Thursday, December 16, 2010

Dialoginar #1 - Content Analytics

I am the host of “Dialoginar”. It is great way to learn more about Information Lifecycle Governance. Check it out and tell me what you think. Topic one will explore Content Analytics.

Dialoginar #1 - Content Analytics

Friday, December 3, 2010

What's a Dialoginar?

I have spoken far and wide, long and short, here and there, but I have never done a Dialoginar. Well, I am doing an amazing Dialoginar Series where I play an expert and explore some interesting Information Lifecycle Governance topics. In the near future you will see a YouTube advertisement in which I play a superhero jib jab bobble head and tell you all the fun facts about the Dialoginars. BTW- a bobble head is perfect role for me. The Dialoginar is a great way to learn and have fun while doing it. So, bring your lunch, bring your friends, bring your coworkers, but leave your bad attitude in your cubicle. A Dialoginar tastes great and it's less filling. Can I say that or will that cause a problem with my favorite Wisconsin brewer?

Topics that will be discussed in the initial Dialoginar Series are:

Content Analytics Compliance refers to the text analytics process plus the ability to visually identify and explore trends, patterns, and statistically relevant facts found in various types of content spread across internal and external content sources.

Defensible Disposal – How do companies develop the policy rules to defensibly dispose of information? The only way to purge content is to dispose of it pursuant to written retention policies which take into consideration business needs, legal requirements and legal considerations like statues of limitations.

Information Lifecycle Governance is a way of managing information over time with the necessary controls to advance good business practices. ILG encompasses policies, processes, practices, and technology used to manage information throughout its life starting with creation and ending with proper disposal.

These are just a few of the topics to be discussed in a series of quirky “Dialoginars” to be presented by Randy Kahn and IBM. Prepare to be educated and entertained in a unique approach to the discussions of everything Information Governance. Keep your eyes open for upcoming dates and times!

Monday, November 29, 2010

Information Storage Governance

You can store if you believe Wendy.

Attention all storage dudes and dudettes;

You can keep ALL your corporate data forever, park it anywhere, even “float” it on a “Cloud”, not worry about accessing or finding it again, and the world and mostly your business will be a beautiful and productive place. Try again Storage Wendy.

For our 10 Truism to decide your fate and this full blog please view it at:

So Wendy, do you still want to fly?

Friday, November 19, 2010

Information management matters.

Are you sitting in your cubicle trying to justify your job and get a little budget for next year? As you contemplate your future you go the place that is most familiar. You immediately think about how much your company could save by applying retention to the mass of boxes stored on-site and off-site and getting rid of the extra boxes. Don’t waste your time—that is not really what the guys and gals who run your business care about.

On a totally separate random note, I was reading the Wall Street Journal this morning and saw an article entitled “Insurers Test Data Profiles To Identify Risky Clients.” It seem that life insurers are analyzing all the personal data being collected on-line and elsewhere to evaluate how long we will live. You see the whole life insurance business is tied to longevity. The longer we live, the more the life insurance company makes because we pay more premiums and they get to use our money longer before death.

Oh. So better information management matters. I see.

Wednesday, November 17, 2010

Free records and national security

One of the big strategic agenda items of President Obama was to make government more transparent. One of the ways government is more transparent is by making more records of its actions accessible to the public. Of course, government always has to balance our national security against the public’s desire to know more. More about that in a minute.
The New York Times covered the story of the Justice department’s 4 year attempt to keep a 600 page report about US governmental post war collaboration with certain Nazi’s and invitations for Nazis to come to America. The report has been written for a long time but not made public or even disclosed. So someone apparently sued to get access to the report which was eventually made available in highly redacted (blacked out) form.
As the WWII has been over for more than a half century, it seems rather questionable that there can be anything of a “national security” interest still in the document that requires protection. No doubt there is tons of stuff that is embarrassing, but I don’t think that is criteria for keeping something secret.
Anyway, if our government’s invited former Nazi’s military leadership here to run missile programs or help with other military initiatives, then “transparent government” may dictate such information is disclosed, absent real national security interest requiring protection.
But this American says, if transparency is the desired result, absent real national security interest, then let the records be free.

Monday, November 8, 2010

Protect it.

If your business is about information, there are way too many stories that tell you to manage it seriously and securely or you will pay the piper. Facebook has been under pressure for various privacy policy issues for a while. I guess it is their business to manage and display personal information of sorts, so dealing with privacy seems pretty predictable. And the story today in the Wall Street Journal about Facebook users information being taken by rogue Facebook IT professionals and sold to brokers also seems predictable. Information is valuable. To have it is good. Information is an asset. Information is worth money. So when thinking about how your organization manages its information ASSETS, think about who has access to various types of information and how that information can be absconded with and used to your detriment. Taking stuff of value is predictable. Not good and clearly bad but wholly predictable. No news to me. Expect places with lots of salable information to be a target everyday and protect it like it matters. Duh.

Wednesday, November 3, 2010

Lost communications. Really?

I was thinking about writing a thriller about computer warfare in which governments no longer had to fight wars with people or heavy equipment, but instead could rely on this geeky cadre of computer air force dudes who would keep us safe. The one scourge they had a hard time dealing with is the loose confederations of Muslim terrorists who don’t use computers very much. Blah, blah, blah.

