Tuesday, July 23, 2013

Get on the Clue Bus and Revisit Your Email Retention Policy Randolph Kahn, ESQ.

Times change and sometimes your direction must change with the changing times. Evolve or wither is how some like to describe it. I prefer “get on the clue bus”.
The first book I wrote, “Email Rules” is over a decade old.  Shockingly, it is still published and sold today. “Email Rules” sought to give business folks a simple way to think about managing the complexity of email.
One of the simple rules of the book was that email should be managed by its content. Content is king, blah, blah, blah.  Nice perhaps, but I don’t believe that is practical guidance anymore.  Yes in a perfect world where each employee has one email a day and one easy-to-understand records retention rule to apply and a technology to manage it thereafter, managing by content would be terrific. But the reality is far from the perfect world of theoretical records retention. There was more than 2800 exabytes of new data last year alone created in the world. That is the data equivalent of about 140,000,000 years of continuous DVD movies.  There are around 150 BILLION emails every day.  
Believing that your employees can or should manage by content is not going to happen.  Most employees today have many hundreds of messages bombarding them all week long, from various communication tools, not just email.  Records Retention, if managed at the message or document level, if it was ever possible, would take a good part of the employees’ day every day and would be a very bad business decision.  After all, businesses are in business of selling things, providing service, making money and not having employees use precious time and resources to manage records. 
My view is that the retention rules that once made theoretical sense are today wholly impractical and undoable.  Plus we have a decade of experience to know what works and what doesn't.  Having employees classify and apply retention rules to an email message to manage it over its life cycle didn't work, doesn't work, won’t work, can’t work and you should be rethinking your policies. Remember—my admonition—“Evolve or wither”.   There are lots of ways to evolve your email management thinking depending upon your industry, users’ needs, litigation docket, IT realities, etc.  Here is one example.
In the last few months, several financial service companies have retained our services to revisit their email management strategy.  What is required NOW? What should our policy be NOW? How can we stop keeping everything forever NOW?  For large businesses keeping all email messages forever is an expensive proposition—costs millions or tens of millions of dollars and isn't required. 
In fact, no law requires that a financial service company keep all email, forever.  Yet some broker-dealers do just that-- retain all email indefinitely.  It is fear? Perhaps. Is it not knowing the law? Maybe. Could it be the lawyers have forced the IT department into preserving everything forever because its perceived  an insurance policy against discovery failures? Probably each of these motivates the brokers. But it's ill-guided because when do you stop keeping everything forever and how can you clean up the past.  (We can help you clean up the past, just ask me I will tell you all about it, but that’s not today’s blog)
As the law for the broker-dealers are well settled and cases reviewed on this very topic elucidate,  maybe its time to evolve your thinking on email retention. If you are a broker subject to the Broker-Dealer regulations, then FINRA Regulatory Notice 11-39 provides insights to your email management obligation. It states in pertinent part, “Rule 17a-4(b) under the Securities Exchange Act of 1934 (SEA) requires broker-dealers to preserve certain records for a period of not less than three years, the first two in an easily accessible place.
1 Among these records, pursuant to SEA Rule 17a-4(b)(4), are “[o]riginals of all communications received and copies of all communications sent (and any approvals thereof) by the member, broker or dealer (including inter-office memoranda and communications) relating to its business as such, including all communications which are subject to rules of a self-regulatory organization of which the member, broker or dealer is a member regarding communications with the public.” 
When the SEC “interprets” their own rule, they conclude that a broker can satisfy the Broker-dealer regulations by retaining all email for 3 years even if the rules says a minimum of three years. See the regulator’s position below on this issue making clear that keeping all email for 3 years will satisfy the rule.

Further, when these matters get to Administrative Hearings, the way its addressed is similarly clear that 3 years and out is defensible. Neither the SEC nor FINRA demand brokers require that employees apply different retention rules based on the underlying business value of the message.  And they aren't demanding that all message be retained forever either.


