Introducing the Veritas School of Witchcraft and Wizardry for GDPR
This week I had the opportunity to sit down with some of our in-house General Data Protection Regulation (GDPR) technical experts, and for three days my brain was assaulted by all manner of classification identifiers and regular expressions.4.2KViews16likes0CommentsWhat Abraham Lincoln Teaches about Defensible Deletion of ESI
The reviews are in and movie critics are universally acclaiming Lincoln, the most recent Hollywood rendition regarding the sixteenth president of the United States. While viewers may or may not enjoy the movie, the focus on Abraham Lincoln brings to mind a rather key insight for organizations seeking to strengthen their defensible deletion process. Lincoln has long been admired for his astute handling of the U.S. Civil War and for his inventive genius (he remains the only U.S. President who patented an invention). Nevertheless, it is Lincoln’s magnanimous, yet shrewd treatment of his rivals that provides the key lesson for organizations today. With a strategy that inexplicably escapes many organizations, Lincoln intelligently organized his documents and other materials so that he could timely retrieve them to help keep his political enemies in check. This strategy was particularly successful with his Secretary of the Treasury, Salmon Chase, who constantly undermined Lincoln in an effort to bolster his own presidential aspirations. To blunt the effect of Chase’s treachery, Lincoln successfully wielded the weapon of information: Chase’s letters to Lincoln that were filled with problematic admissions. Doris Kearns Goodwin chronicled in her Pulitzer Prize winning book, Team of Rivals, how Lincoln always seemed to access that information at a moment’s notice to save him from Chase’s duplicity. Lincoln’s tactics reinforce the value of retaining and retrieving important information in a time of need. Lacking the organizational and technological capacity to do so may prevent companies from pulling up information at a crucial moment, be it for business, legal or regulatory purposes. For this and many other reasons, industry experts are recommending that organizations implement a defensible deletion strategy. Defensible Deletion Requires Deletion Such a strategy could have some success if it is powered by the latest in effective retention technologies such as data classification and automated legal hold. Such innovations will better enable organizations to segregate and preserve business critical ESI. And yet, it is not enough to just adopt the preservation side of this strategy, for the heart of defensible deletion requires just that – deleting large classes of superfluous, duplicative and harmful data – if its benefits are ever to be realized. Companies that fail to delete such ESI will likely never come off conqueror in the “battle of the data bulge.” Indeed, such a growing waistline of data is problematic for three reasons. First, it can place undue pressure on an organization’s storage infrastructure and needlessly increase the cost of data retention. It can also result in higher eDiscovery costs as the organization is forced to review and analyze all of that ESI largesse. Finally, a potentially fatal risk of producing harmful materials – kept beyond the time required by law – in eDiscovery will unnecessarily increase. All of which could have been obviated had the enterprise observed the rule of “good corporate housekeeping” by eliminating ESI in a manner approved by courts and the rules makers. For organizations willing to get rid of their digital clutter, defensible deletion offers just what they need so as to reduce the costs and risks of bloated ESI retention. Doing so will help companies make better use that information so, like Honest Abe, they can stave off troublesome challenges threatening the enterprise.425Views1like0CommentsFederal Directive Hits Two Birds (RIM and eDiscovery) with One Stone
The eagerly awaited Directive from The Office of Management and Budget (OMB) and The National Archives and Records Administration (NARA) was released at the end of August. In an attempt to go behind the scenes, we’ve asked the Project Management Office (PMO) and the Chief Records Officer for the NARA to respond to a few key questions. We know that the Presidential Mandatewas the impetus for the agency self-assessments that were submitted to NARA. Now that NARA and the OMB have distilled those reports, what are the biggest challenges on a go forward basis for the government regarding record keeping, information governance and eDiscovery? “In each of those areas, the biggest challenge that can be identified is the rapid emergence and deployment of technology. Technology has changed the way Federal agencies carry out their missions and create the records required to document that activity. It has also changed the dynamics in records management. In the past, agencies would maintain central file rooms where records were stored and managed. Now, with distributed computing networks, records are likely to be in a multitude of electronic formats, on a variety of servers, and exist as multiple copies. Records management practices need to move forward to solve that challenge. If done right, good