Friday, November 8, 2013

Make Your OSHA Injury Records Available to the Public--Say What?

Companies must retain records. From time to time regulators ask to see those records. When companies fail to produce the requested information, there is usually a consequence-from a minor hand slap to a full-fledged flogging.

For big companies that are required to retain worker injury and illness records (that is many businesses) to comply with OSHA, that records keeping requirements may be about to get more painful.

The US Labor Department just proposed a new rule that would require companies with more than 250 employees to file electronic injury reports and make these records AVAILABLE TO THE PUBLIC.  I don’t know if that is better or worse than making the CIA disclose records about interrogating terrorists, but I would bet that most companies will have something to say about it.

What do you think—good transparency or an accident waiting to happen? Pun intended. Boom. 

Tuesday, October 29, 2013

The Tale of Two Bobs

This is the tale of two Bobs. One Bob—let’s call him Robert, works for a large financial services company as a senior IT executive. The other Bob, let’s call him Bobby, is a super quick, super smart, super happening twenty-something having graduated from that amazing university around the corner with a tree as its mascot. He went from Palo Alto to somewhere between San Francisco and pathetically wealthy, way too early. 

Robert has had a different career trajectory. Twenty six years, three months, six days, fourteen hours and thirty three minutes at the same company slogging it out through the ranks. Boom, his slightly above average pay check comes every two weeks whether he needs it or not. He evaluates, he tests, he researches, he does an ROI, he purchases, he implements, all in the hopes that the technology he just bet his reputation on will help make his company “faster, better and cheaper.” 

Robert set in New York. Bobby flitting to and fro, somewhere south of San Francisco.  Their worlds seemingly, well, worlds apart. Yet they collide.

The article in the October 22, 2013 Wall Street Journal read, “Request by CFTC has Deutsche Bank, Citibank, and Others Sifting Through Trader’s Emails, Chats.”  So what’s the big whoop -- a bunch of financial services companies have to produce some business records to a regulator. And by the way, why does that have anything to do with Bobby?   You read on, “Deutsch Bank, the world’s largest foreign-exchange dealing bank… is spending millions of dollars scouring traders’ emails, and chat sessions…” This is the deal-- there are many Bobby-types that each and every day work of developing new technologies for whomever will buy them.  Then someone working at Big Company brings some new technology into the enterprise. While some companies preempt such conduct, many others leave the door wide open.  And when there is nothing to prohibit the introduction of technology “from the street”, new technologies made by the Bobbies of the world find their way into your business.  What the Roberts of the word forget about is that, for each new technology that Bobby makes, there will be some informational output.  Increasingly, there are mountains of informational output that make Robert’s job increasingly more challenging in several kinds of ways. More information, in more places, that doesn’t lend itself to easy management. And when Bobby builds, he usually is not thinking about how the new technology will be used by a financial services company with very stringent records keeping requirements. As the Wall Street Journal article makes clear that new casual information output may be a company record that needs to be retained and possibly produced to a regulator down the road. Unearthing information is invasive, complex and costly.

Over the years, not surprisingly, the laws have reacted to the technology marketplace.  Over the years the financial services regulators have been dealing with the creations of the Bobby’s of the world. Regulations and laws have already popped onto the legal landscape to deal with legality of storing electronic information on computers, retention of email, chat technologies and social media. There are rulings on just about every new communication technology being used in the financial industry and if not it will be coming in one form or another.

Which brings me to my real point.

1.  Companies are failing at information management and can’t discern records requiring retention and information that can be disposed. That needs to change.

2. Companies are not proactive enough when allowing or implementing new technologies—companies need policy first that tells employees what to do and technology needs to be utilized that manages the lifecycle no matter how long or short.

3.  Just because Bobby makes cool technology, unless there is a legitimate and documented business reason to allow technology, the technology shouldn't be allowed. Only after the business case has been satisfied, then the company needs to understand what their obligations with that new information chunk is and manage it accordingly.

Thursday, May 30, 2013

Information Governance “Eight Essential Steps to Attacking the Piles”

Maybe your Information Governance project is bogging down because you are solving a problem that your colleagues don’t think exists.

Do you know the Muffin Man and if you do, do you care where he lives? I know Peter Pan thought Wendy could fly but did Wendy actually believe it? What if the band, “The Who”, was called, “The Why”?

