What is information governance?

e x c h a n g e

An ARMA Metro NYC Chapter Publication I Nov/Dec 2012 I www.armanyc.org

Chapter

Innovation

Award

ARMA International

Gold

Merit

Award

ARMA International

Best

Website

ARMA International

Newsletter

of the Year

ARMA International

3

5 Dear Readers

Chapter President, Jason C. Stearns,

CRM, looks back at 2012 and

forward to 2013.

6 Lets Get Social

Editor-in-Chief Jennifer Best

shares the impact of social

media on the lives of those

affected by Hurricane Sandy.

44 What’s New?

Keep abreast of activities

within the Chapter’s

various Committees. 11 Big Mother is Watching

This month, the Laws and

Regulations column “uncovers” a

United Nations report proposing

broad internet surveillance as a

means of tracking terrorists.

18 Records “Management”

The Essential Reading column

discusses a management book

you might want to consider

reading in preparation for Part 1

of the CRM Exam.

39 The City that

Never Sleeps

Check out the Chapter’s

Events calendar and other

fun winter events.

20 Be Prepared

Our tech expert asks thought

provoking questions about

managing electronic vital

records.

16 Ask a Fellow

Fellow John Isaza, Esq.

answers questions posed by

various ARMA International

Chapters.

47 Last Stop

Choose a different “train”

of thought by thinking

through SharePoint

governance.

8 Back to Basics

The RIM 101 column is the first

in a series of columns that will

explain the life cycle of a record

concept. CRM exam and study

group information is also

provided.

37 Uniquely NY

Our Man About Town

writes about the spirit of

New Yorkers.

19 Kudos

Congratulations are in order

for certain ARMA Metro NYC

Chapter members.

First Stop

4

About exchange exchange is a publication of the ARMA Metropolitan New York City Chapter, Inc. (ARMA Metro NYC), P.O. Box 1462, Grand Central Station, New York, New York 10163. The publication provides a wide-range of content from current industry trends and issues to activities in the NYC metropolitan area. An annual digital subscription to exchange is included as a benefit of membership.

Opinions and suggestions of the authors of the articles in exchange do not necessarily reflect the opinion or policy of ARMA Metro NYC or ARMA International. Additionally, acceptance of advertising does not constitute official endorsement of the product or service.

For more information about exchange, including advertising and publishing opportunities, please email us at [email protected].

About the

ARMA Metro NYC is a local chapter of ARMA International, a not-for-profit professional association and the authority on managing physical and electronic records and information. The Chapter supports its members through educational seminars, events, an annual RIM conference, and its publication exchange. Its members are comprised of RIM professionals as well as individuals that work in related fields, such as technology and law.

The ARMA Metro NYC Chapter’s Board Members are: Jason C. Stearns, CRM, FLMI, FFSI (President),

New York Life Insurance Co. ǀ Brynmor Bowen, CRM (Executive VP), Greenheart Consulting LLC ǀ

Michael Landau (VP-Treasurer), Techlaw Solutions ǀ Eugene Stakhov, CRM (VP– Collaborative

Partnerships), Lighthouse Computer Services ǀ Mary Sherwin (Secretary), CBS Corp. ǀ Jennifer Best (VP–

Communications), New York Life Insurance Co. ǀ Anita P. Castora, CRM (VP– Membership), American

Eagle Federal Credit Union ǀ Darryl Harris (VP– Membership), Kelley Drye & Warren LLP ǀ Derick Arthur

(VP– Professional Development), Proskauer ǀ Debbie Mevs (VP– Advertising and Promotion), GRM ǀ Edie

Mazzullo (VP– Advertising and Promotion), Hughes Hubbard ǀ Ace Romar (VP– Special Events), New York

Life Insurance Co. ǀ Marcel Rodriguez (VP– Web Master), NBC/Universal ǀ Frank LaSorsa, CRM

(Immediate Past President), Kelley Drye & Warren LLP

Volume 43, Issue #2

©2012 by ARMA Metropolitan New York

Newsletter

of the Year

ARMA International

Gold

Merit

Award

ARMA International

Chapter

Innovation

Award

ARMA International

Best

Website

ARMA International

16

This is part of a syndicated column I have created for ARMA International Chapters, including the ARMA Metro NYC Chapter’s Newsletter. My column is devoted to answering information governance, records management and related legal questions from Chapter Members. As you read my responses, please note that although I am an attorney specializing in these areas of law, these are only my opinions based on very limited knowledge of the Member’s particular circumstances. My opinions should not be construed as legal advice. Kindly consult with an attorney for more formal legal advice.