Oh. On a totally separate note, this past week it was reported that our military lost communications with 50 nuclear missiles in Wyoming apparently due to a power failure. Did someone unplug the power supply. I think not. Not to worry because the initial reports indicate no “foul play”. Well I am very comforted by that assertion. So what’s up. Seems like we should be able to “communicate” with our nukes all the time. Are you kidding me-how do we lose communications with dozens of our nuclear missiles?

Friday, October 29, 2010

Social Networking Challenge

It’s a real challenge to be a terrorist in these times of social networking. How does a killer keep his privacy after all. An ALLEGED Muslim terrorist, now being prosecuted for plans to blow up various important DC locations, seemingly lost his battle to live anonymously in times of the free information flow. Our terror suspect has to deal with not only tapes of his own admissions but also his Linked-In account and on-line social networking activities being monitored by the FBI. Chalk one up for the good guys.

Let the information flow.

Tuesday, September 7, 2010

"Global Warming Gate"

I have been telling my son, Dylan, for years that just because it’s getting hotter doesn’t mean we caused it. My position, I did not think we had enough data from far back enough to understand the cyclical nature of climate to know whether or not we are in a simple temperature cycle or if indeed man is causing the lion’s share of global temperature rising. Sure we impact the world, but is it the reason the temps appear to be going up. He was “taught” by his teachers that it was of course man’s fault. Be a critical thinker I said,“the ice cap covering much of north America melted in the Pleistocene era, thousands of years before cars were invented, so what was the cause?” Anyway, I have been watching as “Global Warming Gate” emerges. The 50,000 foot version of the story is that some scientists who seek to connect global warming with the actions of man have been busted with allegedly trying to fabricate better results to make their point. You may remember the email cache from the international organization that seems to suggest certain scientists hid data that may show global warming is not as bad as they would like us to believe or that man may not be causing it.

Based on “Global Warming Gate” (my term) a panel investigating the data fabrication issues this week, has recommended that UN climate folks have better ability to unearth data fabrications.

As you may recall, one of the “mistakes” from the agency reporting on global warming was that the Himalaya glaciers would melt by 2035. Now they apologize for the “mistake”.

Anyway, information matters. Good information matters more. Information in context is better still.

We live in an Information Nation. Actually, we live as one business community in an Information World.

Friday, August 27, 2010

Records are Proof

Close your eyes and silently read the following chilling words from the August 26, Wall Street Journal article—“On April 20 at 10:43 a.m., a young BP PLC engineer sent a 173-word email to colleagues abroad the Deepwater Horizon drilling rig. The email spelled out a recent change to a key safety test that sparked confusion and debate abroad the rig. Less than 12 hours later, the rig was engulfed in flames so hot they melted steel”.

As the fateful day proceeded, it was clear there was confusion about whether or not the well was stable. “over the next two hours, there were signs the well was slipping out of control. For one, more fluid was flowing out of the well than was being pumped in, according to electronic data reviewed by investigators after the explosion.”

As the lines are now being drawn to determine who is responsible for the death of 11 people and the largest oil spill in our history, what is clear is that records will likely be central in determining who is at fault. For example, Brian Morel who “wrote an email about a week before the explosion, saying that it was a ‘nightmare well which has everyone all over the place’ has refused to testify before a federal governmental panel citing his 5th amendment against self incrimination.”

For those businesses who refuse to recognize the importance of a records program, ask yourself if your business would continue to exist after sustaining a multiple billion dollar penalty.

Viva La Records Management

Monday, August 2, 2010

Leaks happen. How do we stop them?

This week has been a bad one for the administration when it comes to information leaks. As they try to figure out who the data colander is and why he/she has exposed 90,000 classified documents about the Afghanistan war which may explain why it’s going so poorly, one needs to ask what can be done to stop such leaks.

Well the government had policy (in this case a really serious one) and the soldier with intelligence access didn’t follow it. Find him and fire him. Not strong enough. Find him and court martial him — same thing. We need it stronger so others don’t follow suit. OK, if we were in Iran what would they do — behead him? We are free not a Islamic totalitarian regime. Ok, what if we were in Russia - Gulag summer camp and Siberian Labor camp winter get away? Now that is better. But the American people won’t agree and maybe it's “Cruel and unusual punishment." Ok what if we were in France. They would make the leaker the president. Ok wrong location.
Ok, lets be America. But let’s find better ways to make our point to employees and make it stick. Lets realize that information flows and sometime out of the receptacle and we will need to deal with it.


Friday, July 30, 2010

The Hard Drive in the Sky

If at first you don’t succeed, try, try again. And so it was that we tried “outsourcing” and that fell down flat on its e-face. Then someone called it using an “Application Service Providers” or ASP but that sounded like we would get stung and they failed to understand the importance of giving our data over to a newish under-financed company who maybe didn’t care about privacy, information security, etc. But then, we went to THE CLOUD. There I met a beautiful fairy who showed me the way of the Cloud Computing—"Isn’t it wonderful" she purred, “the hard drive in the sky.” And I saw it and it was wonderful indeed. Blah, Blah, Blah.

But businesses are now getting serious about Cloud Computing and I don’t really have the heart burn I may have had before. And that is because real businesses with lots to lose are doing it . That doesn’t mean you don’t need help navigating this new business relationship as it is different. But rather, it is serious business now done by companies with lots to lose if they screw up. The July 26 WSJ article said it all “Microsoft and Google Vie To Sell U.S. Cloud Mail."

