A Roadmap for Effective Information Governance · 2019-05-10 · JANUARY/FEBRUARY 2013 INFORMATIONMANAGEMENT 1 4 IN FOCUS A Message from the Editor 6 UP FRONTNews, Trends & Analysis

A Roadmap for EffectiveInformation Governance

Page 27

Thinking Outside the Box:Use Predictive Coding

as a RIM ToolPage 30

Page 22

Page 22

JANUARY/FEBRUARY 2013 INFORMATIONMANAGEMENT 1

4 IN FOCUS A Message from the Editor

6 UP FRONT News, Trends & Analysis

Z

22 Rolling the Dice with Predictive Coding: Leveraging Analytics Technology for Information GovernanceLeigh Isaacs

27 A Roadmap for Effective Information GovernanceSam McCollum

30 RIM FUNDAMENTALS SERIESThinking Outside the Box: Use Predictive Coding as a RIM ToolDoug Smith

34 GENERALLY ACCEPTED RECORDKEEPING PRINCIPLES® SERIES The Principles at Work in Cargill: Tools for Assessment, CommunicationJulie Gable, CRM, CDIA, FAI

38 TECH TRENDS Fellows Forum Provides Snapshot of E-Records Management in OrganizationsSusan Cisco, Ph.D., CRM, FAI; Fred Diers, CRM, FAI; April Dmytrenko, CRM, FAI; John Isaza, Esq., FAI; Dave McDermott, CRM, FAI; John Montaña, J.D., FAI; and Wendy Shade, FAI

42 IN REVIEW Drowning in Information: Proactively Managing the OnslaughtSheila Taylor, CRM

43 IN REVIEW Needed: An Information ConsultantClare Cameron

44 IN REVIEW The Shifting Landscape of Electronic Personal InformationAndrew Altepeter

47 AUTHOR INFO

48 ADVERTISING INDEX

DEPARTMENTS

FEATURES

SPOTLIGHTS

CREDITS

JANUARY/FEBRUARY 2013 VOLUME 47 NUMBER 1

22 27 30

Publisher Marilyn Bier

Editor in Chief Vicki Wiler

Managing Editor Amy Lanter

Contributing Editor Cyndy Launchbaugh

Art Director Brett Dietrich

Advertising Sales Manager Elizabeth Zlitni

Editorial Board Barbara Benson, Director, Records Management Services,University of Washington • Alexandra Bradley, CRM, President, Harwood Informa-tion Associates Ltd. • Marti Fischer, CRM, FAI, Corporate Records Consultant,Wells Fargo Bank • Paula Harris, CRM, Director, Global Records Management,Georgia Pacific • John Montaña, J.D., FAI, General Counsel, Montaña and Associ-ates • Preston Shimer, FAI, Administrator, ARMA International Educational Foun-dation

Information Management, (ISSN 1535-2897) is published bimonthly by ARMA Inter-national. Executive, editorial, and advertising offices are located at 11880 College Blvd.,Suite 450, Overland Park, KS 66210.

An annual subscription is included as a benefit of membership in ARMA International. Non-member individual and institutional subscriptions are $140/year (plus $25 shipping todestinations outside the United States and Canada).

ARMA International (www.arma.org) is a not-for-profit professional association and theauthority on managing records and information. Formed in 1955, ARMA International isthe oldest and largest association for the records and information management profes-sion with a current international membership of more than 10,000. It provides education,publications, and information on the efficient maintenance, retrieval, and preservation ofvital information created in public and private organizations in all sectors of the economy.

Information Management welcomes submissions of editorial material. We reserve theright to edit submissions for grammar, length, and clarity. For submission procedures,please see the “Author Guidelines” at http://content.arma.org/IMM.

Editorial Inquiries: Contact Amy Lanter at 913.217.6007 or by e-mail at [email protected].

Advertising Inquiries: Contact Karen Lind Russell or Krista Markley at 888.277.5838(US/Canada), +1 913.217.6022 (International), +1 913.341.3742, or e-mail [email protected].

Opinions and suggestions of the writers and authors of articles in Information Manage-ment do not necessarily reflect the opinion or policy of ARMA International. Acceptanceof advertising is for the benefit and information of the membership and readers, butit does not constitute official endorsement by ARMA International of the product orservice advertised.

© 2013 by ARMA International.

Periodical postage paid at Shawnee Mission, KS 66202 and additional mailing office.

Canada Post Corp. Agreement No. 40035771

Postmaster: Send address changes to Information Management, 11880 College Blvd.,Suite 450, Overland Park, KS 66210.

2 JANUARY/FEBRUARY 2013 INFORMATIONMANAGEMENT

GET MORE ONLINE

INFORMATIONMANAGEMENT

WWW.ARMA.ORG


If you haven’t already respondedto the recent e-mail notificationabout the digital edition of this

issue of Information Management(IM) magazine, you’re in for a sur-prise when you do: we havelaunched a new and improved dig-ital version that uses Flip Booktechnology.

You’ll find this digital magazineis user-friendly and packed withfeatures, including hyperlinkedURLs, sticky notes, favorite flags,content and advertiser menus, andoptions to e-mail it, download it toyour local device as a PDF, or printit. You also have the option to cus-tomize your settings. For example,if you don’t like the page-flippingsound, you can turn it off.

Take IM magazine wherever yougo. It can be viewed using flash orHTML, and it can easily be readwith tailored mobile apps that op-timize the content for iPads,iPhones, Android, and Kindle de-vices. The app feature respectsyour space – storage space that is.This means fast downloading thatallows you to begin exploringquickly.

Go ahead and share! The FlipBook can be shared easily amongall types of social media sites. Thisis only the beginning. We will con-tinue to enhance your experiencewith the Flip Book by adding moreinteractive features as time goeson. We hope having this new tool atyour fingertips will make it eveneasier to keep up with the latest in-

these tools.This issue wraps up with a snap-

shot of the state of e-records man-agement, which is based on theinteractive discussion and pollingthat took place at the Fellows ofARMA International (FAI) Forumat the 2012 ARMA InternationalAnnual Conference & Expo. Whilethe FAI panelists were encouragedto discover that IT, legal, andrisk/compliance are collaboratingmore with RIM in IG efforts, theylearned that many organizationsare still struggling with many as-pects of e-records management.

I should mention one more im-portant feature of our digital mag-azine: the e-mail button. With oneclick, you can send me an e-mail toshare what you would like to see inIM this year. Please do! END

Amy LanterManaging Editor

dustry trends and cutting-edge con-tent that will help you continue togrow in your profession.

One of those trends that is get-ting a lot of attention these days isthe use of predictive coding and an-alytic technologies. Though devel-oped primarily for use ine-discovery, predictive coding hasthe potential to be used for other in-formation governance (IG) pur-poses. In this issue’s RIMFundamental Series article, DougSmith provides a primer on predic-tive coding. Leigh Isaacs takes it tothe next level with our cover arti-cle, describing how predictive cod-ing can be leveraged for such thingsas data security, remediation, andclassification.

Sam McCollum provides yet an-other tool for more effective IG – a13-step process for developing astrategic information managementroadmap and plan, which he de-scribes as the foundation for the IGfunction. You’ll discover that thisprocess depends heavily on theGenerally Accepted RecordkeepingPrinciples® (the Principles) and theInformation Governance MaturityModel (Maturity Model).

Another thing that depends onthe Principles and Maturity Modelis the IG program at Cargill, one ofthe largest privately held compa-nies in world. Julie Gable, CRM,CDIA, FAI, interviewed Cargill’sglobal records and informationmanager, Cheryl Pederson, CRM,FAI, to find out how Cargill uses

2013 Tech Trends for Information Governance – and for IM

A Message from the Editor

News, Trends & Analysis

In a public July 2012 letter toSen. Charles E. Grassley (R-Iowa) on behalf of a former

long-time Securities and ExchangeCommission (SEC) official, theSEC said it had violated federallaw by destroying financial recordsrelated to investigations of variousfinancial institutions from 1993 to2010. The 9,000 records in questionpertained to the initial investiga-

GOVERNMENT RECORDS

Audit Faults SEC’s Records Management Practices


con-flictedwith fed-eral law re-quiring suchdocuments to be retained for 25years.

SEC spokesperson John Nestertold The Washington Post that theagency changed the policy in 2011,requiring employees to follow theagency’s records management pol-icy. He also pointed out the reten-tion requirements “pertain todocuments that meet the definitionof a record, not every documentthat comes into an agency’s posses-sion in the course of its work.”

Former SEC enforcementlawyer Darci Flynn contacted theNational Archives and Records Ad-ministration (NARA) last year.NARA responded with an audit ofthe agency’s records managementpractices.

NARA released its findings inan audit report dated September30, 2012. According to GovernmentExecutive.com, the report faultedthe SEC for unclear records man-agement policies and inadequateemployee training. The audit find-ings reportedly included 12 recom-mendations, including more visitsto offices by records managementspecialists, better internal docu-ment controls, and policy trainingin records retention. An imple-mentation plan was due before theend of 2012.

tion of institutions that reportedlyincluded Goldman Sachs, Bank ofAmerica, Morgan Stanley, andWells Fargo.

The documents were shreddedin compliance with an SEC policyin effect during that time periodthat stated that documents relatedto an inquiry that didn’t become anofficial investigation should be de-stroyed. Unfortunately, that policy

DATA SECURITY

Android Apps May Leak Personal Data

German security researchers recently determined that some An-droid applications may pose certain serious security risks.

Researchers at the Leibniz University of Hanover in Ger-many studied the potential security threats posed by some Android ap-plications that use Secure Sockets Layer and Transport Layer Security(SSL/TLS) protocols to protect data transmissions. According to thestudy report that was released in October 2012, “Why Eve and MalloryLove Android: An Analysis of Android SSL (In)Security,” researchersspecifically looked at 13,500 popular free apps in Google’s Play Marketbecause “the lack of visual security indicators for SSL/TLS usage andthe inadequate use of SSL/TLS can be exploited to launch man-in-the-middle (MITM) attacks.”

Using MalloDroid, a tool researchers built to detect po-tential vulnerability against MITM attacks, theydetermined that 8% of the apps contain code thatcould be vulnerable. No actual attacks have beenreported; however, the researchers concludedthe potential is definitely there.

According to the researchers’ report, thereare a variety of ways to minimize the prob-lem of unencrypted traffic or SSL misuse.

They can be categorized into three groups: (1)solutions integrated into the Android operating

system, (2) solutions into app markets, and (3) standalonesolutions.

The MalloDroid web app is an example of a standalonesolution that the researchers intend to make available to Androidusers.


DATA SECURITY

India to EU:Declare Us Secure

India has asked the EuropeanUnion (EU) to formally recog-nize India as a data-secure

country. The Times of India re-ported the issue came up fordiscussion in a recent meeting be-tween Commerce and IndustryMinister Anand Sharma and Algir-das Semeta, the European Com-missioner for Taxation andCustoms Union, Audit and Anti-Fraud.

The issue is an important pointof contention in the proposed Bilat-eral Investment and ProtectionAgreement (BITA), a free tradeagreement between India and theEU that has been in negotiationsince 2007.

Sharma pointed out that India’saccess to the EU market dependson it being declared data secure.The lack of such recognition pre-vents the flow of sensitive data, in-cluding patient information fortelemedicine, to India under cur-rent EU data protection laws.

“It is our clear analysis that ourexisting law does meet the requiredEU standards. We would urge thatthis issue is sorted out quickly andnecessary comfort in declaringIndia data secure in overall senseneeds to be given as almost all themajor Fortune 500 companies havetrusted India with their criticaldata,” Sharma said in an official

statement.The EU is reportedly undertak-

ing a study to determine whetherIndia’s laws do indeed meet theEU’s directive.

According to The India TimesOctober 18, 2012, article, lifting thedata flow restrictions on Indiawould significantly increase India’s$100 billion IT business processesoutsourcing industry; 30% of the in-dustry’s exports are to the Euro-pean market.

CLOUD COMPUTING

The State ofCloud Computingin Canada

The 2012 CloudLaunch con-ference held in mid-October2012 in Ottawa was gener-

ally regarded as a frank and, at

times, divisive discussion of what itwill take to advance the adoption ofcloud computing in Canada.

Andrew Fisher, executive vicepresident at Wesley Clover, wasquoted in an October 16, 2012, blogposting by expertIP editor ShaneSchick as saying the biggest barrierto adoption is a lack of interest fromorganizations, including the gov-ernment, to stimulate the purchaseof cloud computing services.

According to the blog post,Misha Nossik, chief technology offi-cer of Afore Solutions and founderof the Ottawa Cloud Council, sug-gested that government chiefinformation officers (CIO) are moreconcerned with protecting theirbudgets than embracing the cost-savings cloud computing can offer.Some feel, however, that cloud com-puting will never take off in the pri-vate sector until the governmentembraces it.

Schick contended that “adop-tion in Canada won’t get much far-ther unless CIOs and vendors canforge a new kind of trusted part-nership, one that looks a lot differ-ent in a world of ongoing servicesthan it did in the previous one ofon-premise sales.”

This will be a serious test tothose vendor relationships, Schickadded. A test they can’t afford tofail.


Agood defense isn’t enough when it comes to ensuring an organi-zation’s data security, Gartner analysts told participants at the firm’s Symposium/ITxpo 2012 held in October in Orlando. With

the speed at which technology is changing and the agility of hackers isincreasing, threats to security are growing faster than the means todefend against them. The time has come to stop just reacting and begintaking proactive measures, said Gartner analysts.

According to InformationWeek.com, Gartner Research Vice Presi-dent Greg Young stressed the need for enterprises to focus on threemain areas: protection of infrastructure (keeping the bad guys out);managing identity and access (letting the good guys in); and businesscontinuity, compliance, and risk management (policies that keep thewheels on).

Young cited several factors that have made protecting infrastruc-ture increasingly difficult, including emerging trends around software-defined networking, virtualization, cloud computing, and mobile smartdevices. Strategic infrastructure planning, he concluded, doesn’t try toaddress all threats, butrather requires aligning se-curity mechanisms with aneffective, carefully considereduser-access policy.

Gartner Vice PresidentEarl Perkins addressed theidentity and access manage-ment issue. He suggestedthat enterprises could takeadvantage of social network-ing processes to improve useraccess management. Enter-prises already manage access through permissions and entitlements;however, Perkins speculated that social media profiles could eventuallybe used in enterprise security mechanisms. This may be a decadeaway, said Perkins, but the integration of social media for effectiveuser management has already begun.

