Monday, December 7, 2009

The Maturing RIM world

I have given a lot of thought about our maturing RIM world in the last few years. I have come to several conclusions that are worth sharing.

If companies have RIM policies that need to make them easier to use going forward.

If they don’t have policies—they may never bother with it as they may not see the value. RIM may not be for everyone even if the law requires records retention.

Discovery has forced so many companies to look inward to determine why it’s so darn expensive and burdensome to find and produce the e-evidence. The ones that are introspective realize proactive info management is central to minimizing discovery pain downstream. Over time expect more technology to come house to manage content for RIM and discovery.,

Employees don’t get their retention or discovery obligations and it may make sense to see if technology can be harnessed to do what employees can’t.

Information management will be a technology activity. IT executives, get ready for RIM to be your problem.

Tuesday, December 1, 2009

Are you getting it right?

I was reading the Wall Street Journal recently and came across an article entitled ”Why email no longer rules”. As the author of a book called “Email Rules” I was selfishly interested because I don’t think email is dead by a long shot. When I read the article, what became clear is that the author doesn’t really think email is dead but rather she thinks that there are a whole host of new communications technologies being used that make email less important. While email’s import in the business context seems unquestionable, the author’s real message was poignant and relevant for all those who care about RIM or discovery. New communications technologies are being used more often, which make message volumes greater, creation speeds faster and likely less well thought out. There is also the reality that new technologies like Twitter and Facebook when used in the business context is that business content with business value maybe created with little business controls in place. So, now is the time redouble efforts to apply the old RIM rules to new content. Invest in policy updates, training and audits to make sure your organization is getting it right.

Tuesday, November 24, 2009

Develop Rules for Quick Litigation Response

If you don’t have enough to do in your RIM activities, have I got a job for you. Responding to litigation is an exercise in futility. You have to produce anything and everything relevant to the case. But for most bigger institutions there is no way to even know if you have most of the relevant stuff let alone all of it. If you're in RIM, your job is likely limited to making retention rules and making sure they are followed. What about adding to your full plate by developing rules about where things need to be put? One of our clients took on the responsibility of developing the Office of Contract management. All final contracts will be stored there making finding them for business reasons of producing them for litigation that much easier. So start developing rules about where to content and RIM life and litigation response will be faster, better and cheaper.

Thursday, November 19, 2009

Parking Lot Theory

I have been working on a new theory for the RIM world called the “Parking Lot Theory”. The premise simply stated is that business' need to incorporate the realities if parking cars into the data parking world. By doing so the corporate data parking lot would be more RIMful and less DISCOVERYchallenged. If information was parked in designated parking lots (not PSTs, home computers, thumb drives and third party storage farms, the business would better harness huge value. So consider company, customer and employee convenience when it comes to building or buying a new data parking lot. As information value does up, just like a car, give the lot more functionality. And if it's important e-stuff you should be willing to spend more on its proper management.

Monday, November 9, 2009

Will you have it when you need it?

I read a really interesting article which got me thinking about what I usually think about-- where are the records? “Doctor Can You See Me Now” in the October 20, 2009, Wall Street Journal. The article explored the use of video diagnostic equipment to augment care and treatment of patients by hooking doctors with specialties to remote emergency rooms far away to help consult on the ill. Great use of technology. But where are the records. Clearly the video interaction with the patient will be an important record in the patient’s medical file—but is it being retained. I had the same thought when companies use Indian off-shoring firms to do work for American companies. While off-shoring is less attractive these days with loads of Americans out of work, the question remains, when using a service provider for something your business would normally do, where are the records, who owns them, and will you have access to them when needed?


Don’t let time and dispute answer these questions. Deal with it upfront in contract and spare yourself a major headache.

Friday, October 30, 2009

Just because you can, Doesn't mean you should

In the November 2009 edition of PCTODAY Magazine, in an article entitled “Twitter for Business”, the author explores the use of Twitter for “marketing, customer service, and even job placements”. When we do a social networking retention policy these days we address acceptable business uses of the technology, proper retention, privacy, etc. But remember just because technologies can be used for a business purpose, does not mean that they should be used at all. So make the business case and if you can then get the technology. Before implementing it, develop policy that properly manages it. Thereafter if you can’t readily retain it, you better tell business users that if content needs to be retained but cant with the technology used, then they need to communicate in a different way.

