Information Governance “Eight Essential Steps to Attacking the Piles”

Maybe your Information Governance project is bogging down because you are solving a problem that your colleagues don’t think exists.

Do you know the Muffin Man and if you do, do you care where he lives? I know Peter Pan thought Wendy could fly but did Wendy actually believe it? What if the band, “The Who”, was called, “The Why”?

Anyway, I was listening to a “one hit wonder” radio show when “Who Let the Dogs Out” came on.   As I listened (though I wanted to change the channel several times), that got me wondering if “Who Let the Dogs Out” was really the operative question?  Was the song really about dogs that are gone? If it was about dogs, why are we worried about blaming someone for letting the dogs out?  Why not ask where the dogs went or better yet, how are we going to get them back? Further, do we really want them back?

 And that got me thinking about all the questions we ask on a regular basis that drives us to seek answers to myriad business questions. But what if the right question is actually different than the one we asked? The answer that we get is different than one we would get if we asked the right question.  And that got me thinking that we probably take actions based upon answers to the wrong questions all the time.  So perhaps we choose the wrong path, because we ask the wrong question to begin with. 

And that, of course, got me thinking about information sprawl and the piles of data growing unfettered all over every big organization. Why do the piles exist? Who is at fault? Maybe for certain business folks the piles were intended to grow? If not, how can we ensure that they are defensibly disposed when the information is no longer needed? In other words, why does the company allow the piles to exist? And then and only then can we really address the sprawl.

But wait, the right first question is, do the folks that create or keep piles think the piles have much value?  I assume that so much of organizational information overload is outdated crud. But what if others think it’s all valuable information. If they do and I am nonetheless right, I will still need to change their thinking before I get to my questions. Otherwise attacking their piles doesn't make sense to them. They will be hard pressed to go along with spending time and resources cleaning up the pile.  My questions assume there is lots of valueless stuff in the piles. Their perspective may be that the pile is all valuable.  So it makes sense to not assume anything and ask the right question of the right folks. 

And that got me thinking about planning my attack on the reason the piles exist. So here are “Eight Essential Steps to Attacking the Piles.”

1.            Who is your audience? Knowing who your audience is will matter for two reasons. First, who they are in the company or what they do for a job impacts how they see the world and the reason the piles exist in that world. For example, litigators see evidence and their inclination may be to refrain ever destroying any of it. To get their approval to cleaning house will require allaying their concern for destruction of evidence and the impact that would have on a case, the company and their career. If I can’t address their worry, usually all other efforts to get rid of information, even if it makes business sense, will be fruitless.

If I am talking to a project manager on a “Big Data” business process improvement initiative, that person will likely see the piles as being a treasure trove of valuable business information that can be analyzed, scrutinized, and monetized.  Getting rid of the pile will likely be perceived as making her job a lot more challenging and literally sucking the lifeblood out of her project.

2.            You need to answer whether or not your audience thinks that they own fixing the problem?  If they don’t take any ownership around the piles, then convincing them to take action is fruitless.

What if the person I am talking to is the head of storage and is under no compunction to care about making the piles smaller. First, she doesn't think she owns the information (which is owned by the business) so therefore taking action to “right-size” the pile is neither her problem nor her province.  Do you think she will like her budget being reduced if the piles are smaller? If she has 30% less data to store and 30% less budget that has real impact to her department, head count and budget.  She may not care whether the content is valuable or not. She cares about budget. So I have to know who I am talking to in order to speak a language that gets through to her.  Maybe cutting waste will provide sufficient incentive and saving millions will be recognized by the executives, but in the end, what moves the recipient will be directly related to where they sit in the organization and how they perceive the problem.

3.            Does your audience think there is business value in the piles? 

For data miners big is better. For the CFO, saving millions is a way to ensure longevity in his coveted job and provide value to shareholders.  For users they want access to their information and their instinct is always that everything is important. So first it is essential to understand that everyone, to a greater or lesser degree, has packrat tendencies. 

In order to take on house cleaning, there has to be a more objective way to evaluate information value to the enterprise without being clouded by subjective and personal opinions of individual employees.  If your organization has a retention schedule and the retention rules were properly developed then real business interest and needs and the true business value for the information across the organization should already be known.  And there is NO need to revisit business value question.