Gartner Vice President Paul Proctor echoed Young’s point that theprocesses should not try to protect against everything. The key lies inbehavior changes. Enterprises need to increase their focus on employeetraining, he said. This is especially critical with the bring-your-own-device trend.

Keeping score by reporting security incidents is another area inneed of a behavioral shift, contended Proctor. Instead of focusing onthe number of incidents, enterprises should focus on identifying pro-tection levels applicable to their needs. These needs will vary from in-dustry to industry. Some organizations (e.g., manufacturing) possessintellectual property and little personal data, while others (e.g., fi-nancial institutions) have personal data and relatively little intellec-tual property to protect. The latter are going to be more likely targetsfor hackers.

RISK MANAGEMENT

Gartner: A Good Offense Is Best Defense

FOIA

NARA, OtherFederal AgenciesLaunch FOIAOnline System

The U.S. National Archivesand Records Administra-tion (NARA), the U.S. En-

vironmental Protection Agency(EPA), and the U.S. Departmentof Commerce have developed anonline system to expand publicaccess to information requestedunder the Freedom of Informa-tion Act (FOIA).

According to NARA, FOIAonline(https://foiaonline.regulations.gov)offers the public one place to submitFOIA requests, track their pro-gress, communicate with the pro-cessing agency, search otherrequests, access previously releasedresponsive documents, and file ap-peals with participating agencies.

For federal agencies, FOIA-online provides a secure website toreceive and store requests, assignand process requests, post re-sponses, generate metrics, managerecords electronically, create man-agement reports, and electronicallygenerate the annual report theFOIA requires from each agency.

The new system leverages theinfrastructure developed for theEPA’s Regulations.gov, the federalrulemaking portal that allows peo-ple to comment on federal regula-tions and other agency regulatoryactions. This helped FOIAonlineavoid many startup costs and is ex-pected to save the government $200million over the next five years ifbroadly adopted.

GOING GREEN

Paper Still Rulesin Many U.S.Federal Agencies

The U.S. government’s digitaltransformation is wellunder way. However, a

study by Open Text and the Gov-ernment Business Council thatwas published in October revealedthat only 22% of the 150 federalmanagers surveyed gave their in-formation management systemsan “A” or “B” grade. The averagegrade given was a “C” largely be-cause of the agencies’ reliance onpaper records and even oldermedia (e.g., microfiche and micro-film).

Fortunately, 82% of the re-spondents recognize that elec-tronic information management(EIM) plays an essential or impor-tant role in agency operations. Al-most half (48%) of the respondentssee EIM as essential to operations.Unfortunately, only 28% considertheir agency’s EIM as being “ade-quate.” The majority (58%) labeledit “inefficient,” “confusing,” or “out-dated,” primarily because of theamount of redundancy and thecontinued prevalence of paperrecords, despite available tech-nologies. Nearly one-quarter (24%)said their agencies still manage

microfiche or microfilm.Even though paper still

seems to rule, 54% of theagencies reported that be-tween 34% and 80% oftheir information is cur-rently available in adigital format.

Fifty-seven percentof the managers agreedthat EIM can reducetime spent looking forrecords – time that canbe reinvested in othertasks that serve theneeds of citizens. Andin many cases, EIM canimprove the bottom line:30% of federal managers sayEIM can reduce operating costs.

Predictably, the biggest road-block to fully implementing anEIM system is the lack of re-sources, followed by the lack of aclear information managementstrategy or policy.

When asked what they neededto fully implement EIM in theiragency, two-thirds of the managersanswered “agency-wide approachto information management,” 57%cited a change in agency culture,and 56% said increased funding.

Read the full research report atwww.opentext.com/EIMreport.(Registration required.)

DATA SECURITY

SingaporePasses DataProtection Act

Singapore’s data privacyact was to take effectJanuary 1, 2013. En-

forcement, however, is notscheduled to begin until mid-2014 to give businesses enoughtime to adjust.

The new law gives individ-uals more control over theirpersonal data, requiring or-

ganizations to apprise their con-stituents of the purpose for collect-ing, using, or disclosing theirpersonal information.

The law also gives individualsthe right to seek compensation fordamages suffered directly as a re-sult of a breach of the data protec-tion rules. Organizations foundguilty of violating the rule may befined up to S$10,000 ($8,181 U.S.)per customer complaint.

A national do-not-call registryis established by the new law, as isa Personal Data Protection Com-mission (PDPC), which will be thecountry’s primary authority onmatters relating to personal dataprotection and enforcement of thenew rule. PDPC could impose apenalty of up to S$1 million($818,150 U.S.) if an organizationdoesn’t comply.

The new law applies only to or-ganizations in the private sector.The government already had itsown data protection rules in place.

An element missing from thelaw is the requirement that organ-izations notify individuals when abreach occurs. Mandatory notifica-tion is standard in European andAmerican data protection laws andwill undoubtedly be added to Sin-gapore’s in time.



CYBERCRIME

Firm Lists TopTricks Used bySpear Phishers

Early on, cybercriminals dis-covered that e-mail is agreat avenue for spam and

mass-distributed malware. It stillis, according to a recent report fromFireEye, a provider of threat pro-tection for web and e-mail.

FireEye’s “Advance Threat Re-port 1H 2012” recorded a 56% in-crease in malicious e-mails gettingpast organizations’ security de-fenses between the first and secondquarters of 2012.

nificantly higher. For example, thetop draw in the first half of 2012(“dhl”) was included in the name ofnearly 23% of attachments, whilethe most common word in the sec-ond half of 2011 (“label”) was in-cluded in the name of just 15% ofattachments.

FireEye found additional trendsbetween the second half of 2011and the first half of 2012. For ex-ample, the percentage of file namescontaining words related to ship-ping (e.g., “postal”) grew from 19%to 26%. The number of words asso-ciated with urgency grew evenmore dramatically from nearly 2%to almost 11%.

On a somewhat more positivenote, using the .EXE file extension

was much less successful in2012. Unfortunately, today’s cy-bercriminals are using .ZIP and.PDF file extensions more suc-cessfully.

To guard against thesethreats, FireEye stressed thatenterprises need to better edu-cate users on how to recognizemalware threats and employmore advanced technologies todetect and stop the advanced

threats.

CLOUD COMPUTING

EU Looks to theCloud forEconomic Relief

The European Union (EU) ishoping that cloud computingwill help its economy recover

from its four-year debt crisis andrecession. Specifically, CNBC re-ported the EU is looking to cloudcomputing to help boost the econ-omy by creating 2.5 millionnew jobs and increasing theEU’s gross domestic prod-uct by €583 billion ($760 billionU.S.) between 2015 and 2020.

International Data Corp., which

helped the EU develop its cloud com-puting strategy, is even more opti-mistic, predicting that the newpolicy could develop close to 3.8 mil-lion new jobs.

Katherine Thompson, an ana-lyst at Edison Investment Re-search, told CNBC she’s not asoptimistic. “I’m not sure I strictlyagree that it will give such a boostto the economy,” she said, “as themove to the cloud is often a shiftfrom one form of expenditure to an-other, as opposed to incrementalspend, and in many cases will bedeflationary.”

She added that she does agreewith the EU’s thinking that cloudcomputing will help create newtypes of companies and businessmodels, which she said is alreadyhappening.

“The EU wants to focus on fourkey aims to help cloud computingrealize its full potential,” reportedCNBC.com’s Matt Clinch. “Theywant users to be able to easily moveproviders, a certification for trust-worthy companies, contracts thatwould simplify regulations, andclear communication betweenproviders and the public sector sowork doesn’t drift overseas to theU.S.”

Of course, security remains aserious concern, regardless of howmany jobs are created and wherethe data centers are located. It’scritical that data security can beensured.

Cybercriminals use certain com-mon words in file names that tricklarge number of unsuspecting recip-ients to download or install files con-taining malware to their localdrives. According to FireEye’s “TopWords Used in Spear Phishing At-tacks to Successfully CompromiseEnterprise Networks and StealData,” the top five draws in the firsthalf of 2012 were “dhl,” “notifica-tion,” “delivery,” “express,” and“2012.”

Interestingly, with only a coupleof exceptions, the first half of 2012’slist of the top 20 words is completelydifferent from those deemed suc-cessful in the second half of 2011.

The percentage of attachmentscontaining those words is also sig-

filed with the court, the scam-mers sought to avoid detection

by consumers and law en-forcers by using virtual of-

fices that were, in fact,mail-forwarding fa-

cilities. The scam-mers allegedly

used 80 dif-ferent domain

names and 130 dif-ferent phone numbers.The commission has

publicly acknowledged theassistance it received from the

Australian Communications andMedia Authority, CanadianRadio-Television and Telecommu-nications Commission, and theUK’s Serious Organised Crimeagency, as well as from Microsoftand other computer companies.

The FTC cases targeted 14corporate defendants and 17 indi-


vidual defendants in the six legalfilings.

Liebowitz announced the fil-ing of the international scam casethe day after the FTC won a finaljudgment in a $163 million caseagainst an operation that usedcomputer “scareware” to trick con-sumers into thinking their sys-tems were infected with malware.

In this particular case, whichwas filed in 2008, the FTCcharged the defendants withscamming more than 1 millionconsumers using elaborate andtechnologically sophisticated In-ternet advertisements. The adsdisplayed a bogus “system scan”that detected several malicious orotherwise dangerous files on theconsumers’ computers and urgedconsumers to buy the defendants’software for $40-$60 to fix theircomputer.

CYBERCRIME

FTC TargetsComputerSupport Scams

In Octo-ber 2012,the Federal

Trade Commission(FTC) announced that ithad launched “a major in-ternational crackdown ontech support scams.” The com-mission took aim at telemarketersmasquerading as being associatedwith major tech companies to scamconsumers into believing their com-puters “are riddled with viruses,spyware, and other malware” andthen charging hundreds of dollarsto remotely access, fix, and monitorthe consumers’ computers.

A U.S. District Court judge or-dered a halt to six alleged tech sup-port scams and froze thedefendants’ assets. In announcingthe judgment, FTC Chairman JohnLiebowitz stated that the defen-dants had “taken scareware to awhole other level of virtual may-hem.”

The six operations, most ofwhich were based in India, tar-geted English-speaking consumersin the United States, Canada, Aus-tralia, Ireland, New Zealand, andthe United Kingdom (UK). Theycontacted the consumers by tele-phone and reportedly claimed theywere affiliated with legitimate com-panies, such as Microsoft, Dell,McAfee, and Norton, and told theconsumers that they had detectedmalware that posed an imminentthreat to their computers. They di-rected consumers to a utility areaof their computer and falselyclaimed it demonstrated the com-puter was infected.

According to papers the FTC

TECH TRENDS

Mobile Devices Top Gartner’s2013 Strategic Tech Trends List

Gartner’s 2013 top-10 IT trends is an evolution of items from pre-vious years, Gartner Fellow David Cearley told PCweek.com’sMichael Miller. Many of these issues have moved slower than

expected, Cearley observed, but they still have the highest potentialfor significantly affecting enterprises over the next three years.

Mobile devices, mobile apps and HTML5, cloud computing, Inter-net of Things, and big data top the list for 2013. Their placement on thelist may have changed from last year, but the only new trend is per-sonal cloud computing.

Top 10 Strategic Technology Trends for 20131. Mobile Devices Battles2. Mobile Applications and HTML53. Personal Cloud4. Internet of Things5. Hybrid IT & Cloud Computing6. Strategic Big Data7. Actionable Analytics8. Mainstream In-Memory Computing9. Integrated Ecosystems

10. Enterprise App StoresSource: Gartner


change with a hospital or clinicianthat uses a different EHR vendor.The goal is to advance interoper-ability across vendor systems.

Stage 2 also contains stan-dards and certification criteriathat were either weak or nonexist-ent in Stage 1. “Stage 2 standardsand certification criteria are morerobust, requiring certified EHRtechnology to receive, display, andtransmit considerably more typesof data – using standards,” ex-plained the BPC in a companionreport, “Accelerating Electronic In-formation Sharing to ImproveQuality and Reduce Costs inHealth Care.”

The 2014 Standards, Imple-mentation Specifications, and Cer-tification Criteria require certifiedEHR support for data-transportmethods and standards that pushdata. This is in line with clini-cians’ preferences. According tothe clinician survey, the major-ity of clinicians prefer to re-ceive information they consider“essential” to be pushed tothem; the rest they want to beable to access through a query.

BPC added that “the devel-opment, coordination, evaluationof, and effective communicationand dissemination of implementa-tion guides and specifications thatwill support the actual use of stan-dards in practice … is crucial.”

It offered several recommenda-tions:• Develop a national strategy and

long-term plans for standardsand inoperability to support abroad set of healthcare priorities.

• Provide sub-regulatory and ex-planatory guidance from the fed-eral government to supportquery access to priority informa-tion and transmission of imag-ing test results.

• Explore principles, policies, stan-

The final rules for stage 2 ofthe Medicare and MedicaidElectronic Health Record

(EHR) Incentive Programs (alsoknown as the Meaningful Use Pro-gram) go into effect in October2013 for hospitals and January 14,2014, for practitioners. Stage 2 con-tains requirements intended to fa-cilitate electronic sharing of healthinformation to support transitionsin care.

An October 2012 report on asurvey conducted by the Biparti-san Policy Center (BPC) and ana-lyzed by Doctors Helping DoctorsTransform Health Care, more than80% of clinicians surveyed “believethat the electronic exchange ofhealth information across care set-tings will have a positive impact onimproving the quality of patientcare, as well as the ability to coor-dinate care, meet the demands ofnew care models, and participatein third-party reporting and incen-tive programs.”

The report, “Clinician Perspec-tives on Electronic Health Infor-mation Sharing for Transitions ofCare,” also shows that more thanhalf (57%) of the respondents be-lieve the electronic exchange of in-formation will actually reducehealthcare costs.

There are some serious obsta-cles, however, that must first beovercome. Most of the physicians(71%) surveyed consider the lack ofinteroperability and an exchangeinfrastructure – and the cost asso-ciated with implementing andmaintaining that infrastructure –a major barrier to electronic infor-mation sharing.

Stage 2 of Meaningful Use at-tempts to address these concernsby including requirements for theelectronic transmission of a sum-mary of care record 10% of the timeand at least one successful ex-

dards, and strategies for im-proving the accuracy of match-ing using consumer-facilitatedapproaches.

