I’m here at RabbitHole, Inc., talking with the company’s Manager of Money in his office, which is buried in the Facilities Department, down in the building’s basement. I’m interviewing him to get a better sense of how RabbitHole manages money as a corporate asset.

Pardon my asking, but how much money does RabbitHole have?

“Frankly, no one knows – we don’t really keep track of that. We have boxes of paper currency stored off-site, but as for ‘active’ money, our employees keep that pretty much wherever they choose – in the network money systems, in their individual offices, in mobile wallets, and probably some stashed at home.”

But isn’t that your job? I mean, your title is “Manager of Money,” right? 
Continue Reading What if companies treated their money like their information?

As we anticipate the calorie-bomb of Thanksgiving dinner, let’s face it – litigation preservation is overweight, obese, and corpulent, torpidly dazed in a fat/sugar coma of way too much data. But effective Dec. 1, amended Rule 26 of the Federal Rules of Civil Procedure strikes back, limiting the scope of discovery to what is “proportional.” Will the amended rule tip the scales toward leaner litigation preservation, or is this simply another FRCP fad diet, doomed to fail?
Continue Reading FRCP amended Rule 26 puts litigation on data diet – will it stick?

Wow, our group health plan premiums are crushing us. Wait a minute—what if we ramped up our company’s wellness program, using cool technology to help get our workforce in shape? Let’s get all our employees to use those wearable fitness tracker gizmos! We can fold those into our BYOD program, offer a device subsidy, and then have our employees report their stats and progress in some kind of fitness competition, with cool stuff as motivating rewards. Premium costs down, flab down, fitness up, profits up… what could possibly go wrong?

Plenty will go wrong, unless the company takes a breather and checks the pulse of information-related risks and compliance issues. So, let’s run a quick information governance circuit drill.
Continue Reading IG perspective: Are wearable fitness trackers fit for the workplace?

In the late 1500s, privateer and explorer Martin Frobisher embarked upon a journey that would net him fame—Frobisher Bay is named for him—but not much fortune. His travels took him to what is now Canada, where he claimed Baffin Island for the Crown because of the vast amounts of gold he found there. He was so convinced he had found great riches that he continued to make multiple trips with increasingly more ships to mine and send the ore home for safekeeping. Queen Elizabeth I even ordered quadruple locks in the Tower of London to guard the trove.

Unfortunately for all, however, what Frobisher had so diligently worked to procure, transport, and store was nothing but iron pyrite—fool’s gold. Once it was discovered that his cache was not real gold, an Italian alchemist was engaged to work his magic and transform the worthless rocks into the gold everyone desired. Needless to say, he was unsuccessful.

I was reminded of this story while attending the Information Governance Conference recently in Connecticut.
Continue Reading All that glitters…is it gold?

 will be missed, but his wisdom will endure. Who else could have observed “No one goes there nowadays. It’s too crowded”? The information governance equivalent is “No one has information anymore. There’s too much of it.” In the last decade we have witnessed the systemic utilitization of computing power. Data used to be housed predominantly within a company’s own systems, but now, through remote storage, SaaS, PaaS, and other cloud solutions, more and more information is hosted by third-party providers. Also, as marketplace forces compel organizations to leverage or outsource functions that used to reside internally, operational service providers increasingly create, receive, maintain, and process information on the organization’s behalf.

It follows that information governance (the organization’s approach to satisfying information compliance and controlling information risk while maximizing information value) can no longer simply be an internally-focused exercise. IG “has come to a fork in the road, and must take it.” Service provider selection, contracting, and oversight are now primary vehicles of information governance – because when it comes to governing your organization’s information, “the future ain’t what it used to be.”
Continue Reading 90% of information governance is half contracting

When a judge hears that documents no longer exist due to a company’s retention schedule, it feels like we’re transported back to grade school, with a sheepish pupil making lame excuses about “disappearing” homework. Courts can seem skeptical, even disdainful, about retention schedules. As the U.S. Supreme Court characterized them in Arthur Andersen LLP v. United States, “’Document retention policies,’ which are created in part to keep certain information from getting into the hands of others, including the Government, are common in business.” The tone is noblesse oblige, as if businesses follow an odd, quaint practice of having retention schedules, which should be grudgingly acknowledged before moving on to the court’s more important consideration of the preservation duty and discovery sanctions.

Ironically, the courts have retention schedules too. Yep, this notion of destroying records pursuant to a retention schedule is not unique to “business” – the trial judge at a spoliation hearing is governed by the court’s own records retention schedule, which classifies records by content type and prescribes records disposition, including destruction.  And the court also has a records management program, with one of its purposes being the appropriate disposition of records when they have served their purposes.
Continue Reading But Judge, the dog ate my homework!

A busy examiner, working on 15-20 other cases, sets a file aside in the “delayed/pending” queue while awaiting information, and a gun is sold and nine people died. A utility transferred responsibility for recordkeeping functions to its distribution business unit, files containing information about pressure and strength tests were not kept current, and an explosion kills eight. Computer files are accidentally deleted from an Airbus plane and three of its four engines shut down, causing a crash that kills four.

What do these seemingly disparate events have in common?Continue Reading Gas, Guns N’ Records

Old-school company intranets are like soooo boring. Why not juice things up? Sure, we’ll keep the one-directional content (employee policies, company announcements, etc.), but let’s add a dynamic platform for employee interactive training modules, capturing employee responses and quiz results. Why stop there – how about a message board for employees, to turn dull company communications into an energized conversation? And in today’s mobile world, shouldn’t we enable remote access from anywhere our employees happen to be, 24/7? What could possibly go wrong?

Well … a whole lot will go wrong, unless the company first applies an information governance perspective. So let’s ask a few questions to explore what information risks and compliance issues are at play.
Continue Reading IG perspective: adding social media to workplace websites

Ineffective wireless encryption

Taped-over door lock on data room

Inadequate passwords

Computers without adequate log-off

Disabled audit logging

Unencrypted email and laptops

Former employees with inappropriate network access

These vulnerabilities and more (a total of 151) were found at seven large hospitals during a round of audits by the Department of Health & Human Services. Although these vivid examples point to hospital systems, HIPAA applies also to many other types of covered entities and business associates including, of course, physician practices. These non-hospital providers are most likely even more vulnerable to such lapses as they are less likely to have dedicated information technology staff, legal departments, and formalized record-keeping practices.
Continue Reading Seven steps to better information management for small health practices

Some old problems never seem to go away. Email retention remains an obstinate dilemma for far too many organizations. Volumes continue to mount, with business email totaling 109 billion messages every day, and forecasted growth of 7 percent each year. Email archives and cloud email solutions address the symptom of overburdened servers, but these strategies do nothing to tackle the core problem, which is too much email, kept too long. And the cost of email retention outstrips the cost of email storage, in large part due to e-discovery expense in future litigation.

The cold, hard truth is that the persistent problem of email volume will not be solved with technology alone. What’s needed, and frankly overdue, is a bit more organizational discipline and direction on email retention. 
Continue Reading How long must we keep our email?