Oh, so you weren’t really a fairy at all? “No, I am a Stanford graduate in Computer Science with funny slippers and comfy pants.” I got it.

Thursday, July 29, 2010

Records live on.

A company lawyer recently said to me, “I dream of a day when we have no records.” I thought about it and responded. I wanted to say --“You can fly if you believe Wendy.” But I held back.

I don’t know anything about doping or performance enhancing drugs. I know certain athletes have used them and it doesn’t seem fair if one uses them and another doesn’t. But this is a blog about information management not sports or even fairness in sports. Ok. Yesterday, I was reading an article about Lance Armstrong and the continuing investigation into performance enhancing drugs in the Tour de France. I think Lance is amazing—he dated a rock star—I haven’t. He won the most well-known and one of most demanding and grueling bike races in the world. I ride a bike and am lucky to beat my kids to the end of the block. Anyway, what I would say is that people will testify about the issue. They are either credible or not. Records can and will be used to defend or advance the argument against Lance. If I were Lance a few years back, seeing that performance enhancing drugs is becoming an issue going forward, I might regularly get myself tested and retain the results for if and when I need them to prove that I did nothing wrong. I wonder what his doctor would say. Remember he had cancer and presumably is tested regularly (maybe not for drugs) but maybe his doctors records would show us truth.

In the end, your ability to defend yourself is either having good human testifiers or records. For me I would rather have good documented evidentiary support as I know other bikers may feel “sour grapes” and lie. I know people have selective memory. Others of us just forget. In the end, records live on.

Vive La Records.

Monday, July 26, 2010

Much Thanks

I just completed an amazing trip to China. I was hosted by Renmin University Professor Xiaomi An and had occasion to talk and interact with her students. I spent a lot of time with her graduate students Weakow Wang and Ye Shen. First, when it comes to Information Management they are ahead of the pack. Second, when it comes to navigating China’s bright future, they will play an important role. Finally, when it comes to the deep goodness that makes our world smaller, more connected and joyous, they are some of the reasons why.

China has come so far so fast. China will go even farther with people like Xiaomi, Weakow and Ye Shen. Thanks for opening your world to me and teaching me so much.

Tuesday, July 13, 2010

Time to work together

In the old days of litigation, a lawyer representing a company with lots of information might take a huge collection of documents and produce them knowing that the other side would have a hard time finding the relevant stuff from the crud. In other words, the strategy would be “hide the relevant needle in a big hay stack” . With the change to the Federal Rules of Civil Procedure and the need to “meet and confer”, that has changed. Can’t hide the ball as a plan; need to work together to disclose what you have (we have built RulesMapper to help), need to tell the other side what is “not accessible” and generally work together to focus the discovery process. If there was confusion about working together with your adversary, read Mancia v. Mayflower Textile Services Co. [2008 WL 4595275 (D. Md. Oct. 15, 2008)]. In the case Judge Grimm makes clear that Fed. R. Civ. P. 26 now requires lawyers to cooperate in e-discovery and if they fail it might be considered a violation of the duty of "reasonable inquiry". Money, time, collegiality and law all require working together. What’s stopping you?

Monday, July 12, 2010

Tell us about your RulesMapper

A client wants to get a better handle on the information assets they have. In the old days, RM consultants used to get their troops out to inventory the enterprise. Months later and buckets of dough later, there was a spread sheet of stuff that purports to be the records. We have changed all that as we wanted our clients to spend their money on making retention work not just knowing what they had. Along the way we developed RULESMAPPER-an information governance dashboard to do the whole records inventory process for way less money and way less time. As it turned out, RULESMAPPER is way better than we thought. Clients tell us all the time how they use RulesMapper for “mapping of sources lite”, private information management, etc.

Jeanne Caldwell (the brains behind RulesMapper) and I want hear from you about how you are using RuelsMapper and how we can make it better.


Randy Kahn

Wednesday, July 7, 2010

The new Information Parking Lot

When people vote with their feet, it is worth watching which the way they go. When employees flock to Sharepoint, it is worth figuring out why? But I already know why they flock to Microsoft’s new Information Parking Lot. Employees like it. Employees find value in it. They use it and it makes business “faster, better, cheaper”. So don’t be so quick to say no to any useful Information Parking Lot without knowing more. There are information management, records management and compliance purists that can find fault. Get over it. Look closely enough at anything and you will find fault. At least I know where my information assets are parked.

Tuesday, July 6, 2010

Call to Action

How do I know if records retention is working for my organization today? If employees are not applying the rules and getting rid of content — it is not working. If share drive environments grow unfettered then perhaps retention is not working. If IT systems are purged without regard to what’s in the computers then it's broken. But I already know it's broken. It is not working for most companies because the business world changed but the rules of records retention didn’t keep up with change. I am advocating for change.

In an IT-centric information governance world, you need to get real, real fast. If you think a set of retention rules that are event-based (don’t start to run until the happening of a future event) can work today with technology, I have another belief — it's too hard to build work flows for every future business event just to get rid of content. What that tells me is we should seek to have as few event based retention rules as possible. If employees aren’t doing retention as they are too busy already, then find another way.