• Issue comprehensive and clearguidance from the U.S. Depart-ment of Health and HumanServices on compliance withfederal privacy and securitylaws.

The clinician study and the re-sulting reports on electronic infor-mation sharing in the healthcaresector is part of BPC’s Health ITInitiative. Its goal is to identify“real-world examples and bestpractices that facilitate coordi-nated, accountable, patient-cen-tered care,” and to ensure “that

health IT efforts support deliv-ery system and payment

reforms shown to im-prove quality and reduce

costs in health care.”

HEALTH RECORDS

U.S. Doctors High on Electronic Information Sharing


PRIVACY

Data Retention vs. Privacy

Australia’s proposed data retention laws may conflict with the in-tent of the national privacy principles, according to internationallawyers James Halliday and Sylvia Li from Baker and McKenzie,

who raised the concern in an article on ITnews.com. They explained that“the data retention laws will make it mandatory for all Australian tel-

cos [telecommunications com-panies] and ISPs [Internetservice providers] to store thenon-content usage records of allindividuals for up to two yearswithout the consent of the indi-viduals involved.”

The Privacy Amendment(Enhancing Privacy Protection)Bill 2012, on the other hand,will “prohibit the use of all per-sonal information for directmarketing, unless exemptionsapply.”

Halliday and Li contend that the data retention laws do not meet thebasic community expectation of privacy provided for in the PrivacyAmendment.

WEB

FTC Still on the Google Case

The Federal Trade Commission (FTC) has moved forward inits antitrust investigation into Google, which it began in2011. This isn’t the first antitrust inquiry Google has been

involved in, but it does look like it’s one that will have a signifi-cant impact.

The FTC staff has beeninvestigating whetherGoogle unfairly ranks itssearch results to favor itsown businesses and whetherit restrains competition byengaging in exclusive agree-ments to provide searchservices to online publishers and other websites. Google has also beenaccused of charging higher advertising rates to its competitors, mak-ing it difficult for other advertisers to compete with Google and itsvarious businesses.

The European Union is looking into these allegations based oncomplaints it has received from smaller companies

The Washington Post reported the FTC is also looking into whetherGoogle is using its influence in the Android market to discouragesmartphone and device makers from using rivals’ applications.


The Information GovernanceReference Model (IGRM) hasbeen updated to include pri-

vacy and security as primary func-tions and stakeholders in theeffective governance of information.

The Electronic Discovery Ref-erence Model (EDRM), which pub-lished the IGRM, announced thechange in the third quarter of 2012,stating the release of IGRM ver-sion 3.0 “reflects broad industrysupport and collaboration acrossthe expert communities of ARMAInternational and CGOC (Compli-ance, Governance and OversightCouncil).”

The IGRM provides a common,practical framework enabling or-ganizations to establish informa-tion governance programs thatmore effectively deal with the risingvolume and diversity of informationand the risks, costs, and complica-tions this presents. The model helpsfacilitate dialogue and coalesce dis-parate information stakeholdersand perspectives across legal,

records management,IT, and business or-ganizations.

“The Model helpsorganizations more ef-fectively associate theduties and value of in-formation to informa-tion assets throughpolicy integration andprocess transparencyso they can maximizeinformation of value,meet their legal obli-gations, efficientlymanage informationand defensibly disposeof it at the right time,”explained the EDRM.

Incorporating pri-vacy and security askey stakeholders re-flects the increasingimportance of privacy and securityduties and the efficiencies organi-zations can achieve when theseefforts are more holistically inte-grated with other essential gover-

nance practices and programs. As the volume and variety of

data (e.g., social media, geo-locationdata, and website tracking data)grow, so do the risks and costs asso-ciated with amassing it. Data typi-cally loses its value steadily, yet thecosts and risks of managing it in-crease over time, which inverselymeans that data without valueoften costs companies more thandata with value.

When information and data areno longer required for business,legal, or regulatory purposes, itmust be defensibly disposed. Pri-vacy regulations often requiretimely disposal of information, andprivacy-related litigation is spot-lighting weak privacy managementprocess.

“Chief privacy offers must col-laborate with their IT, business,records management, and legalcounterparts,” summarizes theEDRM. The IGRM provides an in-tegrated process and policy frame-work for that collaboration.

DATA SECURITY

New Zealand Investigates Alleged Breach

Freelance journalist Keith Ngannounced on his blog on October15, 2012, that he had accessed thousands of files on the New

Zealand Ministry of Social Development’s national accounting server.Some of the invoices stored on the server included private information.

The ministry closed down kiosks at the office through which thejournalist was able to access the files, then it engaged an independentsecurity expert to investigate the breach.

The journalist accessed four other servers, but he was not able togain private information from them. The journalist has cooperatedwith the ministry rather than release the information.

The ministy’s chief executive said the ministry does not know ifother breaches had occurred, but he confirmed that no client files wereaccessed. Once it is certain what information was accessed, the min-istry will decide accordingly whether any clients needed to be advised.

GOVERNANCE

New IGRM Version Recognizes Value of Privacy, Security


CLOUD COMPUTING

Cloud Use Can Complicate E-Discovery

As is true in most cases, peo-ple tend to get what theypay for in cloud computing.

And, those using free, consumer-grade cloud services for their cor-porate data may discover thatwhat they are paying nothing for islikely to make e-discovery muchmore difficult.

In an October 1, 2012, article,zdnet.com published the result ofits interviews with various ana-lysts and industry veterans abouthow the unchecked use of cloudcomputing is complicating e-dis-covery efforts. The focus was onthe “unruly use and management”of cloud services, exemplified byorganizations choosing cloud serv-ice providers (CSPs) that have nounderstanding of compliance re-quirements and no real plans forbackup and orderly retrieval.

Organizations that use con-sumer-grade cloud services fortheir corporate data are especiallyvulnerable to legal complications.

Additionally, when employeesstore data on these con-

sumer-grade sitesand there areno records thattrack the action,the data may be

undiscoverable if that em-ployee leaves the organization.

Analyst Barry Murphy ofthe E-Discovery Journal Groupagrees with the idea of due dili-

gence, specifying that or-ganizations must work

closely with CSPs on thee-discovery details andon defining the require-ments for defensiblecollection and preserva-

tion. ARMA International

has published a number ofresources to guide the deci-

sion-making and implemen-

tation of cloud computing into anorganization’s technology infra-structure.

For example, OutsourcingRecords Storage to the Cloud high-lights a number of factors thatshould be considered when movingrecords storage to the cloud, includ-ing suggestions for how to mitigatelegal risk. Here are a few of the keypoints excerpted from the book(which is available for purchase atwww.arma.org/bookstore):• Establish clear rules for employee

use of corporate information sys-tems that include use of systemsoutsourced to the cloud, includ-ing access to the employees’ per-sonal accounts.

• Establish ownership of data andinclude language in any cloudprovider’s service contracts thataddresses the organization’sownership.

• Establish the allocation of liabil-ity for loss or wrongful disclosureof data, preferably as part of thecontract.

• Establish a mechanism with thecloud provider for communicat-ing and implementing legalholds. Make it clear in the servicecontract what the cloudprovider’s obligation is for imple-menting and, possibly, managinglegal holds.These factors must be ad-

dressed in the service level agree-ment with the cloud provider, theguideline stresses.

The fall 2012 issue of ARMA In-ternational’s Hot Topic, “The Shiftin Information Control: E-Discov-ery of Information in the Cloudand on Mobile Devices,” specificallyaddresses the records and informa-tion management, legal, and tech-nology issues surrounding thistopic. It is available as a free PDFdownload from www.arma.org/publications/hottopic.


DATA SECURITY

Big Data Working Group Tackles Privacy and Security

Just over two months afterits launch, the Cloud Secu-rity Alliance’s (CSA) Big

Data Working Group publishedin November 2012 its initial listof the “Top Ten Big Data Secu-rity and Privacy Challenges.”After interviewing CSA mem-bers and security practitioner-oriented trade journals, theworking group determined thatthese challenges are:1. Secure computations in dis-

tributed programming frame-works

2. Security best practices for non-relational data stores

3. Secure data storage and trans-actions logs

4. End-point input validation/fil-tering

5. Real-time security/compliancemonitoring

6. Scalable and composable pri-vacy-preserving data mining

and analytics7. Cryptographically enforced ac-

cess control and secure com-munication

8. Granular access control9. Granular audits

10. Data provenanceThe working group’s report,

which is available at cloudsecurityalliance.org/research/big-data/,describes these challenges andnarrates use cases for each.

Formed in August 2012, CSA’s

Big Data Working Group is taskedwith providing specific actionableinformation and creating stan-dards for big data security and pri-vacy.

According to a Fujitsu press re-lease, the working group will focuson six themes: • Big data-scale crypto• Cloud infrastructure• Data analytics for security• Framework and taxonomy• Policy and governance• Privacy

“Everyday 2.5 quintillion bytesof data are being created resultingin a myriad number of data secu-rity and cloud-computing securityconcerns,” said Sre-eranga Rajan,director of Software Systems Inno-vation at Fujitsu Laboratories ofAmerica and a co-chair of theworking group. “By collaboratingas a global community of thoughtleaders and researchers, we arenot only looking to help the indus-try overcome these challenges butalso to leverage new opportunitiesfor the monitoring and detection ofsecurity threats enabled by bigdata.”

Along with Rajan, Neel Sun-daresan of eBay and Wilco VanGrinkel of Verizon co-chair theworking group.

Those interested in learningmore about the group’s activities orin joining the group should visitcloudsecurityalliance.org/re-search/big-data/.

LEGAL

Courts Broaden Liability for Data Theft

U.S. federal courts are widening theirdefinition of the damages caused bydata breaches, according to an October

29 article on csoonline.com. Whereas courts previously dismissedthese lawsuits unless the victims could show specific damages, judgesincreasing are now awarding them class-action status – a trend thatputs organizations at greater risk of huge payouts.

These payouts can be significant. A study conducted by the Tem-ple University Beasley School of Law and published in early 2012,“Empirical Analysis of Data Breach Litigation,” found that althoughthe mean value of settlements awarded per plaintiff was just $2,500,the mean amount paid for attorney fees was $1.2 million.

To mitigate damages, law firm Pepper Hamilton suggests thatorganizations fortify their technical and physical security, which willnot only help prevent breaches, but will demonstrate a “best prac-tices” approach that can influence the courts positively. The law firmalso advises organizations not to link information to individuals andto have an effective notification policy in place.


PRIVACY

Google’s Regulatory Woes Continue in EU, U.S.

Google has been under fire inEurope regarding privacyissues for quite some time.

In mid-October, France’s privacyrights regulator ruled thatGoogle’s new privacy policy vio-lates the European Union’s (EU)data protection rules. According toBusinessWeek.com, the problemwas that Google did not set a “limitconcerning the scope of the collec-tion and the potential uses of thepersonal data” or give users ade-quate means to opt out. The searchgiant was given three to four

sor of communications and privacyexpert at Kent State University,told eweek.com that any changesGoogle and Microsoft have tomake to meet EU requirementscould eventually be felt in theUnited States.

In the meantime, Frenchmedia petitioned the governmentto require Google and other searchengines to pay for their content.Agence France-Presse (AFP), aFrench news agency, reportedthat Google sent a letter to severalFrench ministerial officers warn-

with threats,” she said.Media association IPG criti-

cized Google’s attitude, contendingthat “the objective of discussionsshould be finding an acceptablecompromise that would recognizethe value [the media] bring tosearch engines and would help thefurther development of [the mediaand search engines],” AFP re-ported.

None of this plays well at atime when Google is under the mi-croscope in the United States andEurope for alleged anti-trust vio-lations. Privacy issues don’t typi-cally play a role in antitrustenforcement, but in Google’s casethey do.

“The issue of privacy is ab-solutely connected to antitrust andcompetition,” Nick Pickles, alawyer and director of Big BrotherWatch, a British advocacy groupfor civil liberties and privacy pro-tections, told BusinesWeek.com.He said that Google’s ability to col-lect data from multiple servicesgives it an unfair advantage incompeting for advertisers.

Microsoft apparently learnedfrom the Google experience whenit introduced its new privacy pol-icy complete with an opt-out. In-stead, the EU was scrutinizingMicrosoft for allegedly violating a2009 commitment to allow Euro-pean Windows users to have achoice of web browsers. The agree-ment struck in 2009 required thatMicrosoft offer a screen of browserchoices to European Windowsusers through 2014. Europeanregulators weren’t pleased whenMicrosoft failed to live up to itsend of the bargain. Microsoft hassince admitted that it had “acci-dentally violated” the earlieragreement and would make cor-rections. END

months to change the policy or befined.

Google maintained that it wasconfident its privacy notices “re-spect European law.”

Although this action was takenby France alone, other countriesare expected to follow suit. EU au-thorities asked the French regula-tor, CNIL, to conduct the review.BusinessWeek.com reported thatEuropean national regulators anddata protection authorities in Aus-tralia, Canada, and several Asiancountries reviewed CNIL’s find-ings before they were presented tothe EU.

Jeffrey Child, associate profes-

ing that such a move could force itto exclude French media sites fromits search results. Google addedthat requiring search media to payfor displaying links to contentwould threaten Google’s existenceand be harmful to the Internet.

Google said it “redirects fourbillion ‘clicks’ per month to Frenchmedia sites.” The media arguethat readers aren’t paying for sub-scriptions because they can get somuch content free on the Internet.

French Culture Minister Au-relie Filippetti told AFP she wassurprised by the tone of Google’sletter. “You don’t deal with a dem-ocratically elected government

The Only 3 Letters That MatterIf you’re ready to take your career in records management to the next level,

there are only 3 letters that matter. Becoming a Certfied Records Manager shows

that you’re ready for today’s complex and changing information environment.

Stand Out The CRM designation shows a solid mastery of records management

Confidence You’ll prove your ability to apply records and information management knowledge

Career Opportunities It’s the well-known competitive advantage you need in business today

For more information, call 877.244.3128

or visit www.ICRM.org

®


Rolling the Dice with

Predictive CodingLeveraging

AnalyticsTechnology

for InformationGovernance

Leigh Issacs


mation governance challenges will continue to grow asorganizations attempt to separate the wheat from thechaff to determine what is useful versus what is not andwhat information exists beyond its usefulness or identi-fied retention requirement.

At the same time organizations are struggling to findthe magic wand to conquer their information governancewoes, technologies are emerging to address large volumesof electronically stored information (ESI) for purposes ofe-discovery. Organizations should consider whether it ispossible to leverage these tools for identifying, manag-ing, and appropriately governing their information.