Tuesday, October 27, 2009

Faster, better and cheaper

If you don’t have enough to do in your RIM activities, have I got a job for you. Responding to litigation is an exercise in futility. You have to produce anything and everything relevant to the case. But for most bigger institutions there is no way to even know if you have most of the relevant stuff let alone all of it. If your in RIM, your job is likely limited to making retention rules and make sure they are followed. What about adding to your full plate by developing rules about things need to be put. One of our clients took on the responsibility of developing the Office of Contract management. All final contracts will be stored there making finding them for business reasons of producing them for litigation that much easier. So start developing rules about where to store content and RIM life and litigation response will be faster, better and cheaper.

Friday, October 23, 2009

"Go Green" with RIM

I think all RIM professionals should think about the business benefits of their RIM program and policy directives as part of larger business initiatives to “Go Green”. Not because it is cool to be environmentally conscious, but because it helps them align their thinking with that of the executives on savings and being perceived a good corporate citizen. If we only retain what is required, and as few copies as needed, then we save loads of money, time and energy. Start thinking like an executive—its good for your career.


BTW-Americans received 17 billion mailed paper catalogues in 2008—56 for every American (Wall Street Journal, October 16, 2009). So we are far from paperless.

Tuesday, October 20, 2009

Policy First

In the November 2009 edition of PCTODAY Magazine, in an article entitled “Twitter for Business”, the author explores the use of Twitter for “marketing, customer service, and even job placements”. When we do a social networking retention policy these days we address acceptable business uses of the technology, proper retention, privacy, etc. But remember just because technologies can be used for a business purpose, does not mean that they should be used at all. So make the business case and if you can, then get the technology. Before implementing it, develop policy that properly manages it. Thereafter, if you can’t readily retain it, you better tell business users that if content needs to be retained but can't with the technology used, then they need to communicate in a different way.

Monday, October 12, 2009

The Ongoing Work of IMC (Key #7: Continuous Program Improvement) - Highlights of chapter 19 of the second edition of Information Nation

Every organization must strive to continually improve its Information Management program. Every program has flaws and weaknesses that need to be addressed. Every program goes out of date with current best practices, laws and technology unless it is continuously revised and revisited. Every program can be better.

Email is a technology used by virtually all businesses. Unfortunately, many organizations did not update their Information Management policies and procedures to account for the technology. As a result, an avalanche of court cases and legal actions related to the use and misuse of email began, and organizations were forced to retroactively change their Information Management practices. Many learned their lessons the hard way, feeling the pain of harassment lawsuits and mass employee terminations.

Which of the newer technologies appear to be taking a similar path? Read about them in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Monday, September 21, 2009

Using Technology to Enforce Policy (Key #6: Effective and Consistent Program Enforcement) - Highlights of chapter 18 of Information Nation 2e

Organizations should anticipate the kinds of Information Management program violations they are likely to face, and how they will address such violations when they occur. A helpful exercise is identifying those policy elements that can be enforced “automatically” through proper configuration and management. The term “automatically” is used with caution, as all technology, no matter how advanced or sophisticated, still relies on humans for its proper configuration and management, even if it is as simple as just “flipping a switch.”

Although new and powerful enterprise auditing and monitoring tools are continuously being developed, it is simply not feasible to automatically track and enforce each employee’s compliance with Information Management policies and procedures. While it is technically possible to create log files and other “electronic trails,” which show how employees have been using company systems, it is another matter having the tools, people, and time to make sense of all that information.

Read about examples of how policies can be enforced “automatically” with technology, while others require manual intervention, in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Wednesday, August 19, 2009

Addressing Employee Policy Violations (Key #6: Effective and Consistent Program Enforcement) - Highlights of Chap. 17 Information Nation 2e

IMC violations occur for a variety of reasons, ranging from the unintentional and negligent, to the willful. Regardless, organizations must be crystal clear with employees about the consequences of violating Information Management policies and procedures. Statements outlining consequences should be a standard part of the policies to which they relate, and should be highlighted, communicated, and re-communicated.