Bottom line, I want to hear from you if you will work with me to change the industry. Are you in?

Randy Kahn

Monday, June 28, 2010

Finally a ruling on City of Ontario, Ca. v. Quon

At long last the Supreme Court has ruled on City of Ontario, Ca. v. Quon. I say at long last because I have heard so many things about the case that it’s nice to hear the real facts and clear up any confusion about the law. This is the case involving a police SWAT guy who was given a paging device by the police department and then had his messages reviewed after he exceeded allotted departmental usage. Quon, the SWAT guy, cared because he had used the text capability provided for “BUSINESS PURPOSES” for mostly personal messages and had sent some sexually explicit and salacious texts as well. Anyway, the Supreme Court handled the case rather well. While not really addressing whether or not QUON had an expectation of privacy, they concluded that the search of the stored messages was not unreasonable, blah, blah, blah.

Well, the case stands for the same beliefs Kahn Consulting had been guided with in all our policy work over the years for clients. Make sure you have policies and that they clearly communicate the “rules of the road”. Make clear employees do not have an expectation to privacy and that the rules apply to all technologies of telecommunications systems provided by the employer.

There was special issue in the case that needs special attention. The texts were stored on the provider’s computers not the Police department’s servers. This issue needs special attention. Given the complexities and law on this issue, I am not going to give simple rules here that may confuse you. Suffice to say, as you contemplate storing content on “THE CLOUD” think about how accessing the business content when it is not on your server may have legal implications. If you need help, give us a call.

Friday, June 25, 2010


Arbitrariness, I am not sure if it’s a word. But, it is a thing worth exploring. When folks do something for poorly thought out reasons, or no reasons at all, that is arbitrariness. Like, for example, making a record by filming the CIA interrogating terrorists. Why was it done and why are we continuing to do it--So that we can demonstrate to the world that we are not too tough on terrorists. But I digress.

A guy builds a spreadsheet for the Mine Safety and Health Administration but configures it so we can only see a mine that has safety problems and not the parent company which may own many mines, all with safety problems. It is arbitrariness that allows the bad design to limit the safety agencies ability to track trends by offending companies. Arbitrariness!

Or When the same Mine Safety agency only allows a certain number of offending mining companies to be “assigned tougher enforcement” for their failings—that too is arbitrariness. In the June 24 Wall Street journal, the article states “The Labor Department’s Inspector General found that federal mine safety regulators may have improperly limited enforcement of mines with serious safety violations… District managers could select no more than one mine a field office and a maximum of three mines a district office.” I sure hope we spread out the “bad boys” of mining so that it comports with the Mine Safety “one bad boy per region” rule. Arbitrariness.

When a CIO keeps 10 years of disaster recovery back-up tapes and asks why they keep getting their clock cleaned in discovery—that is arbitrariness.
When a records manager pushes out the updated retention schedule with 600 rules instead of the 1200 they had before “simplification” that is arbitrariness.

Monday, June 14, 2010

Does a request for information matter?

Many have concluded that the risk and exposure of litigation cause companies to make business decision about legal claims. So if faced with a $500,000 expense to do discovery of electronic stored information(ESI), some would rather settle the case for $100,000 even if it has no merit.

But does the mere request for information from a government regulator impact the company? Well of course it can. Take for example the request for records by a federal agency of a well known public company in the news recently. The day the information request became known the stock went down 5% which is millions and millions of dollars.

Wednesday, June 9, 2010

Where's Waldo?

Randy’s Theory of Information Mismanagement-If at first you fail to do anything or do something albeit poorly, you will most certainly revisit your failings at the first smell of litigation or regulatory investigation.

Let apply this theory-

How about we start with the June 8 Wall Street Journal article entitled “Goldman Accused of Stalling By Panel”. It appears that the Financial Crisis Inquiry Commission sent Goldman a subpoena. It also seems that maybe Goldman didn’t respond with needed documents in a timely fashion. So in a rush, Goldman chucked huge chunks of data over the fence to the agency. How much you ask? Well 5 terabytes. That is the equivalent of hundreds of millions of pages. Guess what the response was “we should not be forced to play ‘Where’s Waldo on behalf of the American people.' Ouch.

If electronic information is mismanaged upfront, finding it when you need to is a major headache—SEE GOLDMAN.

Spending a little money to get your house in order proactively may not take all the hurt out of finding Waldo, but it sure can help.

Friday, May 28, 2010

Proactive v. Reactive

We did a bunch of records and information management (RIM) consulting work for a big oil company a few years ago. The company was motivated to build a world class RIM program because they believed that could be significantly more productive “per well drilled” if they better managed their business information. In other words, they liked eating from the “carrot” jar when being motivated proactively to get serious about harnessing information.

There is another oil company right now battling in the gulf, battling regulators, battling wall street, battling bad PR, battling angry fisherman, battling angry citizens, battling a tourist industry, battling environmentalists, etc. I couldn’t help but think how records will play in resolving this problem which will go on for years — clean-up, new regulations, and lawsuits.

I also want to say that in the cloud of news media, which tends to focus on the gusher,from myself and the whole Kahn Consulting team, we are deeply sorry for the loss of life the tragedy has caused. Our hearts go out to you.