Technologies for Tackling IG ChallengesWhen used innovatively, the solutions used during e-

discovery and litigation to avoid cost and time to addresslegal hold, data collection, data processing, and documentreview can also be expanded to add value into otherareas, such as information storage, records retention, anddata security.

Predictive coding, which is an evolving technologythat combines people, technology, and workflows to find

ith increasing frequency, organizations are re-alizing the importance, value, and benefits ofimplementing an information governance pro-gram. Information continues to proliferate atan insanely rapid pace, and the combinationof legacy unmanaged information and the

plethora of new information that is being generated inmountainous volumes becomes overwhelming.

New types of vehicles and repositories that deliverand store information are also increasing exponentially.Structured and unstructured data are found stored inarchives, e-mails, hard drives, and other data reposito-ries, resulting in significant pockets of information thatare difficult to access and search. The financial, produc-tivity, and time costs of maintaining storage systems forso much data are prohibitive.

To complicate matters, it is difficult to gain a clear pic-ture of what this data contains, posing significant busi-ness risks and adding to the time and expense ofdiscovery or investigation exercises. As such, it is imper-ative that organizations act on better identifying and re-ducing their volumes of data.

W

Information governance is a strategic framework composed of standards,processes, roles, and metrics that hold organizations and individualsaccountable to create, organize, secure, maintain, use, and dispose ofinformation in ways that align with and contribute to the organization’s goals.

SSource: Glossary of Records and Information Management Terms, 4th Ed. (ARMA TR 22-2012).

The data growth projections and statistics are stag-gering. Recent estimates by analysts and research indi-cate that:• Each year 1,200 exabytes of new data will be gener-

ated, according to the IDC Report “Business Strategy:Business Analytics and Big Data – Driving Govern-ment Businesses.”

• Enterprises will experience 650% data growth in thenext five years, says David Rosenbaum in his report“That New Big Data Magic” on cfo.com.

• 80% of this data will be unstructured and generatedfrom a variety of sources, such as blogs, web content,and e-mail, states Adrian Bridgewater in a report onCWDN: The Computer Weekly Application DeveloperNetwork.

• 70% of this data is stale after 90 days, notes Big DataBytes in “90% of Everything Is Crud.”At a glance, these statistics make it clear that infor-

key documents and identify and review large data sets,is one of those solutions. More specifically, predictive cod-ing is machine-learning technology that “trains” thecomputer program to automatically predict how docu-ments should be classified, based on initial human guid-ance. The computer program then applies what it haslearned to the universe of information.

Predictive coding can be used in three ways to ac-tively address the classification issues associated withcurrent information: data remediation, classification ofinformation already in repositories, and classification ofinformation upon its creation.

For data that can’t be classified automatically, tech-nologies can be used (e.g., sampling and manual review)to make content-driven decisions that can then lead todefensible retention and disposition. (See Doug Smith’sRIM Fundamentals article, “Thinking Outside the Box:Use Predictive Coding as a RIM Tool,” on page 30 of this


issue for a primer on how these technologies work.)The combination of these technologies and processes

allows organizations to:• Highlight data that may present a business risk• Find, retain, and profit from valuable data• Remove redundant, irrelevant, or stale data

In February 2012, Hon. Andrew J. Peck of the U.S.District Court for the Southern District of New York en-tered an order authorizing the parties in Da Silva Moorev. Publicis Groupe, et al. to rely on predictive coding foridentification of responsive documents during discoveryin lieu of traditional document review and search terms.

Peck’s decision cited statistics indicating human re-view is no more accurate, and perhaps less accurate, thancomputer-assisted review and lends support to the accu-

racy of these technologies. In fact, according to a blog posted byMaura R. Grossman, Esq., by lever-

aging such things as documenttype, language, content, party,

timeframe, individual name, andconceptual meaning, predictive coding has

been known to generally deliver more than a 95% accu-racy rate.

When considering the capabilities of predictive cod-ing technology, it is not a stretch to connect its useful-ness in e-discovery with the potential to add benefits toa proactive IG program. It is difficult and time-consum-ing to sift through e-mails, texts, contracts, spreadsheets,and other types of ever-increasing media. While subjectmatter experts are still necessary, predictive coding elim-inates much of the manual work and time from the task.

Areas Where Predictive Coding Can HelpPredictive coding technologies allow for the identifi-

cation, review, and tagging of information – and can fre-quently apply and execute specific workflows. Thus, afew areas of an organization’s digital landfills that canbenefit from the use of predictive coding and analyticstools are listed below.

Retention, DispositionOrganizations have an obligation to manage infor-

mation appropriately. Many industries are highly regu-lated and subject to other legal or legislativerecordkeeping requirements. Utilizing subject matter ex-perts paired with predictive coding technologies increasethe accurate identification of information and thus pro-

vide a sound foundation for defensible disposition andprevent over-retention of expired or unnecessary content.

ArchivesBelieving that archiving was the panacea of informa-

tion management and would solve all of their data stor-age woes, many organizations jumped on the archivingbandwagon. In reality, the archive resulted in the equiv-alent of throwing hundreds of thousands of loose papersin a room and shutting the door. Content was not identi-fied and organized in a manner that allowed it to be gov-erned and managed, and archives were not designed tobe searchable in any meaningful way, resulting in amess.

Predictive coding and analytics technologies cansearch and manage the abyss of existing archives to iden-tify data that should be kept or deleted, and often mini-mize the costs and risks of potentially moving

unnecessary data. These technologies can span thearchives and locate data that:• May be subject to litigation hold• Is important intellectual property or a vital record• May contain sensitive information• Can be defensively deleted, such as duplicate data

Legal Holds, Protective OrdersIt can’t be preserved if it can’t be found. It will be

over-retained if an organization can’t figure out what itis. Holds can’t be lifted if an organization doesn’t knowwhat it has, and retention cannot be reinstated once thehold is lifted. Predictive coding solutions can add valuelong before and long after the collection process.

Data RemediationHow often has an organization found important, busi-

ness-critical information that has been misfiled? Predic-tive coding solutions can provide a tool to locate varioustypes of vital records and contracts, and, if necessary,move them to other repositories where they can be se-cured and managed. It can also delete redundant, obso-lete, and trivial files, which, as learned earlier, canconsist of up to 70% of the organization’s data.

File TransfersSome organizations (e.g., law firms) have accepted in-

formation mobility and lateral movement as a routinecourse of business. Ethical requirements often dictatewhat types of, to whom, and when information can be re-

Predictive coding and analytics can search and manage the abyss ofexisting archives to identify data that should be kept or deleted …


leased. The ability to quickly and efficiently identify, seg-regate, and filter various types of electronic informationis critical. Predictive coding and analytics solutions canassist in reducing the manual efforts historically per-formed by higher value timekeepers that could be betterutilized on billable activities.

Intellectual Property, Knowledge ManagementAppropriately identifying, maintaining, and securing

an organization’s intellectual property can be the differ-ence in its success or failure. Using these technologies, itis possible to cull through data to identify potential pock-ets of information that should be retained as valuable in-tellectual property, and thus, protect the organization’svital assets. Many organizations also rely heavily on theirbank of information that serves to support and pass along

various pockets of knowledge and tem-plates. To do this effectively, an or-

ganization must have efficienttools with which to identify and

segregate this information fromother classifications of data and, in some

cases, move it to another repository.

Business IntelligenceAnalytics technologies can reveal the value (or lack of

value) of specific unstructured data by mining it for busi-ness insights and intelligence. Once the value has beenidentified, it can then be leveraged in various ways to ben-efit the organization, including strategic planning and de-cision making.

Sensitive InformationOrganizations continue to see growing regulations and

requirements for the management and security of sensitiveinformation. Sensitive information may be created andstored across the enterprise, often in unstructured systems.Analytics technologies can aide in the identification of thistype of content to better support compliance.

Data Security, FraudData security and fraud continue to be a concern.

Finding clues to these issues amongst the vast amountof information can be daunting. Often, by the time a se-curity breach or fraud has occurred, it is already too late.A proactive approach that provides an opportunity to ap-propriately deal with offenders can protect the organiza-tion and its information.

Using dynamic indexes, workflows, and automatedrisk analysis and monitoring, these types of technologiescan help identify fraud and other breaches. These tech-nologies can also provide the ability to flag risky contentfor review and escalate potential risks appropriatelywithin the organization. Having such programs in placecan help lower an organization’s insurance premiums asit has taken measures to proactively identify potentialrisk.

File SharesThere are various strategies to attack the monster of

uncontrolled file shares that are notorious for containingmasses of poorly classified, and sometimes irrelevant,data. Even if processes exist to address the informationlifecycle of file share content, organizations typically lackthe tools to defensively delete the information after it isno longer useful or required to be kept.

The sheer nature of file shares promotes the prolifer-ation of duplicative content or unnecessary data. How-ever, in the haystack of this unnecessary informationmay be the needle – pockets of valuable information thatneed to be kept or information that needs to be securelymaintained and managed. Predictive coding tools canhelp classify and manage the data in the file shares tohelp remediate these challenges.

The Next RIM Tool?As many records managers will attest, it’s often diffi-

cult to get buy-in and budget approval to acquire the toolshelpful and necessary to automate and support IG andaccomplish the tasks outlined above. However, given therecent e-discovery boon and the footprint that predictivecoding and analytics technologies have already developedin that area, there is an increasing trend for organiza-tions to have these types of solutions in-house.

It is no longer effective to govern information by lead-ing with a “big stick” and setting strict rules and regula-tions for individuals to follow. Risk and compliance willalways be a key requirement of an efficient IG program.However, an organization cannot lose sight of the factthat to be effective, its IG program must support the busi-ness rather than be a hindrance to it.

Smarter, more efficient approaches to coding and clas-sifying information – such as by using predictive codingtechnologies – not only help organizations manage riskand achieve compliance, they also allow them to operatemore effectively and efficiently.

Predictive coding tools can help classify and manage the data in thefile shares to help remediate these challenges.


When individuals are able to do their work without wor-rying unnecessarily about overly burdensome retentionschedules or belaboring where information should be filed –and are still able to find the information when they need it– the organization has added a layer of operational efficiencywhile at the same time governing its information assets.

After having seen practical ways in which predictivecoding technology can be an asset for routine functions per-formed on information throughout every phase of its lifecycle, it begs consideration that it may emerge as the next

tool in the records professional’s toolkit.These technologies are here to stay and, while dis-

putes about their uses and limitations from a litigationand e-discovery standpoint will continue to be debatedin our courts, there is value to exploring them for real,practical, tangible tasks in governing informationthroughout its life cycle. END

Leigh Isaacs can be contacted at [email protected]. See her bio on page 46.

ARMA LIVE ROAD SHOW

ARMA LIVE! ROAD SHOW

®

Register now at www.arma.org/sharepoint.

BRINGING SHAREPOINTTO A CITY NEAR YOU!ARMA International is offering the Sharepoint Records Management Certificate. In this interactive, fast-paced program, you'll learn how to successfully implement large and complex electronic document and records management systems (EDRMS). The program is facilitated by best-selling author Bruce Miller, an expert in electronic recordkeeping.

Places and dates:Atlanta Los Angeles New York

Feb. 25-26, 2013 March 4-5, 2013 June 10-11, 2013

Kansas City PhiladelphiaJune 17-18, 2013 June 24-25, 2013

For $399 (a $549 value) you’ll get: • Bruce Miller’s book Managing Records in SharePoint ® 2010• Project Modeler to track project costs and resources• All course content in reusable electronic format• Discussion Guide• Project Template

A ROADMAP FOR EFFECTIVEINFORMATION GOVERNANCE


he records and information management (RIM) func-tion is no longer sufficient to meet the demands placedon organizations by the current regulatory environ-ment and by internal and external risk managementexpectations. A stronger accountability aspect needs

to be added. The emerging discipline of information governance –

which is an accountability framework that includes the peo-ple, processes, policy, and technology that ensure the effec-tive management of information to enable an organizationto achieve its strategic goals and business programs – fulfillsthis role most effectively. This definition emphasizes IG asa strategic (accountable) function rather than as an opera-tions function. It considers the input and effect of people(culture), business processes, policy, and information tech-

nology in ensuring the proper management of informationand the proper balance between an organization’s compli-ance requirements (part of its corporate strategy) and itsbusiness goals.

Principles for Developing SIM Roadmap, PlanThe final component of the IG definition is very signifi-

cant, as it presupposes that the first step in developing an IGprogram is to develop an information management strategythat is consistent with business objectives and balancesthose objectives with compliance requirements.

Information management is an enterprise-centric func-tion that includes the compliance focus of corporate-levelclassification, consistent metadata, retention, disposition, e-discovery processes, auditing, risk reduction, version con-

T

An effective information governance program is based on a corporate-level informationmanagement strategy. This article describes a 13-step process for developing the twokey deliverables of this strategy: a strategic information management plan and roadmap.

Sam McCollum


trol, security, access control, and any other managementfunctions that assist the corporation in proving due diligenceof its information management program.

The two key deliverables of an information managementstrategy are 1) a strategic information management (SIM)multi-year roadmap and 2) a SIM plan.

Among other strategic tools, organizations use the Gen-erally Accepted Recordkeeping Principles® (the Principles)and its complementary Information Governance MaturityModel (Maturity Model) to develop their information man-agement strategy. However, many organizations face thechallenge of how to use them to develop the SIM roadmapand plan.

The SIM Plan Design ProcessThe 13-step SIM process flow chart shown in the photo il-

lustration on page 27 can be used by an organization’s SIMteam to design its SIM plan, which then will be the founda-tion upon which the IG function operates.

Step 1 – Develop a Company OverviewThe first step in designing a SIM plan is to create an or-

ganization overview that will be used to assist in developingthe Principles statements in Step 4. The overview consistsof basic information about the organization, including suchitems as what industry it operates in, its strategic objectives,staff count, products offered, and geographical location.

Step 2 – Review the Four SIM DimensionsTo ensure that the design team considers all aspects of

SIM when developing the SIM roadmap and plan, it needs tohave a clear understanding of the four SIM dimensions:1. People (changes to the organization, cultural issues, in-

centives)2. Legal (policies and penalties)3. Business units (revisions to business processes to improve

information flow)4. Information technology (use of software and hardware)

Step 3 – Complete an Infrastructure QuestionnaireComplete a questionnaire to identify and document the

current status of the information technology infrastructurethat supports the information management function (e.g.,classification system, databases, indexing, information re-trieval, auditing, e-discovery searches, and tech support).