It is also important that organizations inform current employees of past violations of Information Management policies that have resulted in employee termination and other disciplinary actions. The reason for such communications is to provide a warning to all employees and to prevent further violations, not to embarrass or humiliate the employees who have been disciplined. The courts have made clear that not only do organizations have the right to communicate with their employees about such matters, but it is also in their interest to do so.

Consistency is central to effective Information Management program enforcement for a variety of reasons. However, one of the most important reasons is to protect organizations from claims by accused violators that they are being selectively, unfairly or discriminately singled out and disciplined while other violators are not disciplined for the same reason.

Read about some of the common areas where organizations fail to enforce consistently in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Thursday, August 6, 2009

Use Auditing and Monitoring to Measure IMC (Key #5: Auditing & Monitoring to Measure Program Compliance) Highlights: Chap. 16, Information Nation 2e

The best Information Management policies and practices in the world will not protect an organization unless they have the means to find out if employees are in fact complying with those directives. Auditing and monitoring allow organizations to understand where their Information Management program is succeeding and where it is failing, and correct any compliance problems before they blossom into full-fledged disasters.

Auditing and monitoring programs are required by law in some instances. Taxpayers wishing to keep records in electronic form must meet the requirements of IRS Revenue Procedure 97-22, which explicitly requires Information Management style controls and audits. The National Association of Securities Dealers, in conjunction with the Securities and Exchange Commission, regulates the securities industry, and has promulgated Conduct Rule 3010, which requires members to “establish and maintain a system to supervise the activities [of employees] that is reasonably designed to achieve compliance with applicable securities laws and regulations.”

Organizations should also consider the role of independent third parties in auditing and monitoring activities, particularly those in highly regulated industries. Such audits can be very formal and involve multiple steps, including a complete review of Information Management documentation, employee interviews, or examination of “live” processes and technology in action. On the other hand, such audits can also be less formal, and limited to an offsite review of specific policies and procedures, for example.

Learn more about auditing and monitoring processes in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Monday, July 20, 2009

Essential Elements of Information Management Communication and Training (Key #4: Program Communication and Training)

Highlights of chapter 15 of Information Nation second edition

Case after case had demonstrated that, whether they like it or not, companies and government agencies can be held accountable for their failure to adequately train and monitor their employees’ actions. IMC depends upon a comprehensive and consistent ongoing program of communication and training.

Clarity is a key component of any communication program. Company conduct which is contrary to policy can undermine the purposes of the policy. For example, a court has found that companies can violate the privacy rights of their employees, despite policy explicitly stating that employees have no privacy rights in data on company computers, where the company allowed employees to password protect network and email folders on company servers.

Top executives must also demonstrate their support for the Information Management program by communicating its importance directly to employees. This can be done through email messages, voicemail blasts, face-to-face presentations, teleconferences, and many other ways as appropriate, depending on the size and culture of the organization. Regardless of the method used, it is important that the communications are consistent with the messages provided elsewhere by the program’s policies and procedures.

Read about other important characteristics of a communication and training program in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Monday, July 6, 2009

IT Leadership (Key #3: Proper Delegation of Program Roles and Components) - Highlights of chapter 13 of the second edition of Information Nation

Every employee in an organization shares responsibility for compliance, but specific roles and responsibilities also must be created, and appropriate authority delegated to oversee specific program components. This is critical because improper delegation not only increases the likelihood that Information Management mistakes will be made, but also can create serious liability for the company. Many organizations have struggled to build an Information Management infrastructure that reflects the ongoing transition to electronic business processes, new law and regulations, and changing business practices in general.

Different departments within the organization may have competing needs for information. The Sales department may want to keep every email message from a customer forever, because email messages provide valuable information about customers’ buying habits, and enable them to create more accurate sales forecasts. The IT department protests that infinite retention of email bogs down the email servers, requiring large investments in extra hardware, maintenance and staffing. The Legal department is concerned about a recent case where damaging email evidence led to a multi-million dollar settlement.

