appear, then emerging and causing untold damage to everything in its path as it rages out of control. The worst kind of monster being the one that continues to grow unchecked.

Ironically, this same description fits company email when it is unceremoniously archived en masse. It sits quietly squirreled away in massive files, expanding at incredible rates, stockpiling seemingly harmless dialog. As the email archive balloons, it consumes ever more resources and then without warning surfaces surprising conversations that create a potentially harmful scenario for the company as it faces litigation. Fortunately, there is a way to effectively get control and manage this monster to reduce risk, avoid runaway archiving costs and improve litigation preparedness.

Five to six years ago, email management was thought of as an interesting idea but it seemed easier to stick with the prevailing philosophy of storing everything forever. Storage was believed to be cheap, search was easy and most tools to manage email were considered cumbersome.

What executives didn’t foresee when making this decision was that the exponential growth in content, combined with the increase in litigation activity and heightened threat of breach, would end up making the ‘store everything’ decision an unsustainable approach of monstrous proportions.

Doing The Math
According to the Radicati Group’s Email Statistics Report, 2015-2019, in 2015, the number of business emails sent and received per user per day totals 122 emails per day. This figure continues to show growth and is expected to average 126 messages sent and received per business user by the end of 2019.

When you consider an employee handles approximately 122 emails a day, the volume of email for a 5000-person organization over a work week of five business days would be more than 3 million emails. Over a year that would be more than 220 million emails.

The volume of business information being retained has come into focus as organizations see their Information Technology budgets rapidly being consumed by the ever-growing cost to store the burgeoning volumes of information.

Not only is archiving all your email expensive in terms of gobbling up today’s available dollars, it is also eating away at the organization’s ability to evolve since strategic initiative funding must be sacrificed to the burden of storage costs.

Frightening Thoughts for Corporate Counsel
When the Federal Rules of Civil Procedure were modified in 2006 to address the issue of electronically stored information (ESI), it changed the handling of electronic evidence which in turn changed the way cases are argued and evidence is collected and preserved. It became clear to the business world that eDiscovery was challenging, costly and extremely difficult to manage. Although the need exists to be ‘eDiscovery ready’---having proper governance and defensible preservation and disposition of ESI (including email)--- achieving success in this area still seems elusive for most organizations.

Besides the risk of over retaining information by archiving everything, it is simply too expensive during the eDiscovery process to sort through all the electronic water cooler chat that happens on a daily basis to find evidence germane to pending litigation. Any company that has ever had to write a check to cover eDiscovery costs knows they need to find a better solution than wholesale archiving of email content.

They also know that without changing their email management strategy, each eDiscovery will become ever more costly with more email to search through and more email that matches preservation criteria.

Enforcing email management polices has also been further complicated by the growth in the disconnected user base resulting from expanded access capabilities. Employees may be accessing the mail system from a smartphone, tablet or other existing or future devices or access points, yet organizations still need to enable email management policies regardless of how their employees are interacting with the system.

Attempts at Dealing with the Email Monster
To date, business policy regarding the retention management of email was established not based upon what was proper and best for the business, but instead upon the limited tools available to enforce policy. This unfortunate reality has fostered ineffective email management policies of the past decade including:

  • Keeping it all – the most common archiving mistake from the last decade which has caused the over-retention challenges we see in this decade.
  • Placing mailbox size quota on the whole mailbox--- ignoring the value of individual emails. When the users hit the limit and find themselves in ‘email jail,’ users sort by size and delete the largest emails. Thus keeping the clutter of smaller emails and likely losing important emails.
  • Personal over-archiving – many firms addressed the system storage problem by allowing users to save email in files on their local hard drive. This only enabled user over-retention and exposes firms to massive eDiscovery headaches and costs.
  • Deleting all email at “x” number of days – this obviously fails considering that records do exist in email and the company is wholesale disposing of them. It is also highly disruptive to end users and they’ll pursue workarounds causing even greater issues for information governance.

