T2P Content Management, Records Management & E-Discovery News

Identity of Anonymous Wikipedia Editors Not Protected by First Amendment

2011-05-27T18:39:48Z

Jonathan D. Frieden writes:

In Faconnable USA Corporation v. John Does 1-10, 2011 WL 2015515 (D. Colo. May 24, 2011), the United States District Court for the District of Colorado rejected a ISP’s motion to quash a subpoena issued to discover the identity of anonymous editors of Wikipedia. Plaintiff alleges that the anonymous editors violated the Lanham Act and comitted trade libel and commercial disparaging by falsely posting that plaintiff is a support of Hezbollah, a Shiite Islamist militia and political party which has been designated as a terrorist organization.

Data management guidelines: Four records retention issues to address

2011-03-03T15:06:19Z

These data management guidelines will help you to determine what you should keep when implementing records retention for e-discovery and litigation purposes.

Justice Roberts: "This Isn't Personal, and Neither Are Your Corporate Records"

2011-03-02T03:37:12Z

In a unanimous decision on March 1, 2011, the Supreme Court held in Federal Communications Commission v. AT&T Inc. that corporations do not have personal privacy rights under the Freedom of Information Act (FOIA), reversing a 2009 Third Circuit decision (which we blogged about here).

The case arose because AT&T sought to block the disclosure of documents under the FOIA that it disclosed to the Federal Communications Commission (FCC) during a 2004 investigation relating to AT&T’s alleged overbilling of public schools under a program created to enhance telecommunications and information services access for public schools and libraries. Comptel, a trade association that represented some of AT&T’s competitors, submitted an FOIA request to access these documents. The FCC complied with the request, but removed information that was considered “trade secrets and commercial or financial information” (5 U.S.C. § 552(b)(4)) and information that “could be expected to constitute an unwarranted invasion of personal privacy.” (5 U.S.C. § 552(b)(7)(C), “Exemption 7(C)”). However, the FCC did not remove information that was sensitive to AT&T.

AT&T argued that no information should be disclosed under FOIA because the word personal as used under Exemption 7(C) applies to corporations. AT&T argued that the definition of the word person includes legal entities, and therefore the definition of personal privacy should as well. The Court rejected this proposition, deferring to the ordinary meaning of the word personal and holding that the word referred only to individuals. The Court also indicated that when used together, the words personal privacy “suggests a type of privacy evocative of human concerns- not the sort associated with an entity like, say, AT&T.” To lend further support to its decision, the Court also studied the rest of the statute and concluded that the existence of other exemptions available to entities under FOIA limited the scope of Exemption 7(C).

Fittingly, Justice Roberts, who penned the opinion, closed with his hope that AT&T would not take the decision personally.

Law Suit Filed: Google Faces Class Action over Gmail Scanning

2011-03-16T21:00:21Z

Google Faces Class Action over Gmail Scanning

E-Discovery In The New York Times

2011-03-17T21:04:05Z

E-discovery does not get much mainstream media coverage. Maybe once a year, either Fortune or the Wall Street Journal writes about it. The vendors included in the story get excited, but no one else notices.

So John Markoff’s story on March 4 in The New York Times about “Armies of Expensive Lawyers, Replaced by Cheaper Software” was remarkable on several fronts. First off, The New York Times is country’s leading newspaper, with a far larger readership than any publication which has written about e-discovery before. Second, the New York Times placed the story above the fold on its home page, ensuring all readers saw it. Third, and perhaps most important, readers responded and the story went viral, becoming the paper’s “most emailed” story for the next two days. It zoomed around the Twitter-sphere, Facebook, and LinkedIn, and prompted a flurry of thoughtful responses, most notably from Ralph Losey, Chris Dale, Posse List, and Jerome Kowalski.

Over the past 10 days or so, I’ve spoken to several corporations and law firms who are learning about e-discovery technology for the first time from this article. It’s been striking to feel their curiosity, excitement, and complete lack of concern about [allegedly] being automated out of a job. Corporate legal departments see the opportunity to get control over the process by using technology to bring e-discovery in-house; and law firms see it as a critical part of their role as trusted advisors to help their clients make well-informed decisions about e-discovery. Neither has any fear about leveraging e-discovery software where they can, because they know e-discovery is not as simple as self-checkout at the grocery store. As many commentators have pointed out, along with great technology, you still need smart people to operate that technology and make important judgment decisions.