What is the best solution? The answer may surprise you. Read the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Thursday, June 25, 2009

IT Leadership (Key #2: Executive Level Program Responsibility) - Highlights of chapter 12 of the second edition of Information Nation

The role of CIOs and other IT executives is changing (or should be changing) in many organizations to reflect our increasing reliance upon digital information for business purposes, and for transactions that have profound legal and regulatory ramifications. Not only is the greater volume of information passing through IT systems a challenge, but the courts have placed a higher value on the need to retain certain kinds of information than on IT’s need to run a cost-effective operation.

More and more of the information generated and received by organizations has serious legal and regulatory ramifications. This information, such as digital contracts, invoices, patient data in healthcare, and order flow information in the securities industry, must be stored in a way that preserves its original form and content to comply with records and evidentiary requirements.

Compliance failures in the IMC context can have real financial consequences, yet IMC investments are often resisted because the economic benefits are frequently not easily understood. A new measure, the “total cost of failure,” or TCF, helps to quantify the economics of failing to take action, or taking the wrong actions.

Read more about TCF in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Tuesday, May 26, 2009

What Executive Responsibility Means (Key #2: Executive Level Program Responsibility) - Highlights of chapter 11 of the 2d ed. of Information Nation

There are several things that senior executives can do to get the message across to all employees that IMC is important to the organization, is a core part of its day-to-day operations, and is central to its success. A statement from the CEO accompanying the Records Management policy, or located on the intranet site which houses Information Management policies, or inserted in an e-mail reminder to employees, provides the needed emphasis.

An Executive Information Management Council, containing representatives from such departments as Legal, IT, Human Resources, Finance, Records Management, Business Risk Management, Tax and Audit, Compliance, and affected business units, should have organization-wide responsibility for ensuring that the Information Management program is properly implemented throughout the company, and that needed policies and procedures are in place to address operational, legal and technical needs and requirements.

Find out what happens when executives remove records from the organization when they depart. The second edition of Information Nation, available from John W. Wiley & Sons, also describes how the chief executive can be held liable for information management failures. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Monday, May 18, 2009

Executive Leadership, Sine Qua Non (Key #2: Executive Level Program Responsibility)-Highlights of chapter 10 of the 2d edition of Information Nation

The second Key to Information Management Compliance is executive level program responsibility. The success of an IMC program, or any program, is dependent upon the commitment of the organization’s senior management team. They must step up and take responsibility for the program’s development, implementation, and ongoing improvement.

Executive leadership is an absolute prerequisite (sine qua non). High-level, visible executive involvement and responsibility makes clear that IMC is a priority for the organization and is central to its success. Unless senior management makes Information Management activities a core responsibility, employees have little practical incentive to take their responsibilities seriously.

If the program is not pushed from the top, and, for example, comes out of the records management department, the directives will not be given priority. This happened at one of Kahn Consulting’s large clients, and the program did not get on track until the CFO and general counsel got behind it.

Funding is also critical to the success of IMC. A failure to adequately fund an Information Management program will not only contribute to its demise, but will also send the message to employees, board members, and shareholders that the organization does not take Information Management seriously.

The second edition of Information Nation, available from John W. Wiley & Sons, also describes how the chief executive can be held liable for information management failures. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Tuesday, May 12, 2009

Information Management Policy Issues (Key #1: Good Policies and Procedures) - Highlights of chapter 9 of the second edition of Information Nation)

The protection of company information is one of the key policy issues facing organizations. Software companies, for example, are often faced with high turnover in their programming staffs. Programmers will frequently make copies of the programs they create for their employers for their personal use. They may use the programs as part of their “portfolio,” examples of their work they can show to other potential employers. They may reuse the code in other projects so that they don’t have to reinvent the wheel. These practices can run up against the employer’s desire to maintain the confidentiality of their own proprietary information.

