Title Details

ROBERT F. SMALLWOOD is Partner and Executive Director of the Information Governance Institute at IMERGE Consulting. Mr. Smallwood is a widely recognized and published authority in IG, with special expertise in e-records management and e-document security. He has been quoted in the Wall Street Journal, Washington Post, New York Times, and appeared on C-SPAN, BBC, and a number of network news programs. Go to www.information-governance-training.com for IG education options.

PREFACE xv

ACKNOWLEDGMENTS xvii

PART ONE—Information Governance Concepts, Definitions, and Principles 1

CHAPTER 1 The Onslaught of Big Data and the Information Governance Imperative 3

Defining Information Governance 5

IG Is Not a Project, But an Ongoing Program 7

Why IG Is Good Business 7

Failures in Information Governance 8

Form IG Policies, Then Apply Technology for Enforcement 10

Notes 12

CHAPTER 2 Information Governance, IT Governance, Data Governance: What’s the Difference? 15

Data Governance 15

IT Governance 17

Information Governance 20

Impact of a Successful IG Program 20

Summing Up the Differences 21

Notes 22

CHAPTER 3 Information Governance Principles 25

Accountability Is Key 27

Generally Accepted Recordkeeping Principles® 27

Contributed by Charmaine Brooks, CRM Assessment and Improvement Roadmap 34

Who Should Determine IG Policies? 35

Notes 38

PART TWO—Information Governance Risk Assessment and Strategic Planning 41

CHAPTER 4 Information Risk Planning and Management 43

Step 1: Survey and Determine Legal and Regulatory Applicability and Requirements 43

Step 2: Specify IG Requirements to Achieve Compliance 46

Step 3: Create a Risk Profi le 46

Step 4: Perform Risk Analysis and Assessment 48

Step 5: Develop an Information Risk Mitigation Plan 49

Step 6: Develop Metrics and Measure Results 50

Step 7: Execute Your Risk Mitigation Plan 50

Step 8: Audit the Information Risk Mitigation Program 51

Notes 51

CHAPTER 5 Strategic Planning and Best Practices for Information Governance 53

Crucial Executive Sponsor Role 54

Evolving Role of the Executive Sponsor 55

Building Your IG Team 56

Assigning IG Team Roles and Responsibilities 56

Align Your IG Plan with Organizational Strategic Plans 57

Survey and Evaluate External Factors 58

Formulating the IG Strategic Plan 65

Notes 69

CHAPTER 6 Information Governance Policy Development 71

A Brief Review of Generally Accepted Recordkeeping Principles® 71

IG Reference Model 72

Best Practices Considerations 75

Standards Considerations 76

Benefits and Risks of Standards 76

Key Standards Relevant to IG Efforts 77

Major National and Regional ERM Standards 81

Making Your Best Practices and Standards Selections to Inform Your IG Framework 87

Roles and Responsibilities 88

Program Communications and Training 89

Program Controls, Monitoring, Auditing and Enforcement 89

Notes 91

PART THREE—Information Governance Key Impact Areas Based on the IG Reference Model 95

CHAPTER 7 Business Considerations for a Successful IG Program 97

By Barclay T. Blair

Changing Information Environment 97

Calculating Information Costs 99

Big Data Opportunities and Challenges 100

Full Cost Accounting for Information 101

Calculating the Cost of Owning Unstructured Information 102

The Path to Information Value 105

Challenging the Culture 107

New Information Models 107

Future State: What Will the IG-Enabled Organization Look Like? 110

Moving Forward 111

Notes 113

CHAPTER 8 Information Governance and Legal Functions 115

By Robert Smallwood with Randy Kahn, Esq., and Barry Murphy

Introduction to e-Discovery: The Revised 2006 Federal Rules of Civil Procedure Changed Everything 115

Big Data Impact 117

More Details on the Revised FRCP Rules 117

Landmark E-Discovery Case: Zubulake v. UBS Warburg 119

E-Discovery Techniques 119

E-Discovery Reference Model 119

The Intersection of IG and E-Discovery 122

By Barry Murphy

Building on Legal Hold Programs to Launch Defensible Disposition 125

By Barry Murphy

Destructive Retention of E-Mail 126

Newer Technologies That Can Assist in E-Discovery 126

Defensible Disposal: The Only Real Way To Manage Terabytes and Petabytes 130

By Randy Kahn, Esq.