Thursday, May 27, 2010

Facebook is fixing its problem

The intent of social networking is to share. The business model of Facebook was to make an environment that promotes sharing. Well they now are being asked to tweak that model. For business sake, Facebook is responding. Here is the story in a nutshell. Facebook is under attack by privacy advocates. I get it, they feel like too much personal info is too available and controls aren’t good enough. So what is Facebook doing—its fixing the problem. I like free market fixes and Facebook is a perfect example of a market driving change. No lawsuits had to be filed (I am sure they will be anyway) or regulators had to jump in to tell Facebook that the way things are structured isn’t good enough and needs to change. So what Facebook is doing is making more basic data private. It's making it easier to control different kinds of information to remain private, provide more ability on the users part to have even more customized settings and provide better control from outsiders to users.

Thursday, May 20, 2010

Are they working???

After a few years with the new Federal Rules of Civil Procedure, I am left asking if it has helped. Is discovery any different? Well, I think so, but discovery is still expensive, a pain and major league inconvenience for many—but, I never thought that would go away anyway. There are cases that tell me much as changed. For example, in Calixto v. Watson Bowman Acme Corp, a case about intellectual property rights, the plaintiff sought to compel discovery on back-up tapes with a significant cost to ready them for the searching process. In the case, the court found that the backup tapes were not reasonably accessible due to undue cost and burden. That said, the defendant had to restore one backup tape to see if it contained deleted email from an employee. As you might remember one major change with the new rules was that discovery on “inaccessible data” would not necessarily be forced. The case is one example to say that it seems like they are working. What do you think? Write me with your thoughts.

Tuesday, May 18, 2010

IT Ain’t About The Cloud

There is lots of conversation about the privacy and e-communications in the work world, especially with the Supreme Court ruling expected soon in City of Ontario, Calif. v. Quon. As you may know, the case is about the expectation of privacy when an employee uses an employer provided communications devise for personal reasons. In the case a police officer’s sent personal text messages on a department device were reviewed by the department and the officer sued for a violation of his expectation of privacy. Confusion between official department policy which made clear the employees should NOT expect any right to privacy were watered down with a supervisor ‘unofficial’ actions which allowed officers to personally pay for overuse text messaging charges with an understanding the their personal messages would not be reviewed. Even though the department policy was clear regarding the official “no expectation of privacy” for employee use of department-issued electronic communications devices(which the employee signed off on), the supervisor's “unofficial policy” and “creation of an unauthorized expectation of privacy” creates the rub in the case. Now in the employee’s favor he did pay for part of the use of the device and he did send personal messages off-duty so perhaps the employer was not clear about when and how the device should be used and maybe it in part became a “personal” device when he paid for its use. So what is clear—this case makes clear that employers better BE CLEAR about directives. This case is not about third party storage of the messages “in the cloud”, though some have made it about that very issue. This case is not about the court undoing employers rights to review e-communications when they are CLEAR about their “no expectation of privacy” policy. This case is not about what private vs. public employees should expect from their employer regarding monitoring. This case is only about the reasonable expectation of privacy of one officer when policy is made ambiguous by word and deed. The court may broaden its ruling but the case is about varying official policy and unofficial practices and how that impacts what employees expects. Remember in Information Nation: Seven Keys to Information Management Compliance, one of the keys makes clear the need to be consistent. Clear policies consistently applied.

Monday, May 17, 2010

Going “Business Naked” is Way Too Much Exposure

Many many months ago, homeowners started complaining of odors, metal being corroded, respiratory ailments, headaches, nose bleeds, etc. After many more months of investigations, it was determined that drywall produced in China was the likely culprit. Apparently Chinese produced drywall has a concentration of a sulfurous chemical, not found in US produced drywall and it was causing the problem. Anyway there has been lots of governmental wrangling over the issue for many more months. Many articles written about the problem and the passage of more time. Finally, today it was announced that rather than wait for lawsuits to be filed (because that is no fun and likely way more expensive) the Chinese drywall makers are agreeing to settle with large and small home builders in the US who in turn will likely settle with home owners and fix the “stinky” drywall problem.

But how do we know which homes got Chinese drywall? As you will recall, we had a major housing boom (a long, long time ago) and drywall was in hot demand. Builders were looking for a source for drywall from anywhere and anybody. So we bought from the Chinese and it happened to have a high sulfur content or something similar which caused a bunch of problems. Well, I guess it’s good we live in America where we regulate what goes into drywall, baby food, dog food, paint for kids toys, etc. But we are a global economy and get products from all over the world-like Chinese drywall for example. Anyway, once it went into homes, how do they know which home got Chinese drywall? Absent a complaint, how do we know which houses to investigate and which walls to replace?

RECORDS. RECORDS. RECORDS. According to the May 17, 2010 Wall Street Journal story covering this matter, “Builders will have to document that their problem drywall did indeed come from KPT (the Chinese drywall manufacturer)and show reasonable repair costs”. Ok, got it-have records to show they bought Chinese drywall, records where the drywall was installed and records to prove expenses. We live in a world where records allow business to happen. Without them we are “business naked”.

Friday, May 7, 2010

Not Good. Not Bad. Just Are.