One company had apparently taken impressive measures to keep its information confidential. Each employee was required to sign a confidentiality agreement which explained the value placed on confidentiality at the company and prohibited them from taking confidential information upon their departure. Extensive steps were taken from a technology standpoint to protect information assets. Non-disclosure agreements were required when sharing information with outside entities, and documents were marked confidential and tracked using tracking software.

Nevertheless, when the company sued a programmer for taking information from the company, the court found that these measures were “barely sufficient to qualify as reasonable!” Find out what the court had to say in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Friday, May 1, 2009

Making Good Policies and Procedures (Key #1: Good Policies and Procedures) - Highlights of chapter 8 of the second edition of Information Nation

A policy and procedure structure is an essential part of making good policies and procedures. This is particularly important in large organizations with many departments having diverse needs, in order to ensure that the policies work together as seamlessly as possible. High level policy tools include:

-- a high-level Information Management and Records Management Policy Manual, which is the foundation for all other IMC policies and procedures created or adopted throughout the organization;

-- organizational retention rules, which provide retention periods for different categories of records in the organization;

-- an electronic records policy, which can be useful for bringing specific focus to electronic records issues, and

-- a Legal Hold policy, for informing affected individuals and departments when normal IMC practices must be suspended due to anticipated or commenced investigations, audits, or litigation.

Clear and unambiguous directives are important to make sure that employees understand organizational IMC objectives, and to limit interpretation, which helps to provide greater certainty about the outcome of a dispute. Clarity is important, because courts typically interpret ambiguities in favor of employees, rather than the employer who drafted the language of a policy in dispute.

The second edition of Information Nation, available from John W. Wiley & Sons, lists other characteristics of good policies and procedures. For more information, see http://www.informationnationbook.com/.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Wednesday, April 22, 2009

The Purpose of Policies and Procedures (Key #1: Good Policies and Procedures) - Highlights of chapter 7 of the second edition of Information Nation

The first of the Seven Keys to Information Management Compliance is good policies and procedures. Organizations must develop and implement policies and procedures designed to ensure that its Information Management Compliance responsibilities are addressed and its obligations are met.

Policies and procedures have a critical role in an Information Management Compliance program. They provide clear guidance to employees as to what their IMC obligations are, which can be a significant challenge in large organizations. They affect the corporate culture and provide consistent guidelines for employee behavior that last beyond the residency of a particular manager or executive.

Good policies and procedures also make a statement to the world that the organization is committed to addressing Information Management issues. If an organization can demonstrate to an investigator, regulator, court or even the media that they had a policy in place and trained employees to follow the policy, then isolated failures are much more likely to be seen as individual accidents rather than organizational failures.

Compliant Information Management policies and procedures can also help organizations avoid liability for their employees’ actions. The second edition of Information Nation, available from John W. Wiley & Sons, contains several scenarios in which good policies and procedures can mitigate employees’ bad actions. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com

Tuesday, April 14, 2009

Sarbanes-Oxley and IMC: Highlights of chapter 6 of the second edition of Information Nation

The Sarbanes-Oxley Act of 2002 is a sweeping, complex piece of legislation with an enormous impact upon IMC. It goes to the heart of IMC by affecting the way that organizations must manage and control information. Sarbanes-Oxley is designed to improve the accountability and transparency of public companies. In turn, accountability and transparency depend upon trustworthy business records because trustworthy business records are the bedrock of accounting and financial reporting systems. As a result, compliance with Sarbanes-Oxley relies upon a foundation of Information Management practices designed to ensure the accuracy and trustworthiness of business records. In other words, Information Management Compliance.

Section 802 of Sarbanes-Oxley is one of its more disconcerting sections, as it imposes dramatic criminal penalties for the improper destruction or alteration of business records. Proper disposal of business records is as integral a part of Information Management as retention. However, organizations also have an obligation to suspend normal disposition practices in the face of anticipated or ongoing audits, investigations, litigation or other proceedings—including matters contemplated by Section 802.

