Compliance

CIO's Take Center Stage in Epic Apple vs. FBI Battle

Information Security: Apple vs. FBI.

It seems as if everyone is choosing a side in the Apple vs. FBI battle over customer data privacy and security. As an organization that understand the comprehensive need for corporate governance standards, this conflict hits right at home. Having a software that is proficient in supporting legal firms and government agencies, you could say that one of our strong suits is in managing sensitive client matter and this is done so with collaborative development of a proactive information strategy.  I will state here that we decline to choose a side to stand on, however, we can begin to take a closer look at how this case can be explored through a governance lens.

Applying an information management solution would require the creation of a corporate governance framework. This is the first step in designing an information governance strategy for your business. There are certain industries where client privacy would weigh in as a significantly more important stakeholder. Industry level heavyweights that rely on strict client data privacy would include: law firms, medical organizations, and banks. The Silicon Valley isn’t often spotlighted in regards to client data breaches whereas JPMorgan Chase, Sony Entertainment, or the 112 million records in the healthcare industry were in hot waters.

The Silicon Valley has been relatively immune to client data breaches due to the autonomy of giant technology companies such as Amazon, Google, Facebook, and Apple, these tech giants take care of themselves and have created in their wake, incredibly secure, privacy driven products and solutions for themselves and their customers. So secure in fact, that government agencies, such as the FBI, are legally asking for assistance in hacking through these encrypted firewalls.

The Wall Street Journal writes that, “CIO’s are at the center of [the] battle over security [and] privacy,” in regards to the public battle between Apple and the FBI. This battle has received extreme scrutiny on both ends, think Snowden’s heroic tweets and President Obama’s full support of the FBI. Apple is an organization that receives a majority of its revenue from product sales and these products are advertised as highly secure and private.

The customers of Apple trust that Apple has their best interest in mind with privacy as one of the largest issues. As a consumer, you don’t want just anyone to be able to access your iPhone if you so happen to lose it. We keep almost everything on our personal mobile devices so that scenario tends to terrify people. When privacy is concerned, everyone is always up in arms. So, what is Apple doing from a governance lens that we should take a closer look at?

Right now we are witnessing something that tends not present itself often to the public. Battles such as these tend to stay within the office of CIO’s and that is where they’re resolved. What is happening now between Apple and the FBI is that the corporate governance policies of Apple is being physically acted out and implemented. As stated earlier, corporate governance policies are created with an information governance framework and Apple’s policies restrict them from aiding the FBI in which they’ve been asked to provide a hacking software that would break into their own product

There is wide concern on whether or not these breaches of privacy could lead to colossal breaches of privacy for all iPhone customers when in the hands of the FBI. Consider that there have been widespread privacy breaches before such as last year’s hacking of 21.5 million US government computers. CIO’s must decide how this situation should be handled and it’s important to consider that there’s no one side in this when it’s your organization involved. Today, we see that Apple had developed a thorough and strict corporate governance strategy regarding customer privacy and security and the FBI request would be considered a breach of policy. As a CIO, what would you do?

 

Compliance and Governance Go Hand in Hand

The year 2015 has been the year of change within the information governance realm. The move towards a broader understanding of information governance and how it must be studied and applied to current organizations of today, are not only multifaceted, situations in question are fluid and consciously expanding as we speak.

What I mean by this is that organizations must charge responsibility unto their Chief Information Officer in regulating, monitoring, and applying compliance to all data that an organization may create. Without this proactive effort into managing the lifecycle of data, room is left for error in workflow efficiency, transparency of applied corporate governance, and the risk of compliance disputes.

Directing this conversation specifically into the legal sector, it’s vital to understand that legal compliance and corporate governance practices go hand in hand. Believing otherwise is a grave miscalculation when considering that a law firm must remain transparent in practice and guided by ethical rubrics all the while functioning as a profitable enterprise; it’s imperative to not let the latter blur into how the prior objectives are handled.

Robert F. Cusumano, partner in Crowell & Moring’s New York Office, recently published the article, “The Conscience Role: What Does it Mean?” on Inside Counsel, a legal magazine. Cusumano states that, “in a corporation, habits and rules are called governance, and they are enormously affected by ethics, fairness, justice, and, in general, issues of conscience. By ‘conscience,’ I believe that Cusumano is referring to the integrity and principles that all law firms are guided upon.  

