Embed Size (px)
Citation preview
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL 1©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL
A Call To Action: RIM and eDiscovery for the Next Generation
September 24, 2012
Michael Salvarezza
LRN
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL
Summary of Key Findings
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL 2
Challenges
Explosive growth
in volume
of content creation
Rapid expansio
nin laws
and complian
ce regulatio
ns
Growing urgencyto gain controlof this dynamic
Title 21 CFR 11
PATRIOT ACT
MiFID
Social mediaand business
transformation
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL
Records Management vs. Social Media vs. Business
3
Social Media promotes:• Sharing• Collaboration• Open • Rapid access
to information• Casual,
informal, spontaneous
Records Management is about:• Governance
Businesses care about:• Agility• Complexity• Access to
information• Insights
derived from information
• Speed and results
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL
Governance Approach
• Legal, IT, business units (e.g., sales)
• Define roles/responsibilities
• Include next-generation workers
44
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL 5
Policy Approach
• Social media, BYOD, mobile computing, cloud computing
• No policy can address all instances, so focus on principles and extend trust
• Focus on what is critical to the business to keep
• Recreate vs. capture
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL
Set Policies: General Principles
• Lead with trust…and then provide guidelines
• Encourage responsible use
• Frame policies to address responsibility, not productivity
• Grant equal access
• Provide training
6
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL
Social Media Policies: Elements
• State objectives and purpose
• Include definitions and examples
• Define what is proprietary or confidential and prohibit its use on these sites (e.g., customer information, financial data, legal matters)
• Identify what is expressly prohibited (e.g., libelous comments, illegal activity, obscenity)
• Specify who may speak on behalf of the company
• Specify who will own work products created on sites
• Include legal and regulatory issues that apply
• Refer to specific security concerns
• Include discipline and ramifications
7
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL
Sample Guidelines
When on a social media site:
• Listen first, talk later; pause and reflect before actually posting
• Identify yourself; avoid anonymity
• Respond to ideas…not people
• Be respectful; always seek to add value
• If you are not authorized to speak for the company, specify that opinions are your own
• Know the facts and cite sources; do not guess
• Do not go “off the record”
• If you respond to a problem, you must follow up
8
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL 9
Records Management of Social Media
• Consider where the business record is created:
– If the record is created outside of the social media site, the copy posted to the social media site could be considered a “convenience” copy
– If transactional information created on a social media site is a business record under your policy, then have a mechanism in place to capture, store, search, and retrieve those records
• Ensure procedures specify that Records Managers review the social media site framework before the site is launched
– To assess capability for proper handling of business records
• Educate employees through training sessions and communications
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL 10
Mobile Computing and BYOD Policy Considerations
General Principles:
• Make sure the policy is enforceable.
• Do not rely on device specificity. (Devices become obsolete rapidly). Rather, make sure the policy is broad and general.
• Orient the policy from the business value perspective.
• Provide training on appropriate use of devices, proper management and security of information, segregation of personal and business data and IT informationmanagement controls.
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL 11
Mobile Computing Policy Considerations
Policy Considerations:
• Define accountabilities for control (user, IT, business unit, etc.)
• Address the distinction between personal and business data
• Ensure proper controls in the event of theft or loss of the device
• Provide coverage for business provided devices and personally owned devices
• Address funding of devices or the cost of controls, especially for personally owned devices
• Address different geographies
• Focus on both employees and contracted resources
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL 12
Mobile Computing Policy Considerations
Policy Considerations (continued):
• Define the appropriate use of business records on these devices and address requirements for retention of records
• Security Awareness/Privacy Awareness/Compliance
– Awareness should be addressed
• Human Resource considerations
• Use of devices for personal use
• Use of devices after hours and on personal time
• Use of devices while engaged in travel
• Inappropriate data and website access
Copyright © 2011 LRN Group Inc. All rights reserved
“We can’t solve problems by using the same kind of thinking we used when we created them”
Rethink
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL
Inspirational Leadership for Records Management
• Ambiguity is actually OK
• Take risks – go on a TRIP
• Challenge the status quo – try something different
• Find the value proposition
• Elevate the conversation
14
©2012 LRN Corporation. All Rights Reserved. CONFIDENTIAL 15
Single or double line title without division line