In my view, what’s more important than the specific content of the story is the fact that the story was written, published, and read by so many people, who reacted to it in a profound way – by wanting to learn more.

As the industry grows, and the impact of e-discovery software is more widely recognized, there will no doubt be more many more articles about it in the mainstream media. But this was the first one to capture the popular imagination and – in the minds of many – put e-discovery on the map.

While managing records, manage risk - FierceContentManagement

2011-03-23T11:41:17Z

While managing records, manage risk
FierceContentManagement
Ours includes records management-specific issues," she added. Security is typically addressed in records storage, and many ECM solutions have permission and authorization settings. But is that enough? The insider threat may not be addressed explicitly ...

Data Destruction Policies – Is the data really gone?

2011-03-22T17:49:49Z

Following a year focused on preservation related instruction, we have a much better understanding of what is and is not permissible when it comes to data retention and destruction. Corporate legal departments and outside counsel should, at this point, have a set of working guidelines detailing the different steps of a litigation hold, protections provided by Safe Harbor provisions, and the legal ability to continue corporate data destruction procedures following completion of a litigation hold. At that point, it comes down to an IT exercise which can be very daunting given the potential multiple data sources and now, the additional 3^rd party service providers who may be in possession ofcontinue…

Cloud storage a steep climb

2011-03-21T10:00:00Z

Organizations in industries such as healthcare, finance, manufacturing and media are as concerned as ever about data security and privacy, but they aren't shying away from cloud storage.

Germany Identifies a Secure Way to Deal with Spam

2011-03-04T05:00:00Z

In theory, stopping spam is easy: just make it uneconomic to send millions of messages by charging for each one sent, or make senders authenticate their identity to stop address spoofing and simplify blocking.

3 Simple Reasons VoIP Abuse Will Grow

2011-03-08T05:00:00Z

In its recent annual security report, Cisco predicted VOIP abuse as a potential area for cyber crime growth.

Big Data Mining: Who Owns Your Social Network Data?

2011-03-09T05:00:00Z

An attractive application of Hadoop and other Big Data technologies is to analyze users' social activities, sometimes without their express knowledge

9 Security Tips for Protecting Mobile Workers

2011-03-09T05:00:00Z

The new working professional is always connected, and increasingly, the office is Starbucks, an airport, or home. With new flexibility comes new IT security risks for businesses. Basic defenses like antivirus are important, but not enough to keep corporate data from the increasingly sophisticated hacker.

Anonymous Releases Bank of America Related Documents

2011-03-14T04:00:00Z

The group of online activists known as "Anonymous" has released a batch of e-mail concerning Bank of America that was given to the group by a whistleblower who worked for a related mortgage and vehicle loan insurer.

Employee Communication: How to Calculate the Cost

2008-09-25T04:00:00Z

Tips on building a cost calculator to estimate what communications costs will be for moving or adding employees.

The Coming Shift To IT Value Generation

2011-03-22T17:15:35Z

The proliferation of clouds and external service provider appears to be causing a fortuitous shift in more than a few IT organizations: they now have a clear mission to generate value from IT.

This is a sharp contrast from earlier days when the majority of IT's effort was spent the inevitable treadmill of operations, maintenance and upgrades.

And the discussions are now starting to take an interesting -- and promsing -- turn for the better.

An Obvious Mandate For Value Generation?

Look across any set of traditional organizational functions, and you'll see that each has an implied mandate for unique value generation.

For example, at EMC, engineering has to deliver killer products. Manufacturing has to build them with amazing quality and at ever-decreasing costs. Sales and marketing has to figure out how to get these products into customers' hands in a variety of ways. Customer support has to deliver a world-class experience, and so on.

Even support functions, like HR, finance and legal has to figure out how to deliver unique value. Otherwise, the tendency will always be to use an external provider. Why use your scarce internal resources for something that someone else can most likely do faster, better and cheaper?