The second edition of Information Nation, available from John W. Wiley & Sons, describes how organizations can put into place a mechanism to ensure that their employees properly preserve information when faced with proceedings of these kinds. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Friday, April 3, 2009

Notification Laws: a response to data breaches

As data breaches have become more prevalent over the last few years, states have required organizations experiencing data breaches involving consumers’ personally identifiable information (PII) to notify their customers. Since California’s data breach disclosure law (SB1386) became effective in 2003, a total of 47 states and provinces have passed laws that require consumer notification of a data breach involving PII. Currently, only Alabama, Kentucky, Mississippi, Missouri, New Mexico, and South Dakota do not have a data breach notification law. A listing of state data breach laws is here.

Organizations need to be aware of the data breach requirements of the states where they conduct business and where their consumers reside. Notification and communication requirements can differ from state to state. Therefore, it is important not only to have knowledge about these state requirements, but to audit your applications to prevent data loss in the first place.

Wednesday, March 25, 2009

Achieving IMC: Introduction to the Seven Keys – Highlights of chapter 5 of the second edition of Information Nation

Why do organizations mismanage their information assets? Some of the reasons arise out of the natural result of market correction or contraction (compliance wasn’t a priority during the “tech bubble”), putting aside compliance issues as companies rushed to adopt the latest technology in order to “keep up with the Joneses,” the failure of compliance issues to be considered in the development of new technology, or the failure to designate responsibility for electronic records as the volume of such records grew in the enterprise.

Randolph Kahn developed a framework for an organization to solve this problem. Called the Seven Keys for Information Management Compliance, the framework is based upon the Federal Sentencing Guidelines. The Guidelines provide seven criteria that courts will look at when sentencing a company found guilty of a criminal act.

The Guidelines have had a significant influence on how companies design and implement compliance and corporate ethics programs. Not only do the Guidelines tell companies how fines and penalties will be assessed, but they help companies determine what they can do to help avoid or reduce sanctions for wrongdoing.

The Seven Keys are described in detail in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com. Stay tuned for more blog posts on the Seven Keys.


Comments? Contact the author at infonation@kahnconsultinginc.com.

Monday, March 23, 2009

Privacy and the effect upon international transactions

Globalization and technologies such as the Internet have allowed many companies to conduct business internationally. This has been a great financial opportunity for these businesses. However, a major issue associated with international transactions is data privacy. Countries view privacy issues differently. For example, many U.S. companies use the opt-out model; consumer information is automatically released to partner companies unless otherwise requested by the owner of that information. The European Union, on the other hand, utilizes the principles of opt-in, in which a person’s personal information cannot be shared unless they give direct permission to the organization.

Understanding other countries’ privacy rules is a prerequisite for conducting business internationally. Examples of data privacy policies include the European Union’s Data Protection Directive 95/46/EC, and Canada’s Personal Information Protection & Electronic Documents Act . Data protection policies for many countries can be found here.

Friday, March 13, 2009

Information Management Compliance: Highlights of chapter 4 of the second edition of Information Nation

Information Management Compliance is, as the term implies, the fusion of the Compliance discipline with Information Management activities. It involves developing Information Management criteria in accordance with legal, regulatory and business needs, and implementing controls designed to ensure compliance with those criteria. An effective Information Management program uses both best practices and risk management strategies.

There are two broad categories of compliance criteria in Information Management: External sources, such as laws (Sarbanes-Oxley, for example), regulations or industry standards; and internally developed criteria, which can be based on guidance from industry associations or operating procedures developed by virtue of the organization’s experience.

The second edition of Information Nation shows you how to establish your own compliance criteria, and explains the pitfalls of failing to do so. The new book examines how information management compliance failures affected Morgan Stanley, and provides lessons learned for your organization.

The new book is available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.


Comments? Contact the author at infonation@kahnconsultinginc.com.

Wednesday, March 4, 2009

Webinar: The ESI Data Map-What Inside Counsel and Records Managers Need to Know

Join Kahn Consulting, Inc., Quarles & Brady, LLP and The Intersoll Firm for a complimentary one-hour webinar on one of the hottest topics in the legal and records community today: data mapping. This webinar will break down the crucial facts about building, maintaining and using an ESI data map.