It gets way more complicated for the financial services companies that are subject to additional or different regulatory frameworks, as well. So, if you are subject to the Investment Advisers Act or Dodd Frank Swap retention rules, for example, they are going to require different retention rules.  While I don’t want to get too deep into the legal issue (email me at rkahn@kahnconsultinginc.com if you want to talk about it), the real point is that it may be a good time to revisit and evolve how you retain email and see if there is a better way.
What if its way simpler and legally defensible to keep email for 3 years and then purge it unless its needed for audit, litigation or some other formal matter.   Why can’t you carve out the exceptions for the folks that are subject to Dodd Frank or the Investment Advisor’s Act or some more restrictive rules and mange those employees outside the general rule.  There are so many things you could consider, but last on my list is keeping everything forever. Not smart. Not needed. Not inexpensive. Not Productive. Not economical, not required. Not easily unwindable.
For companies subject to different regulations there is similarly different, easier and productive ways to attack email retention.  No laws or regulations for any industry require that all email be retained forever. Perhaps more importantly, when relooking at the retention question it is worth considering that employees rarely access messages a short while after they are sent or received.  So why are you keeping all that stuff anyway?

I have written numerous e-communications policies and have changed my thinking many times since I wrote “Email Rules”. I have hitched a ride on the clue bus many times and have taken clients for the ride over this very issue many times in recent years.  Keeping a petabyte of email costs millions just for storage, saying nothing of wasted resources, employee efficiency, privacy risk, litigation expense, etc. Keeping everything forever isn't tenable when information is growing at 30-50% per year.  I don’t believe your company is really benefited by keeping all email forever anyway.  I know there is a lawyer somewhere that sleeps well tonight, but there are a bunch of IT and business professionals that suffer many sleepless nights thereafter trying to manage the pile of digital debris and pay for it out of a limited budget.  The only way through this Information “Perfect Storm” is rethinking, evolving, reeducating, redrafting and getting practical albeit imperfectly.   

Thursday, May 9, 2013

Hanging with my Legal Peeps and Giving out Some Well Deserved Tough Love

“A big shout out to all the lawyers in the hizouse.” “Give it up for all the attorneys”. “‘Hey lawyers, when I say ‘Ob’ you say ‘structionist’, ‘OB’.” “I can’t hear you.”   Ok, when I say “your IT department thinks you’re THE problem,” you say “really?”.   “Your IT department thinks you’re the problem”.  And a painful and profound silence befalls the harried hallowed hallways of your corporate law department.  What if your thinking is wrong.   What if you believe your course of action is prudent but in fact it’s dead wrong.  It’s not as though you set out to tell your whole company that from today forward that no information will ever be destroyed.  But for many companies that is the precise situation in which they find themselves. Maybe it has nothing to do with you and your legal eagle pals, but if experience is any guide that is probably not the truth. If you are an in-house litigator maybe your thinking is misguided because you think tactically at the lawsuit level not strategically for the enterprise. Or perhaps, it’s because you are only concerned about the lawsuit you face today not what happens when you say to the IT department stop destroying anything even if policy otherwise allows its destruction. Maybe it’s because from your vantage point you are always looking backward at evidence created in the past not forward at business efficacy through information accessibility. But I think you are likely, at least, part of the problem. 

So I have devised “Randy’s Twelve Step Program To Help Lawyers Own and Combat Information Hoarding” (herein after referred to as “RTSPTHLOACIH”). Maybe it will help you and your law department start to rethink your approach to litigation response and maybe help build a better relationship with your IT folks—who are desperate for some of your lawyer’ brilliance and legal love, not to mention, a simple answer to the 15 plus questions they have asked over the last few months, for which they are still patiently waiting a real response. BTW-“it depends” is not a useful answer for your IT folks. To them it means “the lazy lawyers are a pain in my server”.