The above approaches fail considering that it is not the age, size, sender or recipient that determines the value of individual messages. The value of email messages, just like with paper, is determined by what the message says. Most messages are transient, and of fleeting value. A few emails document the business of the organization, and others are helpful to the users in performing their job duties. Thus, classification of email based upon content value is imperative. Two divergent camps have emerged:

  • Auto classification – while attractive for obvious reasons, this has proven unsuccessful due to the costs and level of effort required to train the auto classification software, and considering the highly unstructured, colloquial and brief nature of email.
  • Manual classification – While users know their email the best, many attempts have suffered due to the approaches and tools provided to enable the user to do this easily and quickly.

The best approach has proven to be an elegant blend of auto and manual classification. Automation and ease-of-use are critical, and the time expiration and size quota features must be leveraged intelligently. This, combined with executive support and good communications, enables firms to achieve the goal of proper email retention and governance, including defensible disposition of the majority of email as transient content.

Landing on the Critical Fix List
The original driver of email management was systems efficiency and regulations in the securities industry, which led to archiving. Archiving all email has simply proven untenable. The new drivers can be summarized as:

  • Reduce risk posed by email that was unnecessarily retained
  • Reduce eDiscovery costs of searching and reviewing oceans of clutter
  • Reduce runaway storage costs

Any one or a combination of these factors has caused email management to rise to the top of many organizations’ critical fix list.

Managing the Email Monster with Value-Based Information Governance
Most organizations are moving envelopes through their email system but they don’t know what is in them. With Integro Email Manager™, organizations gain visibility into what is inside the envelope so that informed decisions can be made, based on actual content versus basic email identifiers, and avoid an embarrassing and perhaps costly surprise email surfacing in the future.

Integro Email Manager offers value-based information governance that applies Auto Classification with Human Oversight™, customized to meet your specific business needs. It enables your organization to:

  • Properly retain and govern what’s important
  • Dispose of what you don’t need as early as possible
  • Avoid disrupting the productivity of the end user

When email is received, Integro Email Manager automatically evaluates the content of all messages and calculates its value. Typically this evaluation will only identify a few messages that qualify as relevant business communications – a business record. These few messages, that exceed the set probability thresholds, will then be declared and classified automatically as records. If Integro Email Manager’s confidence rating on a message is close to record caliber, a suggestion will be offered to the user with its confidence rating and suggested records category.

Importantly, the employee remains in control and can change the classification based on their personal knowledge of the email. This type of consideration is only necessary on a few of the messages received each day and only takes a moment. Users can also quickly tag messages as records when email is sent, or use their own folders to auto-tag messages as records. The same tagging method also enables users to keep messages longer in a centrally-managed, personal storage. The majority of messages will be auto disposed per a transient, short retention policy.

The Integro solution includes SmartAssist®, which uses contextual classification to provide suggestions. SmartAssist is initially trained with example emails but then continues to learn on the fly at the user level as it receives feedback based on user work patterns. SmartAssist is unique to Integro Email Manager and enables companies to gain the support of its workforce to achieve the goals of true value based retention.

Integro Email Manager eases cultural adoption because you can start with generous retention periods and refine policy overtime in a stepped fashion. Employees are able to remain in control of their individual work habits as they create and name their own folders they plan to use. With a click of a button these custom folders map to the corporate file plan. In addition to self-managed folders, users can tag the few important messages where they are, anywhere in the mailbox, to be retained longer for personal use or as company records. Most importantly, emails can be tagged as the message is sent and all internal recipients easily see the records designation.

Integro Email Manager (IEM) is the only proactive email content management solution for Notes, Exchange, and Office365, enabling organizations to keep what’s important and eliminate what’s not. IEM can govern email in place or can be integrated with leading ECM systems.

While this solution can assist companies across industries, it is an ideal fit for any company that has any one or combination of the following attributes:

  • Large base of email users; typically starting at around 2,000 employees
  • Regulated industries
  • Litigation risk or activity



Guest Post: Big Data From Employees Lead to Big Risk For Employers

This article was originally published on The Relativity Blog. It was written by Sam Bock, editor of The Relativity Blog and a member of the marketing communications team at kCura.

Between Wikileaks, tech experts, and the Federal Trade Commission, we have no shortage of sources reminding us on an almost daily basis that the Information Age brings both invaluable new resources and technology, and a significant threat to personal privacy. Data is everywhere, and it’s accessible by more entities than ever—including employers.