If whatever your group is doing isn't generating unique value, maybe someone else should be doing the task.

And that's true for IT as well.

A Change In The Air For IT?

Cloud and service provider concepts are starting to work their way into more IT thinking. You don't have to do everything yourself, and -- even for the stuff you have to do internally -- you can do it more efficiently with a private cloud.

Less time on the IT treadmill. More time thinking about how to generate unique value using IT.

It's a refreshing change in perspective when you encounter it. And the discussions I have with customers who are either in this mindset (or approaching it quickly) are some of the most stimulating IT conversations I've ever had.

My first exposure to this mindset came many years ago as I started to meet the IT groups that supported financial traders. They'd kill for milliseconds or sometimes microseconds. Exotic technology? No problem.

I realized that this was because they clearly understood the relationship between better IT capability and value generation. Not a perspective that was widely shared at the time.

But, as of late, I've noticed a sharp pickup in these IT-as-value-generator discussions. Maybe it's the economy, maybe it's because day-to-day stuff is better under control, I'm not quite sure.
Whatever the reason, it's definitely a vast improvement over the traditional sorts of IT-centric conversations.

As vendors, it can be a trap. Customer ask "how do I generate more value from IT?". Vendor responds "that's easy, just buy <insert name of product>". Not really what people want to hear ...

I think -- going forward -- the better vendors will be able to step a bit outside of their vendor-ness, and share real insights into how people are approaching value generation from IT.

And I, for one, want to be one those better vendors :)

How Do You Focus The Value Generation Discussion?

Having done this now more than a few times, I've developed a pattern to help stimulate the value generation discussion. I've found it's really more about a mindset than specific technologies.

One part is on the "what", e.g. what are some candidate focus areas to go explore? And, once we have a few of those in hand, I try and foster some discussion on the "how". Doing IT for sustained value generation appears to be subtly different than classical project-oriented IT.

This -- at it's essence -- is a business discussion. Although there are similar patterns within a vertical, there are enough differences between organizations that you can't assume too much.

Key Roles As Value-Generation Targets

One starting point I use is to simply ask -- who are your most important, value-generating workers? If you had to guess, what would be the top 5 value-generating roles in your business?

At EMC, that list would probably include engineering, customer support, pre-sales, sales and a player to be named later :)

Here's the underlying premise: use IT to increase the productivity and effectiveness of the people who generate the most value in the organization. And that's not always the group that's complaining the loudest, or has the most budget :)

This particular discussion can lead you to all sorts of productivity-enhancing topics: native applications on mobile tablets, self-service IT functions, on-demand analytics, collaboration and workflow, enterprise search, app stores -- and a whole lot more.

There's no pre-fab answer here, but once you start digging in to what these people really want and need, there's no shortage of potential value-generating IT initiatives. A caveat: productivity enhancing ROIs can be very squishy, although back-of-the-napkin guestimates can be quite compelling.

Key Relationships As Value-Generation Targets

Just about every organization has key customers or constituents, as well as an ecosystem that surrounds it. This leads to two somewhat related discussions.

First, what can IT innovate to help your organization get closer to its existing customers and partners? And -- second -- what can IT innovate to help your organization get closer to *new* customers and partners? You'd be surprised, for example, on just how many companies have to move beyond B2B to a B2C (or perhaps a B2B2C) model.

This triggers a whole discussion around CRM, analytics, 360-degree customer views, mobile apps, social business and probably a raft of other potential topics as well. All fun stuff.

Information Assets As Value-Generation Targets

Many businesses amass huge amounts of fascinating information as part of their ongoing business operations. Usually, it's just a by-product of traditional business processes, but -- reassembled, repositioned and juxtaposed with other information sources -- this data often can be an amazing source of new business value.

Health insurance companies that have repositories of patient histories, treatments and outcomes. Financial services companies that have intimate knowledge of spending -- and payment -- demographics. Even mundane companies like EMC have intimate knowledge of who's buying what kinds of technologies -- and how they perform in the field.

Maybe you're lucky enough to be setting on potential treasure trove, maybe not, but it's worth a look -- especially if you've got an interest in IT value generation. I always ask the question -- maybe you should too?

