Tuesday, October 27, 2015

Building an Information Management Factory

By Randolph Kahn

Years ago, email burst onto the business scene to become the premier business productivity tool used at work. Not surprising, the post office immediately started to witness the precipitous decline in the number of first class business letters being sent. Revenue from first-class mail in 2000 was $91 Billion, and according to the US GAO it’s projected to be $39 Billion in 2020. Email was a game changer for which the post office didn’t have an immediate answer. The USPO tried staying open later and also tried selling non-mailing related products. The USPO even allowed customized stamps to be printed at home. But in the end, the only way the USPO was going to replace the revenue lost due in large part to email use which replaced the first class letter was with truly transformative change.  Maybe there wasn’t really a viable answer. But whatever was tried was incremental in nature and insufficient to stem the bleeding that was catastrophic to the letter mailing business.

Some kid has the bright idea that he can build an online network for people to share music for free, over the internet. Wonderful idea, unless of course you are the artists who created the music or the music companies that sell it. In either case, both will be directly and substantially impacted.  The music industry was ill prepared for this transformational change and it started to flail immediately trying to seize control of the problem. Whether you embrace change or fight it when confronted with transformational changes will in part dictate your future. But we will come back to that in a minute.

First the Recording Industry Association (RIA) sued the creators of the various such music sharing environments. Then the RIA sued select “borrowers” of the online “free” music to send a message to the rest of the snot nosed kids.  This approach didn’t address the heart of the issue either and made the industry look like bullies. While they were trying to stop transformational change with ineffective incremental baby steps, the winners, the ones building transformational solutions, were creating new ways to build value and business around a new reality-- that music could flow fast and freely across the web.

For Apple, which figured out how to deliver the music and sell it, they have been handsomely rewarded. Many artists now sell their music one song at a time through the Apple music ecosystem or elsewhere or even sell it directly to listeners. For companies like Sony and their famed Walkman, the story of their decline is well documented and painful.  

But this is not an article about business transformation generally. Rather, it’s an article about how global business is going to deal with an information landscape that is rapidly evolving and morphing in unpredictable ways. It’s about companies being overwhelmed by a tsunami of data routinely impacting IT frameworks, storage networks, servers and employees. It’s also about more competing laws and rules that can’t be applied or followed at the document or file level. It’s about big data demanding more information to crawl through while the privacy officer is pushing for the company to keep less information.

If information grew at 2 or 3% per year, then maybe employees could manage privacy, protect company trade secrets or handle the task of records management. But most organizations’ Information Footprints are growing at 25-50% per year and that is not the only challenge. More company information exists outside the company firewall than ever before, making control and access a new complexity. There has been a proliferation of new laws and regulations dictating how organizations deal with litigation response, manage company IP, lock down health information or classify records. 

How does a company deal with the “Perfect Information Storm” where massive volume meets massive management complexities, which collides with burgeoning laws all of which can result in existential consequences from mismanagement.

Every day Bob goes to work and like the day before, he does exactly what he did every day before that day. Perhaps boring for Bob, but predictable for the company and the factory in which Bob works, the products that are created look and function exactly like the ones produced yesterday. That is because the process by which they were created was well, a process meant to predictably create the widget the same way, day in and day out. Behind the factory is the concept that building a good manufacturing process in turn ensures that the widget or whatever, is built predictably good enough, every time. The whole idea is that once the factory is built well, there is no need to rethink the manufacturing process every time another widget is made. If I focus on making each widget by hand when I need to make scads of them, then I am committing to a process that is wrong for the task. On the other hand, if I wanted to craft a fine painting, the manufacturing process is not right for the task.

Contrary to popular belief, information is not so unique that it requires the master artisan’s touch to manage it properly.  Even if that were true and its not, that is simply no longer doable as we have too much information volume and its getting bigger all the time. And even more importantly, if you asked 10 employees about the business value of a document, they would likely have different CORRECT ways to manage or classify it.  Its something like- one man’s record is another man’s junk.  Or better stated, everyone, no matter how much training they have received, evaluates information differently. Not all the time, but a lot of the time. And that is because where you sit in the organization, your educational background, risk tolerance, understanding of the content, etc. all impact how you evaluate whether or not it’s a record, if its private, it it’s a trade secret, etc.