Retention Policies and Schedules 137

By Robert Smallwood, edited by Paula Lederman, MLS

Notes 144

CHAPTER 9 Information Governance and Records and Information Management Functions 147

Records Management Business Rationale 149

Why Is Records Management So Challenging? 150

Benefits of Electronic Records Management 152

Additional Intangible Benefits 153

Inventorying E-Records 154

Generally Accepted Recordkeeping Principles® 155

E-Records Inventory Challenges 155

Records Inventory Purposes 156

Records Inventorying Steps 157

Ensuring Adoption and Compliance of RM Policy 168

General Principles of a Retention Scheduling 169

Developing a Records Retention Schedule 170

Why Are Retention Schedules Needed? 171

What Records Do You Have to Schedule? Inventory and Classification 173

Rationale for Records Groupings 174

Records Series Identification and Classification 174

Retention of E-Mail Records 175

How Long Should You Keep Old E-Mails? 176

Destructive Retention of E-Mail 177

Legal Requirements and Compliance Research 178

Event-Based Retention Scheduling for Disposition of E-Records 179

Prerequisites for Event-Based Disposition 180

Final Disposition and Closure Criteria 181

Retaining Transitory Records 182

Implementation of the Retention Schedule and Disposal of Records 182

Ongoing Maintenance of the Retention Schedule 183

Audit to Manage Compliance with the Retention Schedule 183

Notes 186

CHAPTER 10 Information Governance and Information Technology Functions 189

Data Governance 191

Steps to Governing Data Effectively 192

Data Governance Framework 193

Information Management 194

IT Governance 196

IG Best Practices for Database Security and Compliance 202

Tying It All Together 204

Notes 205

CHAPTER 11 Information Governance and Privacy and Security Functions 207

Cyberattacks Proliferate 207

Insider Threat: Malicious or Not 208

Privacy Laws 210

Defense in Depth 212

Controlling Access Using Identity Access Management 212

Enforcing IG: Protect Files with Rules and Permissions 213

Challenge of Securing Confidential E-Documents 213

Apply Better Technology for Better Enforcement in the Extended Enterprise 215

E-Mail Encryption 217

Secure Communications Using Record-Free E-Mail 217

Digital Signatures 218

Document Encryption 219

Data Loss Prevention (DLP) Technology 220

Missing Piece: Information Rights Management (IRM) 222

Embedded Protection 226

Hybrid Approach: Combining DLP and IRM Technologies 227

Securing Trade Secrets after Layoffs and Terminations 228

Persistently Protecting Blueprints and CAD Documents 228

Securing Internal Price Lists 229

Approaches for Securing Data Once It Leaves the Organization 230

Document Labeling 231

Document Analytics 232

Confidential Stream Messaging 233

Notes 236

PART FOUR—Information Governance for Delivery Platforms 239

CHAPTER 12 Information Governance for E-Mail and Instant Messaging 241

Employees Regularly Expose Organizations to E-Mail Risk 242

E-Mail Polices Should Be Realistic and Technology Agnostic 243

E-Record Retention: Fundamentally a Legal Issue 243

Preserve E-Mail Integrity and Admissibility with Automatic Archiving 244

Instant Messaging 247

Best Practices for Business IM Use 247

Technology to Monitor IM 249

Tips for Safer IM 249

Notes 251

CHAPTER 13 Information Governance for Social Media 253

By Patricia Franks, Ph.D, CRM, and Robert Smallwood

Types of Social Media in Web 2.0 253

Additional Social Media Categories 255

Social Media in the Enterprise 256

Key Ways Social Media Is Different from E-Mail and Instant Messaging 257

