iapp privacy enforcement and new business case presentation
TRANSCRIPT
1
Privacy Policy Enforcement and the New Compliance Business Case
Craig RhinehartDirector, Product Marketing for Records Management
Presentation OverviewPresentation Overview
Today’s question …Is having a privacy policy good enough?
Privacy and records management.Some simple rules.How to build business value and guarantees cost effective enterprise wide privacy policy enforcement.How privacy management reduces risk and creates a return on investment (ROI).A few words on Email.
Privacy and Records … Most Organizations
Privacy and Records … Most Organizations
85% have formal records management programs, 47% do not include electronic records.
38% do not regularly follow own policy
46% do not have formal process for holds, 65% do not include electronic records
93% believe outcome of future litigation based on electronic records policy, 62% doubt they could defend own records
67% doubt own IT department understands policy
Survey data from Cohasset Associates “A Call To Action” AIIM and ARMA 2003 study
Records get lost or misfiled.Records aren’t getting destroyed at all.
High storage costs are unnecessary and avoidable.
Records are lost or destroyed too soon.Inability to produce in court. Costly to recreate.
Records are kept too long.Expensive to discover and defend.
Process information not recorded.Breaks legal chain of custody.Now required for audit and compliance.
Privacy policy not enforced.Reliance on users to make decisions.IT systems do not implement privacy policy.
2
Rely on Users?Rely on Users?
Large organizations lose a document every 12 seconds
67% of data loss is directly related to user blunders
Business workers typically misfile 2-7% of all records
Law of Small Numbers:Business workers take 5-15 seconds each time they declare a record.
Actual use case ….
10 seconds X 72 records/day= 720 seconds/day= 12 minutes/day= 60 minutes/week= 1 hour/week (2.5%)
Can any company afford a 2.5%drop in office productivity solely to declare records?
Source: PRISM International, FileNet and National Archives and Records Administration
Significant loss of worker productivity.Law of small numbers … they become big numbers.
Business workers make mistakes.Large % will get misfiled and lost.
Process information not captured.Proof of process adherence (plus content) now required for compliance, audit and chain of custody.
RIM policy inconsistently applied or not enforced at all.
Creates privacy, legal and compliance liability.
Simple Rules for Risk Reduction and ROI
Simple Rules for Risk Reduction and ROI
Manage the actual process not just the records and people.Capture the process info (and data). It’s required now anyway.Retain what you need to, for only as long as you need to, as determined by law, regulatory statute and/or sound business policy.Only destroy (delete) records at the right time, for the right reason and by the right person.Enforce privacy policy consistently and uniformly.
Know Your Risk or Total Cost of FailureKnow Your Risk or Total Cost of Failure
Consider the following areas of exposure:Likelihood
Likelihood of experiencing a given information management failure?
FrequencyHow often would your organization experience such a failure?
MagnitudeWhat would the magnitude of the failure be?
Potential CostsWhat would the impact be on legal costs, fines, company and professional reputation, investor confidence, stock price, cost of reconstruction, etc.
An extremely enlightening and possibly very scary exercise!
Sources: Information Nation by Randolph Kahn, Esq., and Barclay Blairand Records and Information Management by William Saffady
3
It’s About About YOUR ProcessIt’s About About YOUR Process
The active - inactive model has changed for records.
The line is very fuzzy and it’s the actual process that matters most.
Manage records in the line-of-business process.Manage records in the compliance and privacy process.Use the data you already have.
Privacy Process• Create
• Edit
• Use
• Publish - Transact
Most Get Destroyed (~95%)
Records Process• Retain - Store
• Migrate
• Defend
• Expunge - Archive
Payables
Compliance
CallCenter
HumanResource
Statements
AssetMgmt
ConsumerLending
PaymentsSystems
Letters ofCredit
FundsTransfer
Lockbox
CashMgmt
Regulatory Reporting
Clearing/Settlement
Investment Mgmt
ElectronicPayments
Under-writing
LoanOrigination
Collections/Disputes
ConsumerLending
PortfolioMgmt
Stock Transfer
Trade Order
Tracking
RegulatoryReporting
PolicyMgmt
Claims Processing
Under-writing
Collections
RetailBanking
WholesaleBanking Securities
MortgageBanking Trust Insurance
EntireEnterprise
Compliance Process Spans the Entire Organization
Compliance Process Spans the Entire Organization
Privacy can enable line-of-business ROI.Nice Bonus = Enforce your privacy policy in these processes.
Requirements
Capture records for legal compliance.
Scalable processes to manage growth through mergers / acquisitions.
Process improvement with the banks adoption of Total Quality Management into the culture.
Banks stated objective to be a top 5% performer.
Desire to be an industry leader in efficiency and quality.
