Tuesday, December 29, 2009

Accurate Record Keeping and Accountability

Accurate record keeping is a life or death reality for some. A young Iranian doctor refused to falsify the death certificates of Iranians suspected of being murdered by the regime. He felt obligated to tell his people that their fellow countrymen were being murdered or at least not go along with the government’s plan to cover up the death of so many who dared speak against the regime. The young doctor allegedly was murdered to silence his dissent. Are you kidding me. Records document all sorts of activities and when those activities make a government look bad, they may use all means necessary to silence the dissent.

On a related note, maybe laws like SOX, with all its blemishes, aren’t so bad if it makes business transparent and holds us accountable. Just a thought…

Monday, December 7, 2009

Is it ok to blow away email?

I was reading the Wall Street Journal this morning, and came across a story in which the journalist explores the continued reality that IT storage limitations continue to dictate what happens to business content. Email system mailbox size limitations still mandate that certain email (often at the discretion of employees) be purged to make room for new stuff. After well over a decade of pontificating about such ill-advised practices the question remains. Why does the need to limit cost associated with the email system mean that employees blow away potentially valuable content so they will be allowed to receive new email messages.

But I don’t get why it’s still common practice. What if it’s an email record which the law requires get retained? What if the email is needed for a lawsuit or audit? Maybe CIOs understand exactly what they are doing and don’t care. Maybe it’s a calculated risk to save storage, save on discovery expense and they deem it a rather innocuous type of “destruction”? Maybe they have come to conclude employees will never actually take the time to code email and therefore are taking cost matters into their own hands? Maybe they are saying to records managers “are you kidding me—employees will never do it or get it right and I am tired of waiting for something to change”.

Are we kidding ourselves?

Tuesday, December 1, 2009

Information - In the right hands,at the right time.

I always say organizational knowledge dwells in records or people. Consider this—the Muslim soldier who “allegedly” slaughtered his fellow soldiers in cold blood is said to have communicated through the internet with radical Muslims around the globe and those records were captured by intelligence agencies. According to the Wall Street Journal, “some of Maj. Hasan’s former colleagues at Walter Reed have said he was a subpar employee who expressed fervent Islamic beliefs that left them questioning his loyalty to the military.” Information management is about having the right information at the right time in the hands of the folks that need it.

Another information failure? Are You Kidding Me!

Tuesday, November 24, 2009

Policy on New Texting Liablility

Kahn Consulting was addressing a social networking retention policy recently when our client commented—“text messaging was going to be the death of us all.” While she was referring to the retention, technology, litigation issues caused by the beloved texts, I was struck later that day because as I got to the airport I read a commentary entitled “Death to Texting”. Putting aside the RIM issues, the opinion piece struck me—“The Virginia Tech Transportation Institute found truckers sending text messages are 23 times more likely to cause a crash or near-crash than a nontexting trucker.” While it seems a bit a field from RIM stuff I usually write about. What happens if your organization supplies text enabled phones and an employee while texting during work hours causes an accident? Maybe company policy needs to cover this newish liability issue. Just my opinion.

Are you kidding me—only about 20 states have laws prohibiting texting while driving.

Thursday, November 19, 2009

RIM Rules. . . Follow Them!

I was reading the reading another major drug company embroiled in litigation and was struck by the reality that the two central pieces of evidence that are exposing the company to great potential cost and expense are two things that if they followed one our policies would not have even existed to begin with. Voicemail messages are one target and the other is draft documents. The February 27, 2009 Wall Street Journal article states in pertinent part that “…the document written by Dr. Geller doesn’t accurately reflect the company’s position in 2000. In fact, it was not Dr. Geller’s ultimate view either. It was an initial draft for discussion purposes… In response to a plaintiffs’ attorney’s question, Dr. Geller responded that the statement was an artifact of an earlier discussion document.”

Makes a pretty strong case for RIM rules and following them

Are you kidding me, a lawsuit whose evidence is stuff that should not exist to begin with.

Monday, November 9, 2009

Take your eMail serious

According to the August 6, 2009 Wall Street Journal the US Post Office lost 2.4 Billion dollars last quarter because of the bad economy and the use of email.

There are hundreds of billions of email daily. If your company is still failing to take email seriously, then the need to get their act together. The email business tool has transformed the way we do business. Seeing it as a storage problem is stupid and old school. Are you kidding me.