Compliance with laws won’t get any easier. The places data is parked won’t get fewer and volume of information won’t get less voluminous.  Each one of those is game changing. Yet folks still wear their incremental information management hat limping along trying to solve a transformative problem with the wrong tool. Like eating an ocean sized pot of soup with a spoon.  Transformational change needs transformation solutions not incremental ones.

So what to do?

Build an Information Management Factory.  You need to solve the problem from the top down. Looking at the individual file when there are hundreds of millions or billions of them can’t work. Think reproducible. Think massive. Think through-put. Think practical. Think transformational.

Can or should a company ever even contemplate managing hundreds of millions of files with rules built for a time when there were no computers and a few dozen paper records. The information management space is solving a transformational change issue with wimpy incremental ideas whose days were numbered years ago. And yet people are still thinking there is a possibility that it could work.  Get on the clue bus. Employees couldn’t manage company records 10 years ago when the company information footprint was 1/100 its current size, or less. Rethink and rework everything.
10 Things You Must Do Now to get Information Management Right?
1.       Throw out old thinking, old policies, old ideas and tired information workers
2.       Hire a new IM factory “Owner”
3.       Build a multi-disciplinary IM Factory team
4.       Develop the factory build out and agenda for the next 3 years
5.       Build an IM Factory
6.       Simplify rules so that all rules can be applied without much or any employee intervention
7.       Use automation and applications to do the “heavy lifting”
8.       Make certain environments “Non records” locations so that all content goes away after a couple years no matter what
9.       Develop rules for every new info source upfront so end of life is predictable and contemplated
10.   Apply simpler rules to all environments with focus on storage hogs

Don’t forget to buy some robots.  Robots are good for everything.

Whether you embrace change or fight it, when confronted with today’s information realities, what is clear is that the problem isn’t getting any easier to solve. What is equally as clear is that you and your colleagues have not been very successful at solving it either. The reason is clear, minor incremental changes won’t solve the information management problem any more than a spoon can be used to serve up the ocean.
When faced with an exponential information growth problem, responding with incrementally better solutions won’t address the issue. In other words, managing into the current environment is unlike ever before as there is so much more content, in so many more places which the company doesn’t have control over. Its time for a whole new way to manage. It time for people to be smartly guide the factory in managing information.  Employees can’t and shouldn’t manage stuff anymore. They are bad at it. They don’t have time for it. And there is too much of it to meaningfully attack the issue.  Build a factory. Automated response. Whole environments managed as one. Time changes and you need to rework your thinking about what works.
I heard a funny joke-“How many Canadian post office employees does it take to deliver a letter?” Answer—“None as they are phasing out of home delivery because they are bleeding money”.  Boom.

We have spent the last few years building IM factories. It’s doable and needed. If we can do it, so can you. Get busy

We the People Expect a Record

I am exhausted by all the petty infighting. I am tired of the partisan politics. Just knock it off already.  It’s nothing but wrangling between the political parties. Everyone gets it. It’s so painfully clear. Poor Hillary in another overly politicized inquisition to just tear away at her flesh and storied career.  

Our republic is great. For me it is the greatest country that has ever existed. There are some other really good ones, but America is the “cat’s meow.” Loathe to be insensitive with my last idiomatic expression, I don’t want to offend cat owners or dog lovers or people who like leashes--well you get the idea.

America is great in part because it has advanced a unique form of government with built-in checks and balances, among many other institutional protections. What that means is that one branch of government can’t push around another branch. After all, we evolved out of a polity where the king or queen held sway and the Constitutional Framers decided the monarchy wouldn’t work here.  That means that Congress can’t make war by itself and when the President can’t get his ideas passed through Congress, he can’t circumvent the process with some king-like Executive Order to frustrate the process, for example (the Iran Nuclear deal advanced through Executive Order notwithstanding).

