the legal issues of strategic information management
DESCRIPTION
Presentation on the framework for an organization to implement a strategic information management policy and processes throughout an enterprise.TRANSCRIPT
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 1
The Legal Issues of Strategic Information Management
Kenneth P. Mortensen, Esq.Presented 1 May 2009New York, NY
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 2
Strategic Information Management
What is Strategic? What is Information? What is Management?
What does Strategic Information Management mean for the Enterprise?
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 3
What is Strategic?
Focuses on building a solid underlying structure for an enterprise put into effect through enterprise action.
Understand the ultimate goals are for the enterprise.
Discover the best methods to achieve those objectives.
Put in place the resources to implement the methods and attain the goals.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 4
What is Information?
In literal etymological terms, information means to give form to something.
In business terms, the word focuses on the ability to transmit knowledge by providing form to a message by casting it into a profile or pattern for communication (sharing).
Definitions for information can be grouped roughly into quantitative and qualitative categories. The qualitative definitions focus on the criteria which add
meaning to the message that is communicated The quantitative definitions focus on measuring the quantity of
information units or the strength of its transmission.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 5
What is Management?
Management is the process of getting activities completed efficiently and effectively through the enterprise.
The goal (function) of management is to get the best return on enterprise resources by getting things done efficiently.
There are four basic pillars: plan, organize, direct, and monitor.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 6
The Management
Information in the Enterprise
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 7
Information Management
Old way of managing information. Protect critical value information from
misuse, theft, loss, or disclosure. Ensure compliance with statutory and
regulatory requirements. Certify the accuracy, integrity, and
reliability of information.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 8
Information Management
Siloed ManagementCustomer Data – Sales ManagementCommunications – IT Department Intellectual Property – General CounselEmployee Data – Human ResourcesResearch Information – R&D DepartmentDemographics – MarketingProcess Data – OperationsFinancial Information – Accounting Dep’t
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 9
Strategic Information Management
Concepts Information as an enterprise assetRisk minimization approachCost and benefit analysisPriority deconflictionData safeguardsRight info to the right people at the right time
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 10
Strategic Information Management
To make it work: Information represents the highest level asset
of any organization360° approach to dealing with informationConsideration of entire information lifecycleComprehensive facilitation of management
Creates competitive advantage
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 11
Information as an Asset
Information is a critical asset of the enterprise.
All the information, not just the traditional highly-valued information like trade-secrets, financial data, or CRM info.
Focus has been on developing compliance; chasing the regulations instead of leading the innovation.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 12
Information as an Asset
Information value-add Internal resourcesBusiness intelligenceMarket aggregation
Personally Identifiable InformationCan no longer view in data silosLinkable information recreates identity
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 13
Information as an Asset
Strategic Information as an enterprise resource
InformationAll the information of the enterprise.
ManagementCapture enterprise efficiency
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 14
Risk Minimization
Risk and legal environment complex and diverse
Global in scale with specific inconsistenciesSector-based v. Individual-basedOperations-focused v. Need-focused
Need wide ranging policy to capture not only data protection, but also data compliance
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 15
Risk Minimization
Legal compliance does not minimize risk to the organization.
Coordination of effort to address more than one facet of risk.
Look to all functionalities of the enterprise to understand impact of the risks associated with the enterprise resource.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 16
Risk Minimization
StrategicEnterprise governance of information
InformationAll aspects of information in the enterprise
ManagementDe-confliction to ensure governance efficiency
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 17
Facilitate Decision-making
Break down barriers and let information spill over borders of the functions of the enterprise.
Permit fulsome sharing of information across enterprise to provide wider view of actions and interactions.
Reconcile competing priorities.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 18
Facilitate Decision-making
Individualized decision-making through limited access to information isolates the decision-maker.
Functional decisions made with a single set of information compromise enterprise decision-making.
Fuller cost-benefit analysis is available.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 19
Facilitate Decision-making
StrategicProcess-based use of information
Information“Unlimit” information supporting decisions
ManagementReconcile competing interests in information
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 20
Total Quality Management
Dr. Deming’s Model to Improve Business Operations
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 21
Total Quality Management
“What is a system? A system is a network of interdependent components that work together to try to accomplish the aim of the system. A system must have an aim. Without an aim, there is no system. The aim of the system must be clear to everyone in the system. The aim must include plans for the future. The aim is a value judgment.”
Dr. W. Edwards DemingThe New Economics for Industry, Government, Education
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 22
Dr. W. Edwards Deming
is best known as the person who taught Japan about quality and helped make “Made in Japan” a statement of quality with his theory of management after they were devastated by World War II.
taught at New York University, assisted companies, and ran four-day seminars on quality management.
was famous (or infamous) for his intensity and uncanny ability to go to the core of a problem instantly.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 23
TQM Concepts
Apply appropriate management principles to increase quality and production.
Focus on continual improvement for the system and not the individual components.
Total involvement by management and workers to improve.
Enabled workforce enhances quality.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 24
Fourteen Principles
Underlying Principles for Strategic Information Management
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 25
TQM Applied to SIM
"The prevailing style of management must undergo transformation. A system cannot understand itself. The transformation requires a view from outside. The aim of this chapter is to provide an outside view—a lens—that I call a system of profound knowledge. It provides a map of theory by which to understand the organizations that we work in.”