Anyway, I was listening to a “one hit wonder” radio show when “Who Let the Dogs Out” came on.   As I listened (though I wanted to change the channel several times), that got me wondering if “Who Let the Dogs Out” was really the operative question?  Was the song really about dogs that are gone? If it was about dogs, why are we worried about blaming someone for letting the dogs out?  Why not ask where the dogs went or better yet, how are we going to get them back? Further, do we really want them back?
 And that got me thinking about all the questions we ask on a regular basis that drives us to seek answers to myriad business questions. But what if the right question is actually different than the one we asked? The answer that we get is different than one we would get if we asked the right question.  And that got me thinking that we probably take actions based upon answers to the wrong questions all the time.  So perhaps we choose the wrong path, because we ask the wrong question to begin with. 

And that, of course, got me thinking about information sprawl and the piles of data growing unfettered all over every big organization. Why do the piles exist? Who is at fault? Maybe for certain business folks the piles were intended to grow? If not, how can we ensure that they are defensibly disposed when the information is no longer needed? In other words, why does the company allow the piles to exist? And then and only then can we really address the sprawl.

But wait, the right first question is, do the folks that create or keep piles think the piles have much value?  I assume that so much of organizational information overload is outdated crud. But what if others think it’s all valuable information. If they do and I am nonetheless right, I will still need to change their thinking before I get to my questions. Otherwise attacking their piles doesn't make sense to them. They will be hard pressed to go along with spending time and resources cleaning up the pile.  My questions assume there is lots of valueless stuff in the piles. Their perspective may be that the pile is all valuable.  So it makes sense to not assume anything and ask the right question of the right folks. 

And that got me thinking about planning my attack on the reason the piles exist. So here are “Eight Essential Steps to Attacking the Piles.”

1.            Who is your audience? Knowing who your audience is will matter for two reasons. First, who they are in the company or what they do for a job impacts how they see the world and the reason the piles exist in that world. For example, litigators see evidence and their inclination may be to refrain ever destroying any of it. To get their approval to cleaning house will require allaying their concern for destruction of evidence and the impact that would have on a case, the company and their career. If I can’t address their worry, usually all other efforts to get rid of information, even if it makes business sense, will be fruitless.

If I am talking to a project manager on a “Big Data” business process improvement initiative, that person will likely see the piles as being a treasure trove of valuable business information that can be analyzed, scrutinized, and monetized.  Getting rid of the pile will likely be perceived as making her job a lot more challenging and literally sucking the lifeblood out of her project.

2.            You need to answer whether or not your audience thinks that they own fixing the problem?  If they don’t take any ownership around the piles, then convincing them to take action is fruitless.

What if the person I am talking to is the head of storage and is under no compunction to care about making the piles smaller. First, she doesn't think she owns the information (which is owned by the business) so therefore taking action to “right-size” the pile is neither her problem nor her province.  Do you think she will like her budget being reduced if the piles are smaller? If she has 30% less data to store and 30% less budget that has real impact to her department, head count and budget.  She may not care whether the content is valuable or not. She cares about budget. So I have to know who I am talking to in order to speak a language that gets through to her.  Maybe cutting waste will provide sufficient incentive and saving millions will be recognized by the executives, but in the end, what moves the recipient will be directly related to where they sit in the organization and how they perceive the problem.

3.            Does your audience think there is business value in the piles? 

For data miners big is better. For the CFO, saving millions is a way to ensure longevity in his coveted job and provide value to shareholders.  For users they want access to their information and their instinct is always that everything is important. So first it is essential to understand that everyone, to a greater or lesser degree, has packrat tendencies. 

In order to take on house cleaning, there has to be a more objective way to evaluate information value to the enterprise without being clouded by subjective and personal opinions of individual employees.  If your organization has a retention schedule and the retention rules were properly developed then real business interest and needs and the true business value for the information across the organization should already be known.  And there is NO need to revisit business value question.

And that begs another very important question—if you have retention rules and are not applying them to various types of electronic records, does that undermine your records program.  Answer—you betcha. Which is Canadian for “You’re darn tootin”, which is Alabaman for Duh, which is American middle schooler for…You get the idea.

If you don’t have a good schedule then you will need to assess value in a different non-emotional, non-personal way.

4.            Do they think there is legal value in the piles?

Some lawyers want everything gone tomorrow and other want everything forever.  But in the end neither approach is viable.  So you have piles and somehow you will need to answer two questions before the lawyers will go along with house cleaning. One, does the pile contain any records required to be retained? Two, is there any information that otherwise still needs to be preserved for audit, litigation, investigations or other formal matters?  If the answer to both questions is no and can be demonstrated with sufficient diligence (hopefully without looking at every document), then the lawyers should be comfortable with cleaning house.  No matter, you will need to work with them A LOT as they are a nervous bunch.