Friday, October 30, 2009

Policy First

You don’t want to delete messages off your Blackberry, but you don’t know where to store them—never fear “Let Gmail Archive Your Messages” for you drones a November 2009 PCTODAY Article.

And that should make discovery less expensive, less inconvenient, and less painful. Wrongo—Are You kidding Me. Hold your horses and get policy to deal with this problem waiting to happen asap.

Tuesday, October 27, 2009

Only 5% ??

Would your CEO be proud if the employees properly retained only 5% of records. Would the court entertaining your company’s next lawsuit be entertained if you disclosed that only 5% of responsive information was produced in the lawsuit. Ouch. You’re killing me.
How about this Wall Street Journal story, “Intelligence Agencies’ Databases to Be Linked” in which the following was disclosed “… nearly five years after the intelligence community was rebuked by the 9/11 commission for failing to “connect the dots” and detect the attack…New technology is addressing a more basic problem…Spies often have trouble emailing colleagues…email addresses aren’t readily accessible, and messages sometimes get eaten by security filters.“Today, an analyst’s query might scan only 5% of the total intelligence data in the U.S. government, said a senior intelligence official. ” Wall Street Journal, 2/22/09

Friday, October 23, 2009

Not following policy -- BAD!

Information Nation: 7 Keys to Information Management Compliance is a book about protecting the company from the stoopid, intentional, malicious and negligent acts of its employees. It reveals a compliance methodology for any RIM program to adhere to and many need it.

There was an article in the USA Today that makes the point about why following policy and auditing to make sure it is being adhered to, is essential. In the article entitled, “Serious Hazmat spills not reported", the author makes clear that while the law requires reporting dangerous contamination leaks that over half of the serious ones don’t get reported and such unreporting goes unpunished. In our world, if RIM rules aren’t pushed to employees through policy, trained and audited they wont work because they won’t be applied. If you want a fighting chance that RIM can work, you better incent employees—your job and your pay will be impacted—so you better care.

Having laws or policy and not following them is bad business.

How can over 50% of bad environmental spills happen without consequence?
According to the Kahn Consulting GRC Survey, only about 20% of employees get their retention responsibilities right and shockingly 16% understand their discovery obligations. How has e-discovery become a multi-billion dollar business overnight.
Are you kidding me.

Tuesday, October 20, 2009

An American Phenomenon . . . really???

I hear from our international clients all the time that discovery is an American phenomenon and not a concern across the pond. Really? Read the Wall Street Journal’s coverage of “EU Shows Its Cards Behind Intel Case” in which it is clear that an American company in Europe was forced to produce email to EU regulators and other documents in its investigation of Intel. Based in large part on the e-evidence, the EU levied a fine in excess of a billion dollars.
Are You Kidding Me.
Coughing stuff up for regulators and courts is well beyond an American reality even if we did perfect it.

Thursday, October 15, 2009

My apologies if I offended.

Some of my ARMA brothers and sisters expressed concern that I was being insensitive by stating the following in a recent blog post—“If you are a Forest Gump RIM professional clinging to this notion that the CEO cares about the hard costs of storing some extra boxes, let me be the bearer of bad news, “life is Not like a box of records”. What the CEO is thinking is well beyond that cost issue, so you better have something better in your arsenal to sell your RIM program. Are you kidding me.”

First, let me apologize if I offended you. The intent of much of what Kahn Consulting does is to help RIM professionals, and businesses and government get RIM done right. The "Are You Kidding Me" blog is meant to be an “in your face” jump start to your own criticality about what you do well, what you need help with and what is truly “Old School”. I don’t assume anything about RIM professionals. I only know in today’s business environment where information management matters like never before, all RIM professionals need to elevate their program and their careers to meet today’s complex information management challenges that their companies are facing. I do whatever I can to try and help. Sometimes in my over-zealous moments I am too quick to be flip. So. I am sorry if I offended you. It was my intention to motivate not browbeat.

Randolph Kahn

Monday, October 12, 2009

Are you getting your RIM right??

Understand that RIM needs to be pushed out with a proper communications plan—bad communication means it may not get the attention it deserves. So remember getting RIM right requires; policy, training and a communications plan followed by auditing. Anything less is failure.