$
Commercial and Retail LoanDocuments are Originated in the
Branch
Loan Documentsare mailed to Loan
Services
Mailbags areOpened and Loan
Documents areSorted andDistributed
How are they sortedand distributed
where
NewBusiness
Loans
Retail LoanMods/
Renewals
New RetailLoans
BusinessLoan
Exceptions
BusinessMods/
Renewals
Retail LoanDeferralsInsurance
Retail LoanExceptions
LoanOperations
Wilson
HazardInsurance
Wilson
Retail LoanOperations
Wilson
DocumentationReview
Lumberton
Wilson, NC
Lumberton, NC
Virginia
ComplianceReviewWilson
DocumentationReviewVirginia
DocumentationReviewWilson
ComplianceReview
Lumberton
VaultWilson
VaultVirginia
VaultLumberton
AllAllAll
NC
VA
SC
ComplianceReviewVirginia
All
NC
SC
VA
All
MicrofilmLumberton
MicrofilmWilson
All Retail Deferrals
SC
NC
VA
All
All
Process Improvement (BPM)
ABC Bank Customer Process - BEFORE
4
ABC Bank Customer Process - AFTERResults
Projected Cost Benefit– Payback - 35.8 months
– IRR - 22.41%
Results– Cost reduced 50-60%
– $13 Million Saved Annually
– Payback every 4-6 months
Other Projects Affecting Results
– TQM Focus and Flowcharting
– Performance Matrix– Quality Forum– Privacy and Records Management
$
Commercial and Retail LoanDocuments are Originated in the
Branch
Loan Documentsare mailed to Loan
Services inWhiteville
Mailbags areOpened and LoanDocuments are
Sorted andPrepped
Documents areScanned/Indexed/
Verified andCommitted
Original Legal/LienPerfection
Documents areStored in Vault
All OtherDocuments are
Destroyed
Images are storedto Juke Boxes
Workobjects arecreated and sentthrough ImagingWorkflow to be
processed
What is theWorkflowProcess
Loan OperationsDocumentation
Review Hazard Insurance
Process Complete
Automated ReviewProcesses builtinto Workflow
Process time prior to Imaging: 1 day to 2 weeksProcess time after Imaging: 1 day to 3 days
Turn-around time for document request prior to Imaging:2 days to 5 daysTurn-around time for document request after Imaging:1 sec to 15 minutes
• Prior to BPM, the Process took as long as 2 weeks
• After BPM, the Process was reduced to 1 to 3 days and File Information is available in 1 sec to 15 minutes (versus 2 to 15 days)
Process Improvement (BPM)
Process enforced privacy
Records and privacy process information automatically declared and accurately classified as a record.
Process is invisible to the end-users and ensures compliance with law, regulation or business policy.
Privacy policy is enforced invisibly across the line-of-business.
$
Commercial and Retail LoanDocuments are Originated in the
Branch
Loan Documentsare mailed to Loan
Services inWhiteville
Mailbags areOpened and Loan
Documents areSorted andPrepped
Documents areScanned/Indexed/
Verif ied andCommitted
Original Legal/LienPerfection
Documents areStored in Vault
All OtherDocuments are
Destroyed
Images are storedto Juke Boxes
Workobjects arecreated and sentthrough ImagingWorkf low to be
processed
What is theWorkflowProcess
Loan Operations DocumentationReview Hazard Insurance
Process Complete
Automated ReviewProcesses built into
Workf low
Process time prior to Imaging: 1 day to 2 weeksProcess time after Imaging: 1 day to 3 days
Turn-around time for document request prior to Imaging: 2days to 5 daysTurn-around time for document request after Imaging:1 sec to 15 minutes
BPM, Privacy and Records Management
Records and Transcripts …
Are generated at key milestones in the business process.
Enforcing policy in the business process
Arkansas BCBS BeforeArkansas BCBS Before
5
6
Arkansas BCBS AfterArkansas BCBS After
Created a standard optimized process to request medical records.All medical records are secure, organized, imaged and retained/available for future use.Privacy (HIPAA), security and recordkeeping policy enforced.
October 6, 2003
Susan BlockEditor, BlueCard InfoFAX
Blue Cross and Blue ShieldAssociation225 North Michigan AvenueChicago, Illinois 60601-7680312.297.5831Fax: [email protected]
In this issue:
Provider Relations Update –2
Updated BlueCard PPOProvider Directory FulfillmentCenter Procedures Guide onBlueWeb – 2
Arkansas Blue Cross Blue shield Devises InnovativeMedical Record Request Process
Arkansas Blue Cross Blue Shield has develope d a secure, tec hnology-driven Medical Re cor d request (MRR) system that has dra stic allyimproved the ir inte rnal routing procedures and medic al recordmanageme nt. The Pla n designed this streamlined proce ss to workwithin the Plan’s existing infrastructure and functionality and toleverage the use of fours systems already in place.
The MRR system is the result of a 16-month effort to produce acentralized and automated paperless system that previously involved15 de partments that used more than 200 versions of medical recordrequest letter s. This system is currently in place for local business and
7
Email Capture and Policy Audit
Email and PrivacyEmail and Privacy
Do you have an email privacy problem?
Aggressively adopting email for highly sensitive and valuable business processes and transactions
- 93% answer inquiries
- 84% discuss business strategy
- 71% negotiate contracts
- 69% exchange invoices, payment info
- 44% to file with official bodies
Electronic Records Management
DeleteCopy
File Plan
Email and Attachments
Exchange or NotesEmail Server
Inbound
Read Send
Outbound
AutomaticPull
Monitor and Pull Copy of
Message
Business User
Declare and
Classify Copy as Record
Triggers Rules,
Events and Meta Data
How You Can Reduce Risk and Create ROI
How You Can Reduce Risk and Create ROI
Help educate about the value of privacy in all business processes.
Don’t forget records retention and all compliance issues.
Having a policy isn’t good enough.Manage and improve the process … don’t just manage the people and records
Enforce policy consistently and uniformly.People don’t scale and make mistakes.
Know the business case for compliance.Risk reduction = TCF (total cost of failure).Business improvement = ROI (multiple areas).
Thank YouTo learn more about FileNet Records Manager, download the whitepaper …
www.filenet.com/iapp
Craig RhinehartDirector, Product Marketing for Records Management