The "How" Is Turning Out To Be Different

When I meet an individual or group that's focused on IT value generation, I've noticed that they're not really like the bread-and-butter IT type. They think and act quite differently.

First, they're experts on the business. You can listen to them talk for quite a while without a tech buzzword coming out of their mouths. They really know what their business is today, what it's trying to be, and what needs to happen along the way.

Second, they're willing to invest in innovation. Gather some resources, try something out, learn from it, and decide what to do next. And do it quickly, please.

This contrasts sharply with the traditional IT big-project approach: formal requirements gathering, assemble the business case, etc. etc. Call it "fast fail", call it a lab, call it whatever -- it's about speed and agility vs. building the pyramids.

Third, they're willing to invest in generic capabilities vs. specific projects. They might not be 100% sure how something is going to be eventually used, but that doesn't matter, since they're pretty sure whatever they're doing is likely going to be useful at some point.

Fourth, they are usually willing to aggressively partner. They look far and wide inside and outside the organization for people and organizations who can bring something unique and interesting to the table. It's not the usual customer vs. vendor discussion.

The Road Ahead

My belief is that we -- as an IT industry -- will be rather consumed with this whole cloud thing for the next few years, and then we'll move on. It needs to happen, and -- thankfully -- it's all moving in the right direction.

Whether your cloud is private, public or a hybrid combination, there will likely be a large and meaningful "cloud dividend" that can be re-invested in the business. It will likely be a combination of more time and resources that can now be pointed at IT value generation, coupled with an agile set of services that can be quickly composed to deliver new capabilities.

We'll likely be investing a lot less time and effort in building and delivering IT services -- and investing a whole lot more time trying to figure out how to create new value from what's now readily at hand.

Personally, I find the whole topic of IT value generation fascinating -- perhaps for no other reason that it gives all of us something deeply meaningful to aspire towards.

Investing in Mobile

2011-03-27T21:47:29Z

Roundtable's Pitts: Mobile Will Connect Channels, Improve Security
Mobile will bring more banking channels together, says Jim Pitts of the Financial Services Roundtable.

Top 10 IT disaster recovery tips of 2010

2010-12-13T17:43:28Z

We've compiled our top 10 tips on disaster recovery from 2010. Learn about disaster recovery planning, cloud disaster recovery, disaster recovery maturity levels and more.

Concerns with cloud backup solutions: Security and performance top list

2010-12-14T14:22:59Z

Cloud backup services promise inexpensive capacity, lower capital expenses, and simplified data management. Learn the top concerns about implementing cloud backup storage through a case study of one administrator's move to a cloud-based backup service.

Records management: the plasterer's hammer?

2010-12-06T14:44:00Z

“For a field largely reliant on the active participation of the individual users responsible for creating, using and managing records to achieve its aims, much of records management appears sorely lacking in the depth and sophistication of its knowledge about those same user s, their needs and objectives”.

So begins the conclusion of the paper written by myself and Jay Vidyarthi and published in the latest volume of the Records Management Journal. (Vol 20, No 3)

The paper discusses the way in which records management has focused almost exclusively and to the exclusion of virtually all other considerations on the needs of ‘the organisation’ often to the detriment of the users we are so reliant upon. Records management is a discipline which strives for standardisation, consistency and uniformity; for example in the form of functional classification schemes attempting to map activities across the entire organisation with a view to constructing a ‘corporate file plan’ or shared metadata schemas. This drive to standardisation isn’t just evident within organisations, but across them – be it in the guise of ISO 15489 or any of the specification standards for an EDRMS – all of which have at their heart the desired goal of uniformity of approach.

Read any section of 15489 and it’s abundantly clear who the main beneficiary of records management is intended to be – and its not the user. Virtually every section defines its objectives in terms of the benefits it will provide to ‘the organization’ with the user(s) getting barely a mention. Now none of this may strike the user as particularly surprising, nor in any way negative. After all, records management has long strived to be acknowledged as a ‘corporate function’ alongside HR, finance etc and clearly many of the drivers for it (accountability, governance, regulation etc) tend to apply at the organisational, rather than the individual level.