Which message has the desired effect?
A. “The records management policy helps the company be a more profitable company because an average employee spends about 150 hours per year spent looking for information …”
B. “Do it, if you want your check…”
C. Following the records management policy allows us to be a more efficient business by having ready access to customer information, which in this environment may be the difference between winning and losing …

We were retained to perform a gap analysis on the RIM program at a large company and during the interview process the records manager was asking our opinion of messaging the importance of her program with the amount of money that could be saved by applying retention rules to the offsite boxes…blah, blah, blah.

If you are a Forest Gump RIM professional clinging to this notion that the CEO cares about the hard costs of storing some extra boxes, let me be the bearer of bad new, “life is Not like a box of records”. What the CEO is thinking is well beyond that cost issue, so you better have something better in your arsenal to sell your RIM program. Are you kidding me.

Monday, September 21, 2009

Make it Simple to get it right.

A company sends out the following legal hold directive—“ Please be advised that the Legal Hold Policy mandates that all those in the care, custody and control of potentially relevant electronically stored information and other tangible objects musts be properly garnered and thereafter preserved for threatened or imminent formal matters… “ Seems great right? Wrong. The only person able to interpret that policy is a lawyer, and she is likely to have interpretation issues with it as well.

Make it simple and brain dead so that all employees can get it right. We would never let you push that out to employees because who knows what it means? You’re killing me.

Wednesday, August 19, 2009

Unforeseen... inadvertent....Are you kidding me.

“Thank you for being among the first group of Illinois attorneys in history to report with the Supreme Court of Illinois’ Minimum Continuing Legal Education requirements. Unfortunately, as with many “firsts,” an unforeseen error occurred and that error … inadvertently included your name in the list of attorneys who should receive a “Notice of Noncompliance” …” Are you kidding me—“unforeseen error”.

Thursday, August 6, 2009

The ying and yang of information—one man’s needed email is another man’s lawsuit liability.

For all information there are competing interests around managing it. For example, in a Wall Street Journal article the issue addressed was the need to keep less and less information to be protected against loss of customer personal identifiable data. The title said it all, “New Payment-Card Data Mantra is ‘Don’t Need It, Don’t Store It'”, WSJ Sept. 16, 2008. So while an employee wants to keep it for business purposes, the privacy officer says less is more.

Monday, July 20, 2009

True Disaster Recovery

I just got back from speaking to the Baton Rouge ARMA Chapter. What a great group of folks. Anyway, one of the things I was struck by is that the people I talked to all mark the passage of time based upon the storm that they, their families and their records lived through. It is more than just Katrina, which by the way is still evident almost every place you look, even many miles inland. When you need to understand disaster recovery think about what your business would look like if you weathered a true disaster every few years.

Are you kidding me?

Essential Elements of Information Management Communication and Training (Key #4: Program Communication and Training)

Highlights of chapter 15 of Information Nation second edition

Case after case had demonstrated that, whether they like it or not, companies and government agencies can be held accountable for their failure to adequately train and monitor their employees’ actions. IMC depends upon a comprehensive and consistent ongoing program of communication and training.

Clarity is a key component of any communication program. Company conduct which is contrary to policy can undermine the purposes of the policy. For example, a court has found that companies can violate the privacy rights of their employees, despite policy explicitly stating that employees have no privacy rights in data on company computers, where the company allowed employees to password protect network and email folders on company servers.

Top executives must also demonstrate their support for the Information Management program by communicating its importance directly to employees. This can be done through email messages, voicemail blasts, face-to-face presentations, teleconferences, and many other ways as appropriate, depending on the size and culture of the organization. Regardless of the method used, it is important that the communications are consistent with the messages provided elsewhere by the program’s policies and procedures.

Read about other important characteristics of a communication and training program in the second edition of Information Nation, available from John W. Wiley & Sons. For more information, see www.informationnationbook.com.

Comments? Contact the author at infonation@kahnconsultinginc.com.