And that begs another very important question—if you have retention rules and are not applying them to various types of electronic records, does that undermine your records program.  Answer—you betcha. Which is Canadian for “You’re darn tootin”, which is Alabaman for Duh, which is American middle schooler for…You get the idea.

If you don’t have a good schedule then you will need to assess value in a different non-emotional, non-personal way.

4.            Do they think there is legal value in the piles?

Some lawyers want everything gone tomorrow and other want everything forever.  But in the end neither approach is viable.  So you have piles and somehow you will need to answer two questions before the lawyers will go along with house cleaning. One, does the pile contain any records required to be retained? Two, is there any information that otherwise still needs to be preserved for audit, litigation, investigations or other formal matters?  If the answer to both questions is no and can be demonstrated with sufficient diligence (hopefully without looking at every document), then the lawyers should be comfortable with cleaning house.  No matter, you will need to work with them A LOT as they are a nervous bunch.

Remember different lawyers see the world differently. Compliance lawyers will be thinking compliance with policies and laws. Corporate lawyers will be thinking business needs and maybe risk. Litigators are motivated by making sure the company doesn't get whacked in litigation for failing to produce evidence.  Revert back to number 1 above so you can speak to each group and move them by speaking their language and addressing their concern.

5.            Who owns the storage “parking lot” in which the piles are piled up?

Taking on the piles requires understanding who actually owns the technology and applications on which the content sits.  Does a business own the application and technology? Do all business units park data in that environment?  Will the technology owner be authorized to take action to clean up the content on their system?  Remember the owner of the storage “parking lot” is likely not going to be the same person who owns the records or content.

6.            Who owns the content in the piles? 

To make information go away, you will need buy in on agreement from the business folks who really own the information.  The business unit owners own the content and you will need to get their involvement in the process.  What do they need to hear, to believe that the piles can be culled of crud?  If they paid for its storage directly out of their budget would that move them to action?

7.            The next question is how to take on the challenge. 

Defensible disposition is no small task. It is dirty, complicated, and not without expense (with potentially significant savings). It requires effort from within and outside the organization. But different chunks of data can and must go away and each will require a different diligence process depending upon what the pile is, how old it is, whether it is subject to litigation, if it is being used for business, if it is technically disaster recovery back up piles, etc.  Remember you are getting rid of chunks and piles and chunks within piles not individual documents so making these culling decisions requires expertise and convincing lawyers that it is ok. 

8.            How can you make the case that the piles need to go away?

Information is growing at 20-50% per year if your organization is like others.  Businesses already are having a hard time finding information to run their business. Litigation response has gotten costlier and more painful—another data point to tell you information governance is broken.  Bad up front management means expensive e-discovery events will likely follow.  We have clients that stand to save tens of millions of dollars just through storage savings over the life of the project.  That seems like a compelling motivator for any executive. There are many more compelling facts that argue in favor of taking action, but they need to be tempered against real costs and risks.

There are a whole lot of questions. The place you start asking may be way too far down the road.  Assume nothing. Ask the right question of the right person. But ask?

By the way, “Why Did They Let the Dogs Out?” is a less catchy name for the song for sure, but it’s an essential inquiry nonetheless.  

The Case for Rightsizing Your Information Footprint, Cleaning House and Stopping Stupidity

 Demystifying Storage Is Cheap

It’s really funny when a smart IT person tells me that “storage is cheap” and asks why they should clean house of digital data debris (D3). For most businesses their information volume is growing between 30-50 % per year. The decline in storage cost per terabyte is a few % per year. So in real terms, most businesses are spending way more in real dollars to store information. The storage cost along for 1 petabyte of information is roughly between $5-10 million per year.   So why care about D3—because if you could get rid of some of it, there is potentially a whole bunch of savings associated with the action.

In a few short years Facebook has amassed an information pile that is not surprisingly really massive.  According to the March 11, 2013 Wall Street Journal the data comprising just Facebook users alone is 100 petabytes of stuff.  For those of you not tapped into information volumes, that is a 1 followed by 17 zeros.  In simple terms that is in excess of a hundred billion files.  Imagine what the Facebook info trove will look like after a few decades in business.

Debunking Big Data

Big data is not just a description of a huge pile of info. Rather Big Data is the idea that if you take your big pile of info minus D3 and connect the dots using powerful analytics technologies, that you will be a faster and better business. You can learn things about business past and future to be more efficient. Assuming that you can actually pull off harnessing Big Data for big value, the D3 is still unneeded information background noise that makes unearthing info import that much more challenging. So get rid of D3.