Another unique feature of our democracy is governmental transparency. We get to see what our elected officials do or not do. They are supposed to memorialize their actions in the government record for posterity and transparency sake. Thereafter our laws, like Freedom of Information, ensure that we have an optic into governmental activities, assuming it isn’t classified. Because we don’t want just anyone seeing our classified information.

Another really great thing about America is our advancement of individual freedoms embodied in the Bill of Rights, among other places.  But it seems like sometimes when our great American values collide, we have to have a predictable way to advance the most important values of our great land.  The right to do whatever you want, whenever you want is not likely going to win especially when it’s the government at issue.

So if you are a government worker and you don’t like having a government email, too bad so sad. All employees can’t do what they want at work, including the US Government employees.  Or if you don’t like the government provided IT staff, technology choices or functionality provided to get your job done, you can’t just find a cheapo cloud provider and use their free IT email and storage services for your government work because, come on, that would undermine the whole accountability/transparency thing that made our great nation great.  But Hillary Clinton is different. She is the boss. So when she tells the entire State Department to refrain from using personal email for government work, she was talking to everyone but herself. And when she complains about managing the complexity of multiple communications devices, then she should be able to get rid of her government email all together, right? Come on, she’s the boss and should be able to use a private server located in her basement to manage US foreign affairs for all other nations because it’s just way easier for her.  And if she wants to manage state secrets through an IT provider in Colorado located in a strip mall, then she should be allowed to, because, come on, she’s the Queen Bee. Come on, this is America, “Land of the Home and Free of the Brave.”  Freedom rules. But we do not have kings and queens and that’s the really great part of our great land.

I sure wish they would stop busting Clinton’s chops over the information she sent or received via email. Even if it was classified it wasn’t marked classified so not one of the bad guys would have bothered to hack her account and read such boring stuff. (Yes, I heard the “rumor” that several foreign governments tried to hack her server, but who knows if it’s really true.)

And then there is the personal vs. government issue—you don’t think her aids know the difference between a wedding invitation discussion and an explanation of security threat in Libya and the likelihood of a major terror attack on our diplomatic presence there?  Why not let Clinton decide when she will turn over records in accordance with the Federal Records Act, because after all, transparency can happen sometime in the future—maybe after she is elected queen.  And don’t you think the Secretary of State is the best person at the State Department to know what is classified or top- secret and how to protect it. For that matter, I bet she knows best how to secure data, and between her Colorado IT shop in the mall and the NSA or Department of State security personnel, I am sure she had it all locked down and buttoned up. “Hey, can I get some help over here working my fax machine.” And why bother with the National Archives and Records Administration to decide what is a government record worth keeping when Hillary will give us what she hasn’t destroyed when she decides it’s time. 

It’s an election year and that is all this is—partisan politics. I hate the sabre rattling about the silly email security stuff.

On the other hand, if she wasn’t running for President of the United States and her former boss wasn’t the king, I wonder if Hillary would be prosecuted for her mishandling of sensitive government information the way others have been. Thank goodness for transparency and accountability.  I see myself as an Independent. I am not anti-Hillary. But this is not about Clinton or the Republican’s trying to make hay from the Benghazi tragedy. For me, it’s about making a record. I am for ensuring America’s greatness by keeping a complete record and making it open to the citizens. I am also for protecting government secrets. I am also for applying a little reasonableness to the discussion. If what Hillary did doesn’t bother you a little, perhaps you are too colored by Fall foliage or the election season. Just saying.

Thursday, June 12, 2014

The path to hell is paved with good intentions.

I am not sure I have any good way to say what I am about to say. And in fact, I am so trepidatious that I have to couch my commentary in verbiage subterfuge. I am not spineless, but just don’t want to create a bunch of enemies with my cohort. So here goes. I am certain you will get my point even if I hide the true identities of the offending parties to protect the innocent and/or guilty.
Assume for a moment that an international information association, decided that the industry and more specifically companies needed a way to assess if they had a mature information management program.  So the organization got a bunch of their folks together to develop criteria by which they should evaluate if their program was good enough to pass muster. And let’s say after much talking and thinking they settled on an information management Maturity Model and related criteria.