Biggest Risks of Social Media 257

Legal Risks of Social Media Posts 259

Tools to Archive Social Media 261

IG Considerations for Social Media 262

Key Social Media Policy Guidelines 263

Records Management and Litigation Considerations for Social Media 264

Emerging Best Practices for Managing Social Media Records 267

Notes 269

CHAPTER 14 Information Governance for Mobile Devices 271

Current Trends in Mobile Computing 273

Security Risks of Mobile Computing 274

Securing Mobile Data 274

Mobile Device Management 275

IG for Mobile Computing 276

Building Security into Mobile Applications 277

Best Practices to Secure Mobile Applications 280

Developing Mobile Device Policies 281

Notes 283

CHAPTER 15 Information Governance for Cloud Computing 285

By Monica Crocker CRM, PMP, CIP, and Robert Smallwood

Defining Cloud Computing 286

Key Characteristics of Cloud Computing 287

What Cloud Computing Really Means 288

Cloud Deployment Models 289

Security Threats with Cloud Computing 290

Benefits of the Cloud 298

Managing Documents and Records in the Cloud 299

IG Guidelines for Cloud Computing Solutions 300

Notes 301

CHAPTER 16 SharePoint Information Governance 303

By Monica Crocker, CRM, PMP, CIP, edited by Robert Smallwood

Process Change, People Change 304

Where to Begin the Planning Process 306

Policy Considerations 310

Roles and Responsibilities 311

Establish Processes 312

Training Plan 313

Communication Plan 313

Note 314

PART FIVE—Long-Term Program Issues 315

CHAPTER 17 Long-Term Digital Preservation 317

By Charles M. Dollar and Lori J. Ashley

Defining Long-Term Digital Preservation 317

Key Factors in Long-Term Digital Preservation 318

Threats to Preserving Records 320

Digital Preservation Standards 321

PREMIS Preservation Metadata Standard 328

Recommended Open Standard Technology-Neutral Formats 329

Digital Preservation Requirements 333

Long-Term Digital Preservation Capability Maturity Model® 334

Scope of the Capability Maturity Model 336

Digital Preservation Capability Performance Metrics 341

Digital Preservation Strategies and Techniques 341

Evolving Marketplace 344

Looking Forward 344

Notes 346

CHAPTER 18 Maintaining an Information Governance Program and Culture of Compliance 349

Monitoring and Accountability 349

Staffing Continuity Plan 350

Continuous Process Improvement 351

Why Continuous Improvement Is Needed 351

Notes 353

APPENDIX A Information Organization and Classification: Taxonomies and Metadata 355

By Barb Blackburn, CRM, with Robert Smallwood; edited by Seth Earley

Importance of Navigation and Classification 357

When Is a New Taxonomy Needed? 358

Taxonomies Improve Search Results 358

Metadata and Taxonomy 359

Metadata Governance, Standards, and Strategies 360

Types of Metadata 362

Core Metadata Issues 363

International Metadata Standards and Guidance 364

Records Grouping Rationale 368

Business Classification Scheme, File Plans, and Taxonomy 368

Classification and Taxonomy 369

Prebuilt versus Custom Taxonomies 370

Thesaurus Use in Taxonomies 371

Taxonomy Types 371

Business Process Analysis 377

Taxonomy Testing: A Necessary Step 379

Taxonomy Maintenance 380

Social Tagging and Folksonomies 381

Notes 383

APPENDIX B Laws and Major Regulations Related to

Records Management 385

United States 385

Canada 387

By Ken Chasse, J.D., LL.M.

United Kingdom 389

Australia 391

Notes 394

APPENDIX C Laws and Major Regulations

Related to Privacy 397

United States 397

Major Privacy Laws Worldwide, by Country 398

Notes 400

GLOSSARY 401

ABOUT THE AUTHOR 417

ABOUT THE MAJOR CONTRIBUTORS 419

INDEX 421