Using the four SIM dimensions as a guide, look at re-sources, infrastructure, controls, and processes to under-stand what the starting point is for the SIM design. Forexample, the questionnaire should ask about:• Organization and culture – Does the organization have a

formal change management process? Does it have an in-formation management advisory committee?

• Policy and compliance – Does the organization have a for-mal disposition process? Does it have a legal hold process?

• Business process – Does the organization have a programto reduce the volume of hardcopy information? Does ithave a business continuity program?

• Technology – Has the organization rationalized its infor-mation repositories? What enterprise content manage-ment initiatives has it considered?

Step 4 – Write Principles StatementsCompleting the infrastructure questionnaire will provide

a multitude of answers that will need to be distilled downinto a Principles statement that describes the current stateof the RIM program for each principle. Each statement canbe compared to the Maturity Model scope notes to determinethe maturity level for each principle.

For example, a Principles statement for the Principle ofAccountability might be:

There is no IMAC [Information Management Advi-sory Committee] or coordination between senior man-agement and no regular auditing of IM procedures indepartments. IM policy and procedures are developedat the provincial level and adopted by the client. Sen-ior management needs to ensure training of staff inprocedures. There is a senior management person re-sponsible for IM, but the IM function does not reportdirectly to that person. The IM committee currentlyexists with the mandate to develop and implement anIM strategy and solicit senior-level support. The or-ganization meets level 2 maturity requirements; level3 requirements for active strategic initiatives and sen-ior officer responsibility are not met.

Step 5 – Identify Current Maturity Model LevelsThe Maturity Model was developed by ARMA Interna-

tional to “paint a more complete picture of what informationgovernance looks like.” The determination of the five currentmaturity levels and their plotting on the Maturity Modelprovides a baseline for determining what improvementsneed to be made to the RIM program and to identify thoseareas that need the greatest attention. The maturity levelfor each principle is considered separately in order to betterunderstand the interrelationships and dependencies eachprinciple might have on one or more of the other principles.

Step 6 – Complete an Environmental IndexDetermining the desired maturity level for each principle

requires understanding what targets would be most accept-able and achievable. The environmental index provides con-crete indicators of corporate and staff support of, orresistance to, possible upgrades or improvements to the ex-isting maturity levels. It documents how changes would bewelcomed and what support can be expected. It measuresrisk tolerance, user appetite for changes, and cultural issuesthat may affect proposed RIM changes.


Create the environmental index by answering questionslike these:• Does the organization have key performance indicators

related to RIM?• Is the corporate emphasis on managing volume or qual-

ity of information?• What particular employee culture or tendencies might af-

fect proposed RIM initiatives?

Step 7 – Identify Acceptable Maturity LevelsAnalyze the results of the environmental index and use

that information to decide for each principle what increasein maturity level would be feasible and supported by allparties affected by the proposed changes.

Step 8 – Complete a Gap AnalysisThe first step in achieving the desired maturity level is

to perform a gap analysis between the current and desiredmaturity level. The gap analysis allows the SIM designteam to determine how wide the gap is for each principleand what specific areas require improvement to reduce thatgap. Then, the design team will be able to identify whatprojects need to be implemented to make those improve-ments.

Step 9 – Review Project DirectoryThe project directory is a mind map of all the possible

RIM projects that could be implemented, sorted under eachof the four SIM dimensions: people (changes to the organi-zation, cultural issues, and incentives), legal (policies andpenalties), business units (revisions to business processesto improve information flow), and information technology(use of software and hardware). Select those projects thatwould best narrow or eliminate the identified gaps thatneed to be closed.

Step 10 – Create Project Status ReportOnce the list of possible RIM projects has been selected,

investigate each project to determine its status (i.e., notstarted, in progress, or completed). Document the status ona corporate-level status report that takes into account otherprojects that might have been started by other departmentsand for other purposes. The status report will also docu-ment the purpose of the proposed project and provide thescheduling information that can be input into the draft SIMroadmap.

Step 11 – Design the SIM RoadmapThe SIM roadmap provides a graphic representation of

the timing for each proposed project, identifies interrela-tionships between projects, assists in budgeting and projecttracking efforts, and provides input into the SIM plan. Eachproject is organized within one of the four SIM dimensionswim lanes.

Step 12 – Identify Required Discussion PapersSome of the proposed projects may require stan-

dards or guidelines to be developed in order to suc-cessfully implement them or to manage theirdeliverables. It is also critical that all affected depart-ments or interested parties have input into each of theproposed projects. Create a discussion paper for eachproposed project that lists the required infrastructureand resources needed, documents its justification, andidentifies the issues that it would resolve. The purposeof these papers is to provide feedback to revise theroadmap, to garner support, and to determine possibleresistance.

Step 13 – Document the SIM PlanThe SIM plan is a summary of all of the SIM design

team findings, including a proposed plan of action overa multi-year budget period. It is a written proposal tosenior management providing a plan of action toachieve the desired maturity levels. It is a training re-source and offers the justification for the proposed SIMbudget.

Beat the Odds with a Long-Term PlanIn an Iron Mountain press release about its “2012

Compliance Benchmark Report, A View into UnifiedRecords Management,” which examined more than3,000 public, private, government, and non-profit or-ganizations to determine how well their information isprotected, available, and destroyed, the company pro-vided some interesting statistics related to IG:

Ninety-four percent of respondents will applymore budget and staff to information manage-ment. The growing investment is noteworthy,particularly given the still uncertain economy.Yet, less than one third (28 percent) indicatedthey have a long-term, strategic plan with exec-utive-level support for records and informationmanagement. Lacking a formalized, executive-sponsored plan, many organizations will con-tinue to spend valuable time and resourcesstruggling to implement and enforce effective,long-term best practices.

Experience has shown that the development of aneffective IG function within an organization is not onlyhighly desirable but is also within the capabilities ofmany organizations. Following the SIM design processcan result in the draft design of a multi-year roadmapand plan within a relatively short period of time. END

Sam McCollum can be contacted at sm.mccollum@gmail. com. See his bio on page 46.

30

THINKING OUTSIDE THE BOX:

USE PREDICTIVE

CODING AS A

RIM TOOLDoug Smith

RRIM FUNDAMENTALS


redictive coding is causingquite a stir, receiving in-creased attention in the pastyear due in large part to twocases being litigated in NewYork and Illinois. (See the

sidebar “Predictive Coding in theNews.”) But, what is predictive cod-ing – and is it really a new technol-ogy?

Sharon D. Nelson, Esq., on her“Ride the Lightning” blog, offers acomprehensive definition of predic-tive coding that helps make it clearthat it is not new. She says predictivecoding is a “combination of technolo-gies and processes in which decisionspertaining to the responsiveness ofrecords gathered or preserved for po-tential production purposes … aremade by having reviewers examine asubset of the collection and havingthe decisions on those documentspropagated to the rest of the collec-tion without reviewers examiningeach record.”

E-discovery systems have beenusing processes like this for manyyears. Predictive coding was devel-oped because the proliferation of elec-tronically stored information (ESI)being created and stored made it ex-tremely difficult and expensive to lo-cate relevant information thatneeded to be preserved and producedfor litigation and investigations. So,while there have been new develop-ments in the technology, predictivecoding is not a new process.

Explaining Predictive CodingMost predictive coding processes

operate in one of two fundamentalways – either through sampling orobservation.

Sampling is done by computersoftware, which randomly selects asubset of electronic records from allthose available, presents it to ahuman coder for review, monitors thecoder’s decisions, notes the charac-teristics of the records that are coded(e.g., date, recipients, author, subject,

Pand keywords), and then uses theserecorded decisions to predict thevalue of the remaining documents inthe collection.

In the observation process, thecoding system monitors humancoders’ actual decisions as they re-view records, begins to predict how arecord will be coded before presentingit for coding, and then compares thepredicted coding to the actual coding.Eventually, the system’s predictivecoding will reach the level of accuracythat was predetermined to be suffi-cient. At this point, the system can beused to predict the coding decisionsautomatically.

Neither sampling nor the obser-vation process relies on the computerto know anything. Each uses humandecisions as a calibrating mechanismto learn about the coding details, andeach could be used by an organizationto classify information in use.

Using Predictive Coding for Classification

Predictive coding provides theability to perform tasks that histori-cally had to be done by individualswith subject matter expertise. Al-though the technology was developedin the e-discovery space, increasingly,organizations are discovering that itholds promise for a number of pur-poses. One of those purposes is infor-mation classification.

When an organization’s recordsare maintained using the GenerallyAccepted Recordkeeping Principles®,the records needed to demonstratecompliance or maintain continuity ofbusiness operations have been re-tained and are secure, available, andauthentic. Unneeded records havebeen appropriately and defensiblydisposed of in the normal course ofbusiness.

Maybe, though, an organization’srecords are not in perfect compliancewith the standards above. It is possi-ble that people have been stashingelectronic information on local drives.

And, probably not all of the informa-tion in that collaborative environ-ment IT rolled out without therecords department’s involvement isappropriately classified.

Most likely, even the documentmanagement system that is so dili-gently used is not as accurate as itshould be since users are not perfector uniform in making classificationdecisions.

Predictive coding can alleviatethis situation. Using knowledge anorganization already has in its sys-tems, this technology can create clas-sification schema for identifying andcategorizing data currently held inunstructured or less formal systems.

Predictive coding is a wonderfultool in the records professional’s ar-senal; it can help put an organiza-tion’s “house” in even better orderthan planning and training alone areable to achieve. Predictive codingalso can identify areas of conflict inmaterials that have already beenclassified and provide uniformitygoing forward.

Begin with a Seed Set of InformationThe first step is to determine

what types of information the organ-ization has that is classified in accor-dance with the organization’s recordstaxonomy. The technology underly-ing predictive coding can use this in-formation as a seed set for classifyingor verifying the accuracy of the orga-nization’s classifications.

Leverage Context Provided byData Sources

Just as the information within anorganization’s financial system isclassified in such a way that it can beused to provide context to other in-formation, the document manage-ment system can be utilized in asimilar fashion.

For example, any database thatmanages contacts for sales and mar-keting information will yield detaileddata linking certain names to certain

RRIM FUNDAMENTALS


lines of business or projects. And,human resources information can beused to identify when certain person-nel were working in different capaci-ties.

All of this data, when combinedby the analytical tool used for predic-tive coding, can provide predictivelyclassified documents for the recordsstaff to verify. The classification sys-tem will watch the decisions of therecords staff to fine tune the classifi-cation decision-making already de-veloped.

Use the Classification ToolIn this scenario, the two models

of predictive coding described at thebeginning of this article were com-bined to provide a finely tuned clas-sification tool. Once a classificationscheme has been developed andtested using the records depart-ment’s affirmations or corrections tocoding, the classification system isready to go.

With the system primed with in-telligence, the records professionalcan now turn it loose on the datastores within the organization. Let itfilter those SharePoint® pages. De-pending on the complexity of the net-work, it may be able to access localdrives, thumb drives when con-nected, or even remote computerswhen connected to the network.

Before long, information will beclassified with a higher, though notlikely perfect, accuracy rate.

The Bottom LineInformation needs to be classified

correctly to be appropriately man-aged throughout its life cycle. Man-ual classification systems offer toomany inefficiencies and inaccuraciesto be used without attempting toidentify more reliable systems.

Predictive coding offers a devel-oping alternative to the manual, sub-jective process of coding and qualityreview. This technology, while cur-rently in use as an early case assess-

RRIM FUNDAMENTALS

Predictive Coding in the NewsAs courts become more familiar with predictive coding, some are explicitly endors-

ing and recommending the practice, lending additional credibility to the use of thetechnology. Three recent cases are highlighted here.

In the Circuit Court of Loudoun County Virginia, Global Aerospace, Inc. v. LandowAviation defendants argued that, with more than 2 million documents to review, itwould take reviewers more than 20,000 hours to perform the task – 10 man-years ofbillable time. But with predictive coding, it would take less than two weeks at a costof roughly 1% of the cost of manual, human-review. In April 2012, the court orderedthat defendants could proceed with the use of predictive coding for processing andproduction of electronically stored information (ESI).

The Global Aerospace decision stopped short of an unqualified approval of predic-tive coding. For example, predictive coding cannot work effectively if a representativecorpus is not used for the initial training. The Global Aerospace court noted that thereceiving party was free to challenge the completeness of the contents of the produc-tion and the manner in which predictive coding was used for new documents.

In the 2011 New York case Da Silva Moore v. Publicus Groupe LLC, et al., thedefendant proposed using predictive coding technology to cull the responsive docu-ments from a collection comprising more than 3 million documents. The plaintiffs ob-jected to the methodology employed by the defendants. The Hon. Andrew J. Peck ofthe Southern District of New York stated in his Da Silva Moore v. Publicus Groupe de-cision that predictive coding “is not a magic, Staples Easy-Button, solution appropri-ate for all cases.”

Peck delivered a useful definition for this technology, also known as computer-assisted coding. “By [predictive coding], I mean tools (different vendors use differentnames) that use sophisticated algorithms to enable the computer to determine rele-vance, based on interaction with (i.e., training by) a human reviewer.” Peck continued,“This judicial opinion now recognizes that computer-assisted review is an acceptableway to search for relevant ESI in appropriate cases.” This sanction of the use ofpredictive coding was a judicial first.

In Illinois, the plaintiffs in Kleen Products, LLC, et al. v. Packaging Corporation ofAmerica, et al. moved to force the use of predictive coding by the defendants toproduce a more accurate production than the documents that were collected usingthe more traditional method of keyword searching. This motion was made moot inAugust 2012 by an agreement between the parties to forgo the use of predictive cod-ing at that time.

Predictive coding has been used in many cases that have received no attentionsimply because there was no dispute about its use.

ment tool in e-discovery, holds prom-ise for wider use in the records andinformation management arena.

Records professionals shouldreach out to e-discovery colleaguesand technology partners to explore

the prospects for utilizing this tech-nology. END

Doug Smith can be contacted [email protected]. See his bio onpage 46.

Now Available! www.arma.org/assessment

Introducing the officialGENERALLY ACCEPTED RECORDKEEPING PRINCIPLES®

assessment

ARMA International’s new assessment evaluates more than 100

information governance attributes. It can be deployed across the

enterprise to determine how a department, division, location, or your

entire organization measures up against the Generally Accepted

Recordkeeping Principles®. Take advantage of this set of organization-

improving attributes today!

