1 ©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
The merger of information governance and records and information management
Randolph Kahn, Esq.Kahn Consulting
What Do You Do for a Living?
“More than 3 years after the Sept. 11 attacks, more than
120,000 hours of potentially valuable terrorist-related
recordings have not yet been translated …and computer
problems may have led the bureau to systematically erase
some Qaeda recordings…[t]he investigation found that
limited storage capacities in the system meant that older
tapes had sometimes been deleted automatically to make
room for newer materials, even if the recordings had not
yet been translated”
Information Perfect Storm
3
Volume
988 exabytes of new data 2010
200+ billion email per day
Value
All kinds of business being done
More laws and regulations
Liability
Greater downside
Info mismanagement ubiquitous
SO what do you do in a down economy with less IT budget
After funneling billions in investor money… Fairfield …is offering up its explanation to investors . . . firm supplied falsified trading documents. . . what now appear to have been fake electronic records…
WSJ, 3/2/09
“making patient data more accessible has the unpleasant side effect if it potentially falls into the wrong hands” WSJ, 3/4/09
How Do You Define Success?
Intelligence Agencies’ Databases to Be Linked
“… nearly five years after the intelligence community was rebuked by the 9/11 commission for failing to “connect the dots” and detect the attack…New technology is addressing a more basic problem…Spies often have trouble emailing colleagues…email addresses aren’t readily accessible, and messages sometimes get eaten by security filters.“Today, an analyst’s query might scan only 5% of the total intelligence data in the U.S. government, said a senior intelligence official. ” WSJ 2/22/09
“If we aren't
supposed to eat animals, why are
they made with
meat?”
Let’s Level Set—True or False
•IT cares about the value of information in their systems?
•Back up is the same as records retention?
•Bad info management practices means responding to document requests in a lawsuit is super duper fun?
•IT buys technology today without considering its legal and compliance needs?
•Discovery is the act of finding something really great in places you never imagined?
“I think
people tend
to forget that
trees are
living
creatures.
They're sort
of like dogs.
Huge, quiet,
motionless
dogs, with
bark instead
of fur.”
Jack Handy
What Is Compliance?
“Compliance” is conformity with some criteria
•Sources of compliance criteria
•Laws & regulation (SEC, Sarbanes Oxley, Part 11)
•Industry standard (ANSI, ISO)
•Company policy (RM, E-mail, Privacy, IT Security)
•Best practice
“Data Breach at Army Hospital
Sensitive information on about 1000 patients…was exposed”WSJ June 3, 2008
“Smoking kills. If you're
killed, you've lost a very
important part of your life.”
Brooke Shields
What Does Failure Look Like?
“In an Aug. 15, 2005, voicemail messages addressed to company salespeople, an …employee… followed up on a “weight and diabetes sell sheet” they had recently been sent.” “…the document written by Dr. Geller doesn’t accurately reflect the company’s position in 2000. In fact, it was not Dr. Geller’s ultimate view either. It was an initial draft for discussion purposes.” “In response to a plaintiffs’ attorney’s question, Dr. Geller responded that the statement was “an artifact of an earlier discussion document.” WSJ 2/27/2009
“Bank of America
Subpoenaed on Bonuses”
WSJ 2/27/2009
Information Management Compliance
1. Policies and Procedures
2. Executive Responsibility
3. Delegation
4. Communication and Training
5. Auditing & Monitoring
6. Consistent Enforcement
7. Continuous Improvement
“A corporation can act through natural persons, and it is therefore held responsible for the acts of such persons…on the other hand in certain circumstances, it may not be appropriate to impose liability upon a corporation, particularly one with a compliance program…”
U.S. Dept. of Justice
“When you come to a
fork in the road, take it.” Yogi Berra
Key 1: Policies and Procedures
•GOOD directives
•Policy v. procedures
•Tells employees what to do
•Tells the “world” you care
•Change only when needed
“Thus, the court has already found, as a matter of fact, that Rambus anticipated litigation when it instituted its document retention program” Rambus v. Infineon
"There Are Three Kinds of People -Those Who Can Count and Those Who Can't”
In Fund-Fee Case, Emails May Hold KeyWSJ, 7/17/09
Different Policies for Different Uses
RIM
Disaster Recovery Back up
Storage
Discovery
“ Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy.“
Albert Einstein FDA Says Cookie Dough . . . has tested positive for E.coli … FDA has been examining…records. WSJ, 6/30/09
“..In an employment discrimination suit ... the employer sent the policy to the employee via a mass email containing two links to the policy and did not require any further action ... the employee claimed that he received a large volume of mass company emails daily and that he could not specifically remember the arbitration policy. Although an email ‘tracking log’ indicating the time and date that the employee opened the email, the employer could not prove that the employee had actually read the email or clicked on the links. The court determined that the mass email did not constitute sufficient notification and further admonished the employer for not taking ‘the incredibly simple and inexpensive step of configuring their system to log when and if employees clicked on the links.’" Campbell v. General Dynamics
Policy Changes to Reflect Business Reality?
YOU MAKE THE CALL:
As volume and value of email goes up, new policy should dictate:
A. All email will be purged
B. All email will be “retained”
on back up tapes forever
C. Make a PST of everything
before the CIO, the rat that she
is no longer allows you
“ . . .we see no evidence of fraud or badfaith in a corporation destroyingrecords if it is no longer required bylaw to keep and which are destroyed inaccord with its regular practices. As wehave previously observed, storage ofrecords for big or small businesses is acostly item and destruction of recordsno longer required is not in and ofitself evidence of spoliation.”