RTSPTHLOACIH (also referred to as “Randy’s Twelve Step Program To Help Lawyers Own and Combat Information Hoarding”)

1.            Storage is not cheap—unit cost may be going down by a few percent per terabyte but because your organization’s information footprint is likely growing at 20—50% per year, you are spending way more to store information.

2.  “Information” is broader than “records” and “evidence” may include records and non-records provided it’s potentially relevant. So by retaining all information, your organization is tacitly agreeing to manage all information as though it’s a bona fide company record, which carries with it huge responsibility.  Getting rid of non-records allows your company to save big bucks and be way more efficient. 

3.   Records Retention rules allow and REQUIRE that records are properly disposed at the end of their useful life. But you stopped that process from happening when you countenanced the “keep everything” approach to litigation response or failed to promote the disposition of electronic content pursuant to your Records Retention rules.

4. Put another way, if you allowed your company to keep everything and no longer purge records when their period of retention is up, then you are responsible for violating your own Record Retention rules by failing to follow them (absent a court order to keep everything which is rare).

5.  Litigation costs are soaring in part because “keep everything” makes finding the relevant needle in the irrelevant haystack that much more complex, burdensome and expensive. Knock it off.
6.  Many large companies are now spending tens into the hundreds of millions of dollars per year just to store  information and thinking search is omnipotent and storage is free provides a fallacious basis for failing to clean up the digital data debris. 

7.   Your organization can’t keep all information forever—your business people spend too much time trying to find needed content and more often now they can’t find it at all or its taking way too long. You think the CEO would opt for business inefficiency so that you can sleep well tonight after you represent  to a court “nothing could have been destroyed, because we keep everything”.  (BTW-last year the MER Conference I heard an enlightened Federal Court judge admonish those who were over-retaining and over-preserving as he extolled the virtues of shorter and more uniformly applied retention rules.)  
8.    Litigation response requires taking action up front and segregating responsive information from the rest of the company information, otherwise you can’t apply retention rules and dispose of outdated information downstream as everything is commingled. A more proactive approach to litigation response may cost short term money but there will be long terms gains. (don’t believe me, email me (rkahn@kahnconsultinginc.com and I will show you the business case). If everything is commingled and not flagged for preservation, getting rid of outdated content is all but impossible without huge expense.

9.   Your IT department needs very specific help to clean up the past information piles otherwise their systems will break and budgets will be decimated retaining loads of outdated information unnecessarily. You can help save your company millions and help develop a new Information Governance construct. You want some real IT (maybe even CEO and CFO) love, help Defensibly Dispose info crud.

10.  Employees can’t do the heavy lifting of records retention and litigation preservation any more as there is too much stuff to go through.  Harnessing technology to better deal with discovery will be essential.  Maybe you can use some of your budget to fund an IT technology purchase that both the law department and IT can benefit from and you can garner even more Nerd Love.

11.  Technology is way better at managing information than people. Evolve your old school paradigm. Employees don’t have time to search and classify and if they did, they would do incredibly poorly at the task. Evolve or wither.

12. Courts have recognized that technology should be used to help manage information.  Become a Change Agent and get on the Clue Bus.

When I say “I” you say “T”.  When I say “Legal dogs” you say “are in the IT Hizouse”.  And as the sun rises over another “faster, better and cheaper” company,  you can hear a youthful exuberance of a member of the IT department say “put your pocket protectors down fellas, so I can introduce you IT nerdlets to our legal homie”.  15 minutes later…the CFO gives you the business process improvement award for fixing litigation response, cutting e-discovery costs, helping the CIO save millions on the burgeoning storage budget, cutting customer response time, and bringing about world peace.  And with plenty of time to redline a contract and eat a pound of flesh before you go to lunch, you realize you are truly valuable.  BOOM.  