I am often asked if Records Retention should consider the likelihood of being forced to produce records in a lawsuit. My response--records are neither good nor bad, They just are. And you manage them without regard to how they may impact you later on. Sometime they can really offer up protection not just be the treasure trove of smoking guns. Take for example the recent move by the Catholic Church. The Catholic Church has been rocked with endless sexual abuse scandals in which it has been widely reported that the Church “covered” up numerous egregious child molestations for years across the globe. Now the Church is going to use its records to come clean. According to the Wall Street Journal on May 7, 2010, “Roman Catholic bishops in countries across Europe are trying to get ahead of a widening sexual-abuse scandal by employing a potentially risky strategy—pre-emptively digging through church archives to see what skeletons remain to be unearthed”

Monday, May 3, 2010

Manage your email.

Poor “Fab”. You ask me, "Who is or what is Fab?" He is Fabrice Tourre, a highly compensated French speaking financial guru at the epicenter of the Goldman debacle clouding Wall Street and Washington these days. He is the guy who wrote the email “suggesting” that the investments Goldman was involved with were not nearly as attractive as they wanted others to believe. I don’t really want to get into the Goldman case or what Fab knew or didn’t know. Rather, I wanted to go back to the 50,000 pound gorilla in the room. The point is best stated by the April 29, 2010 Wall Street Journal Article entitled, “Backlash Against Email Builds”. Don’t blame the messenger for the idiotic actions of your colleagues. As far back as “Email Rules” I was telling you to manage the medium. If done right it is your organization’s best productivity tool. When mismanaged it is a major source of headache. Duh. Fab was doing his job. Maybe he was saying stuff he shouldn’t have. Maybe he was being flip. Whatever. Get over it and manage it. And perhaps you need more training. Have I got a training session for you :)

Friday, March 5, 2010

Where’s The Information Toyota

As if the heightened media attention on Toyota, its alleged design defects and the presence of the Mr. Toyoda on Capitol Hill was not enough negative attention, the February 27, 2010 Wall Street Journal article entitled, “Toyota Accused of Withholding Records” cuts to the heart of the issue seemingly haunting the car maker. If there were multiple common complaints about design defects which caused accidents, and the company knew of such problems, then why didn’t the company act earlier and with greater resolve. Companies “speak” with either records and/or its employees. While employees forget, lie, retire, etc., records, if available, can demonstrate what happened and when. If complaints were made that showed common problems in certain car models, then law dictates records should exist and those records should document such failures. If requested in a lawsuit or investigation records should have been provided whether or not they hurt Toyota.

I make no apologies for Toyota--if they hid or destroyed evidence of design defects then they should pay the price. In other words, intentionally hiding evidence is a serious issue that needs to be punished. On the other hand, if information was not produced because after reasonable attempts, it could not be found, then maybe the courts or regulators should punish less harshly or maybe not at all. I don’t know if this is relevant to the problems facing Toyota, but I do know it is a reality in litigation in today’s explosive information world. Information volumes are growing so fast that knowing all the potentially relevant evidence in a lawsuit is almost impossible. Compounding matters, employees use endless new communications technologies making management of the expanding information universe worse than drinking from a fire hose. Finding all relevant evidence in the world that executes contracts in email, modifies them in a text message and breaches them in a blog is a challenge for all of us. In today’s litigation world, if you look closely enough at any company, you will understand why unearthing and producing ALL relevant information is a nonstarter.

--- Submitted by Randolph Kahn, ESQ. Author of Information Nation and Email Rules.

Thursday, February 18, 2010

The Nose Test

We were drafting a legal hold policy for a client’s law department when the client asked when it was necessary to issue a legal hold notice to preserve information. My answer usually involves an application of the nose test—which is “the first smell of trouble”. But what is trouble? Great question. Let me consult my nose. My nose says, “it might involve getting into trouble with a regulator or court.” OK, got it. But that is really way too simple. No doubt failure to provide employees with timely notice of the need to preserve information for a pending, threatened or imminent lawsuit is essential. In a recent court case a judge made the following statement “…plaintiffs failed to timely institute written litigation holds and engaged in careless and indifferent collection efforts after the duty to preserve arose. As a result, there can be little doubt that some documents were lost or destroyed.” But, making a determination of when to do it is not simple and has serious implications.
Say I’m an insurance company, do I need to issue a legal hold notice every time I get a letter from an annoyed insurance policy owner. Oh. If I issue early—at the FIRST smell of trouble, I might over-preserve. How about preserving after we get served with a lawsuit? Well, that may be too late especially if a lot happens before the lawsuit. What if we get a nasty gram from a lawyer demanding the matter be addressed? How about a letter to mediate? How about a written complaint filed with the state department of insurance? How about a notice by the state that it intends to commence an investigation? You get the idea, before a lawsuit is filed, much can happen that should commence the legal hold notice process. So what to do. We deal with it all the time and if you want our help, please call early and often. Clearly earlier in time is safer. So a threatened lawsuit is earlier in time than a filed one but it has implications. Bottom line it’s a lawyers question and don’t let them delegate to you IT or RIM.