Remember different lawyers see the world differently. Compliance lawyers will be thinking compliance with policies and laws. Corporate lawyers will be thinking business needs and maybe risk. Litigators are motivated by making sure the company doesn't get whacked in litigation for failing to produce evidence.  Revert back to number 1 above so you can speak to each group and move them by speaking their language and addressing their concern.

5.            Who owns the storage “parking lot” in which the piles are piled up?

Taking on the piles requires understanding who actually owns the technology and applications on which the content sits.  Does a business own the application and technology? Do all business units park data in that environment?  Will the technology owner be authorized to take action to clean up the content on their system?  Remember the owner of the storage “parking lot” is likely not going to be the same person who owns the records or content.

6.            Who owns the content in the piles? 

To make information go away, you will need buy in on agreement from the business folks who really own the information.  The business unit owners own the content and you will need to get their involvement in the process.  What do they need to hear, to believe that the piles can be culled of crud?  If they paid for its storage directly out of their budget would that move them to action?

7.            The next question is how to take on the challenge. 

Defensible disposition is no small task. It is dirty, complicated, and not without expense (with potentially significant savings). It requires effort from within and outside the organization. But different chunks of data can and must go away and each will require a different diligence process depending upon what the pile is, how old it is, whether it is subject to litigation, if it is being used for business, if it is technically disaster recovery back up piles, etc.  Remember you are getting rid of chunks and piles and chunks within piles not individual documents so making these culling decisions requires expertise and convincing lawyers that it is ok. 

8.            How can you make the case that the piles need to go away?

Information is growing at 20-50% per year if your organization is like others.  Businesses already are having a hard time finding information to run their business. Litigation response has gotten costlier and more painful—another data point to tell you information governance is broken.  Bad up front management means expensive e-discovery events will likely follow.  We have clients that stand to save tens of millions of dollars just through storage savings over the life of the project.  That seems like a compelling motivator for any executive. There are many more compelling facts that argue in favor of taking action, but they need to be tempered against real costs and risks.

There are a whole lot of questions. The place you start asking may be way too far down the road.  Assume nothing. Ask the right question of the right person. But ask?

By the way, “Why Did They Let the Dogs Out?” is a less catchy name for the song for sure, but it’s an essential inquiry nonetheless.  

Tuesday, March 12, 2013

The Case for Rightsizing Your Information Footprint, Cleaning House and Stopping Stupidity

 Demystifying Storage Is Cheap

It’s really funny when a smart IT person tells me that “storage is cheap” and asks why they should clean house of digital data debris (D3). For most businesses their information volume is growing between 30-50 % per year. The decline in storage cost per terabyte is a few % per year. So in real terms, most businesses are spending way more in real dollars to store information. The storage cost along for 1 petabyte of information is roughly between $5-10 million per year.   So why care about D3—because if you could get rid of some of it, there is potentially a whole bunch of savings associated with the action.

In a few short years Facebook has amassed an information pile that is not surprisingly really massive.  According to the March 11, 2013 Wall Street Journal the data comprising just Facebook users alone is 100 petabytes of stuff.  For those of you not tapped into information volumes, that is a 1 followed by 17 zeros.  In simple terms that is in excess of a hundred billion files.  Imagine what the Facebook info trove will look like after a few decades in business.

Debunking Big Data

Big data is not just a description of a huge pile of info. Rather Big Data is the idea that if you take your big pile of info minus D3 and connect the dots using powerful analytics technologies, that you will be a faster and better business. You can learn things about business past and future to be more efficient. Assuming that you can actually pull off harnessing Big Data for big value, the D3 is still unneeded information background noise that makes unearthing info import that much more challenging. So get rid of D3.

Lawyers are People too and Litigators are Predictably Short Sided

Contrary to popular belief, lawyers are people too. They make mistakes just like the rest of you people.  When they do something that is going to add to your pile of D3 and you don’t know why, stop and address the issue. Usually lawyers stop the wheels of progress (i.e. preserve the back-up tapes though policy says it should go away after a short time) or cleaning up the crud because the one involved litigator sleeps better being able to say that nothing could have been destroyed because they don’t destroy anything. The problem is that while they are sucking their thumb in their bunny eared feety pajamas the IT folks are up wandering the halls wondering how they will pay for the mess and keep systems running without overloading and seizing up. Once this “Lawyer Induced Everything Saved” (LIES) regime is started, trying to unwind it is really difficult especially with so many subsequent lawsuits.  So unless a court mandates the “save everything” regime, don’t give in. “You’re smart enough, and strong enough, and gosh darn it I like you.”   

