P.S. My youngest son read my last post, 2016: Blinded by the Likes, and said it was “OK” (high praise). He added, though, that I was missing the generational angle. Bear in mind, this is a 22-year-old who added to his browser the Chrome extension that replaces the word “Millennial” wherever it appears with
2016: Blinded by the Likes
I put off writing this post for months, because I found the April news item so profoundly disturbing. But as I reflect on the past year, now that 2016 has finally come to a close, it strikes me that one detail of this news story metaphorically captures a deep and troubling problem in our technology-fueled, dysfunctional relationship with information.
On February 27, in Columbus, Ohio, 18 year-old Marina Lonina used Twitter’s Periscope app on her phone to live-stream the rape of a 17 year-old high school friend. The live video lasted at least 10 minutes, with no sign of Lonina doing anything of consequence to help her friend. It took someone viewing live in another state to notify the authorities.
This is not a post about how crimes are increasingly captured through live streaming apps like Periscope. Instead, what makes this story so chilling is the explanation for why Lonina didn’t try to stop the rape, while her friend was heard repeatedly saying “Please stop,” and “Please no.”
As reported by the New York Times, “Mr. O’Brien, the prosecutor, said Ms. Lonina had apparently hoped that live-streaming the attack would help to stop it, but that she became enthralled by positive feedback online.” According to the prosecutor, “She got caught up in the likes.”
Continue Reading 2016: Blinded by the Likes
Roundups and records—it’s still the Wild West in 2016
As a horsewoman, I have followed the plight of the American Mustang in recent years, and I am once again struck by parallels with the management—or lack thereof—of information. Good intentions, poor execution. Hopes that the problem would disappear. Management by crisis. Inattention leading to untenable yet continuing costs. Fighting factions with competing agendas and differing views of the facts, with no resolution.
A little background:Continue Reading Roundups and records—it’s still the Wild West in 2016
Why govern your information? Reason #8: It can build – or bust – your brand
The “business case” for information governance often focuses solely on quantifying specific costs for data management and exposures for data security and ediscovery. Number crunching is of course important, but it misses something bigger, more strategic, and ultimately more crucial to the organization – its brand. Companies, regardless of industry, are fundamentally in the information business. It follows that how an organization manages its information assets reveals how the organization manages itself. And that matters, a lot, because companies that align themselves with their brand, achieving brand discipline, are more successful.
Continue Reading Why govern your information? Reason #8: It can build – or bust – your brand
Why govern your information? Reason #9: Unnecessary business data multiplies data security exposures
Having too much data causes problems beyond needless storage costs, workplace inefficiencies, and uncontrolled litigation expenses. Keeping data without a legal or business reason also exacerbates data security exposures. To put it bluntly, businesses that tolerate troves of unnecessary data are playing cybersecurity roulette … with even larger caliber ammunition.
Continue Reading Why govern your information? Reason #9: Unnecessary business data multiplies data security exposures
The crystallization of discontent: Finding the uber-ROI for information governance
Most enterprise information governance initiatives are event-driven: an expensive lawsuit, a system migration, a board or regulatory inquiry, a corporate move, and so on. Though there’s nothing wrong with being opportunistic in making IG progress, it can sometimes be too little, too late when a cybersecurity breach or some catastrophic event shines the light on decades of inattention. How then do we become more proactive in improving how we manage information—arguably any company’s most valuable asset?
Inertia is a powerful thing. It keeps us from exercising regularly, from cleaning the garage, and myriad other “honey do’s.” Not to mention the personal distractions of football, basketball, kids’ soccer, social media, Internet surfing, and just plain hanging out. When we translate this combination of inertia and distraction to the workplace, however, our “home” selves get in the way of our “business” selves and organizational best interest. It’s just too easy to put off examination of what is an increasingly consequential business need: ensuring compliance, managing risk, and extracting value from our information. Effort is required.Continue Reading The crystallization of discontent: Finding the uber-ROI for information governance
Sticks and stones may break my bones, but words will never hurt me….
At least, that is, unless overheard, written, or recorded. Just ask anyone following the presidential campaigns. Absent concrete evidence, spoken words evaporate and any discussion of them quickly devolves into the type of “he said, she said” game usually seen in low-budget television courtroom dramas and on playgrounds. A few weeks ago, my colleague Peter Sloan posted All we really need to know about Information Governance we learned in kindergarten. Let’s ponder an additional learning point from Mr. Fulgham:
When you go out into the world, watch for traffic.
Continue Reading Sticks and stones may break my bones, but words will never hurt me….
Why govern your information? Reason #10: It’s a when, not if, world for data breaches
Being a CISO is a tough gig. The perpetual deluge of news items on hack after hack, breach after breach, has finally conveyed that data security is an imperative for all companies, large and small. But the perception still lingers that the Chief Information Security Officer (or the InfoSec team) will single-handedly prevent breaches at “our” company – and if one should occur, will take care of the response. For some CISOs, it may feel like High Noon, all over again.
This is unfair to the CISO, and wrong on at least two counts. First, regardless of the CISO’s job description, the full range of cyber risk exceeds the scope of the CISO’s practical control. Second, effective breach response requires up to ten channels of coordinated activity, and nine of the ten fall outside of the CISO’s authority.Continue Reading Why govern your information? Reason #10: It’s a when, not if, world for data breaches
Why govern your information? Reason #11: Thousands of federal and state records retention laws apply to your company
Dr. Stephen Covey reminded us that “important” is not the same thing as “urgent.” Records retention reminds us that important is not the same thing as exciting. I get it – records retention schedules are boring. But the fact remains that literally thousands of records retention requirements apply to your organization’s information. I know, because my firm finds and tracks these laws as part of our many years of retention schedule work for clients across industries. And your regulators expect you to know them too.Continue Reading Why govern your information? Reason #11: Thousands of federal and state records retention laws apply to your company
Why govern your information? Reason #12: Unnecessary business data causes unnecessary litigation costs
“If your clients don’t have a records management system, they may as well take their money out into the parking lot and set it on fire.”
– U.S. District Court Magistrate Judge John Facciola (now retired, and missed)
We all know that ediscovery is expensive, and various research reports have so confirmed. The 2012 Rand study, Where the Money Goes: Understanding Litigant Expenditures for Producing Electronic Discovery, found that median costs for collection, processing, and review are $17,507 per gigabyte (roughly 3,500 documents or 10,000 e-mails). The math is not pretty – a case involving 482 GBs of source data could exceed $8 million in ediscovery costs.
And on top of that are preservation costs. The 2014 Preservation Costs Survey demonstrated that large companies incur significant fixed costs for preservation (for in-house ediscovery personnel and also for procurement and maintenance of legal hold management and data preservation technology systems), averaging $2.5 million annually. More significant is the cost of employee time lost in complying with legal holds. While companies with up to 10,000 employees incur the average time cost of over $428,000 per year, costs for the largest companies exceed $38 million per year.
There is indeed great complexity in how to cost-effectively process huge amounts of data through the ediscovery funnel. Tighter management of ediscovery processes is important, and TAR continues to be a promising alternative to traditional review, with significant cost-savings potential.
But as we ponder how to cut costs, let’s not forget to use Occam’s razor:
Continue Reading Why govern your information? Reason #12: Unnecessary business data causes unnecessary litigation costs