Wednesday, February 10, 2010

Case Law and Text Messages

A client recently asked me what is real life meaning of ESI (electronically stored information, the term used by the Federal Rules Of Evidence ”FRE”). In the old days I used to say “if it was relevant and available even if it was on the bottom on my shoe, cough it up”. Well, that may have been a bit too cute, but the point remains—evidence that is even potentially relevant needs to preserved and produced to the other side in litigation, even if it hurts your legal position. Only a little has changed with the amendments to the FRE. There are exceptions—you may not have to produce “inaccessible data”. But in the end, you may have to do discovery on e-stuff that you normally don’t think about. There are cases where even temporary cache files had to be produced. There is now case law that covers text messages.
In Southeastern Mechanical Services, Inc. v. Brody (M.D. Fla. Aug. 31, 2009) employees had to produce text messages from devices owned by the company and personally owned devices. Because the employees apparently “cleaned” the devices in this case, it turned into a destruction of evidence case. Beware, ESI could be just about anything. Plan, Prepare, Preserve and Produce.

Wednesday, February 3, 2010

To Preserve or Not To Preserve? That is the question

Hey IT-don’t accept the quiet delegation by the lawyers of determining relevance in a lawsuit. Err-Maybe overly broad(preserve everything) legal holds are not good. Err-Hey lawyer do your job and tell me, IT, what to preserve based on the facts of YOUR case. Lawyers (some of the lazy or fearful ones) like to lock down the whole place when they learn of a lawsuit. Keep everything just in case is their battle cry. Well its bad guidance most of the time, unless really required. Stopping the inner workings of the IT shop to preserve everything, creates a whole host of new issues. So don’t bite until you make the lawyers show you why it’s needed. Case in point. The Federal Court-7th Circuit are developing principles to better manage e-discovery. The E-Discovery Committee’s stated goals are “the fostering of a better balance for the ‘just, speedy and inexpensive’ determination of cases…”

Under proposed Principle 2.04 (Scope of Preservation)
(a) Every party to litigation and its counsel are responsible for taking reasonable and proportionate steps to preserve relevant and discoverable ESI within its possession, custody or control. Determining which steps are reasonable and proportionate in particular litigation is a fact specific inquiry that will vary from case to case. The parties and counsel should address preservation issues at the outset of a case, and should continue to address them as the case progresses and their understanding of the issues and the facts improves.

Whether or not it becomes the “rule” or not, it’s good guidance to you. The courts don’t require everything needs to be preserved, so don’t do it just because.

Thursday, January 28, 2010

Flying through THE CLOUD with a Lawyer on Your Back.

Just about everything I hear lately has something to do with “THE CLOUD”. I am just wondering is that like outsourcing or the ASP (application service provider) model of the dotbomb era? Don’t get me wrong, I like jingoisms as much as the next guy. I just need to know what they mean and their implications. Cloud computing is using the internet to bring technology or more likely software application to you. And it is not really bringing them to you it is making them available to you over the internet. For me they are really like the ASP model of yesterday year. So I take no issue with the name Cloud Computing. In fact I don’t think “THE CLOUD” is inherently good or bad. But it is different and you should consider how it is different from using software you pay for within your computing environment. Just a few things to think about when using someone else’s software application on their environment for business purposes—in other words, “Cloud Computing”.
1. Sometimes relationships go bad or even end and when they do how will you get your information back or have access to it without their “Cloudware”
2. You can’t delegate your legal responsibilities so remember privacy, security, records retention, tax filing support , etc. don’t go away just because your data is floating elsewhere.
3. If you need to have access to your Cloud data for litigation purposes, will your provider accommodate the request and in a timely and defensible fashion?
4. When a regulator wants to see the data or check to make sure it is being stored in accordance with regulations (if they exist for the industry or type of data at issue) will the government deem the environment OK for the task for which they were hired?
5. The rules the Cloud Co. may be following may be different than yours so make sure they follow rules you can live with or contractually make them follow your rules.
6. Anticipate new governance, risk and compliance risks.
7. Make sure the Cloud Co. deals with your disaster recovery requirements.
8. Make sure your litigation response process and e-discovery plan can be accommodated in the Cloud.

Thursday, January 21, 2010

Lawsuits Happen No Matter The Size of Your Company

We now live in a modern litigation world in which the unearthing, securing and producing of electronically stored information (“Electronic Stored Information” or “ESI” as it is referred to by the new Federal Rules of Civil Procedure) changes the balance of power in litigation. If you are an organization with lots of information in various forms, in various places, your organization has exposure. Practically speaking, companies now routinely make “business decisions” to settle cases rather than spend large sums on discovery and thereafter to litigate the dispute. Cases with underlying business disputes can cease being about the legal claim and turn into an expensive, painful public discovery circus, where the 50,000 pound elephant causes injury to all who enter the fray. The business decisions impacting organizations goes something like this: “If our people will be inconvenienced, the IT department needs to be taken off their projects and IT systems taken offline, and we still need to spend $100,000 on “experts” just to do discovery, then perhaps it is prudent to make the case go away for $50,000, even if the legal merits are questionable”. Enter the world of e-discovery. No matter how hard you try to find and produce anything and everything for a lawsuit, it will be a challenge—perhaps an impossibility. But why?

Why is discovery such a headache?

We live in an expanding universe of data with distant parking lots housing company information that may not be logically located. According to IDC there will be 988 new exabytes of data by 2011. To put that in context, it is said that one exabyte of data is the equivalent of 50,000 years of DVD video content. All of a sudden 988 exabytes of data looks like the information equivalent of the distance the Hubble takes us into space. And that information universe is expanding rapidly. Most businesses have lost centralized control over all data and computers. More and more information can be stored on smaller and smaller devices. Businesses use the wrong technology for the job, which is why disaster recovery back-up tapes may create way more disasters than they fix. Employees decide where to park info and when bad company policy dictates a purge of data due to limited storage capacities, employees park company records at home, on a thumb drive or a third party storage network. They’re making the perfect information mismanagement storm that will no doubt cast its shadow on your organization if you have any sizable litigation.

