In the wake of the Cambridge Analytica scandal, restrictions on monetization of personal information (aka PI or PII) are coming to California in 2020. The California legislature unanimously passed a historic bill to adopt many of the core privacy principles of the EU General Data Protection Regulation (GDPR) for California consumers. The bill was fast-tracked into law in order to avoid the likely passage of a more rigorous ballot initiative in the November election.Read More
In December 2015, the electronic discovery provisions of the Federal Rules of Civil Procedure (FRCP) were amended to substantially expand the Safe Harbor against sanctions for destruction of electronic data. In my November 2015 white paper, C-Level Guide to Covering Your Information Governance Assets, I predicted that the amended rules signaled a pivot away from one of the main sources of eDiscovery uncertainty - the inconsistent imposition of severe sanctions for the loss of electronically stored information relevant to dispute resolution. The prediction holds.Read More
Many of us have a closet, attic, or even a basement corner for all the things that we’re not using but just aren’t ready to throw away quite yet. We just assume we’ll get to sorting what stays and what goes some other day.
The same is true for businesses – and usually the larger the enterprise, the more dark data they have. Many IT departments are burying huge amounts of data, resulting in digital mountains that are increasingly unwieldy to manage, let alone easily search through when key data discovery is needed.
Does your IT organization fit this description? If so, it’s time to recognize you have a problem. It’s called digital hoarding. You, my IT friend, are a data hoarder.
Given the great highs and lows experienced by financial institutions over the past 10 years, there’s no doubt that today’s industry is highly resilient.
The same is also true for the industry’s IT teams. In the past, IT has been routinely asked to navigate everything from mergers & acquisitions to sophisticated security threats and emergent application demands from a fast growing segment of mobile consumers.Read More
A document retention policy is in reality a document destruction policy. Therefore, a key reason for an organization to adopt a document retention policy is to establish a program for the deletion/destruction of information that is not required for business, regulatory and other needs. This reality is made necessary by the fact that digital information is growing at an unprecedented rate and that much of it is contained in “unstructured” storage such as email, SharePoint and shared network drives. Data hoarding not only increases direct information technology costs but it presents other substantial risks and costs to an organization ranging from discovery of “smoking gun” documents during investigation, litigation or audit; to reputational damage from information security breaches (hacking).Read More
In 2005 the ABA Business Law Section published a short book titled, Sailing in Dangerous Waters: A Director’s Guide to Data Governance. It warned in stark terms:
Those Directors who defer or delegate to specialized personnel their understanding and command of data governance will be at increasing risk of incurring personal liability for failing to fulfill their fiduciary duty of care to ensure that their companies comply with rapidly emerging legal requirements concerning deficiencies in data governance.[i]Read More
Gartner defines Information Governance as an accountability framework that includes the processes, roles, standards, and metrics to ensure the effective and efficient use of information in enabling an organization to reach its goals. One of the core requirements of a legally defensible Information Governance program is a reasonable and consistently applied Records & Information Management system (“RIM”). Accountability and defensibility hinge on the ability of an organization to govern its information in all formats and on all media, and to ensure or prove that it is compliant with all legal requirements.
Many companies are making significant investments in information governance because they understand the critical importance of a sound information governance policy. For some in highly regulated industries like Life Sciences and Finance, however, the concept of data governance (and IT’s role in implementing it) carries even greater importance.
How successful is your organization when it comes to implementing your data governance strategy? If you’re like most companies – not so good:Read More
When employees first began using corporate email and content management systems to communicate and share their ideas, little did IT teams know what they had in store. In “store” being the operative word.
Such systems like Microsoft Exchange and Microsoft SharePoint would soon take exponentially larger and larger bites out of the storage available on a whole range of corporate servers, file shares and, even, enterprise storage networks.
IT teams soon had a real mess on their hands. Frequent requisition requests for new storage capacity weren’t usually greeted well by budget owners. Then, there was the on-going time required from IT to help “discover” key content of older emails or files--in keeping with various compliance, legal or audit requirements.
“Microsoft Exchange and Microsoft SharePoint would soon take
exponentially larger and larger bites out of the storage available…IT teams soon had a real mess on their hands”
For highly regulated industries, like those in Life Science or Financial Services, the need to effectively track, preserve and discover data became even more critical.Read More
IT teams in most Life Science organizations have an unending To-Do list of projects to tackle. Their hands are full with various initiatives to support growth mandates while adjusting and keeping up with constant change in this highly competitive, fast-paced industry. While maintaining an eye on industry trends is necessary, fundamental IT work remains. This is the keep-the-lights-on type of work that falls under the not so sexy, but very important category of “data governance.”
Keeping IT’s Head Above Governance Waters. . .
For IT teams struggling with growth initiatives, mounting and ever-changing regulations cannot be ignored. Data privacy, security and compliance must still be assured. Protection from potential data breach is critical and efforts to ensure proper data audit trails, unquestioning data integrity, and effective data lifecycle management are ongoing.
This includes the sorting and classification of all your dark data with proper controls, where needed. This includes unstructured or semi-structured data still lurking about in your company’s file shares, SharePoint servers and email system.
How can IT achieve the right balance between its long list of growth and data governance projects? And, how far is far enough when it comes to governance?
We don’t presume to have all the answers. But, our experience with Life Science organizations gives us some perspective as well as a few, proven governance rules-of-thumb to help keep your IT team sane.Read More