Janie Wait, of the Wyoming Chapter, asked: What are the legal ramifications of keeping your records in the Cloud?

The legal ramifications vary from industry to industry or by geography. For instance, the legal industry has a lot of hurdles to overcome to keep records in the Cloud. There are state bar requirements and ethics requirements that compel due diligence when using a Cloud provider and commensurate protection of data. Similarly, global organizations must heed foreign privacy requirements that govern disposition of personally identifiable data. Public Cloud providers may claim ownership of your data, and therefore you could lose control over its disposition. Finally, some industries like the financial sector, or foreign countries, may require that the data reside in a certain location or within the borders of the country. Such requirements need to be examined

for your organization before it keeps records in the Cloud.

Bryn Bowen, CRM, of the Metro NYC Chapter, asked: Is Information Governance really the new Records Management or is there more to the story?

Information Governance is the area of specialty of my partner at Rimon, Douglas Park. He had this to say:

“Information Governance is broader than Records and Information Management (RIM). Information Governance differs from RIM for three reasons: the rise of Big Data, the digitization of information, and the storage of information in the cloud. These differences give rise to new issues of security, privacy, compliance, and data usage. In-house counsel and corporate boards increasingly recognize they must understand and address information risks.

The biggest difference, however, is that a properly designed Information Governance program allows organizations to use the three factors mentioned above for business advantage. Examples of such advantage include using information to enhance marketing initiatives, financial forecasts, operations, and strategic plans. Because of the implications for shareholder value, corporate boards should be involved in Information Governance.”

Information Governance is the new moniker used in the technology arena to encompass the entire

By John Isaza, Esq., FAI

Ask a fellow

17

Ask a fellow

lifecycle of information that traverses an organization, some of which includes records. In sum, Wikipedia defines it as:

“an emerging term used to encompass the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements.”

Linda Buss, of the Mile High Denver Chapter, asked: I would like to see a discussion about how to manage records that are distributed across an organization in different repositories: SharePoint, shared directories, hard drives, and removable storage. What are the legal implications and risks for managing in this manner?

Indeed, Enterprise Content Management Systems (ECM) and SharePoint, for instance, are attempting to address this “distributed data” issue. That said, not every organization can afford an ECM system or the latest technological solution. This means an organization must resort to managing the data with policies and systematic auditing for compliance. The key is for the organization to set realistic policies. For instance, organizations should prioritize a legal hold policy and procedures that should be designed to stop the disposition of any records and Information that might be relevant to pending or anticipated litigation or investigations. (Notice I am capitalizing the word “Information,” which could be defined as “records, data, content, and physical artifacts of the Company.”) Beyond legal holds, an organization needs to truly consider the risks associated with permitting the use of removable storage, shared directories, etc. All repositories need to be robustly managed using proper Information Governance principles.

In terms of risks, you need to look no further than the recent DuPont v. Kolon Industries (E.D. Va. August 31, 2012) case. In addition to a $919

million verdict and a 20-year product injunction stemming from Kolon’s spoliation of electronically stored information (ESI), Kolon along with certain executives and employees now face criminal charges for their theft of DuPont’s trade secrets. The criminal indictments stem from the findings in the civil litigation, which includes the finding that Kolon executives and employees spoliated the ESI evidence reflecting the theft of trade secrets.

About the Author John Isaza is a California-based attorney and Partner of RIMON, PC, a twenty-first century law firm that includes specialty in electronic information governance, records management and overall corporate compliance. He may be reached at [email protected] or follow him on Twitter and LinkedIn.