Wednesday, March 25, 2009

Achieving IMC: Introduction to the Seven Keys – Highlights of chapter 5 of the second edition of Information Nation

Why do organizations mismanage their information assets? Some of the reasons arise out of the natural result of market correction or contraction (compliance wasn’t a priority during the “tech bubble”), putting aside compliance issues as companies rushed to adopt the latest technology in order to “keep up with the Joneses,” the failure of compliance issues to be considered in the development of new technology, or the failure to designate responsibility for electronic records as the volume of such records grew in the enterprise.

Randolph Kahn developed a framework for an organization to solve this problem. Called the Seven Keys for Information Management Compliance, the framework is based upon the Federal Sentencing Guidelines. The Guidelines provide seven criteria that courts will look at when sentencing a company found guilty of a criminal act.

The Guidelines have had a significant influence on how companies design and implement compliance and corporate ethics programs. Not only do the Guidelines tell companies how fines and penalties will be assessed, but they help companies determine what they can do to help avoid or reduce sanctions for wrongdoing.

The Seven Keys are described in detail in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see Stay tuned for more blog posts on the Seven Keys.

Comments? Contact the author at

Monday, March 23, 2009

Privacy and the effect upon international transactions

Globalization and technologies such as the Internet have allowed many companies to conduct business internationally. This has been a great financial opportunity for these businesses. However, a major issue associated with international transactions is data privacy. Countries view privacy issues differently. For example, many U.S. companies use the opt-out model; consumer information is automatically released to partner companies unless otherwise requested by the owner of that information. The European Union, on the other hand, utilizes the principles of opt-in, in which a person’s personal information cannot be shared unless they give direct permission to the organization.

Understanding other countries’ privacy rules is a prerequisite for conducting business internationally. Examples of data privacy policies include the European Union’s Data Protection Directive 95/46/EC, and Canada’s Personal Information Protection & Electronic Documents Act . Data protection policies for many countries can be found here.

Friday, March 13, 2009

Information Management Compliance: Highlights of chapter 4 of the second edition of Information Nation

Information Management Compliance is, as the term implies, the fusion of the Compliance discipline with Information Management activities. It involves developing Information Management criteria in accordance with legal, regulatory and business needs, and implementing controls designed to ensure compliance with those criteria. An effective Information Management program uses both best practices and risk management strategies.

There are two broad categories of compliance criteria in Information Management: External sources, such as laws (Sarbanes-Oxley, for example), regulations or industry standards; and internally developed criteria, which can be based on guidance from industry associations or operating procedures developed by virtue of the organization’s experience.

The second edition of Information Nation shows you how to establish your own compliance criteria, and explains the pitfalls of failing to do so. The new book examines how information management compliance failures affected Morgan Stanley, and provides lessons learned for your organization.

The new book is available from John W. Wiley & Sons. For more information, see

Comments? Contact the author at

Wednesday, March 4, 2009

Webinar: The ESI Data Map-What Inside Counsel and Records Managers Need to Know

Join Kahn Consulting, Inc., Quarles & Brady, LLP and The Intersoll Firm for a complimentary one-hour webinar on one of the hottest topics in the legal and records community today: data mapping. This webinar will break down the crucial facts about building, maintaining and using an ESI data map.

Key topics to be covered include:
  • How to build an ESI data map
  • The benefits of an ESI dta map
  • How--and where--an ESI data map fits into an organization's records management and records retention program
  • The value of an ESI data map from outside counsel's perspective
  • The value of an ESI data map from inside counsel's perspective


Lisa J. Berry-Tayman, Esq., CIPP - Senior Consultant, Kahn Consulting, Inc.

Kelly Twigger - Partner, Quarles & Brady, LLP

John P. Collins, JD - VP of Consulting, The Ingersoll Firm

Date: Wednesday, March 11, 1:00 PM EST

As a special thank you for attending the Webinar, we will be giving away 5 signed copies of Information Nation: Seven Keys to Information Management Compliance, second edition, by Randolph A. Kahn.

Register for the webinar here.