Download - What is information governance?
e x c h a n g e
An ARMA Metro NYC Chapter Publication I Nov/Dec 2012 I www.armanyc.org
Chapter
Innovation
Award
ARMA International
Gold
Merit
Award
ARMA International
Best
Website
ARMA International
Newsletter
of the Year
ARMA International
3
5 Dear Readers
Chapter President, Jason C. Stearns,
CRM, looks back at 2012 and
forward to 2013.
6 Lets Get Social
Editor-in-Chief Jennifer Best
shares the impact of social
media on the lives of those
affected by Hurricane Sandy.
44 What’s New?
Keep abreast of activities
within the Chapter’s
various Committees. 11 Big Mother is Watching
This month, the Laws and
Regulations column “uncovers” a
United Nations report proposing
broad internet surveillance as a
means of tracking terrorists.
18 Records “Management”
The Essential Reading column
discusses a management book
you might want to consider
reading in preparation for Part 1
of the CRM Exam.
39 The City that
Never Sleeps
Check out the Chapter’s
Events calendar and other
fun winter events.
20 Be Prepared
Our tech expert asks thought
provoking questions about
managing electronic vital
records.
16 Ask a Fellow
Fellow John Isaza, Esq.
answers questions posed by
various ARMA International
Chapters.
47 Last Stop
Choose a different “train”
of thought by thinking
through SharePoint
governance.
8 Back to Basics
The RIM 101 column is the first
in a series of columns that will
explain the life cycle of a record
concept. CRM exam and study
group information is also
provided.
37 Uniquely NY
Our Man About Town
writes about the spirit of
New Yorkers.
19 Kudos
Congratulations are in order
for certain ARMA Metro NYC
Chapter members.
First Stop
4
About exchange exchange is a publication of the ARMA Metropolitan New York City Chapter, Inc. (ARMA Metro NYC), P.O. Box 1462, Grand Central Station, New York, New York 10163. The publication provides a wide-range of content from current industry trends and issues to activities in the NYC metropolitan area. An annual digital subscription to exchange is included as a benefit of membership.
Opinions and suggestions of the authors of the articles in exchange do not necessarily reflect the opinion or policy of ARMA Metro NYC or ARMA International. Additionally, acceptance of advertising does not constitute official endorsement of the product or service.
For more information about exchange, including advertising and publishing opportunities, please email us at [email protected].
About the
ARMA Metro NYC is a local chapter of ARMA International, a not-for-profit professional association and the authority on managing physical and electronic records and information. The Chapter supports its members through educational seminars, events, an annual RIM conference, and its publication exchange. Its members are comprised of RIM professionals as well as individuals that work in related fields, such as technology and law.
The ARMA Metro NYC Chapter’s Board Members are: Jason C. Stearns, CRM, FLMI, FFSI (President),
New York Life Insurance Co. ǀ Brynmor Bowen, CRM (Executive VP), Greenheart Consulting LLC ǀ
Michael Landau (VP-Treasurer), Techlaw Solutions ǀ Eugene Stakhov, CRM (VP– Collaborative
Partnerships), Lighthouse Computer Services ǀ Mary Sherwin (Secretary), CBS Corp. ǀ Jennifer Best (VP–
Communications), New York Life Insurance Co. ǀ Anita P. Castora, CRM (VP– Membership), American
Eagle Federal Credit Union ǀ Darryl Harris (VP– Membership), Kelley Drye & Warren LLP ǀ Derick Arthur
(VP– Professional Development), Proskauer ǀ Debbie Mevs (VP– Advertising and Promotion), GRM ǀ Edie
Mazzullo (VP– Advertising and Promotion), Hughes Hubbard ǀ Ace Romar (VP– Special Events), New York
Life Insurance Co. ǀ Marcel Rodriguez (VP– Web Master), NBC/Universal ǀ Frank LaSorsa, CRM
(Immediate Past President), Kelley Drye & Warren LLP
Volume 43, Issue #2
©2012 by ARMA Metropolitan New York
Newsletter
of the Year
ARMA International
Gold
Merit
Award
ARMA International
Chapter
Innovation
Award
ARMA International
Best
Website
ARMA International
16
This is part of a syndicated column I have created for ARMA International Chapters, including the ARMA Metro NYC Chapter’s Newsletter. My column is devoted to answering information governance, records management and related legal questions from Chapter Members. As you read my responses, please note that although I am an attorney specializing in these areas of law, these are only my opinions based on very limited knowledge of the Member’s particular circumstances. My opinions should not be construed as legal advice. Kindly consult with an attorney for more formal legal advice.