Recently, a client of ours had us look at their self-assessment of their information management program using one such Maturity Model Best Practice self-assessment tool. (The client is now considering having us perform a new Gap Assessment).  It is one of my favorite clients and it’s a great company that does so much right. So when I reviewed their self-assessment, I was stupefied. They used the information management’s organizations Maturity Model criteria and concluded they were seriously substandard. I totally disagreed with most of the conclusions of the assessment. I am not going to lay out why I think the various criteria are flawed in total, but let me give you an example to make my point. One of the criteria by which this company evaluated itself according to the self-assessment was information “integrity”. Based upon how the assessment MADE the client answer the questions, they got a flunking grade.  I told my client given what I knew about their business processes and IT framework, that on the information integrity scale I would give them a Rhodes Scholar type grade—at least an “A”.  SO why such a disconnect?
I get the whole thing about “one man’s hot is another man’s cold” but this is not about perception. It is about the criteria and maturing the process and still utterly failing even if what you have done is at least good enough.  From my humble perspective, the evaluative criteria are aspirational, not functionally helpful, impracticable and may sell your company unfairly down the river. BOOM! I believe it sets up companies to fail that use the self-assessment, on criteria that are not really central to success. Every organization would be flagging miserably if put under the assessment’s microscope. And that’s just not the way it should be.

Which bring me to the PG&E San Bruno disaster and how industry “best practices” evaluations can be helpful at fixing failings and can also provide the basis for regulators to whack companies for failing to properly manage records, among other things. The tragedy was horrible. The loss of life and property is unthinkable. And the company may have had records management failings. But look close enough at any company and most organizations fail miserably. See the report at the following link. http://www.cpuc.ca.gov/NR/rdonlyres/23513DF5-28CB-425B-BAE4-0151981F0779/0/CPSD_Recordkeeping_OII_Report_Final.PDF

There are lots of information management industry standards, best practices, evaluations from all sorts of organizations. There is some terrific guidance and there are some downright damaging unattainable “best practices”. I’m sure all comes into being with great intentions. But massaged, manipulated and maneuvered by lawyers and a good company begins to smell dirty. 

We developed a methodology called “Information Management Compliance” for evaluating the “goodness” of your Information Governance Program which has been used by so many companies.  I borrowed the criteria from the Federal Sentencing Guidelines, which help judges evaluate what is good corporate behavior. I figured if the court will evaluate your company by the criteria, that you should build your program according to the criteria. (This is also the topic of “Information Nation-Seven Keys to Information Management Compliance”, See also http://www.arma.org/bookstore/files/Kahn.pdf.

Look close enough at any company’s information management practices and you will find flaws. Lawyers are in the business of exploiting flaws. I don’t need to give them material to work with that isn’t even real. So companies, evaluate carefully, document thoughtfully and pick criteria by which you evaluate circumspectly. Just saying.

Randolph Kahn, ESQ.

Wednesday, January 22, 2014

Data is the Target

When your logo is a red bullseye and you’re in the retail business, I guess you should expect to be a target.

We are learning that more people were affected by the data breach at Target. We are learning that the breach was likely perpetrated by Eastern European cyber thugs and that tens of millions of Americans may be impacted to the tune of billions.  What we haven’t seemed to learn is that no matter how vigilant and how much is spent seeking to protect the information Crown Jewels, that nothing can protect information completely from the criminals. There will be hacks and data will be stolen. But for the average person, while scary, what it tells them is that they need to take action to protect themselves. Perhaps that means getting identity theft insurance or some protection from cyber crime.  

However, more importantly what does this mean for business? What can be done to mitigate the harm and risk? Insurance shifts the risk and is a good thing but it doesn't solve the underlying problem. More IT security is useful but how many more IT experts can be retained and will that solve the problem? I think not.

While I don’t have all the answers, I do want to share a story that makes the point that process and technology can help minimize the harm.