One Bad E-discovery Event is All the Religion You Need

When trying to motivate clients to be proactive with information management, we regularly hear that they have very few lawsuits and they are not worried. The score after the first round is “confidence”-1, and “stoooopidity”-100. Right answer to the wrong question. Getting trounced by the e-disco dancing elephant is not about having many lawsuits. Rather it is about having one lawsuit where enough money is at stake to make life miserable for you by playing the discovery card. It’s the corporate “go-fish” exercise where the pond is seemingly boundless, and the pound of flesh exhumed may be tangentially relevant or harmful or just outright embarrassing. Either way the exercise of looking just to see if something is relevant is both inconvenient and expensive saying nothing of how the contents you find will impact the case.

So, if you are likely to have to produce lots of electronic information or look in lots of places for ESI even if your revenue is not huge and the numbers of employees is only a few thousand, don’t be complacent.
Being proactive is how you tame the discovery tiger. (I am looking for yet one more metaphor to annoy you the reader, so if you can think of one that I missed please send me an email at )

If you are going to minimize the headache from discovery this is a beginners’ roadmap to help the non-behemoth company on your way.

1. Make sure you have good Records Management rules and apply them to the business content. It allows business records and information to be properly disposed of when no longer needed according to documented policy. Make the rules easy and simple and high-level. If you need help, call. We are happy to provide a little free advice. The less unnecessary around to manage and look through, the less painful discovery will be.
2. Once your company is retaining records, you need to make sure you are doing so on the right medium. Disaster recovery tapes are great technology to park huge quantities of stuff in the unlikely event of disaster, but if you need to find a record, you need an archive or RM or DM software application.
3. Have a Legal Hold Policy for all employees to follow that is issued by lawyers telling the rest of the company what information needs to be preserved, when and in what form. It does not need to be big and complex but it does need to deal with basics-- who should preserve, what information Is affected and where to put it.
4. Develop a Litigation Response Plan which can reflect the size and formality of your business. Don’t build the Taj Mahal if you don’t need it. Document who will do what and how the IT and lawyers will interface. Maybe you will need some technical guidelines of how to preserve, and rules for employees but make it useful and simple.
5. One of the things the New FRCP requires to know is your source of ESI. Some folks call it a Mapping of Sources. Whatever you call it, you need to document what you have, where you have it, in what system it resides and who controls it.
6. Legal Hold Mechanism (Notice and Issuance documentation). After it is determined that you need to tell some or all employees to preserve information, thereafter you need to document the effort. If something slips through the cracks, and stuff always does, at least you can show what a good company you are by what you did undertake. So retain proof you did the right thing.

Being littler has its privileges—you don’t need to build it like the big guys. You can be less formal, less proscriptive, but in the end, you need the things above to get through discovery in the bad case with your pocket book intact and your employees bruise-free.

“Not my problem, we don’t have a ton of litigation” is not an appropriate response. The first time you get sued, you may have the e-disco elephant sitting on your head and that smarts. The question is—“do you feel lucky”.

By Randolph Kahn, ESQ.

Monday, January 18, 2010

Why do you think it’s called back-up?

Why do you think it’s called back-up?

So begins a story that seems to rear its ugly head at just about every organization, large or small, private or public. The act of having information is rather different than managing it. The act of storing data on back-up media, while essential, is rather different than retaining it in an archive. The differences are far more than location or semantic. Unless and until everyone understands the issues, the world of e-discovery pain or records management failure will continue to be felt again and again, seemingly without end in sight.

So what does the enlightened leader know to be true.

Disaster recovery is an essential activity—making sure that vital records are available to the business in the unlikely event of disaster. The way in which disaster recovery is done is by taking huge chunks of data and parking it in a device that maximizes the amount of stuff to be stored but generally does not provide functionality to promote finding the “needle in the haystack”. Thus unearthing an individual record for business purposes or a piece of potentially relevant evidence for an audit or lawsuit is not best accomplished with the typical disaster recovery back-up tapes for example. They just weren’t built for this purpose.

In the context of a lawsuit no doubt the litigants will have to ask whether or not information exists that may be relevant to a lawsuit. But actually that is not really the best question to ask. The better question is if information exists, where is the information located, and how can we find and preserve it as efficiently as possible? Further, in reality the best time to ask any of the questions is before you are forced to do discovery because you can prepare and make sure you have the right technology for the job. So often companies in a lawsuit learn the hard way—yep, we technically have the information but it is locked in disaster recovery back-up tapes for which we no longer have the software or hardware to open the tapes. In other words, it is there but opening the doors to have access is made very complicated and expensive due to the technology we chose to store it on.

So what are the takeaways

• Disaster recovery back-up tapes are essential but for backing up data, not for retaining one of a kind records.
• Having information that is not readily available is not proper management.
• For records you need to have an archive that promotes access and good efficient business
• Not all technology is the same—know what you seek to solve and find the right tools to make it happen.