Monday, March 18, 2013

Stop Whining Already

As I was extracting the plastic butter knife from Bob’s frail and thin-skinned chestal cavity (as you recall, Bob is our archetypical records manager that I love to pick on), in a rare moment of decency, I couldn’t help but realize that maybe I was too harsh and should reflect upon my pointed last blog post that made Bob feel so bad about himself.  If you need to refresh your recollection, here it is (http://areyoukiddingme.kahnconsultinginc.com/2013/03/dont-shoot-messenger-records-management.html )

People tell me they are tired of “issues spotters”. That is the cynical and negative types like me that hone in on corporate America’s information management failings while eating popcorn just to point out the obvious. “I get that discovery is painful and expensive—help fix it”. “I get that records management is utterly broken—help make it better”. “I get that I am a powerless “Army of One” with a records management agenda that would keep 12 people busy and report to a knucklehead that doesn’t care, but get me funding to do something productive”. Ok I get it, you want solutions not the “in your face” slap of reality that reminds you that you have already been replaced by the IT folks and your days are numbered. 

Here are 7 things that you can do to transform your career

1.            SIMPLIFY-Rework all records policies and retention rules so that they can be applied by technology. If you have event based retention, get rid of it unless ABSOLUTELY required by law. Lots of folks point to imaginary laws that they claim requirement event triggers. Do the research and you will realize you are wrong lots of the time. In any event, work with your lawyers to get agreement to simplify, simplify, simplify.  Make it practical and seek reasonableness.
2.            RELOCATE-Politic to have records management be part of the IT department. They have money, control all info and need your help. I have heard the debate for years now. In fact, I hear it every year for 2 decades—where is the best corporate location for information management? Stop the debate find a better home, where you are loved.
3.            MARKET-Change your program to an Information Governance program, and market what you do, build support, and go and win budget for valuable initiatives. You are a business not an indigent on the dole. Make yourself valuable and sell your wares just like everybody else does.
4.            BUSINESS FOCUSED-Stop trying to get approval for saving 12 dollars by destroying 6 boxes of paper. Think big and think value to the business and what executives care about. If your information governance program saved millions of dollars and made the business appreciably more productive, the executive would take note. Defensible Disposition is a winner project for IT, Legal, Users, Customers and Executives. Go build a team, get buy in and elevate retention to a place of import.
5.            EDUCATE- Our world doesn’t need old tools, it needs really smart folks with knowledge of technology that makes things hum. Get busy and get smart ASAP.
6.            BUSINESS CASE- The  way you will get budget is to have a plan to attack a business problem. The plan will demonstrate how much it will cost, how long it will take, how many internal and external resources it will take, and WHAT THE ECONOMIC BENEFITS WILL BE TO THE ORGANIZATIOIN. If a project costs a lot and doesn’t provide calculable economic benefit it won’t get funded. If it is little in value to the organization nobody will care.  Think big and think smart. Cleaning house of 30%of the information crud clogging the pipes will be valuable because it can save major money.
7.            STOP WHINING-Bob, no one likes to hang with victims. Start to see yourself as a valuable asset to the company. Think money, not boxes. Think service provider, not box pusher. Think budget, not justifying your salary. Think relationships, not about being browbeat by the head of Real Estate to whom you report, but who cares naught for you.  Become, faster, smarter and business value focused.

Maybe if you can successfully take that on in the next 12 months, you won’t be so interested in collecting chapter pins at the next ARMA International Conference anymore.

Thursday, March 7, 2013

Don’t shoot the messenger-Records management, as we know it, is dead.

The death of records management came silently, almost without any warning or notice. As Bob dragged his last banker’s box from one side of the dank basement to the unlit portion of the massive underbelly of the company, he let out his last gasp. The executives were not present and indeed took no notice. No gold watches. No kind words. To add insult to injury, the e-discovery hot shot lawyer was immediately circling around Bob’s decaying middle age mass to glom onto anything of value. There was lots of value but it wasn’t packaged up pretty for the corporate world to see, so the pickins were easy and plentiful.

Riddle me this?