A few years ago, I was speaking in Southern France to a bunch of Hungarian bankers. They recounted how they were dealing with cyber theft which was a big issue in Hungary especially those people making credit card purchases. To combat theft of credit card info, the Hungarian banks implemented a simple and seemingly inexpensive system whereby every credit card holder got immediate and real time notice of any and all impending transactions on their cards. If the transaction was bogus, a text message could be instantly sent back to the bank to shut down the account and terminate the criminal transaction.

Well maybe the text notification system is not the right or only answer, but it seems like coming up with ways to make the theft less valuable by minimizing the transactions amounts or frequency will take a bite out of crime.

If you can’t undo all criminals hellbent on cyber crime, perhaps we can get creative and interactive to diminish the economic harm.

I’m interested in what you would do about cyber theft.  Email me your ideas at rkahn@kahnconsultinginc.com  

Friday, November 8, 2013

Make Your OSHA Injury Records Available to the Public--Say What?

Companies must retain records. From time to time regulators ask to see those records. When companies fail to produce the requested information, there is usually a consequence-from a minor hand slap to a full-fledged flogging.

For big companies that are required to retain worker injury and illness records (that is many businesses) to comply with OSHA, that records keeping requirements may be about to get more painful.

The US Labor Department just proposed a new rule that would require companies with more than 250 employees to file electronic injury reports and make these records AVAILABLE TO THE PUBLIC.  I don’t know if that is better or worse than making the CIA disclose records about interrogating terrorists, but I would bet that most companies will have something to say about it.

What do you think—good transparency or an accident waiting to happen? Pun intended. Boom. 

Tuesday, October 29, 2013

The Tale of Two Bobs

This is the tale of two Bobs. One Bob—let’s call him Robert, works for a large financial services company as a senior IT executive. The other Bob, let’s call him Bobby, is a super quick, super smart, super happening twenty-something having graduated from that amazing university around the corner with a tree as its mascot. He went from Palo Alto to somewhere between San Francisco and pathetically wealthy, way too early. 

Robert has had a different career trajectory. Twenty six years, three months, six days, fourteen hours and thirty three minutes at the same company slogging it out through the ranks. Boom, his slightly above average pay check comes every two weeks whether he needs it or not. He evaluates, he tests, he researches, he does an ROI, he purchases, he implements, all in the hopes that the technology he just bet his reputation on will help make his company “faster, better and cheaper.” 

Robert set in New York. Bobby flitting to and fro, somewhere south of San Francisco.  Their worlds seemingly, well, worlds apart. Yet they collide.

The article in the October 22, 2013 Wall Street Journal read, “Request by CFTC has Deutsche Bank, Citibank, and Others Sifting Through Trader’s Emails, Chats.”  So what’s the big whoop -- a bunch of financial services companies have to produce some business records to a regulator. And by the way, why does that have anything to do with Bobby?   You read on, “Deutsch Bank, the world’s largest foreign-exchange dealing bank… is spending millions of dollars scouring traders’ emails, and chat sessions…” This is the deal-- there are many Bobby-types that each and every day work of developing new technologies for whomever will buy them.  Then someone working at Big Company brings some new technology into the enterprise. While some companies preempt such conduct, many others leave the door wide open.  And when there is nothing to prohibit the introduction of technology “from the street”, new technologies made by the Bobbies of the world find their way into your business.  What the Roberts of the word forget about is that, for each new technology that Bobby makes, there will be some informational output.  Increasingly, there are mountains of informational output that make Robert’s job increasingly more challenging in several kinds of ways. More information, in more places, that doesn’t lend itself to easy management. And when Bobby builds, he usually is not thinking about how the new technology will be used by a financial services company with very stringent records keeping requirements. As the Wall Street Journal article makes clear that new casual information output may be a company record that needs to be retained and possibly produced to a regulator down the road. Unearthing information is invasive, complex and costly.

Over the years, not surprisingly, the laws have reacted to the technology marketplace.  Over the years the financial services regulators have been dealing with the creations of the Bobby’s of the world. Regulations and laws have already popped onto the legal landscape to deal with legality of storing electronic information on computers, retention of email, chat technologies and social media. There are rulings on just about every new communication technology being used in the financial industry and if not it will be coming in one form or another.

