Tagged: information-governance

As we near the end of 2021, legal information and knowledge professionals have continued to work primarily in a remote environment. This has not only impacted how we work, but also how we network, how we learn, and how we grow as professionals.

Recently, we have seen a remarkably fast uptake in law firms’ adoption of Microsoft Teams as their preferred collaboration platform. In fact, it is not a stretch to predict that it is no longer a matter of if law firms will implement Teams, but when they will do so. And while there has been a lot of messaging around implementing and using Teams in the legal industry, there has been nothing about the real work that is required for governance and compliance. Implementing, provisioning and managing Microsoft Teams is only part of what needs to be done. Teams is complex and, as a preliminary step, it is important for law firms to develop the appropriate policies, procedures and controls within Microsoft Office 365 to ensure they are ready for a secure and compliant Teams roll-out.

For companies still conducting business remotely, the days leading up to the July 1 enforcement date for the California Consumer Privacy Act (CCPA) will be busy -- putting in place essential elements to comply with the country’s most comprehensive privacy law and trying to anticipate amendments to come. We have written elsewhere about privacy data maps, typically manifest as tables detailing the information a company possesses and the path it travels through various systems before landing in its final storage location. But little attention has been paid to the data map’s counterpart: a company’s records retention schedule. While tools like a data map are important elements of successful CCPA compliance, an important preliminary step is to make sure your business has a strong foundation in place, including a functional records retention schedule.

The same angst many companies experienced as the effective date for the California Consumer Privacy Act (“CCPA”) approached is resurging again as they prepare for the July 1 enforcement date. The Office of the California Attorney General Xavier Becerra estimates that compliance with the CCPA could cost businesses as much as $16 billion over the next 10 years. The Act is intentionally vague when it comes to how companies should operationalize requirements described in the law, allowing businesses to account for their unique resources and limitations. Some organizations may be tempted to pause in their preparations while California awaits the fate of the proposed California Privacy Rights Act (“CPRA”). If the CPRA is ultimately included on the California November 2020 ballot, voters will likely support the expanded law, although it will not take effect until January 1, 2023. Regardless of what happens in November, it is important to focus on compliance with the existing law now. One of...

More than ever, information governance is critical. With companies and organizations working to manage the economic fallout from the COVID-19 pandemic, information governance professionals are more essential than ever. While the pandemic is sweeping the country and world, information governance professionals have a responsibility to step up and provide leadership by helping their organizations avoid or mitigate some of the information governance challenges likely to arise from the pandemic.

Managing a records retention and disposition program is one of the chronic challenges for any organization in the information age. Businesses and government agencies of all sizes are seeking to implement or improve these programs due to increased risk of cybercrime and data breaches, the complexities of complying with a variety of data privacy laws and regulations worldwide that dictate how long personally identifiable data can be retained, and the desire to reduce their data footprint in order to cut back on their storage expenses however possible.

At this year’s annual ARMA Live! Conference in Anaheim, we conducted an informal survey of the 300+ visitors to our booth, asking a single question: “What is your greatest information governance challenge today?” We received a variety of responses including:

October was once again packed with conferences, from large international events to smaller regional and industry-specific seminars and roundtables. If there was one word that was thematic across all of these events this year, it was “disruption.” It has lead me to ask, “what is the most disruptive innovation today related to how we manage, control and govern our information?” While the GDPR and burgeoning international, sectoral and national data privacy and security laws may first come to mind, they are reactive regulations to the growing threat of cyberattack, ransomware assaults and security breach. Responding to these malevolent actions certainly requires organizations to re-think their approach to information security and develop enhanced programs and processes, but I wouldn’t characterize these as disruptive innovations. Actual disruption is taking place right in front of us changing the way almost all of us work and interact with technology on a daily basis. It’s called...

As law firms recognize the growing importance of an information governance (IG) strategy, they are beginning to think about how they can transform traditional records management (RM) staff into true IG professionals. This shift, which is driven by increasing regulatory demands and pressure from clients for stronger security, is making firms realize that IG requires a much broader set of skills than records management.

Over the course of this IG blog series, we have examined how the IG professional can align their IG program to directly support the mission and vision of their organization. Several case studies helped illustrate how this alignment allows the IG / RIM professional to contribute to the bottom line in meaningful ways. In this post, I am taking a deeper dive into a very specific challenge that most multinational organizations face today: compliance with the soon-to-be-effective GDPR imperative. During our annual roundtable events, we surveyed clients regarding their level of engagement with their organizations’ GDPR initiatives, and learned that a surprising 45% said they had minimal to no involvement at all.