Special thanks to our Generally Accepted Recordkeeping

Principles® outreach sponsors:


The Principles at Work in Cargill:

Tools for Assessment,CommunicationJulie Gable, CRM, CDIA, FAI


ways been part of the RIM pro-gram,” said Pederson, “Perhaps notspelled out the way they are now.Most of the Principles are part of therecords lifecycle, the idea that infor-mation must be managed from cre-ation through disposition.”

Taking RIM on the RoadOne of the first challenges Ped-

erson took on was finding a way toinstill accountability for recordsmanagement in diverse businessunits. The current RIM organizationstructure began in November 2002,when Cargill created a task forcecomprising representatives from theaudit, RIM, tax, and controller func-tions, and went on the road to visitthe organization’s largest businessunits to find out how records were

Editor’s Note: Past issues of Infor-mation Management magazine havefeatured a series of articles dis-cussing the individual components ofthe Generally Accepted Recordkeep-ing Principles® (the Principles) andthe potential benefit of using its com-plementary Information GovernanceMaturity Model (Maturity Model) toassess recordkeeping effectiveness.This article, the first in a series,shares the knowledge of an informa-tion professional who has imple-mented the Principles and whogenerously shares her experience.

Cheryl L. Pederson, CRM, FAI,is the global records and in-formation manager for Car-

gill, an international producer andmarketer of food, agricultural, and

records management policies, proce-dures, best practices, consulting,and training to Cargill businessunits.

The RIM COE functions on aglobal basis to manage paper andelectronic records. Pederson’s staff ofeight includes five records man-agers, whom she describes as “pas-sionate” about what they do, withexpertise in retention schedules,databases, and other specialties,such as electronic records and dataarchiving.

One of Cargill’s major accom-plishments has been to extend thePrinciple of Accountability far be-yond the RIM department, puttingin place a global RIM organizationstructure.

Pederson explained, “RIM reports

… executives … recognized thechallenges of recordkeeping, therecords silos that evolve, and theneed for a standardized approach.

industrial products and financialservices headquartered in Min-neapolis. Founded in 1865, it hasgrown to become one of the largestprivately held companies in theworld, employing 140,000 people inmore than 65 countries.

Beginning her career withCargill in 1972, Pederson held legalsecretary, paralegal, and legalrecords administrator positions inthe law department, then moved onto manage corporate records. Shehas managed the records and infor-mation management (RIM) functionwithin Cargill since 1998.

“Cargill has always had recordsmanagement – there are retentionschedules dating back to the early1950s – and the Principles have al-

being managed in the field.The project lasted six months,

culminating in a presentation toCargill’s chief executive officer thatwas allotted 20 minutes on theagenda, but lasted an hour, largelybecause the executives present hadall been in the field during their ca-reers and recognized the challengesof recordkeeping, the records silosthat evolve, and the need for a stan-dardized approach.

Creating RIM Center of Expertise

With sponsorship from the vicepresident and senior controller, Ped-erson formed the Records and Infor-mation Management Center ofExpertise (RIM COE) to provide

through Finance and the Con-troller’s organization. Controllershave major responsibility for RIM atCargill and have responsibilities re-garding records management thatare considered part of their job per-formance. The Controller’s organi-zation appointed approximately 225records coordinators around theworld – many of them managementlevel. Each of them has site coordi-nators at their location – so thereare about 1,000 people involved.”

There are also four RIM regionmanagers who are available to an-swer questions within their region,so help is available regardless oftime zone differences.

General objectives for each coor-dinator include tasks associated


with the Principles of Integrity, Re-tention, and Disposition. For exam-ple, coordinators must:• Maintain a records inventory • Provide RIM education within the

business unit• Update country-specific records re-

tention schedules as part of ateam that includes the tax man-ager, attorney, and controller, sothe organization can respond tonew laws

• Comply with records destructionrequirements

“We are working to implement anew tool to provide graphs, percent-ages, and other reports to showwhere each business unit is as far ascompliance with the RIM programand their required objectives,” saidPederson. “The RIM COE does con-ference calls each quarter withrecords coordinators as well.”

Working with ITPederson has found the Princi-

ples helpful in working with the de-sign team for the product Cargillpurchased for its enterprise contentmanagement. Like many other prod-ucts, this one requires the organiza-tion to have a strong model andvision of how the system will workwithin their specific environmentand culture.

“As we worked through the infor-mation that must be input into thesystem to make it work – for exam-ple, classification plans, retentionrules, metadata, and so forth – all ofthe Principles have come into the dis-cussion, and they have been veryhelpful in trying to communicatewith members of the IT team as towhat had to be inherent in the waythe system will work and why,” Ped-erson explained.

She believes the Principles alsohave been useful in discussion with thelegal team regarding automatic dele-tions – specifically, regarding the issueof pre-disposition searches to makesure the system is accurately identify-ing records that can be disposed of. Theability to demonstrate that the systemwill follow repeatable, consistentprocesses across the enterprise wasvery important.

The plan is to perform MaturityModel level 4 disposition as high-lighted in the Principles’ complemen-tary Information Governance MaturityModel (Maturity Model) – meaningthat disposition will be applied consis-tently, as will the suspension of dispo-sition.

Supporting CorporateGovernance

Like many large organizations,Cargill has a statement of ethics andcompliance that sets forth standardsfor conducting business throughoutthe world and serves as a guide for em-ployees. Unlike some others, however,three of Cargill’s seven guiding prin-ciples address RIM specifically, ac-knowledging the role the Principles ofCompliance, Integrity, Transparency,and Protection play in good gover-nance. (See sidebar “Cargill Ethicsand Compliance Guiding Principles(Excerpt).”)

More than just text on a webpage,all Cargill employees must sign off onthe ethics and compliance statement.Pederson notes that Cargill’s guidingprinciples have helped give the RIMprogram teeth and that her depart-ment references them in every presen-tation, training, and education session.

“There are thousands of laws in-volved in our 67 country-specific re-tention schedules,” said Pederson,“and we establish retention time peri-ods to ensure compliance with legaland business requirements. Retentionschedules also indicate records subjectto tax holds, such as books of accountor records that support matters ad-

Cargill Ethics and ComplianceGuiding Principles (Excerpt)We obey the law. Obeying the law is the foundation on which ourreputation and Guiding Principles are built. As a global organizationprivileged to do business all over the world, we have the responsibil-ity to comply with all of the laws that apply to our businesses.

We keep accurate and honest records. Accurate and honest recordsare critical to making sound business decisions and maintaining theintegrity of our financial reporting. Our business information, inwhatever form, must reflect the true nature of our transactions.

We protect Cargill’s information, assets and interests. We count onone another to act as stewards of the organization. To preserve thevalue of Cargill, we protect the information and assets entrusted tous and avoid situations that may let personal interests influence ourbusiness judgment.


dressed on tax returns. Cargill alsohas mechanisms in place to imposelitigation holds on paper and on elec-tronic records, and holds are indi-cated on the RIM COE website.”

Protection of information assetsis ongoing, explained Pederson.“Cargill has different levels of pro-tected information. There is alreadya group responsible for informationprotection that actually does officewalk-throughs to make sure pro-tected information is not sitting outin the open or exposed to those whoshould not have access to it.”

Pederson cautions, however, thatRIM is one component of informationgovernance, not the be-all and end-all of it. Information governance hasstrategic aspects, as well as controlelements.

Assessing Maturity LevelsWhen the Principles first ap-

peared in 2009, Pederson used themto do a self-assessment of Cargill’sRIM program to judge how the or-ganization compared to the MaturityModel. As might be expected for amature RIM program, Pedersonfound that many aspects of the pro-gram already operated at high levels.

Outstanding, of course, was thestructure of the global program thathas worked for 10 years. Anotherwas the excellent program documen-tation and the many policies, proce-dures, and documented best prac-tices on a wide range of information-related topics, including e-recordsarchiving to offline and online stor-age media; official records identifica-tion; office and plant closings; outside

pends on the level of risk that a par-ticular company is comfortable ac-cepting. It also depends on the costsassociated with attaining the higherlevel.”

Using the Principles to Communicate

At Cargill, it’s never been a mat-ter of trying to retrofit the Principlesto the existing RIM program –they’ve been at work for some time,underpinning a strong, information-aware environment.

As the Cargill example shows,the Principles are tools that can en-hance the participation of RIM, IT,and legal in designing new systemsto deal with RIM implications. Thisis not a bad thing in an era of bring-your-own-devices, Facebook at work,

The Principles are tools that canenhance the participation of RIM, IT,and legal in designing new systemsto deal with RIM implications.

According to Glossary of Recordsand Information Management Terms,4th Ed. (ARMA TR 22-2012), infor-mation governance is “a strategicframework composed of standards,processes, roles, and metrics thathold organizations and individualsaccountable to create, organize, se-cure, maintain, use, and dispose ofinformation in ways that align withand contribute to the organization’sgoals.”

The Sedona Conference® Work-ing Group on Electronic DocumentRetention and Production (WG1) pro-poses that there is a hidden valueand return on investment in corpo-rate information, and the reasons togovern it well go far beyond the needto manage risk and answer e-discov-ery requests efficiently.

service providers; web records; andbackup tapes.

One revealing moment in theself-assessment was the realizationthat the RIM COE had not providedwritten guidance for records in-volved in joint ventures, acquisi-tions, and divestitures. There arenow best practices and guidelines forthe records’ aspects of these corpo-rate transactions. Future plans in-clude a best practice guidelinedealing with conversions, migra-tions, and abandonment of electronicrecords and information systems.

While the self-assessment wasuseful, Pederson cautions on takingthe Maturity Model too far. “Weneed to realize that not every organ-ization wants or needs to be at alevel 4 or 5 in every principle. It de-

instant messaging, and e-mails ontablets.

From a business perspective, thePrinciples and the Maturity Modelare aids to conversations aboutwhere an organization perceives itsinformation management risks andhow it chooses to accept or amelio-rate those risks. They also lead to acommon understanding of which as-pects of information managementprovide the greatest value and so de-serve additional investment of re-sources. END

Access the Principles and MaturityModel at www.arma.org/principles.

Julie Gable, CRM, CDIA, FAI, canbe contacted at [email protected]. See her bio on page 46.


While attendees of the 2012Fellow of ARMA Interna-tional (FAI) Forum held Sep-

tember 23 at the 2012 ARMAInternational Conference & Expo inChicago revealed that organizationsare still struggling with many aspectsof electronic records management, theaudience polling indicated one partic-ularly positive shift.

The percentage of legal, IT, andrisk/compliance representativesamong the standing-room-only crowdof 200+ people that attended theforum is an indication that these keydisciplines are increasingly coming to-gether with records and informationmanagement (RIM) to address themanagement of records and informa-tion assets.

Together, these three disciplinesconstituted nearly 30% of all attendees– up from just over 10% of attendeesat the 2011 FAI Forum. Of these, 12%were legal (up from 7.4%), 10% wereIT (up from 2.9%), and 7% wererisk/compliance (up from 0%). RIM at-tendees made up 68% of the total(down from 77.9%).

While this result is encouraging,attendee polling also revealed thatthere was just a slight increase in ex-ecutive leadership’s understanding ofthe importance of information gover-nance – from 52.2% in 2011 to 54% in2012 – which the panelists found dis-appointing.

The forum, which was facilitatedby April Dmytrenko, CRM, FAI, and

Wendy Shade, FAI, produced many in-sights into the present state of manag-ing electronic records in the attendees’organizations. For this article, severalpanelists summarized the perspectivesthey presented on various aspects ofthe theme, “Pushing UnconventionalChange: Redefining RM Practices,”and the conclusions they drew fromthe interactive discussions among pan-elists and attendees and the audiencepolls that followed. Each of the sum-maries begins with a redefining state-ment in italics.

Few Practice DefensibleE-Record DispositionSusan Cisco, Ph.D., CRM, FAI

Organizations have invested intechnology to manage structured,semi-structured, and unstructured in-formation; in retention schedules to es-tablish retention periods for records;and in information lifecycles to deter-mine retention for everything else.However, the actual disposition (dele-tion) of electronic records is still elusivefor most organizations.

In fact, 81% of the attendees re-sponded that their organizations arenot systemically deleting electronicrecords according to their records re-tention schedule (unless records needto be preserved for legal holds). Just15% said their organization is doingso, and 4% did not know.

The central business problem inthe disposition of electronic records isthat managing the entire informationlifecycle in multiple applications andrepositories is complex. Organizationsmay not know who owns the informa-tion, how it is used, or its value. Tomitigate the unknowns, more thanhalf of the participants expect to applyto electronic records a pre-approvalprocess with required signoffs bystakeholders currently used for dis-posing of boxed physical records storedoff-site.

Though in the minority, there arestrong voices among RM professionalswho think applying the paper disposi-tion process to electronic records willnot work due to their large volumesand disparate repositories. According

Fellows Forum Provides Snapshot ofE-Records Management in OrganizationsSusan Cisco, Ph.D., CRM, FAI;Fred Diers, CRM, FAI; April Dmytrenko, CRM, FAI; John Isaza, Esq., FAI; Dave McDermott, CRM, FAI; John Montaña, J.D., FAI; Wendy Shade, FAI


An organization can set retentionrequirements on the reports created,such as invoices, ledgers, reconcilia-tion reports, purchase orders, budgets,payroll, personnel summary reports,and many others. The problem forrecords managers and IT is that evenwhen the report created by the systemis disposed, the data element in theERP system used to create the reportis still available and can be used torecreate the report.

When asked whether their organ-ization had a digital preservation planto preserve both the data elementsand the electronic records createdfrom them for specified retention pe-riods, the alarming result was thatonly 21% indicated they did. Sixty-twopercent said they did not, and 17%said they didn’t know.

Due to implementation costs, lackof long-range strategies, and organi-zational ignorance, both public andprivate organizations can be enteringthe “digital dark ages” when it comesto ensuring access to critical informa-tion into the future.

ConclusionToo often, information profession-

als debating this issue become em-broiled in the details: archivists argue

to Gimmal Group’s Brian Tuemmler,it takes one employee more than fiveyears to apply retention and activate apre-approval process to dispose ofrecords in one shared drive. This sug-gests that a pre-approval dispositionprocess may be impractical and unre-alistic due to the sheer volume of elec-tronic records.