This notion is of considerable value to law firms practicing without proper information governance due to sunsetted products or inefficient data management practices. Law firms must find solutions for their information that aligns the management of said information alongside legal compliance and defensible disposition.  Chief Information Officers that are experienced in both legal practices and information management will acknowledge the significance of this dual responsibility.

Information governance has made its mark in 2015, but it’s expected to take an even greater stand in 2016. It would not be wise for any law firm to continue setting this issue on the back burner. If your firm is not working to address good information governance practices for your information management system, then the handling of corporate governance and overall compliance will be at risk.  As I stated earlier, legal compliance and corporate governance go hand in hand – so, don’t risk the integrity and principles of the firm with inadequate information governance.

Are You Hoarding Your Data?

Reality television has opened up the public’s eyes to the very real problem of hoarding. The sight of a hoarder’s home is often shocking and quite honestly disturbing. In business most people and organizations don’t consider themselves to be hoarders. However, when we take a look at some companies’ lack of disposition policies regarding their records, they exhibit the “hoarding” mentality. The fear of getting rid of records too soon is easy to understand. Companies face the possibility of costly legal risks if they dispose of data sooner than needed. So what’s the solution? Well couldn’t you just hold on to as many records for as long as possible? No.

This is the common mistake companies are still making today. Preservation of records is an issue overlooked by many companies, presenting challenges of increasing storage costs and problems with managing a growing volume of unneeded information. Instead of focusing efforts on trying to keep data forever, an emphasis must be placed on defensible disposition.

The key to avoiding both over preservation and premature disposition of records is understanding defensible disposition and putting policies in place to enforce it. Defensible disposition ensures that data no longer possessing business, legal, or regulatory value is disposed of properly and according to your retention policy. Following an enforceable retention policy mitigates risk, and lowers electronic and physical storage costs.

Making defensible disposition possible requires collaboration between legal, IT and records management departments in your enterprise. Together these departments are able to develop proper standards and policies to improve the entire lifecycle process from the creation to the disposition for your records. Policies must be established for all content types within the enterprise and they must be enforced once put in place.

This may seem like a daunting task to take on, but FileTrail solutions allow your company to create, maintain and automate information governance policies including retention schedules for defensible disposition. FileTrail takes these policies and automatically applies them across all your data, both physical and electronic. With FileTrail policies are enforced through actionable dashboards to assure standards are being met. Now you can breathe easy knowing you don’t need to (and shouldn’t) hold on to your data forever.

Unified Records Management in SharePoint 2010

SharePoint is often used by organization for document management, but FileTrail has taken it a step further, making it possible to have a unified records management system. Unified records management allows organizations to manage both physical and electronic records within the SharePoint platform. There is no need to use a separate physical records management system or have to synchronize data between multiple systems. Utilizing multiple systems for managing records makes it difficult to search for records, prevents uniform application of retention policies, and increases exposure to risk. FileTrail's unified records management solution provides greater visibility and control into the entire inventory of physical and electronic records within SharePoint. a member of the FileTrail team today to discuss how FileTrail for SharePoint can provide your organization with unified records management in SharePoint 2010.

Ensure Compliance with RFID

Organizations in all industries are facing the challenge of meeting regulatory compliance. With increasing government regulations and a rise in internal regulations, ensuring the compliance of assets has become both necessary and demanding. Fortunately, the utilization of RFID technology provides organization with an easy and efficient way to ensure compliance. With FileTrail RFID your assets are tracked as they move, allowing you to view an asset's current location and its location history. The knowledge of knowing where an asset has been provides critical data on asset usage. This heightened level of asset visibility also provides organizations with key information for purchasing, initial deployment, movement and disposition.

FileTrail's SmartMobile works to satisfy compliance by completing audits in a fraction of the time traditional audits require. This light-weight portable RFID reader works like a metal detector to conduct audits and locate missing items. Cut audit completion time by 85% and perform audits more frequently. The audit discrepancy reports help with reconciliation and accountability. Ensure your organization is equipped with the highest level of accountability, control and efficiency with FileTrail RFID.