None of this is intended to criticise, but to shed some light on why it is that records management often struggles to satisfy the requirements of the individual users it relies on for success and why it could be argued that it has given up even trying. At its most extreme this disparity between the design of many records management systems and the needs of the individual user is most succinctly summed up in a quote made by one EDRMS user to me once that ‘making me use an EDRMS is like asking a plasterer to use a hammer’!

This clearly puts records management and the technology we rely on to implement it (whatever that technology may be) in something of a quandary. Is it really possible for it to successfully serve two equally demanding masters? Can we really hope to find ways of meeting the myriad, highly specific, highly personal demands of our user community in a way which not only pleases each individual user but also in a way which continues to meet the obligations and interests of the organisation as a whole?

Carry on as we are and I fear the answer will continue to be ‘no’; but open our eyes and ears to some radical new perspectives and it could yet be a ‘yes’. Human-Computer Interaction, or HCI is a combination of computer science, cognitive psychology, sociology, information science and design which might just represent the ‘missing piece of the puzzle’. A blog post doesn’t provide the space to explore the detail – that’ what Jay and I start to do in the RMJ paper. Here it suffices to describe it as a structured approach which puts the users first to ensure that they can interact with the system in ways which meet their needs whilst also continuing to meet the needs of the organisation. By shining a light on the behaviour, needs, opinions, tendencies and motivations of end-users it’s the first step towards achieving truly effective records management systems. After all, give somebody a tool that patently saves them time, energy and frustration and they would be foolish not to embrace it; but so too we must acknowledge that the reverse is true and that to try to make somebody use a tool that promises to only help someone (or something) else but at their own personal expense and surely we must concede that they would be a fool to use it.

The implications of such a shift in emphasis are profound, for records management as traditionally conceived is a house built from the top down determined by the needs of the organisation, and not one built from the bottom up based on the needs of its users. But it also offers some tantalising prospects: not just RM systems that users actively want to engage with, but also the possibility that we could start to use this new found knowledge of user behaviour to design and create records management systems that can actually manage records ‘automatically’ (at least in part) based on this behaviour – in a way similar to that used by Amazon et al to organise their content to aid the user experience. Desirable? Definitely. Possible? Who knows, but what this space…

Data Protection Law and the Ethical Use of Analytics

2010-11-30T16:55:35Z

The Centre for Information Policy Leadership (the “Centre”) this week issued “Data Protection Law and the Ethical Use of Analytics,” authored for the Centre by Paul Schwartz, Professor of Law, Berkeley Law School, University of California. Marty Abrams shared this paper on November 30, 2010, at the European Data Protection and Privacy Conference in Brussels and plans to present the paper on December 1, 2010, at the Organization for Economic Cooperation and Development.

The paper examines the increasing role of analytics – the use of information to make decisions and to create new products and services – in 21st century organizations. Analytics provides a way for organizations to draw on the great quantities of information in their control or available from third parties. Leading authorities on the practice of analytics refer to the phenomenon as “the extensive use of data, statistical and quantitative analytics, explanatory and predictive models, and fact-based management to drive decisions and actions.” According to the paper, analytics takes the information that entities have, or to which they can gain access, and converts the information into knowledge they can act on.

The paper argues that analytics should be considered in a manner that takes into account the risks that a specific use of analytics poses to privacy and the kind of responsible processes that should accompany such use. It considers examples of analytics in action, including multichannel marketing, fraud prevention and data security, health care research and a variety of products for direct use by individuals.

The paper identifies four distinct stages of analytics: (1) collection, (2) integration and analysis, (3) decision-making and (4) review and revision. It also proposes that responsible data processing should be tailored to the discrete stages in which analytics is used. At the same time, the paper examines the complex questions that analytics raises for data protection law modeled on fair information practices and proposes a set of ethical guidelines for the use of analytics.

Organizations participating in this project included a cross-section of leading private sector companies that currently use analytics. The paper’s ethical standards were developed through a series of interviews and a workshop involving experts from those organizations. The Centre expects that this paper will form the basis for further discussions about applying data protection to advanced analytic processes.

Read the white paper. For more information on the Centre’s projects, please visit the Centre’s website.