Key topics to be covered include:
  • How to build an ESI data map
  • The benefits of an ESI dta map
  • How--and where--an ESI data map fits into an organization's records management and records retention program
  • The value of an ESI data map from outside counsel's perspective
  • The value of an ESI data map from inside counsel's perspective

Speakers:

Lisa J. Berry-Tayman, Esq., CIPP - Senior Consultant, Kahn Consulting, Inc.

Kelly Twigger - Partner, Quarles & Brady, LLP

John P. Collins, JD - VP of Consulting, The Ingersoll Firm

Date: Wednesday, March 11, 1:00 PM EST

As a special thank you for attending the Webinar, we will be giving away 5 signed copies of Information Nation: Seven Keys to Information Management Compliance, second edition, by Randolph A. Kahn.

Register for the webinar here.

Friday, February 27, 2009

What is records management? Highlights of chapter 3 of the second edition of Information Nation

Records management is a particularly important activity within the umbrella of information management, as it typically deals with the most sensitive, valuable and challenging information in an organization, from the point at which this information is created, until it is no longer needed.

Essential elements of an effective records management program include up-to-date program directives, proper training to ensure thorough implementation, building organizational awareness of the program, and auditing the program for adequacy, effectiveness, and efficiency. Electronic records present special challenges because they can be so easily altered. Assuring the trustworthiness of electronic records is critical, particularly in the legal and regulatory context.

The second edition of Information Nation discusses the four important components of a good records management program, as well as other significant parts of such programs. Four essential aspects of a trustworthy record are also described. The new book is available from John W. Wiley & Sons. For more information, see http://www.informationnationbook.com/.

Comments? Contact the author at infonation@kahnconsultinginc.com

Tuesday, February 24, 2009

What is a record? Highlights of chapter 2 of the second edition of Information Nation

Organizations must have a consistent method of determining where information is significant enough to be retained and managed. One major challenge is the increasingly wide variety of technologies being used to conduct business. Voicemail, blogs, wikis, Sharepoint collaboration sites—these are only examples of new technologies where business records are being created. All of these technologies involve the recording of information which memorializes a business transaction.

The second edition of Information Nation describes definitions of a record, why and where records are retained, and, just as important, circumstances in which information does not need to be retained. The book is available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Friday, February 20, 2009

Total Cost of Failure: Justifying Investments in Information Management Compliance

There has been endless talk about compliance. There has been way too much banter from vendors claiming to deliver a ‘compliance solution’. Most technology purchasers are still grappling with what their ‘compliance’ problems are. So they hardly seem ready to fix what, if anything, that ails them. In any event, purchasers should be wary about claims of having the technological panacea for all ‘compliance’ problems. Such fallacious claims are akin to your doctor claiming to have one shot that can inoculate you against any disease. Simply stated, ‘one-size-fits-all’ compliance solutions cannot possibly fix all so-called ‘compliance’ problems, especially if we do not know what the problems are yet.


Read the full article here.

Friday, February 13, 2009

Why is information management important? Highlights of chapter 1 of the second edition of Information Nation

Huge amounts of information are being created daily. According to one estimate, there are 42 gigabytes of data for every person on the planet. The need for managing this information has never been greater.

The management of information has evolved along with the corresponding evolution of business processes and technologies. The discipline now encompasses a wide variety of activities, including records and document management, or more globally, enterprise content management; information security and privacy, and disaster recovery.

The wide-ranging implications of information management make it extremely difficult to get an overall picture of how your company manages information. Determining corporate needs and priorities in the information management arena is one of the emphases of the second edition of Information Nation. The new edition is available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Stay tuned for Chapter 2 highlights!

Thursday, February 12, 2009

One million dollars: The largest civil penalty paid in a Children’s Online Privacy Protection Act case

A global recorded music company agreed to pay 1 million dollars to settle the Federal Trade Commission (FTC) charges that it violated the Children’s Online Privacy Protection Act (COPPA) and the Commission’s implementing rule. The FTC’s complaint alleged that the music company, through its website, improperly collected, maintained, and disclosed personally identifiable information from thousands of children under the age of 13, without their parent’s consent.