Dr. W. Edwards Deming
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 26
TQM Applied to SIM
System of Profound Knowledge: Appreciation of a system: understanding the overall
processes involving enterprise stakeholders; Knowledge of variation: the range and causes of
variation in quality, and use of statistical sampling in measurements;
Theory of knowledge: the concepts explaining knowledge and the limits of what can be known;
Knowledge of psychology: concepts of human nature.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 27
TQM Applied to SIM
One need not be eminent in any part nor in all four parts in order to understand it and to apply the System of Profound Knowledge.
The 14 points for management in industry, education, and government follow naturally as application of this outside knowledge, for transformation from the present style of … [information] management to one of optimization.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 28
14 Principles - One
Create constancy of purposeFind the strategic connections for the
information held by the enterprise.Work toward management of the information
in a consistent manner.Replace short-term goal creation with long-
term goal planning
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 29
14 Principles - Two
Adopt the new philosophy Internal leadership must recognize the value
of treating and using the information in the enterprise as a critical asset.
Ensure that the policies adopted at the top, must provide for effective and understandable implementation throughout the workforce.
Leadership must lead the change.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 30
14 Principles - Three
Cease dependence on audits to ensure compliance Incorporate the management goals into the
processes that handle the information.Focus on information flow and not information
stop-pointsUnderstand the uses of information across the
enterprise.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 31
14 Principles - Four
End the practice of using cost, expense, or price to determine benefitRecognize the return on the investment of
managing information across the entire enterprise.
Accept that short-term savings equal long-term costs.
Factor in value to determine benefit.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 32
14 Principles - Five
Improve constantly and foreverContinuously improve the processes
underlying the management of the information in the enterprise.
Institute a change management structure to ensure implementation across the enterprise.
Integration the management procedures with the operational needs of the enterprise.
Reduce variation in the management
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 33
14 Principles - Six
Institute constant training for the entire workforceEnsure that all parts of the workforce
understand and comprehend the strategic model for the management of information in the enterprise.
Do not limit training to periodic episodes, but integrate as part of change management and risk controls.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 34
14 Principles - Seven
Institute leadershipThe leadership of the enterprise must
embrace a culture of strategic information management
The aim of enterprise leadership should be to help the workforce embed the concepts of strategic information management into the business model.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 35
14 Principles - Eight
Drive out fearApprehension of punishment should not be
the incentive to ensure compliance or proper handling of the information in the enterprise.
Recognition of the incorporation of core competencies into workforce processes .
Problems represent failures in leadership – training and processes should be examined.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 36
14 Principles - Nine
Break down barriersNothing can be accomplished until the
components of the enterprise relinquish ownership control.
Focus on the stewardship of information for the enterprise.
Incorporate all components in the decision-making process.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 37
14 Principles - Ten
Eliminate slogans and targetsRecognize that leadership and the building of
a core competency within the enterprise drives the minimization of risk and control of cost.
Facilitate improvement do not create adversarial relationships between management and workers; departments; or business and customers
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 38
14 Principles - Eleven
Eliminate management by objectiveStrategic implementation goes beyond the
tactical deployment of independent processes.
Remove focus on standards, substitute leadership and the integration of priorities of the entire enterprise.
Do not assume past goals represent current objectives.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 39
14 Principles - Twelve
Remove barriers to pride in achievementProvide opportunity to acknowledge the
accomplishments of the entire enterprise in the handling of information.
Target investment to assist not just reward achievements that enhance the underlying processes by building the link between the information assets and change management.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 40
14 Principles - Thirteen
Institute a vigorous program of education and self-improvementGo beyond training, but provide for an
understanding of the criticality of information to the enterprise.
Provide for cross-functional learning to enhance understanding of needs and uses of information throughout the enterprise.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 41
14 Principles - Fourteen
Put everyone in the enterprise to work to accomplish the transformationBuilding of a enterprise core competency
requires that all levels and functions of the enterprise work together toward the implementation.
Leadership from all is required to instill the courage to break with tradition.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 42
Impediments
What must be overcome for Strategic Information Management?
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 43
Seven Wastes (7 Deadly Sins)
Lack of constancy of purpose. Emphasis on short-term gains. Evaluation by performance or audit on periodic
basis. Mobility of management. Running an enterprise on visible figures alone. Excessive security costs. Excessive costs of management, fueled by
inconsistency in global regulatory structure.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 44
A Lesser Category of Obstacles
Neglecting long-range planning. Relying on technology to solve problems. Seeking examples to follow rather than
developing solutions. Excuses, such as "Our problems are
different."
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 45
Conclusion
Where do we go from here?
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 46
SIM in Practice
Strategic management of information across the enterprise addresses not only the need to minimize the risk to the enterprise, but by establishing all the information as an enterprise resource, introducing effective efficiencies into the decision-making processes enhancing the return on the investment in information.
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 47
Contact Information
Kenneth P. Mortensen, Esq. Email: [email protected] Phone: (202) 441-0204 Web: www.kenmortensen.com Presentation: www.strategicinfomgmt.com
Copyright © 2006-2009 Kenneth P. Mortensen, Esq. 48
Resources
Bruening, Sotto, Abrams, & Cate, Strategic Information Management, 7 Privacy & Security L. Rep. 1361 (September 15, 2008)
W. Edwards Deming, Out of Crisis (1986). W. Edwards Deming, The New Economics for
Industry, Government, Education (1993). Mary Walton, The Deming Management Method
(1986). Edward Baker, Scoring a Whole in One: People
in Enterprise Playing in Concert (1999).