Moore v. General Motors
If a wolf can take down a deer from either flank, does that make him bambidextrous?
Does Policy Dictate In-house or Outhouse
Where do you keep your information
Cloud Computing
Software as Service
ASPA computer once beat me at chess, but it was no match for
me at kick boxing.
“Gmail Glitch Shows Pitfalls: Failure Spurs Concern Over Reliability of Online Software” WSJ 2/26/09
PayPal Users Hit
by Global Service
Outage
WSJ, 8/4/09
Key 2: Executive Responsibility
•Only way to ensure consistency across enterprise
•Policy does not happen from below
•Sets the tone for corporate culture
•Holds the purse stringsThe man who smiles when things go wrong has thought of someone to blame it on.
Robert Bloch
Will they listen:
As CEO, I want to remind you that our Records Management and Legal Hold Policies require that you retain records and preserve any information that may be needed for a lawsuit…
As Records Manager, I want to remind you that our Records Management and Legal Hold Policies require that you retain records and preserve any information that may be needed for a lawsuit…
Executives Pay the Price
Danis v USN court addresses CEO's failures:
CEO “personally took no affirmative steps to ensure that the [document retention] directive was followed.”
He did not direct that the company “implement a written, comprehensive document preservation policy, either in general or with specific reference to the lawsuit.”
He “did not instruct that any e-mail or other written communication be sent to staff to ensure that they were aware of the lawsuit and the need to preserve documents.”
I am not a vegetarian because I love animals;
I am a vegetarian because I hate plants.
Whitney Brown
Key 3: Delegation of Responsibilities
Notice to IT Department:
Please be advised that the Legal Hold Policy mandates thatall those in the care, custody and control of potentiallyrelevant electronically stored information and othertangible objects musts be properly garnered and thereafterpreserved for threatened or imminent formal matters…
Danis Case (Continued)
The lawyers did “nothing to ensure that all. . . employees
who handled documents that might be discoverable were
aware of the lawsuit and the need to preserve documents.”
Directors failed to take, “any active role in implementing a broader preservation policy,” and did not follow up with the CEO “to determine if their directive had been implemented.”
“Son, if you really want something in this life, you have to work for it.
Now quiet! They're about to announce the lottery numbers.”
Homer Simpson
Key 4: Communication and Training
• Messaging of changes or position on a topic
• Tells employees what to do and how to do it
• Should be on-going
• May provide the only protection to the institution.
Which message has the desired effect?
A. “The records management policy helps the company increase productivity and save money…”
B. “Do it, if you want your check…”
C. “Following the records management policy helps you manage your work load and allows the company be a more efficient business by having ready access to customer information, which in this environment may be the difference between winning
Key 5: Auditing and Monitoring?
“…Bloomberg News reported over the weekend, Intel’s general counsel stated that e-mails for 151 employees who were to have been instructed to retain them as possible evidence in the AMD antitrust trial were lost by virtue of a single IT manager misreading a spreadsheet where the employees’ names were first distributed”
BetaNews 3/19/ 2007
“Fluor's e-mail retention policy provided that backup tapes
were recycled after 45 days. If Fluor had followed this
policy, the e-mail issue would be moot. Fluor does not explain
why, but it maintained its backup tapes for the entire 14-
month period.” Murphy Oil v. Fluor Daniel
Key 6: Consistent Enforcement
“I dream of a better tomorrow, where chickens can cross the road and not be questioned about their motives.” “For companies, A Tweet in Time Can Avert a PR Mess” WSJ Aug, 3, 2009
“New technology to help marketers and media companies send videos via email.” WSJ, April 2 , 2009
Can you make these seemingly inconsistent statements work with a simple policy fix?
“We manage information in a medium independent way, so that company records may be in any electronic system”
“The company voicemail system will be purged in the ordinary course of business every 30 days”
Bring “Old School” Business Rules Forward
When mere data becomes information requiring real management
“The program …is aimed not at consumers, but at sales staff, accountants, and others who need to mash up data from different sources to solve business problems.” “Do The Mash” New York Times
“Obama Announcement by Text Sends Message About Medium”
WSJ Aug. 23, 2008
Key 7: Continuous Improvement
You Make The Call?
“For this lawsuit, back-up tapes of all email are to be preserved until further notice”, even though policy states that back-up tapes are to be used for disaster recovery purposes only and should be purged after 30 days.
“Please be advised that accounting records will be retained on back-up WORM disks and thereafter select records will be purged when their period of retention has been met.”
“If you rob a bank and your pants fall down, its OK to laugh, and its OK to let your hostages laugh too, because come on, life is funny.” Jack Handy
Manage “Under One Roof”
“I find that the further I go back, the better things were, whether they happened or not.”
Mark Twain
Increasingly, knowing what information exists and where, is no small challenge
Having as much “under one roof” is better for management
Fewer technologies allows for better use of resources
Conclusions
• Simplify(people, process &technology)
• Manage the content
• Use fewer technologies more efficiently
• Anticipate problems
• Compliance methodology may be difference between winning and losing
"Why does Sea World have a seafood restaurant? I'm halfway through my fish burger and I realize, Oh man ... I could be eating a slow learner.”
Thanks
He who laughs last didn't get it.
Randolph A. Kahn, ESQ.
847-266-0722 www.twitter.com/InfoParkingLot
Q&A
25 ©2010 Hewlett-Packard Development Company, L.P.
To learn more on this topic, and to connect with your peers after
the conference, visit the HP Software Solutions Community:
www.hp.com/go/swcommunity
26
Top Related