Janie Wait, of the Wyoming Chapter, asked: What are the legal ramifications of keeping your records in the Cloud?
The legal ramifications vary from industry to industry or by geography. For instance, the legal industry has a lot of hurdles to overcome to keep records in the Cloud. There are state bar requirements and ethics requirements that compel due diligence when using a Cloud provider and commensurate protection of data. Similarly, global organizations must heed foreign privacy requirements that govern disposition of personally identifiable data. Public Cloud providers may claim ownership of your data, and therefore you could lose control over its disposition. Finally, some industries like the financial sector, or foreign countries, may require that the data reside in a certain location or within the borders of the country. Such requirements need to be examined
for your organization before it keeps records in the Cloud.
Bryn Bowen, CRM, of the Metro NYC Chapter, asked: Is Information Governance really the new Records Management or is there more to the story?
Information Governance is the area of specialty of my partner at Rimon, Douglas Park. He had this to say:
“Information Governance is broader than Records and Information Management (RIM). Information Governance differs from RIM for three reasons: the rise of Big Data, the digitization of information, and the storage of information in the cloud. These differences give rise to new issues of security, privacy, compliance, and data usage. In-house counsel and corporate boards increasingly recognize they must understand and address information risks.
The biggest difference, however, is that a properly designed Information Governance program allows organizations to use the three factors mentioned above for business advantage. Examples of such advantage include using information to enhance marketing initiatives, financial forecasts, operations, and strategic plans. Because of the implications for shareholder value, corporate boards should be involved in Information Governance.”
Information Governance is the new moniker used in the technology arena to encompass the entire
By John Isaza, Esq., FAI
Ask a fellow
17
Ask a fellow
lifecycle of information that traverses an organization, some of which includes records. In sum, Wikipedia defines it as:
“an emerging term used to encompass the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements.”
Linda Buss, of the Mile High Denver Chapter, asked: I would like to see a discussion about how to manage records that are distributed across an organization in different repositories: SharePoint, shared directories, hard drives, and removable storage. What are the legal implications and risks for managing in this manner?
Indeed, Enterprise Content Management Systems (ECM) and SharePoint, for instance, are attempting to address this “distributed data” issue. That said, not every organization can afford an ECM system or the latest technological solution. This means an organization must resort to managing the data with policies and systematic auditing for compliance. The key is for the organization to set realistic policies. For instance, organizations should prioritize a legal hold policy and procedures that should be designed to stop the disposition of any records and Information that might be relevant to pending or anticipated litigation or investigations. (Notice I am capitalizing the word “Information,” which could be defined as “records, data, content, and physical artifacts of the Company.”) Beyond legal holds, an organization needs to truly consider the risks associated with permitting the use of removable storage, shared directories, etc. All repositories need to be robustly managed using proper Information Governance principles.
In terms of risks, you need to look no further than the recent DuPont v. Kolon Industries (E.D. Va. August 31, 2012) case. In addition to a $919
million verdict and a 20-year product injunction stemming from Kolon’s spoliation of electronically stored information (ESI), Kolon along with certain executives and employees now face criminal charges for their theft of DuPont’s trade secrets. The criminal indictments stem from the findings in the civil litigation, which includes the finding that Kolon executives and employees spoliated the ESI evidence reflecting the theft of trade secrets.
About the Author John Isaza is a California-based attorney and Partner of RIMON, PC, a twenty-first century law firm that includes specialty in electronic information governance, records management and overall corporate compliance. He may be reached at [email protected] or follow him on Twitter and LinkedIn.