Lawyers are People too and Litigators are Predictably Short Sided

Contrary to popular belief, lawyers are people too. They make mistakes just like the rest of you people.  When they do something that is going to add to your pile of D3 and you don’t know why, stop and address the issue. Usually lawyers stop the wheels of progress (i.e. preserve the back-up tapes though policy says it should go away after a short time) or cleaning up the crud because the one involved litigator sleeps better being able to say that nothing could have been destroyed because they don’t destroy anything. The problem is that while they are sucking their thumb in their bunny eared feety pajamas the IT folks are up wandering the halls wondering how they will pay for the mess and keep systems running without overloading and seizing up. Once this “Lawyer Induced Everything Saved” (LIES) regime is started, trying to unwind it is really difficult especially with so many subsequent lawsuits.  So unless a court mandates the “save everything” regime, don’t give in. “You’re smart enough, and strong enough, and gosh darn it I like you.”   

Get Your Information Retention Under Control

Most sizable companies spend millions or tens of millions of dollars every year storing unneeded business content.  So please don’t get me started about the fallacious “storage is cheap” hokum.

The CIO is tired of having his dog wagged by the legal tail whose mantra is getting old. It sounds like this-- “But wait, WHAT IF we need that one document for a lawsuit and it’s gone”. So don’t get me started about how we should keep everything just in case there is a lawsuit down the road for which we need a specific document. That approach is contrary to your records policies and makes little or no sense.

Ok this is the reality, you can’t keep everything forever, buy you are afraid. If only I could hear it from a judge that would make me comforted.

Your wish is my command. I’m a Defensible Disposition fairy.

A lawyer seeks to justify why her company needs to keep all information.

“…part of the reason eDiscovery is so expensive is because companies have so much data, that serves no business need, but it’s so easy just to keep it there…. I think despite the economy, companies are going to realize that it’s important to get their information retention, their information governance under control, get rid of the data that has no business need and mine the data that has business needs – you know the so called Big Data – things like that in ways that will improve the company's bottom line on the business side and reduce costs on the eDiscovery side as a benefit as well.”

United States Federal Magistrate Judge Andrew J. Peck, “JD Supra Law News,” February 4, 2013. 

Information Mismanagement

A company filled with smart employees and not dissimilar from many others like it does something that I think is short-sided, risky and wasteful of limited company assets. The company lawyers think their practice is entirely prudent.  Their IT folks don’t agree but they are afraid to let the lawyers know what they really think. But we will come back to that point.

I would like to say that we could chalk this different way to solve this problem to “different strokes for different folks”, but that is not what I really think. I think they are wrong. I think they are lazy and short-sided.  I think they put a gun in their hand and keep loading it with bullets and don’t expect that at some point down the road somebody may get hurt. 

Oh, I have still failed to tell you what I think is wrong. The company (or least the lawyers of the company) has decided, seemingly with both eyes open to keep all information they create or receive and store it away somewhere. Perhaps they still believe storage is cheap (for most companies storage volume is going up at between 20-50% per year when cost is coming down per terabyte at 5-10% which means overall, they are spending way more to store information) . Not to worry as they also believe the Tooth Fairy is an independent contract of Santa Claus. They keep all information—records and digital data debris alike. Seems like a bad business decision to me.

They take this approach to information mismanagement for 3 major reasons:

1.         Lawyers feel better keeping everything because they don’t have to worry about not having something when litigation happens.

2.         They don’t have to worry about providing real legal hold guidance about what needs to be preserved to employees at the time of a lawsuit.

3.         The company doesn't know how to clean up all that electronic information in a legally defensible way?

Smart people can differ on things, but there is something about this debate that seems like the legal tail is wagging an expensive corporate dog around.  This got me thinking that perhaps I needed to start a list of the things that make keeping everything forever really a bad idea. Thereafter, we can put that up against the lawyers list of one and see who wins. BTW-I have a pretty good idea how this story ends. So here are my top 10. You can email me (rkahn@kahnconsultinginc.com) with your additions to the list.

