Compliance &Ethics - Society of Corporate Compliance and Ethics

More documents

Recommendations

Info

Featurefilers crazy (and vice versa), but most sensibleorganizations don’t enforce uniformity. Peopleare people, and they’ll work in the way thatpromotes productivity and comfort.Some employees have sinister reasons forkeeping or deleting documents (e.g., to covertheir tracks, to help them avoid retribution,or to preserve information that may be usedagainst others). And deleters can cause problems,because they might permanently removeinformation that has business value or shouldbe retained for legal or regulatory purposes.But most filers, pilers, and deleters have goodintentions and believe that what they save hasbusiness value and/or is tied to a businessprocess. If they’re wrong, their behavior, inaddition to making themselves less productive,can drive up storage and managementcosts and the risk and expense of eDiscovery.Document hoarding is a change managementproblemKeeping the right stuff, and getting rid ofunneeded, low-value information requires acombination of effective policies, processes,and technology. Perhaps most important,The downside of aggressive deletionSome IT departments react to the growth of information by aggressively deleting it accordingto established rules. For example, if files have not been accessed, classified, or changed forsome period of time (e.g., 60 days), then the information is deemed to have little or no businessvalue and is automatically deleted. The rationalizations for such behavior are threefold:··Storage space can be freed up.··Information is expunged before the organization finds itself in trouble, and as long asdeletion policies are documented, the organization can feel confident if it is challengedin court.··All employees—from the CEO on down—are (or ought to be) aware of the policies sothere should not be any surprises.Compliance & Ethics Professional May/June 2013The trouble with this strategy is that the IT department cannot be certain that everythingis truly deleted. Information tends to have a long lifecycle, especially when:··the recycling of offsite backup tapes does not match the aggressive deletion schedule;··employees can forward email messages and attachments to colleagues or send blindcopies to their personal email addresses (e.g., Gmail); and··files can be saved on USB drives, laptop storage, and at remote office locations, incloud-based applications like Salesforce.com or Google Drive, or burned to DVD by®employees on their home systems.The last two scenarios are examples of what we call “underground archiving” when individualsmaintain private repositories of documents, keeping information outside of the controlof the organization. Underground archiving is often a reaction to the imposition of storagequotas or enforcement of harsh deletion rules. People will squirrel away what they deem to beimportant. We find that about 30% of Fortune 500 companies we’ve spoken with are plaguedby information that practically lives forever in underground archives. Such data and documentsare discoverable, and the costs of identifying it and recovering it can be onerous.26 www.corporatecompliance.org +1 952 933 4977 or 888 277 4977
Featurehoarding is an information governance behaviorchange management problem.Information governance change managementis similar to, but different than traditionalIT change management. IT change managementfocuses on the impact and adoption of new systemsand applications. Information governancechange management is about impacting andmeasuring the change in users’ behaviors. Theobjective of information governance changemanagement is, in effect, changing the cultureof employee document hoarding.Effective change management starts withunderstanding current behavior. Why are youremployees saving documents? In some cases,the answer is that they are driven simply by a“CYA” mentality of needing this informationlater. But in many cases, this may be a minoritydriver. In our interviews with clients, we havefound that employeesare often driven tohoard by a number ofseemingly legitimatebusiness reasons,such as “I was told bymy boss I had to savethis.” Or, they receivedconflicting messages,such as “Legal sayswe have to save allcontracts in an MSGfile.” Ongoing businessprocesses (e.g., “Thisare part of our troubleticket process”) may also be a factor. Theiranswers may surprise you.One of the keys in achieving the desiredbehaviors is to identify the reasons employeeshoard. During our engagements, we foundthat conducting employee interviews is muchbetter than simply sending out surveys, albeitinterviews may take longer. Surveys may tellyou the “what”; interviews tell you the “why.”Interviews uncover much better and moreCentralized control ofdeletion, as an elementof a broader informationgovernance program,is needed so thatorganizations can overcomethe consequences ofinformation hoarding.actionable information, as well as the real painboth employees and their business units areexperiencing (e.g., “We are drowning in email”or “I spend hours every week looking forinformation.”) By uncovering this information,we can guide employees to change behaviors,leading to better information management,which makes employees’ lives easier by allowingeasier searches, access, and collaboration.There’s a “win” for employees here, and wecan use this pain to drive our initiative.Stop hoarding: Seven keys to successCentralized control of deletion, as an elementof a broader information governance program,is needed so that organizations can overcomethe consequences of information hoarding. Butmaking it happen is often easier said than done.We encounter many customers who believethat they know justhow to implementan information governanceprogram.By analogy, wheninformation technologyinitiatives, suchas enterprise resourceplanning (ERP) areintroduced, a significantamount of effortsurrounds systemdeployment. Whathappens when a newtool is moved intoproduction? What are the effects on infrastructure,process, and user experience?The objective of an information governanceprogram, on the other hand, is to modify userand organizational behavior. Chances are thatnew software and tools are required, but atleast as much energy must be expended onpolicy and process development, articulatingthe benefits for the company and employees,monitoring and auditing of ongoing behavior,Compliance & Ethics Professional May/June 2013+1 952 933 4977 or 888 277 4977 www.corporatecompliance.org 27
Page 7 and 8: NewsRegulatory NewsSupreme Court de
Page 9 and 10: SCCE NewsSCCE conference News12 th
Page 11 and 12: SCCE NewsNewsContact Eric Newman at
Page 13 and 14: Help Keep YourCompliance ProgramFul
Page 15 and 16: Featurequickly grasp the requiremen
Page 17 and 18: Featureinternal or external to the
Page 19 and 20: Michigan··Lisa Aragon, ITC Holdin
Page 21 and 22: ANY TIME.ANYWHERE.ANY MATTEROF RISK
Page 23 and 24: Boehme of Contentionby Donna Boehme
Page 25: Featureby Mark DiamondSeven strateg
Page 29 and 30: Feature··Programatically control
Page 31 and 32: The Art of Complianceby Art Weiss,
Page 33 and 34: Featureby C. J. Rathbun, CCEP, FLMI
Page 35 and 36: Featureinclude the protocols you ne
Page 37 and 38: Featurecompliance audits are alread
Page 39 and 40: Empirically Speakingby Leslie Altiz
Page 41 and 42: Featureby Steve CarrMind the gap!Wh
Page 43 and 44: Featurecontinue to grow as the pace
Page 45 and 46: View from the Front Linesby Meric C
Page 47 and 48: Featureby Scott Stetson, Esq.Politi
Page 49 and 50: Kaplan’s Courtby Jeffrey M. Kapla
Page 51 and 52: Become a CertifiedCompliance & Ethi
Page 53 and 54: that kind of volunteering is all ri
Page 55 and 56: y Frank J. NavranYou can’t cure s
Page 57 and 58: groups. If they are being done “i
Page 59 and 60: ··What are the barriers to succes
Page 61 and 62: high ethical standards and practice
Page 63 and 64: about to become a headline? And, gi
Page 65 and 66: For the past 35 years, my experienc
Page 67 and 68: www.corporatecompliance.orgprofessi
Page 69 and 70: y Cris Mattoon, JD, CCEPAn invitati
Page 71 and 72: y Peter FazioConflict of interest:I
Page 73 and 74: additional internal controls to ens
Page 75 and 76: Heading off potential gray area hea
Page 77 and 78:
sTakeawaysMay/June 2013Compliance &
Page 79 and 80:
Get expert guidance with:The Comple
show all

Compliance &Ethics - Society of Corporate Compliance and Ethics

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?