ConclusionLack of appropriate technology is

no longer a major barrier to defensibleelectronic record disposition. Thebiggest obstacles are associated withpeople and process, including deter-mining: • Best practices for applying retention

to duplicates and to valuable infor-mational material that may be use-ful for three or more years

• Whether notification/pre-approval isnecessary for defensible disposition

• Best practice for initiating the event“triggers” that start the retentionclock for event-based retention peri-ods

• How to get people to make the be-havioral changes required for defen-sible electronic record disposition

Digital Data Preservation PlansAre RareFred Diers, CRM, FAI

Compliant and sustainable reten-tion programs must incorporate au-thenticated preservation anddisposition of object database manage-ment systems’ (ODBMS) data with ef-fective controls in place.

ODBMS or enterprise resourceplanning (ERP) systems for managingfinancial and human resource data,such as SAP, Epicor, Infor, and Ora-cle, have proliferated during the past20 years. These systems retain data el-ements or objects enabling unlimitedvariation of report generation. Theyare often associated with data analyt-ics, the science of examining raw datawith the purpose of drawing conclu-sions about that information and cre-ating business intelligence.

whether the data elements are arecord or non-record; IT professionalsdebate the value of disposing of thedata elements as a means of ensuringcompliance; and records professionalsargue that the data elements are notrecords. None of these arguments ad-dresses the overarching issue, which isthe effective management of ODBMStools to meet risk and compliance is-sues related to the access, duplication,and spoliation of data elements withinthese systems.

Regulation Is in Sight for Cloud ComputingJohn Isaza, Esq., FAI

Cloud computing vendors willsoon become as ubiquitous and com-prehensive as utility companies. Awhole new set of Federal Energy Reg-ulatory Commission (FERC)-like reg-ulations will result for the cloudcomputing industry.

There are many parallels betweenthe evolution of the cloud computingand electrical utility industries. Whenelectricity began to reach people’shomes in the late 18th century, homeshad to have their own generators toclaim it. Soon, enterprising providerscreated power grids that provided ac-cess to a much more scalable, reliable,

ARMA International Company of Fellows, Fellows Forum

The ARMA International Company of Fellows, with 47 membersthroughout the world, was established in 1990 to honor associationmembers who have distinguished themselves through their outstandingachievements and contributions in records and information managementand their noteworthy accomplishments at all levels of the association.

Each year, a panel comprising several Fellows of ARMA International(FAIs) presents a Fellows Forum on a topic meant to challengeconventional thinking. Created in 2008 by April Dmytrenko, CRM, FAI,the current FAI chair, and Wendy Shade, FAI, the forum opens with eachpanelist providing a brief perspective on an aspect of that year’s topic,followed by audience polling and an animated and passionate exchangeof opinions among panelists and attendees.


and less intrusive source of electric-ity. Today, people don’t really know orcare how or from where they get elec-tricity, but utility companies are sub-ject to compliance requirements andcontrols like FERC.

Similarly, in the last few years, thecloud has become like those powergrids created by the utility compa-nies. The service is now offered from acentral location to serve many peopleat once, while at the same time offeringalternatives that are more scalable andreliable and take up less space insidethe home or office. Organizations andindividuals can “turn on” the cloud inthe same way they can simply turn ontheir lights.

And, just as people don’t reallyknow how or from where they get elec-tricity, the FAI Forum poll revealedthat 83% of attendee respondents saidthey do not know the exact locationwhere their data resides in the cloud.Additional polling also indicated theydo not know if they have custody orcontrol of their data stored in the cloud.

ConclusionKnowing where data resides in the

cloud and whether that data is in thecustody or control of the organization iscritical for e-discovery and compliance.This is likely to lead to governmentalintervention similar to what has oc-curred in the electric utility industry.Regulation will become necessary notonly to guarantee protection of the con-sumer’s wallet in using the services,but also to protect the consumer’s data,ensure access to it when needed, andcontrol it for retention, disposition, and,of course, for litigation.

Must Hit ‘Delete’ on InformationHoardingDave McDermott, CRM, FAI

Whatever the reason behind hoard-ing, if organizations are unsuccessful inpromoting legally compliant electronicdisposition by employees, they will haveto take on disposition without employeeintervention, as the risks are significant.

Feel they are protecting the

organization

Don’t have time to manage it

Might need it

Too lazy to deal with it

Yes

No

Don’t Know

15%

4%

81%

Yes

No

Don’t Know

21%

17%

62%

Yes

No

17%

83%

8%

64%

15%

13%

Yes

No

Don’t Know

33%

13%

54%

SSnapshot of E-Records Management in Organizations – September 2012My organization is systemically deleting electronic records, followingthe records retention schedule, unless records need to be preservedfor legal holds.

Does your organization have a digital preservation plan to preserveboth object oriented data and electronic records for specified retentionperiods?

Do you know the exact location where your data resides in the cloud?

Why do you think people hoard outdated electronic information?

Does your organization employ a strategy in place for retiring outdated orsuperseded electronic records and data systems?

Source: Fellows of ARMA International Forum Attendee Poll, September 23, 2012, Chicago


The practice of hoarding electroni-cally stored information (ESI) has be-come epidemic in both the businessand personal world. Storing digital in-formation is easy and cheap (e.g., an8GB flash drive can be bought for $6),although in many cases the stored in-formation is irretrievable.

Organizations are increasingly atrisk because of employees’ retention ofoutdated ESI. The FAI Forum poll in-dicated that 64% of attendees believethat employees hoard data becausethey “might need it,” 15% “don’t havetime to manage it,” 13% are “too lazyto deal with it,” and 8% “feel they areprotecting the organization.”

In many cases, the organization’sanswer to electronic hoarding is to sim-ply add more storage. Another com-mon option is for the IT department tosend out a blast e-mail asking every-one to delete what is no longer needed.However, both of these options shoulddraw severe criticism from the recordsmanager.

Organizations need to evaluatewhy the hoarding is occurring. This en-tails determining the mind-set of thehoarders and whether they under-stand the consequences of retaining.Then, organizations need to be willingto punish those who choose to ignorepolicy and continue to save outdatedelectronic information.

ConclusionFirst, organizations must have in

place the proper processes, policies,and tools for managing ESI. Theymust promote legally compliant elec-tronic disposition, and, if necessary,they must accept the risk of destroyinginformation without employee inter-vention (i.e., employ automated de-struction of information). Ultimately,management must make a risk as-sessment, document its decisions, andbe willing to delete, delete, delete.

Big Data Brings Big RiskJohn Montaña, J.D., FAI

Organizations will never manage

their big data systems properly untilthey come to terms with the fact thatthey don’t really know much aboutwhat’s in them. A lot of the time,they’re flying blind and confrontingunquantified risks.

Organizations’ data is out of con-trol. In its 2012 big data forecast, IDCprojected data sets would grow at 60%a year or more. Whatever is done tomanage it, every year will need togrow by 60% just to keep pace withthe status quo.

Unfortunately, 54% of the FAIForum respondents said their organi-zations do not employ a strategy forretiring outdated or superseded elec-tronic records and data systems. One-third said they do, and 13% said theydon’t know.

This means that next year, organ-izations will still be trying to managethis year’s data. And in five years,they’ll be buried – if they’re not al-ready.

Pretending that the traditionalrules work is a fallacy. They don’t.Their basic assumption – that organi-zations can name, find, and touchevery data object in their organization– wasn’t true 20 or even 30 years ago.It certainly is not true today. So, whatnow?

ConclusionFirst, throw out the old playbook.

Use it, and be doomed – data growthwill outstrip any resources that can bethrown at the problem. So, throw outthe tweezers and get out the axe.

Second, live with risk – it is builtin. So, think like an insurance com-pany. While organizations can’t pre-dict exactly when or how bad the “bigevent” will be, they can estimate andmonetize the cost. It becomes part oftheir business model.

The goal shouldn’t be to avoid riskand uncertainty, but to embrace it andplan for it. Both the wins and thelosses should be part of the overallstrategy and the resources allocatedaccordingly. That’s a winning strategy.

So, welcome to the 21st century.It’s going to be an exciting time, butnot one for the faint of heart. The fu-ture belongs to the bold.

The Time Is Now to RedefineRIM Practices

Most, if not all, organizations arestruggling with effective and legallycompliant management of their elec-tronic records, data, and content.Further complicating the struggleare the related challenges of discov-ery, regulations, global management,disparate technology, legacy data,and merger, acquisition, and divesti-ture.

As an industry that traditional,sound records management practiceshave served well for decades, re-imagining those practices in a wholenew context is daunting. From effec-tive destruction strategies to thechallenges presented by hoardingmassive quantities of information,the message from all of these pan-elists was clear.

RIM professionals must think dif-ferently and evolve their programsand approaches in order to effectivelydeal with this paradigm shift. Whatworked in the past will not work inthe future without significant modi-fication.

Susan Cisco, Ph.D., CRM, FAI, can becontacted at [email protected] V. Diers, CRM FAI, can be con-tacted at [email protected] Dmytrenko, CRM, FAI, canbe contacted at [email protected]. John Isaza,Esq., FAI, can be contacted at [email protected]. Dave McDer-mott, CRM, FAI, can be contacted [email protected]. John Montaña,J.D., FAI, can be contacted at [email protected], FAI, can be contacted [email protected].

See FAI Forum panelists’ bios on pages46 and 47.


If you are a “modern knowledgeworker with several e-mail ac-counts, the latest smartphone and

an insatiable appetite to know – thatis, to consume all available informa-tion . . . [often] to the point of un-healthy and unproductive bombard-ment” – then Information Bombard-ment: Rising Above the Digital On-slaught is for you.

Divided into three parts, the bookexplores the many varied reasons forinformation bombardment, analyzesits implications, and offers some guid-ance for combating it.

Impacts of Information OverloadThe first 11 chapters explore the

context and issues related to infor-mation bombardment. Author NickBontis, Ph.D., examines why hu-mans crave knowledge and illus-trates how technological advancesresulted in today’s explosive volumeof information.

He also illustrates how newertechnologies that allow constant ac-cess to vast amounts of information,such as the Internet, negatively im-pact our quality of life because welack the ability to filter, organize, andprioritize.

Chapters 12-16 address the im-pact of information bombardment forindividuals, groups, organizations,and societal institutions (e.g., govern-ment):• Individuals – Bontis examines the

chronic stress of trying to managetoo much information and how itnegatively impacts personal rela-tionships and impairs health bycausing such things as memory loss.

• Groups – He discusses the “infor-mation hoarding” behavior that

emerges when knowledge sharingis not encouraged.

• Organizations – He explains whythere is a loss of intellectual capitalbecause knowledge is not easilytransferred or codified, and knowl-edge obsolescence occurs at analarming rate.

• Institutions – Bontis argues thatthe inability to efficiently and ef-fectively convey information canhave significant, widespread socie-tal impacts. He uses as an examplethe deaths that might have beenprevented during Hurricane Kat-rina had information sharing beenbetter coordinated.

Solutions: In Short SupplyChapters 17-20 provide “thera-

peutic solutions” or “prescriptions” forcombating information bombard-ment. For the most part, these solu-tions are generalized ideas that don’tcover new ground or offer specifics forimplementation.

Bontis allocates just less than 200pages to describing information bom-bardment, another 100 pages to ex-amining its implications, and a mere36 pages to providing guidance forcombating it. This uneven distribu-tion, coupled with his repetition ofseveral examples, builds impatienceand frustration.

The last part of the book is partic-ularly unsatisfying given its brevityand the simplicity of many of the rec-ommended solutions (e.g., use auto-foldering rules to tame your inbox).Bontis also provides little detail aboutorganizational solutions in Chapter19, instead referring the reader to sev-eral of his published articles. Becauseknowledge management is the au-

Information Bombardment: RisingAbove the Digital OnslaughtAuthor: Nick Bontis, Ph.D.Publisher: Institute for Intellectual

Capital Research Inc.Publication Date: 2011Length: 432 pagesPrice: $28.95ISBN-13: 978-0-9867945-0-6Source: : www.iicr.ca

Drowning in Information: Proactively Managing the OnslaughtSheila Taylor, CRM

thor’s recognized field of expertise, thisshould have been the strongest sectionof the book.

The book lacks a final, summariz-ing chapter or footnotes for the nu-merous cited statistics and studies.While the further readings at the endof each chapter presumably includethe sources of the cited items, a readershouldn’t have to work that hard tofind a source.

Parting (from Information)Is Sweet Sorrow

Information Bombardment is en-gaging and easy to read, and the au-thor uses humor and anecdotes toillustrate many of his arguments. Forexample, he illustrates how informa-tion bombardment has negatively af-fected him (and his family) by


recounting his inability to enjoy thebeauty of a Grecian sunset when hecouldn’t get reception on his Black-Berry. However, while an entertainingread for general audiences and mar-keted as a resource for “workingsmarter, not harder,” the book’s valueto records and information manage-ment (RIM) practitioners is somewhatlimited.

RIM practitioners can benefit fromthe book in two ways. First, they canleverage through RIM training andcommunications the insights as towhy employees find it so difficult topart with information. Second, theycan gain an appreciation into howmany employees, managers, andother stakeholders interact with in-formation and learn about the infor-

mation management solutions offeredby providers. It is prudent for RIMpractitioners to be aware of such per-spectives, especially when (as in Infor-mation Bombardment) they do notconsider RIM best practices. END

Sheila Taylor, CRM, can be contactedat [email protected]. See her bio onpage 47.

F or information management pro-fessionals working in large or-ganizations, the idea of being an

independent consultant can have uni-versal appeal: working from home inyour favorite sweatpants, choosingyour own hours, and getting awayfrom corporate politics. The reality ofconsulting as a career, however, can beextremely challenging and uncertain.Information Consulting: Guide toGood Practice offers a basic foundationfor understanding the skills and tal-ents required for success in thisunique and growing field.

Information Consulting is co-au-thored by three individuals withample academic and professional ex-perience in library and informationstudies, information science, and IT.Irene Wormell, Annie Olesen, andGábor Mikulás offer a broad and high-level perspective on the informationconsulting profession from their yearsspent working internationally. Thepublication is relatively short, simplyworded, and easy to navigate as apractical handbook for assessing skillsand establishing standards for an in-formation consulting business.

The authors target the informationconsulting beginner and offer very lit-

tle knowledge of the dynamics andprocesses involved in consulting. Thisis an unfortunate shortcoming, asmuch of Information Consulting readsas a fairly generic how-to guide on con-sulting best practices for all profes-sionals. While effective communi-cation, networking, and relationshipbuilding are described as essentialskills for consulting success, thesepoints will come as no surprise to read-ers who have even a basic under-standing of essentials in the typicalconsultant-client relationship.