records management (especially of electronic records) can also be of great help in providing a solid foundation for applying best practices in other areas, including in eDiscovery, FOIA, as well as in all aspects of information governance.” What is the biggest action item from the Directive for agencies to take away? “The Directive creates a framework for records management in the 21 st century that emphasizes the primacy of electronic information and directs agencies to being transforming their current process to identify and capture electronic records. One milestone is that by 2016, agencies must be managing their email in an electronically accessible format (with tools that make this possible, not printing out emails to paper). Agencies should begin planning for the transition, where appropriate, from paper-based records management process to those that preserve records in an electronic format. The Directive also calls on agencies to designate a Senior Agency Official (SAO) for Records Management by November 15, 2012. The SAO is intended to raise the profile of records management in an agency to ensure that each agency commits the resources necessary to carry out the rest of the goals in the Directive. A meeting of SAOs is to be held at the National Archives with the Archivist of the United States convening the meeting by the end of this year. Details about that meeting will be distributed by NARA soon.” Does the Directive holistically address information governance for the agencies, or is it likely that agencies will continue to deploy different technology even within their own departments? “In general, as long as agencies are properly managing their records, it does not matter what technologies they are using. However, one of the drivers behind the issuance of the Memorandum and the Directive was identifying ways in which agencies can reduce costs while still meeting all of their records management requirements. The Directive specifies actions (see A3, A4, A5, and B2) in which NARA and agencies can work together to identify effective solutions that can be shared.” Finally, although FOIA requests have increased and the backlog has decreased, how will litigation and FOIA intersecting in the next say 5 years? We know from the retracted decision inNDLON that metadata still remains an issue for the government…are we getting to a point where records created electronically will be able to be produced electronically as a matter of course for FOIA litigation/requests? “In general, an important feature of the Directive is that the Federal government’s record information – most of which is in electronic format – stays in electronic format. Therefore, all of the inherent benefits will remain as well – i.e., metadata being retained, easier and speedier searches to locate records, and efficiencies in compilation, reproduction, transmission, and reduction in the cost of producing the requested information. This all would be expected to have an impact in improving the ability of federal agencies to respond to FOIA requests by producing records in electronic formats.” Fun Fact- Is NARA really saving every tweet produced? “Actually, the Library of Congress is the agency that is preserving Twitter. NARA is interested in only preserving those tweets that a) were made or received in the course of government business and b) appraised to have permanent value. We talked about this on our Records Express blog.” “We think President Barack Obama said it best when he made the following comment on November 28, 2011: “The current federal records management system is based on an outdated approach involving paper and filing cabinets. Today’s action will move the process into the digital age so the American public can have access to clear and accurate information about the decisions and actions of the Federal Government.” Paul Wester, Chief Records Officer at the National Archives, has stated that this Directive is very exciting for the Federal Records Management community. In our lifetime none of us has experienced the attention to the challenges that we encounter every day in managing our records management programs like we are now. These are very exciting times to be a records manager in the Federal government. Full implementation of the Directive by the end of this decade will take a lot of hard work, but the government will be better off for doing this and we will be better able to serve the public.” Special thanks to NARA for the ongoing dialogue that is key to transparent government and the effective practice of eDiscovery, Freedom Of Information Act requests, records management and thought leadership in the government sector. Stay tuned as we continue to cover these crucial issues for the government as they wrestle with important information governance challenges.408Views0likes0CommentsDR of the Living Dead
With the one-two punch of an earthquake in the Mid-Atlantic US followed closely by a hurricane potentially hitting the same region, Disaster Recovery is probably a popular discussion right now in the Washington DC area. Of course Business Continuity professionals write contingency plans for all types of disasters, not just ones caused by nature. Don’t you want to ask God, or M