Which brings me to my real point.

1.  Companies are failing at information management and can’t discern records requiring retention and information that can be disposed. That needs to change.

2. Companies are not proactive enough when allowing or implementing new technologies—companies need policy first that tells employees what to do and technology needs to be utilized that manages the lifecycle no matter how long or short.

3.  Just because Bobby makes cool technology, unless there is a legitimate and documented business reason to allow technology, the technology shouldn't be allowed. Only after the business case has been satisfied, then the company needs to understand what their obligations with that new information chunk is and manage it accordingly.

Thursday, May 30, 2013

Information Governance “Eight Essential Steps to Attacking the Piles”

Maybe your Information Governance project is bogging down because you are solving a problem that your colleagues don’t think exists.

Do you know the Muffin Man and if you do, do you care where he lives? I know Peter Pan thought Wendy could fly but did Wendy actually believe it? What if the band, “The Who”, was called, “The Why”?

Anyway, I was listening to a “one hit wonder” radio show when “Who Let the Dogs Out” came on.   As I listened (though I wanted to change the channel several times), that got me wondering if “Who Let the Dogs Out” was really the operative question?  Was the song really about dogs that are gone? If it was about dogs, why are we worried about blaming someone for letting the dogs out?  Why not ask where the dogs went or better yet, how are we going to get them back? Further, do we really want them back?
 And that got me thinking about all the questions we ask on a regular basis that drives us to seek answers to myriad business questions. But what if the right question is actually different than the one we asked? The answer that we get is different than one we would get if we asked the right question.  And that got me thinking that we probably take actions based upon answers to the wrong questions all the time.  So perhaps we choose the wrong path, because we ask the wrong question to begin with. 

And that, of course, got me thinking about information sprawl and the piles of data growing unfettered all over every big organization. Why do the piles exist? Who is at fault? Maybe for certain business folks the piles were intended to grow? If not, how can we ensure that they are defensibly disposed when the information is no longer needed? In other words, why does the company allow the piles to exist? And then and only then can we really address the sprawl.

But wait, the right first question is, do the folks that create or keep piles think the piles have much value?  I assume that so much of organizational information overload is outdated crud. But what if others think it’s all valuable information. If they do and I am nonetheless right, I will still need to change their thinking before I get to my questions. Otherwise attacking their piles doesn't make sense to them. They will be hard pressed to go along with spending time and resources cleaning up the pile.  My questions assume there is lots of valueless stuff in the piles. Their perspective may be that the pile is all valuable.  So it makes sense to not assume anything and ask the right question of the right folks. 

And that got me thinking about planning my attack on the reason the piles exist. So here are “Eight Essential Steps to Attacking the Piles.”

1.            Who is your audience? Knowing who your audience is will matter for two reasons. First, who they are in the company or what they do for a job impacts how they see the world and the reason the piles exist in that world. For example, litigators see evidence and their inclination may be to refrain ever destroying any of it. To get their approval to cleaning house will require allaying their concern for destruction of evidence and the impact that would have on a case, the company and their career. If I can’t address their worry, usually all other efforts to get rid of information, even if it makes business sense, will be fruitless.

If I am talking to a project manager on a “Big Data” business process improvement initiative, that person will likely see the piles as being a treasure trove of valuable business information that can be analyzed, scrutinized, and monetized.  Getting rid of the pile will likely be perceived as making her job a lot more challenging and literally sucking the lifeblood out of her project.

2.            You need to answer whether or not your audience thinks that they own fixing the problem?  If they don’t take any ownership around the piles, then convincing them to take action is fruitless.

What if the person I am talking to is the head of storage and is under no compunction to care about making the piles smaller. First, she doesn't think she owns the information (which is owned by the business) so therefore taking action to “right-size” the pile is neither her problem nor her province.  Do you think she will like her budget being reduced if the piles are smaller? If she has 30% less data to store and 30% less budget that has real impact to her department, head count and budget.  She may not care whether the content is valuable or not. She cares about budget. So I have to know who I am talking to in order to speak a language that gets through to her.  Maybe cutting waste will provide sufficient incentive and saving millions will be recognized by the executives, but in the end, what moves the recipient will be directly related to where they sit in the organization and how they perceive the problem.