Is it practical to expect your employees to classify company information given today’s information volumes?
Would your executives really want all employees to spend 10-20% of their day doing records management?
Do record management procedures help the business be more agile and competitive?
Should employees be expected to go through hundreds of millions of files from the past to determine if they still harness any on-going business value?
Does your records program really apply those retention rules to all electronic records across the company—or to any of it for that matter?
Does keeping everything just in case you get sued make sense given that your company already struggles to find needed business information?
Can your records program claim millions in savings from its activities?

Truth is, most would answer each of the questions with a resounding NO.

Records management once stood for the proposition that employees could and would code each record so that it went away at the end of its useful life. Those days are over.
Records management once stood for the belief that if everyone did their part, managing all content would be easy enough. That’s never going to happen again-- if it ever happened before.
Records management once stood for the idea that people (not technology) had to make business decisions about business content. That became wholly untenable as we created nearly 2800 new exabytes of data last year alone (IDC). One Exabyte is the data equivalent of 50,000 years of DVD movies - just to contextualize the enormity of the problem.

I have spent the last several years trying to figure out how to rework records management to deal with today’s volume and complexity of managing e-information. Part of that answer is Defensible Disposition (check out www.Delve.us) —how can we take simplified retention rules and apply them to electronic content without relying on the employees to do the heavy lifting? How can we attack different chunks of data to clean house of unneeded business content in a legally defensible way? In some cases, Defensible Disposition turns into an auto-classification exercise using technology to analyze and classify data. In other situations, it is a rather different exercise, looking at junk file types and making reasonable decisions about what content can be disposed. Big picture is this—making sure that retention requirements and preservation needs are satisfied before content is laid to rest and doing so with as little employee involvement as possible. Sometimes that means taking on big chunks and sometimes that means training retention rules to a computer crawler to classify content. But what it no longer means is that Bob’s replacement is going to be hauling boxes or the electronic equivalent.

Let me tell you about Bob’s replacement. She is super smart. She is a business person first and an IT person second. She only inherited records management because of Bob’s untimely demise. She will have no problem learning records management. She will bring fresh eyes and not be clouded by the “old school” ideas of records management past. She looks at Defensible Disposition as a way to clean up a big pile of digital crud and save the company millions, while making litigation response less onerous and increase profitability by making business “faster, better, cheaper.” She won’t let perfect get in the way of practical. To borrow a line from a song, “her future is so bright she needs to wear shades.”

I sat grave side at Bob’s funeral today. There were so many nice people saying so many kind words. One colleague stood and said that without Bob the boxes in the basement won’t move so often and so quickly anymore.

One man’s demise is another’s opportunity.

Randolph Kahn

Thursday, February 21, 2013

Get Your Information Retention Under Control

Most sizable companies spend millions or tens of millions of dollars every year storing unneeded business content.  So please don’t get me started about the fallacious “storage is cheap” hokum.

The CIO is tired of having his dog wagged by the legal tail whose mantra is getting old. It sounds like this-- “But wait, WHAT IF we need that one document for a lawsuit and its gone”. So don’t get me started about how we should keep everything just in case there is a lawsuit down the road for which we need a specific document. That approach is contrary to your records policies and makes little or no sense.

Ok this is the reality, you can’t keep everything forever, buy you are afraid. If only I could hear it from a judge that would make me comforted.

Your wish is my command. I’m a Defensible Disposition fairy.

A lawyer seeks to justify why her company needs to keep all information.
“…part of the reason eDiscovery is so expensive is because companies have so much data, that serves no business need, but it’s so easy just to keep it there…. I think despite the economy, companies are going to realize that it’s important to get their information retention, their information governance under control, get rid of the data that has no business need and mine the data that has business needs – you know the so called Big Data – things like that in ways that will improve the company's bottom line on the business side and reduce costs on the eDiscovery side as a benefit as well.”

United States Federal Magistrate Judge Andrew J. Peck, “JD Supra Law News,” February 4, 2013.