Monday, July 6, 2009

Read the following excerpt from the Wall Street Journal and tell me, what is the failure to be addressed:

“In an Aug. 15, 2005, voicemail messages addressed to company salespeople, an . . . employee . . . followed up on a “weight and diabetes sell sheet” they had recently been sent.” “. . . the document written by Dr. Geller doesn’t accurately reflect the company’s position in 2000. In fact, it was not Dr. Geller’s ultimate view either. It was an initial draft for discussion purposes.” “In response to a plaintiffs’ attorney’s question, Dr. Geller responded that the statement was “an artifact of an earlier discussion document.” WSJ 2/27/2009.

So what is the failure? For every drug that is used by the public, there will be at least one person who blames that drug for some harm—real or imagined and who will sue. In the instant case, two things that did not need to exist, ultimately sell the company down the river. Why didn’t company make clear drafts should be disposed when the final is created and VM, as a temporal message environment would not be retained.

Thursday, June 25, 2009

Records management is super duper sexy. Don’t believe me - then read on.

According to IDC, there are hundreds of exabytes of new data every year, growing at an alarming rate, perhaps even exponentially. If you think your company is better off the more information you have, then you fail to see what has been happening in the discovery industry—the overnight billion dollar baby birthed by lawyers exposing every organization’s soft information mismanagement underbelly. The one where the company has way too much stuff that is poorly managed or not managed at all. So what can be done about it. Either stop creating it or get rid of it. But how can you get rid of it if you don’t know what it is. Well you can’t unless you satisfy your retention requirements and legal hold obligations. Retention policies are the only way to clean house and sleep at night. So what are you waiting for?

Friday, June 19, 2009

Have you been scammed?

Recently, someone asked me how it’s possible in a heavily regulated financial services industry that billions of dollars can be scammed from so many people in the Madoff scandal. Companies memorialize business activities in records. When records don’t exist, at a minimum, the customers don’t have confidence doing business with you. So how did he do it….”According to the Wall Street Journal, “After funneling billions in investor money to Bernard Madoff over nearly two decades, Fairfield Greenwich Group is offering up its explanation to investors . . . firm supplied falsified trading documents . . . what now appear to have been fake electronic records from an independent firm that inventories much of Wall Street’s stock and bond holdings.” WSJ, 3/2/09

Tuesday, April 28, 2009

Developing a Records and Information Management Program

If your company needs to develop a Records and Information Management Program, do it:

A. When you have proper executive commitment and time to be proactive;

B. Right before you know you are going to have a lawsuit filed against your company; or

C. Never do it because it is only a drain on resources.

If you chose B,

Are you kidding me?

you may experience a major headache like one company who developed a “records program” as a way to destroy documents when already facing lawsuits and as a result got nailed for destruction of evidence.

If you chose C, you are like many people who feel there is no business benefit to a good RIM program. Not so--one of our clients won their company’s Business Process Improvement Award after 2 years of building their RIM program.

Friday, April 24, 2009

Developing a Records and Information Policy

If your company needs to develop a Records and Information Management Policy, do you:

A. Ignore the need, because the economy is bad, and there are lots of other priorities;

B. Take one off the internet and put your name on it;

C. Find the right resources, both internally and externally, because in a down economy, better information management can give you a competitive advantage and help protect against huge expense related to e-discovery

If you said A or B,

Are you kidding me?

Wednesday, April 22, 2009

And you thought your computer security software was expensive…

In the last six (6) months, the U.S. Department of Defensive has spent more than $100 million dollars in defending its computer systems against daily cyber attacks. Read about it here.

Are you kidding me?

Thursday, April 16, 2009

Recession hits stolen credit card market

Over-exposure of the stolen credit card data, such as the magnetic stripe information, into the market has rendered this information almost worthless in the world of cybercriminals. In mid-2007, stolen credit card data was worth $10 - $16 per record. Now, this value of this data has dropped to less than $0.50 per record. Read the account here.

Are you kidding me?

Friday, April 10, 2009

Never Doubt the Power of a Manila Folder

A chief terrorism officer resigned from the police force today after being photographed exposing a sensitive document containing the names of those about to be arrested in a terrorism investigation. The photographer was able to zoom in and read parts of the document marked “Secret.” Due to the picture, arrests had to happen that day instead of a few days later as originally planned.

Are you kidding me?

Friday, March 20, 2009

Arbitrary and Stupid Reason to Delete Emails

Would you burn the contents of your gray filing cabinets simply because of the cabinets were gray in color and without regarding to what's inside? No, that would be arbitrary and stupid.