To get to the heart of how employees understand data privacy and how their online behavior at work can impact it, kCura recently commissioned a survey conducted by Harris Poll among 1,013 US adults age 18 and older who were employed full-time or part-time, working in a traditional office setting for at least 50 percent of the time, and are not freelancers (referred to as “employees” throughout).

We learned that although nearly all employees (98 percent) say their privacy is important to them, the majority (60 percent) have used their personal device in some way while connected to their company’s WiFi, which potentially sacrifices that privacy while at work. Here’s a look at the results and how employers can protect themselves against excess data proliferation.

Check out the full report for more insight into the data, a method statement for the survey, and more insights.


Guest Post – Information Governance and the Social Enterprise

Information Governance and the Social Enterprise
by Robert Cruz, Senior Director, Product Marketing of Actiance, Inc.

Another terrific gathering of information governance and records management thought leaders at the MER Conference and the IGI’s awesome Chief Information Governance Officer (CIGO) Summit in Chicago.

MER provided a great opportunity to present our thoughts on “Information Governance and the Social Enterprise”, reflecting upon the massive changes underway in the ways that organizations are communicating and collaborating through tools like Slack, WeChat, Skype for Business, and a dizzying number of new messaging tools appearing almost daily. This was not exactly mainstream MER content, leading to quite a few comments and inquiries before the session along the lines of:

“what does social media have to do with records management?”

“is there an information governance for the anti-social enterprise?”

“we don’t govern social content… our policy is to block it”

Which I attempted to address during the session, and will summarize here.

Key Point 1: Your employees are using LinkedIn, Twitter, Skype for Business – and WhatsApp and WeChat.

Today, more organizations are sanctioning the use of LinkedIn to reach prospects. They’re enabling Skype for Business conversations with customers that include video, voice, messaging, and app sharing. They are engaged in selling efforts with information delivered uniquely across mobile devices. In fact, one major bank indicates that they sent more IM than email last year. A recent survey from PwC indicates that more than 40% of respondents indicated a social media presence is important in their choice of a health care provider. And, today, WeChat has over 1 billion users around the world. Great, but why does this matter? It matters because governance is about managing information according to its value or risk. And the reality today is that more firms and employees are communicating and collaborating on channels outside of managed email and content management repositories – in some cases over channels that are not currently under governance controls.

Key Point 2: This is not just an issue for regulated companies. Business records are everywhere.

The idea that one can control social media or encrypted instant messaging tools is a new concept for some. And while it is true that regulated firms have progressed further with the idea of proactively capturing these non-email content sources to meet industry retention requirements, they are not alone. Public corporations should take note of SEC regulation Fair Disclosure (FD) and the case of Netflix. All organizations are no doubt aware of employment and contract laws and personal data privacy protections. The key point being that social content can not only trigger regulatory action based upon misuse, but also as a source in US civil litigation where judges are ruling that social and messaging sources are discoverable, and where those who haven’t taken appropriate steps to preserve these sources have suffered the consequences. Unfortunately, the reality of business records expressed as 140 character Tweets has arrived (and, yes, even excluding those emanating from Pennsylvania Avenue at 2:30am)

Key Point 3: Your policies should be applicable to your communication tools.

Have you touched your employee communications or records retention policies lately? If not, it may be time to ensure that your policies are keeping up with the ways individuals are doing their job today. Policies designed for email may need to reviewed to ensure these rich tools can be used by specific job holders. Similarly, retention policies may be worth a touch up as you consider the possibility that a conversation that includes information covered under a non-disclosure may be taking place right now on Skype for Business.

Key Point 4: Your governance tools must be designed for today’s communications.

Equally important, organizations should be asking whether the technologies they currently use to capture, retain, supervise, and discover business records (or data that might be responsive to civil litigation) were designed for the communications of a different era. Those continuing to leverage technology designed 10-15 years ago may be in for a big headache the first time a large legal matter or regulatory inquiry arrives that requires the review and production of social media, instant messaging, or voice communication.

We look forward to continuing to help organizations meet these new InfoGov challenges created as your organization’s patterns of communication and collaboration continue to evolve.