An entire section on business plan-ning similarly reads as a quick guidefor starting any new entrepreneurialventure. With all of their combinedyears of experience, it is disappointingthat the authors do not distinguishthis aspect of Information Consultingmore clearly from other general con-sulting guides available in the mar-ketplace today.

The authors’ practical knowledge fi-nally shines through in the final chap-ters, where they offer an impressivecollection of real-client feedback andcase studies. An overview of current is-sues in the information managementindustry, along with a discussion ofchanges affecting traditional librarian

Information Consulting: Guide toGood PracticeAuthors: Irene Wormell, Annie

Joan Olesen, and Gábor MikulásPublisher:Chandos PublishingPublication Date: 2011Pages: 218Price: $45ISBN-13: 978-1-84334-662-3 Source:www.chandospublishingonline.com

Needed: An Information ConsultantClare Cameron

roles, covers some of the current issuesfacing information professionals.

At this point, the authors usestraightforward and engaging lan-guage to illustrate the genuine chal-lenges and possible routes to success inseveral real-life information consultingscenarios. This is an outstanding andtruly beneficial section, as it offers the


most particular and believable illus-tration of the complexity involved inconsulting on information manage-ment issues as a profession.

Throughout Information Consult-ing, the authors reference an impres-sive collection of academic and mediapublications, including client surveysfrom existing information consultantpartnerships. Readers will gain an ex-tensive bibliography for further re-search on the information consultingindustry.

Common measures for organiza-tional dynamics, such as the Hofstede

and Trompenaars scales, are also ref-erenced as a way of placing the infor-mation consulting field in a broaderbusiness context alongside such issuesas power distance, assertiveness, anduncertainty avoidance.

While the introduction of Informa-tion Consulting suggests that readerswill receive an in-depth look at thisunique branch of consulting services,the authors offer plenty of good, butwide-ranging, advice that could applyto anyone interested in starting amanagement consulting career.

Though the book will be most valu-

able as an initial starting point for un-derstanding the idea of informationconsulting, more experienced readerswill appreciate the real-life scenarios,practical checklists, and case study ap-pendices. Perhaps the authors willconsider issuing an expanded editionof this guide, offering more specific ad-vice and recommendations directlyfrom their own experiences as inde-pendent information consultants. END

Clare Cameron can be contacted [email protected]. Seeher bio on page 47.

The way people create, store, andmanage their personal informa-tion is in the midst of a radical

transformation. In the course of a fewshort decades, most people will havemoved from paper to local electronicstorage to largely cloud-based solu-tions to manage their information.

In the coming years, correspon-dence, personal photographs, criticalmedical and financial records, andother personal records not only willbe stored electronically, but they alsowill be accessed through websiteshosted remotely across countlessservers in different parts of the world.

This presents numerous new chal-lenges, both for individuals hoping tomanage the infinitely expandingamount of personal information andfor information professionals whohope to preserve it for business use orhistorical study.

Getting Ahead of the CurveUnfortunately, the literature in

personal information managementalways seems to be one step behindthe moving target and, according toChristopher A. Lee in his publicationI Digital: Personal Collections in theDigital Era, “limited to a few scat-tered journal articles and researchproject websites.” This book, featur-ing nine other contributors, is a for-ward-looking attempt to fill that gapand bring experts from other fieldsinto a new, unified body of literature.

Lee divides the book into threeparts. The first deals with the foun-dations of personal collections; thesecond identifies the types of elec-tronic personal information; and thethird offers strategies for managingthese types of data. Each part con-tains several chapters offering ap-proaches to the larger themes byauthors from a variety of back-grounds.

In his opening chapter, Lee iden-tifies two existing streams of litera-ture from which he draws personal

I Digital: Personal Collectionsin the Digital EraAuthor: Christopher A. Lee Publisher: Society of

American ArchivistsPublication Date: 2011Length: 384 pagesPrice: $70ISBN-13: 978-0838911556Source: : www.archivists.org

The Shifting Landscape of Electronic Personal InformationAndrew Altepeter

information management (PIM) andarchives and records management(ARM). Traditionally, PIM has em-phasized the ways individuals create


and manage their own information,and ARM represents the methodsorganizations and institutions use tomanage and preserve their collectiveinformation.

However, the boundaries betweenthese two fields are quickly disap-pearing as individuals often co-min-gle their personal information withwork information, and IT organiza-tions move toward a “bring-your-own-device” model.

Grappling with the IssuesReaders will find useful updates to

traditional archival concepts. Theabundance of cheap storage, searchtechnologies, multiple provenances,and Web 2.0 applications (e.g., Face-book, Twitter, and Flikr) fundamen-tally impact information managementand ownership issues.

One only needs to access a corpo-ration’s Facebook page to see that theinformation exchange between the or-ganization and its customers has fun-damentally changed. Internal socialmedia and wikis, each mingling com-pany data with employee personal in-formation, add further complexity.

I Digital is backed by scholarlysources cited in easily accessible end-notes, and a detailed bibliography of-fers a starting point for readerslooking to further explore and developthe challenges and opportunities inpersonal information management.

An issue the book’s contributorsoften overlook is the growing chal-lenge surrounding data privacy andthe protection of personally identifi-able information, perhaps due to thebias toward museums and archives,rather than organizations that man-age active records. A spirited discus-sion addressing the tension betweenthe need to make active records acces-sible and the need to protect personalinformation in cloud-based environ-ments would strengthen the book.

Learning from Other DisciplinesReaders of Information Manage-

ment will find much of use within I

Digital. The challenges of archivistswho manage personal collections areoften similar to those as corporate in-formation governance professionalswho must ensure access, preservationand integrity across rapidly trans-forming platforms of digital storageand collaboration on employee-owneddevices.

Perhaps even more important, IDigital invites information gover-nance professionals to a discussion on

personal collections that had longbeen reserved to archivists, librarians,and museum professionals. This in-clusive approach will ensure that in-formation professionals with uniquegoals are nevertheless able to learnfrom principles and methods of theother. END

Andrew Altepeter can be contacted [email protected]. See hisbio on page 47.

Like Your Favorite Drive Thru …Only Better. Who has time between 9 to 5 to slip away for career development? Us either.

ARMA International's online courses offer convenient and flexibletraining on YOUR schedule. From RIM and Generally AcceptedRecordkeeping Principles® to professional development, ouronline courses allow you to keep on top of your game and get aheadof the field, at a time and place that is most convenient for you.

Slippers optional.

Open 24 hours a day, 7 days a week, 365 days a year.

See what’s available at www.arma.org

Learning Center


Contact Information

Rolling the Dice with Predictive Coding: LeveragingAnalytics Technology for Information Governancepage 22Leigh Isaacs is director, records and information governance, forOrrick, Herrington & Sutcliffe LLP. She has more than 25 years ofexperience in the legal field and more than 10 years of experiencein information management. An active member of ARMA Inter-national since 2004, Isaacs serves as president for the ARMA In-ternational Greater Washington, D.C., Chapter. She has publishednumerous works, regularly speaks on records management issues,and has provided records consulting services to other law firmsand organizations. Isaacs can be contacted at [email protected].

A Roadmap for Effective Information Governancepage 27Sam McCollum is the president of SIMC Coaching, which assistsorganizations in developing their information governance andstrategic information management capabilities. He has more than28 years of records and information management consulting ex-perience in North America. McCollum has developed and pre-sented at educational institutions and at regional andinternational conferences. He has created strategic design toolsthat complement the Generally Accepted Recordkeeping Princi-ples® and assist in designing strategic information managementdeliverables as a foundation for information governance. McCol-lum can be contacted at [email protected].

RIM Fundamentals Series: Thinking Outside theBox: Use Predictive Coding as a RIM Tool page 30Doug Smith, business solutions manager for Wiley Rein LLP,has been managing legal records and information for more than20 years. He has worked extensively to develop systems to en-sure the efficient, effective, and compliant handling of records.He recently co-led the revision of the ARMA International Glos-

sary of Records and Information Management Terms, 4th Ed.(ARMA TR 22-2012) and has assisted with developing guide-lines about records and information management and IT rela-tions, litigation support, and electronic messages as records.Smith can be reached at dsmith@ wileyrein.com.

The Generally Accepted Recordkeeping Principles®

Series: The Principles at Work in Cargill: Tools forAssessment, Communication page 34Julie Gable, CRM, CDIA, FAI, is president and founder of Gable Con-sulting LLC. She has more than 25 years of experience specializ-ing in strategic planning for electronic records management,including business case development, cost-benefit analysis, re-quirements definition, and work plan prioritization. In 2003, shewas named a Fellow of ARMA International. Gable has authorednumerous articles and frequently speaks at national and interna-tional conferences. She holds a master’s degree in finance from St.Joseph’s University and a bachelor’s degree in management fromDrexel University. Gable can be contacted at [email protected].

Fellows Forum Provides Snapshot of E-RecordsManagement in Organizations page 38Susan Cisco, Ph.D., CRM, FAI, is a director in Gimmal Group’s En-terprise Content and Records Management (ECRM) services or-ganization. She holds a master of library science degree and a Ph.D.in library and information science from the University of Texas atAustin. Cisco can be contacted at [email protected].

Fred V. Diers, CRM, FAI, has 40 years of records and informationmanagement experience for multi-national organizations. He hassuccessfully implemented sustainable programs for companies op-erating in 80 countries. A significant component involves develop-ing business rules for information, including indexing, metadata,and retention standards. Diers can be contacted at [email protected]..

Altepeter Cameron Cisco Diers Dmytrenko Gable Isaza

Issacs McCollum McDermott Montaña Taylor Shade Smith


BULLETIN BOARDVendors, Products & People

Zasio Enterprises, Inc.Versatile Retention™Versatile Retention International™

Zasio Enterprises is pleased to an-nounce the release of Versatile Re-tention and Versatile RetentionInternational v9. Zasio’s RetentionSoftware Solutions for Domesticand/or Global Retention ScheduleManagement

Call Zasio sales at 800.513.1000,opt 1, to learn more.

RSD has released its RSD GLASS 3.This new version enables governanceof content in the "wild," such asshared drives and e-mail stores.Governing content on shared drives isa concern of many informationgovernance and records manage-ment professionals, so RSD recentlyheld a webinar titled “Solving theInformation Governance Challengefor Shared Drives.” The webinarcovered the need to establish aninformation governance program thatmanages all content, wherever itresides. To view the recording of thewebinar, please visit www.rsd.com/ig-shared-drives-webinar.

April Dmytrenko, CRM, FAI, is managing director with Huron Legal,serving as part of the RIM consulting leadership team. Her ex-pertise is in advising major corporations on strategic initiatives,best practices, information governance, and enterprise-wide pro-grams and retention policies. Dmytrenko is chair of the Fellowsof ARMA International. She can be contacted at [email protected].

John Isaza, Esq., FAI, heads the records and information manage-ment (RIM) practice at Rimon Law. He has developed RIM pro-grams for Fortune 100 companies, including retention research in135+ countries. Previously, Isaza served as general counsel to apublicly traded medical device manufacturer, now owned byAbbott. He can be contacted at [email protected].

Dave McDermott, CRM, FAI, is the records manager for the FederalHome Loan Bank of Seattle. He has been in records and informa-tion management for more than 30 years, has served as presidentof ARMA International, and is the president elect of the Instituteof Certified Records Managers. McDermott can be contacted [email protected].

John Montaña, J.D., FAI, is a principal of Montaña & AssociatesInc., a records and information management (RIM) consultingfirm. He advises corporations, law firms, and non-profit organi-zations on RIM. Montaña is widely recognized as one of the fore-most records management experts in the country. He holds a jurisdoctor from the University of Denver. He can be contacted [email protected].

Wendy Shade, FAI, is program manager with Iron Mountain. Shehas more than 30 years of experience in the field, served as presi-dent of ARMA International in 1990, and received the Distin-

guished Service Award in 1997. Shade can be contacted atwendy.shade @ironmountain.com.

Drowning in Information: Proactively Managing theOnslaught page 42Sheila Taylor, CRM, is a partner and the chief executive officer atErgo Information Management Consulting (formerly the SouthernOntario office of CONDAR Consulting Inc.). She has more than 20years of records and information management (RIM) experience asa consultant, practitioner, and educator. A frequent speaker atARMA International events at the chapter, region, and interna-tional levels, Taylor also presents RIM education sessions at in-dustry-specific conferences in various fields, such as municipalgovernment and association management. Taylor can be reached [email protected].

Needed: An Information Consultant page 43Clare Cameron is an information management coordinator with Ni-agara Region and a director at large for the Southwestern OntarioChapter of ARMA International. Cameron can be contacted [email protected].

The Shifting Landscape of Electronic Personal Information page 44Andrew Altepeter is an information governance analyst at MotorolaSolutions Inc., where he is responsible for records management andIT audits for Sarbanes-Oxley and Payment Card Industry compli-ance. He has previous experience in records management and in-stitutional archives. He earned a bachelor’s degree in history fromMarquette University and a master’s degree in public history fromLoyola University Chicago. Altepeter can be reached at [email protected].


Thinking aboutadvancing your career?ARMA International’s CareerLink hashelped hundreds of members find newand exciting positions in the informationmanagement profession.

The Job Board lists current openingsfrom companies around the globe. Youcan find valuable esources and tools tohelp your career evolve.

Create your confidential profile and getstarted today at www.arma.org/careers.

Contact Information

15, 17 Access Sciences800.242.2005 – Intl. 904.213.0448 –www.accesssciences.com/contactus

FC Archive Systems800.899.3975 – www.archivesystems.com

3 DHS Worldwide Software800.377.8406 – Intl. 904.213.0448 – www.dhsworldwide.com

13 Downstream Data Coveragewww.downstreamdata.com

21 Institute of Certified Records Managers877.244.3128 – www.ICRM.org

BC Iron Mountainwww.ironmountain.com/advantage

19 2013 MER Conferencewww.merconference.com

5 NAID www.naidonline.org

IFC RSDwww.rsd.com

21 The Sedona Conference® InstituteSM

www.thesedonaconference.org

IBC Zasio Enterprises Inc.800.513.1000 Opt. 1 – www.zasio.com

Documents

A Roadmap for Effective Information Governance · 2019-05-10 · JANUARY/FEBRUARY 2013 INFORMATIONMANAGEMENT 1 4 IN FOCUS A Message from the Editor 6 UP FRONTNews, Trends & Analysis