So why would a company's policy require the deletion of all emails based on a time frame (e.g. 90 days) with no regard to the content of the e-mail? The decision to delete (or retain) should be based on the stuff (i.e. the content) that is written within the email.

Are you kidding me?

Friday, March 13, 2009

Gates of E-Discovery Hell

A company, through its CIO, has unleashed the gates of e-discovery hell on itself by instituting the practice of recording everything running through its internal network in an effort to protect the company’s trade secrets and intellectual property. Yes, everything would include all employees’ text messages and all employees’ phone conversations, even personal ones.

Are you kidding me?


Wednesday, March 4, 2009

Webinar: The ESI Data Map-What Inside Counsel and Records Managers Need to Know

Join Kahn Consulting, Inc., Quarles & Brady, LLP and The Intersoll Firm for a complimentary one-hour webinar on one of the hottest topics in the legal and records community today: data mapping. This webinar will break down the crucial facts about building, maintaining and using an ESI data map.

Key topics to be covered include:
  • How to build an ESI data map
  • The benefits of an ESI dta map
  • How--and where--an ESI data map fits into an organization's records management and records retention program
  • The value of an ESI data map from outside counsel's perspective
  • The value of an ESI data map from inside counsel's perspective


Lisa J. Berry-Tayman, Esq., CIPP - Senior Consultant, Kahn Consulting, Inc.

Kelly Twigger - Partner, Quarles & Brady, LLP

John P. Collins, JD - VP of Consulting, The Ingersoll Firm

Date: Wednesday, March 11, 1:00 PM EST

As a special thank you for attending the Webinar, we will be giving away 5 signed copies of Information Nation: Seven Keys to Information Management Compliance, second edition, by Randolph A. Kahn.

Register for the webinar here.

Tuesday, February 3, 2009

Kahn Releases Second Edition of "Information Nation": The Industry Bible to Information Management Compliance

With the current economic downturn, most organizations are trying to cut back. However in a world fueled by information, to ensure you remain “faster, better, cheaper and legally compliant,” it is more important than ever to have a comprehensive plan for information management compliance.

Internationally acclaimed author, industry expert and two-time Britt Literary Award winner Randolph Kahn has released the updated second edition of "Information Nation: Seven Keys to Information Management Compliance."

Published by John W. Wiley and Sons, the book explains why this is not the time to minimize costs in information management programs. It demonstrates how to succeed in this new environment by incorporating an information management compliance philosophy into the business processes and corporate governance structure.

The book is already receiving positive reviews from other industry experts.

“Who would have thought that Information Nation – the information management compliance ‘bible’ – could be improved?” said Jay Cohen, chief compliance officer at Assurant. “The second edition of this book is a must read for any person who cares about information management or litigation readiness.”

Kahn, founder of Kahn Consulting, Inc., shares this proven methodology that adopts the principles, controls and discipline necessary to build a solid corporate compliance program.

"Information Nation" details:

New developments regarding the Federal Sentencing Guidelines. Substantive changes were made to the Federal Sentencing Guidelines after the publication of the first edition. The book addresses the impact of recent case law upon the guidelines.

The electronic discovery amendments to the Federal Rules of Civil Procedure. The Federal Rules amendments have significantly changed the legal landscape for information management compliance. The second edition of "Information Nation" integrates the resulting changes into the content to provide the same kind of common-sense guidance which made the first edition a success.

New material incorporating information compliance news, legal decisions and regulatory updates. The field of information management compliance changes as quickly as the information technology field itself. The second edition of "Information Nation" includes new material encompassing these events and explaining how they affect the information management compliance environment.

Kahn is an internationally acclaimed speaker, consultant and award-winning author of dozens of published works including "Privacy Nation," "Information Nation Warrior," "Information Nation: Seven Keys to Information Management Compliance" and "E-Mail Rules." He is an internationally recognized authority on the legal, compliance, and policy issues of information and a trusted advisor and consultant to Fortune 500 companies, governmental agencies and court systems.

As founder of Kahn Consulting, Inc., Kahn leads a team of information management, regulatory, compliance and technology professionals who serve as consultants and advisors to major world-wide institutions.

The book is available now from John. W. Wiley & Sons at www.wiley.com and can be purchased from most major book sellers.