1. Storage is not cheap (per gig cost is going down but that savings is dwarfed by the growth of data)
2. Keeping everything makes finding needed information more challenging
3. Discovery rules require taking action upfront to know your sources of info and then in a case to find responsive information and work with the other side to deal with discovery issues upfront
4. Legal hold requires action soon after notice of a lawsuit
5. The “meet and confer” requires lawyers get together at the beginning of the case to discuss, among other things, discovery issues. That presupposes you know specifically what information exists and where
6. Once you start keeping everything forever and don’t separate it for a lawsuit, it’s tough to apply regular retention rules to clean stuff up without the risk of destroying evidence
7. Employee time is increasing just to be able to find needed information
8. Information utility is inextricably linked to expeditious retrieval and access
9. Companies are already running their businesses inefficiently as they can’t readily find needed business content
10. Once commingling content, their record program is effectively a nullity and defensible disposition becomes much more challenging

Information Management

A mind set change. A transformation. A Friend. A Better use of Limited Budgets.

Having just finished rereading a Chicago Tribune article entitled “Getting to Zero”, I remain perplexed about how aspirational information management really is. The article recounts the need for employees to get their work email inbox down to ZERO messages or as close as possible. In other words, having a clean inbox means that employees will “feel more organized and less stressed by the daily email avalanche”.   No doubt having fewer email messages to read frees up time.  But in order to have fewer emails to deal with, they either shouldn’t get directed your way to begin with or they have already been dealt with. I can’t make the business use of email go away. But, I can help get rid of the email clutter once it’s there.

A mind set change. For all records managers you will hate what I am going to say. Employees aren’t going to classify and code email messages according to their retention value and if they did, they would get it wrong most of the time.  Change your thinking because the way you think about the problem, even if intellectually correct is practically unreasonable. So while some email may have longer term value, the great preponderance of them has no on-going value after a very short period of time. For all of those messages, I want the system to blow them away right after they no longer are needed. That will make your email box volume go way down real quick. Maybe not zero, but way less. For the few messages that have on-going business value, there has to be a simple way to deal with those. While imperfect and contrary to what I once thought, email as a business communication needs to have one retention period that the system can manage without employee involvement.  Easy to implement and use. Imperfect for one of a kind content that truly has ongoing business value. 

A transformation. Transform a problem into a business solution and victory. Too much email means an unhappy employee, an overburdened email system; a workforce stretched thin, lower customer satisfaction, great private information risk, higher litigation response costs and risks, CIO budget wasted on storing extraneous digital data debris, etc.  If I can get rid of all email but the few with long term business or legal value then I will solve a whole bunch of problems contemporaneously. The thing most companies forget about is users’ needs, so give employees a place to temporarily house needed messages and prohibit messages from being stored outside that environment. 

Imagine a world with only a few emails. Imagine having a better relationship with employees, customers, email administrators and the CIO.

Information Classification

Information classification is the process of arranging information with shared characteristics.  It is a lot harder than what meets the eye.  And if it’s the employees classifying data (increasingly a non-issue as there is way too much information), it’s more like an art than a science and more like contextual guesstimating than measuring.  Even harder when a user must make the determination on what is a formal record (required for legal or regulatory reasons) – vs. what is not.  And there is a really good explanation as to why that’s the reality.

 

Today around the globe, employees do business, real business in Facebook, Twitter, blogs, SharePoint, text messages and email.  As email has been the business tool of choice for many years and as there are billions of them used in business every day, it’s a good place to start to explore just why having 100% exactitude in classifying is not a reality.

Let’s delve into an example to start to understand just how complicated the mere act of classifying information can be. 

Lily, the manager of the sales support unit gets the following email from Teddy, the head of the leasing business unit.  You make the call—is it a record and if so, how should it be classified?

“Thanks for overseeing the Ace Leasing deal.  I thought your assistant manager, Dylan did a good job and I think he is ready for bigger challenges and a boost in pay.  It would have been useful if he brought contracting in sooner.  We should really think about how to make the documentation process touch fewer hands and simpler over all.  Also, we need to get implementation services involved ASAP.  Please have Riley from contracting confirm the pricing, as it wasn’t on the attached proposal.

Best, Teddy. 

BTW-say hi to your daughter Cooper.”

This email or millions like it happen every day, all day long.  If you were asked to classify it, would you say it’s a record requiring long term retention? If you did, what kind of record is it?