Thursday, February 21, 2013

Get Your Information Retention Under Control

Most sizable companies spend millions or tens of millions of dollars every year storing unneeded business content.  So please don’t get me started about the fallacious “storage is cheap” hokum.

The CIO is tired of having his dog wagged by the legal tail whose mantra is getting old. It sounds like this-- “But wait, WHAT IF we need that one document for a lawsuit and its gone”. So don’t get me started about how we should keep everything just in case there is a lawsuit down the road for which we need a specific document. That approach is contrary to your records policies and makes little or no sense.

Ok this is the reality, you can’t keep everything forever, buy you are afraid. If only I could hear it from a judge that would make me comforted.

Your wish is my command. I’m a Defensible Disposition fairy.

A lawyer seeks to justify why her company needs to keep all information.
“…part of the reason eDiscovery is so expensive is because companies have so much data, that serves no business need, but it’s so easy just to keep it there…. I think despite the economy, companies are going to realize that it’s important to get their information retention, their information governance under control, get rid of the data that has no business need and mine the data that has business needs – you know the so called Big Data – things like that in ways that will improve the company's bottom line on the business side and reduce costs on the eDiscovery side as a benefit as well.”

United States Federal Magistrate Judge Andrew J. Peck, “JD Supra Law News,” February 4, 2013. 

Tuesday, January 22, 2013

Information Mismanagement

A company filled with smart employees and not dissimilar from many others like it does something that I think is short-sided, risky and wasteful of limited company assets. The company lawyers think their practice is entirely prudent.  Their IT folks don’t agree but they are afraid to let the lawyers know what they really think. But we will come back to that point.

I would like to say that we could chalk this different way to solve this problem to “different strokes for different folks”, but that is not what I really think. I think they are wrong. I think they are lazy and short-sided.  I think they put a gun in their hand and keep loading it with bullets and don’t expect that at some point down the road somebody may get hurt. 

Oh, I have still failed to tell you what I think is wrong. The company (or least the lawyers of the company) has decided, seemingly with both eyes open to keep all information they create or receive and store it away somewhere. Perhaps they still believe storage is cheap (for most companies storage volume is going up at between 20-50% per year when cost is coming down per terabyte at 5-10% which means overall, they are spending way more to store information) . Not to worry as they also believe the Tooth Fairy is an independent contract of Santa Claus. They keep all information—records and digital data debris alike. Seems like a bad business decision to me.

They take this approach to information mismanagement for 3 major reasons:

1.         Lawyers feel better keeping everything because they don’t have to worry about not having something when litigation happens.
2.         They don’t have to worry about providing real legal hold guidance about what needs to be preserved to employees at the time of a lawsuit.
3.         The company doesn't know how to clean up all that electronic information in a legally defensible way?

Smart people can differ on things, but there is something about this debate that seems like the legal tail is wagging an expensive corporate dog around.  This got me thinking that perhaps I needed to start a list of the things that make keeping everything forever really a bad idea. Thereafter, we can put that up against the lawyers list of one and see who wins. BTW-I have a pretty good idea how this story ends. So here are my top 10. You can email me ( with your additions to the list.

  1. Storage is not cheap (per gig cost is going down but that savings is dwarfed by the growth of data)
  2. Keeping everything makes finding needed information more challenging
  3. Discovery rules require taking action upfront to know your sources of info and then in a case to find responsive information and work with the other side to deal with discovery issues upfront
  4. Legal hold requires action soon after notice of a lawsuit
  5. The “meet and confer” requires lawyers get together at the beginning of the case to discuss, among other things, discovery issues. That presupposes you know specifically what information exists and where
  6. Once you start keeping everything forever and don’t separate it for a lawsuit, it’s tough to apply regular retention rules to clean stuff up without the risk of destroying evidence
  7. Employee time is increasing just to be able to find needed information
  8. Information utility is inextricably linked to expeditious retrieval and access
  9. Companies are already running their businesses inefficiently as they can’t readily find needed business content
  10. Once commingling content, their record program is effectively a nullity and defensible disposition becomes much more challenging