3.            Does your audience think there is business value in the piles? 

For data miners big is better. For the CFO, saving millions is a way to ensure longevity in his coveted job and provide value to shareholders.  For users they want access to their information and their instinct is always that everything is important. So first it is essential to understand that everyone, to a greater or lesser degree, has packrat tendencies. 

In order to take on house cleaning, there has to be a more objective way to evaluate information value to the enterprise without being clouded by subjective and personal opinions of individual employees.  If your organization has a retention schedule and the retention rules were properly developed then real business interest and needs and the true business value for the information across the organization should already be known.  And there is NO need to revisit business value question.

And that begs another very important question—if you have retention rules and are not applying them to various types of electronic records, does that undermine your records program.  Answer—you betcha. Which is Canadian for “You’re darn tootin”, which is Alabaman for Duh, which is American middle schooler for…You get the idea.

If you don’t have a good schedule then you will need to assess value in a different non-emotional, non-personal way.

4.            Do they think there is legal value in the piles?

Some lawyers want everything gone tomorrow and other want everything forever.  But in the end neither approach is viable.  So you have piles and somehow you will need to answer two questions before the lawyers will go along with house cleaning. One, does the pile contain any records required to be retained? Two, is there any information that otherwise still needs to be preserved for audit, litigation, investigations or other formal matters?  If the answer to both questions is no and can be demonstrated with sufficient diligence (hopefully without looking at every document), then the lawyers should be comfortable with cleaning house.  No matter, you will need to work with them A LOT as they are a nervous bunch.

Remember different lawyers see the world differently. Compliance lawyers will be thinking compliance with policies and laws. Corporate lawyers will be thinking business needs and maybe risk. Litigators are motivated by making sure the company doesn't get whacked in litigation for failing to produce evidence.  Revert back to number 1 above so you can speak to each group and move them by speaking their language and addressing their concern.

5.            Who owns the storage “parking lot” in which the piles are piled up?

Taking on the piles requires understanding who actually owns the technology and applications on which the content sits.  Does a business own the application and technology? Do all business units park data in that environment?  Will the technology owner be authorized to take action to clean up the content on their system?  Remember the owner of the storage “parking lot” is likely not going to be the same person who owns the records or content.

6.            Who owns the content in the piles? 

To make information go away, you will need buy in on agreement from the business folks who really own the information.  The business unit owners own the content and you will need to get their involvement in the process.  What do they need to hear, to believe that the piles can be culled of crud?  If they paid for its storage directly out of their budget would that move them to action?

7.            The next question is how to take on the challenge. 

Defensible disposition is no small task. It is dirty, complicated, and not without expense (with potentially significant savings). It requires effort from within and outside the organization. But different chunks of data can and must go away and each will require a different diligence process depending upon what the pile is, how old it is, whether it is subject to litigation, if it is being used for business, if it is technically disaster recovery back up piles, etc.  Remember you are getting rid of chunks and piles and chunks within piles not individual documents so making these culling decisions requires expertise and convincing lawyers that it is ok. 

8.            How can you make the case that the piles need to go away?

Information is growing at 20-50% per year if your organization is like others.  Businesses already are having a hard time finding information to run their business. Litigation response has gotten costlier and more painful—another data point to tell you information governance is broken.  Bad up front management means expensive e-discovery events will likely follow.  We have clients that stand to save tens of millions of dollars just through storage savings over the life of the project.  That seems like a compelling motivator for any executive. There are many more compelling facts that argue in favor of taking action, but they need to be tempered against real costs and risks.

There are a whole lot of questions. The place you start asking may be way too far down the road.  Assume nothing. Ask the right question of the right person. But ask?

By the way, “Why Did They Let the Dogs Out?” is a less catchy name for the song for sure, but it’s an essential inquiry nonetheless.