If you had any employee determine what the business value of the email was, they could classify it many different, albeit CORRECT ways.  Most employees predictably classify information with a parochial perspective about what it is based on their work experience.  If Lily, the recipient classified it, she would be colored by the utility of the email for her job or department. In that case maybe it’s a sales record which should be put in the Ace Leasing file.  On the other hand, as a manager she may see it as an HR related record, which recommends advancing Dylan and getting him a pay raise.  Maybe it should even go into Lily’s personnel folder as being complimentary of her good management of her unit.  Maybe the email is a record for the contracting department or instructions for the implementation of the project. Maybe it’s also a record for the Business Process Improvement team to fix the business process as management thinks it’s broken.  Fact is it could properly be classified as all those types of records.  All different records have different retention periods associated with them.  And further depending upon who classifies and what business unit they are from, the result may be substantially different. 

Not surprisingly, employees are not particularly good at classifying information, even the smart ones, and if they don’t need to do it, they won’t, and don’t even care. Now imagine each employee touches 100 information nuggets daily that need classification.  This partly explains why classification is so difficult.  It also makes the point that there are many subjective right answers. I believe many records could be properly classified in different correct ways.  We sometime think there is only one right way.

For almost a decade I have been thinking about the use of auto-classification technology to classify and manage information.  I used to think it wasn’t ready for prime time.  Today it is really powerful when used properly.  I then got hung up on lawyers attacking it giving a known failure rate.  I got over that as they attack everything any way and reasonableness and information volumes dictate relying on technology to do the heavy classification lifting.  Given information volumes and expecting employees to do the classifying is like asking your auditors to count the grains of sand on the beach, and classify them according to size and shape.  And now I am down to how effective the technology has to be to allow your classification to be done by a computer.  There are no hard and fast rules about confidence ratings or efficacy scores (sometimes referred to as F-Score,) even though most people would be substantially comforted if there were simple rules for what was good or good enough.    

I know employees are not good at classification.  I know that employees don’t have time to do it and even if they did, they usually won’t get it right.  I know people classify information in different ways and rarely are consistent from employee to employee.  I know information volumes for most big businesses are growing at 20-50% per year.  I know computers can do classification.  I know it is not simple or cheap to do auto-classification.  I know it takes upfront effort to get auto-classification right.  I know that a company can’t dispose of business information without some diligence process to ensure that records are retained and evidence is preserved.  I know that I have concluded that every big business needs to consider defensible disposition of information using technology to make it happen.  In the end, I know people will attack the process and they will attack the auto-classification soft underbelly—the failure rate, the confidence score, the F-Score.  I used to think it had to be above 90% to be good enough. Then I thought well maybe 80% is good enough.

Well, I have changed my thinking because the paradigm bounding my thoughts on this topic is flawed. As the classification tool crawls, it uses linguistic and numerical analysis to determine what something is and how to properly classify it.  In the end if the software tells me it believes it’s correct with a confidence score of 51% or higher—what that means is the software probably got it right but maybe there is another category that is also a good option.  In the end people do exactly what the technology does, but we hold technology to a different and higher standard.  I am not sure what the right confidence score is, but I think we need to give technology a chance and not look for reasons to dismiss its utility. Nothing’s perfect, including your employees.

 

Kahn’s 4 Keys to Defensible Disposition

With virtually no companies methodically applying retention rules to their ever-growing information heaps, and no practical way for employees to discern what is needed and what is digital data debris, you need to be thinking about how you will defensibly dispose of info crud.  After all, “innocent” technology folks have been forced to defend claims of destruction of evidence for merely recycling systems to make room for more stuff.  So here are Kahn’s 4 Keys to Defensible Disposition.   

Kahn’s 4 Keys to Defensible Disposition

1.    There is sufficient diligence (including review, audit, analysis by human and/or technology) to determine that the information subject to disposition is no longer needed for records retention or legal purposes.

2.    The analysis and diligence process is managed by individuals without any personal interest or incentive in the disposition of the specific content subject to disposition and any disposition is undertaken with agreement and oversight by law department and relevant business unit heads.

3.    The disposition process followed is documented, routinized and repeatable and all disposition actions taken are authorized, final, complete and irreversible.

4.    Prior to any disposition, there will be sufficient notification of the proposed disposition actions to be taken, to the affected business unit heads and the legal representative to be able to immediately stop the disposition process if questions arise as to the appropriateness or legality of the disposition.