To protect your company and its website from such a fate, you must first determine if the COPPA Rule applies to your company’s website by asking:
  • Do we direct our commercial website and online services to children under 13? If so, do we collect personal information from children under 13?
  • Do we knowingly collect personal information from children under 13 on our general audience website?
  • Does our general audience website have a separate children’s area? If so, do we collect personal information from children under 13 in this separate area?

If you answer “yes” to these questions, then your company likely falls under one of the categories of website operators who must comply with COPPA. If in doubt, compliance with the COPPA Rules is the safest bet.

Good records management is one COPPA requirement. The Rule requires that personal information collected from children is managed to maintain the confidentiality, security and integrity of the information. Your company will need good information management policies and practices to comply. Good records management practice also includes managing the privacy of those submitting their information. To comply, your company will need good privacy policies and procedures. To maintain goods records management in the long-term, your company should perform audits to confirm that the information collected from children on your website is being properly managed under these policies and procedures, including your record retention schedule.

Another COPPA requirement is the clear and conspicuous posting of a privacy policy on the homepage of your website and a link to this policy on any page where a child’s personal information is being collected. Take a look at your company’s website: if no privacy policy exists on it, you may want to bring this to the attention of your corporate counsel or CEO/CIO (if your company does not have a privacy officer).

The FTC takes privacy seriously, and so should your company.

To read about the more about these and the other COPPA Rule requirements, and the entire one million dollar penalty story, go to: http://www.ftc.gov/privacy/.

Tuesday, February 3, 2009

Kahn Releases Second Edition of "Information Nation": The Industry Bible to Information Management Compliance

With the current economic downturn, most organizations are trying to cut back. However in a world fueled by information, to ensure you remain “faster, better, cheaper and legally compliant,” it is more important than ever to have a comprehensive plan for information management compliance.

Internationally acclaimed author, industry expert and two-time Britt Literary Award winner Randolph Kahn has released the updated second edition of "Information Nation: Seven Keys to Information Management Compliance."

Published by John W. Wiley and Sons, the book explains why this is not the time to minimize costs in information management programs. It demonstrates how to succeed in this new environment by incorporating an information management compliance philosophy into the business processes and corporate governance structure.

The book is already receiving positive reviews from other industry experts.

“Who would have thought that Information Nation – the information management compliance ‘bible’ – could be improved?” said Jay Cohen, chief compliance officer at Assurant. “The second edition of this book is a must read for any person who cares about information management or litigation readiness.”

Kahn, founder of Kahn Consulting, Inc., shares this proven methodology that adopts the principles, controls and discipline necessary to build a solid corporate compliance program.

"Information Nation" details:

New developments regarding the Federal Sentencing Guidelines. Substantive changes were made to the Federal Sentencing Guidelines after the publication of the first edition. The book addresses the impact of recent case law upon the guidelines.

The electronic discovery amendments to the Federal Rules of Civil Procedure. The Federal Rules amendments have significantly changed the legal landscape for information management compliance. The second edition of "Information Nation" integrates the resulting changes into the content to provide the same kind of common-sense guidance which made the first edition a success.

New material incorporating information compliance news, legal decisions and regulatory updates. The field of information management compliance changes as quickly as the information technology field itself. The second edition of "Information Nation" includes new material encompassing these events and explaining how they affect the information management compliance environment.

Kahn is an internationally acclaimed speaker, consultant and award-winning author of dozens of published works including "Privacy Nation," "Information Nation Warrior," "Information Nation: Seven Keys to Information Management Compliance" and "E-Mail Rules." He is an internationally recognized authority on the legal, compliance, and policy issues of information and a trusted advisor and consultant to Fortune 500 companies, governmental agencies and court systems.

As founder of Kahn Consulting, Inc., Kahn leads a team of information management, regulatory, compliance and technology professionals who serve as consultants and advisors to major world-wide institutions.

The book is available now from John. W. Wiley & Sons at www.wiley.com and can be purchased from most major book sellers.