Here is the fifth and final (except for a bonus video coming soon) in our five-part video series where I asked 30 Information Governance the same 5 questions. This video is the longest of the five, as I ask our interviewees to tell us their favorite story about IG –  something that illustrates what it is, why it is hard, challenges they have faced and so on. There are some great stories, so get yourself a fresh cup of coffee and a snack and enjoy.

Tagged: ARMA, big data, compliance, defensible deletion, E-Discovery, e-mail, Information Governance, Information governance videos, information technology, interviewees, SharePoint, speaking, video, video series

Here is the fourth video in our five-part series where I asked 30 Information Governance experts the same question, then produced a 5 minute video of their responses. As you watch the series, it is very interesting to see the common threads that weave through the answers, depending on the role and the type of organization the interviewee comes from.

Tagged: ARMA, big data, compliance, E-Discovery, eDiscovery Journal, email, Information Governance, Information governance videos, information technology, technology, video

In the third (3 minute) video of our Information Governance video series, we ask 30 IG experts, “What are the biggest benefits of Information Governance?”

Once again, I wanted to think all of my interviewees, who did an amazing job answering these questions under pressure.

• Janet B. Heins – Director, Collaboration and IG, Biogen Idec (LinkedIn)
• Stephen Cohen – Records Manager, MetLife (LinkedIn)
• Randy Moeller – Global Records Management and Governance, Proctor and Gamble (Twitter)
• Patrick Cunningham, CRM, FAI – Senior Director, Information Governance, Fortune 500 Electronics Manufacturer (Blog)
• Laurence Hart  - CIO, AIIM International (Blog)
• Galina Datskovsky – Chair of the Board, ARMA International (LinkedIn)
• Darren Lee – VP Governance, Proofpoint (LinkedIn)
• Arlyce J. Vogel, CRM – Corporate Information Management Project Manager, Large Utility (LinkedIn)
• Robert Smallwood –  Executive Director, E-Records Institute & Partner, IMERGE Consulting (LinkedIn)
• Tamir Sigal – VP of Marketing, RSD (Twitter)
• Bassam Zarkout – Chief Technology Officer, RSD (Twitter)
• Robert F. Williams – President, Cohasset Associates, Inc. (Website)
• Conni Christensen – Founding Partner, Synercon Management Consulting (Website)
• Chris Perram, MBA – Owner, Perram Corporation (Website)
• Amir Jaibaji – VP, Product Management, StoredIQ (LinkedIn)
• George Dunn – President, Cre8 Independent Consultants (LinkedIn)
• Tod Chernikoff, CRM (Twitter)
• James Morganstern – Business Development Executive, Integro (LinkedIn)
• Stephen Ludlow – Program Manager, E-Discovery and IG Solutions, OpenText (Twitter)
• Francis Lambert – CEO, Records Technologies (LinkedIn)
• John Montana – CEO, Montana and Associates (LinkedIn)
• Craig Rheinhardt – Director, ECM Product Strategy and Market Development, IBM (LinkedIn)
• Gordon Rapkin – CEO, Archive Systems (LinkedIn)
• Keith D. Davis, MBA, CRM – RIM Program Office, Fortune 15 Healthcare Company (LinkedIn)
• Tom Reding, CRM – Principal, Information Governance, EMC (Twitter)
• Jill Hearn – Principal Product Marketing Manager, EMC SourceOne (LinkedIn)
• Matt Hillery – CTO, Fontis International (Website)
• Gordon E.J. Hoke, CRM – Independent IG Consultant (Twitter)
• Eugene Stakhov – Senior Solution Architect, Lighthouse ECM Group, LLC (LinkedIn)
• Beth E. Chiaiese – Director of Loss Prevention, Foley & Lardner LLP (Website)
• Sue Trombley – Director Consulting, Iron Mountain (Blog)

Tagged: ARMA, E-Discovery, Information Governance, Information governance videos, social media governance, speaking, technology

There is more interest in Information Governance than ever before, but there still continues to be a lack of clarity regarding IG fundamentals. To address this, I’ve produced a video series where I ask 30 IG experts the same 5 questions about information governance. Each interviewee had five minutes to answer the five questions, thus the name of the series: 5 Questions about IG in 5 Minutes. The, we edited the answers into as series of short videos. Watching 30 experts answer these questions rapid-fire is pretty compelling and instructive.

Each day this week I will post a new video, and I will be posting the full-length interviews as well. You will be able to find them here and on our YouTube channel.

Here are the 5 questions I asked:

1. What is Information Governance?
2. Who should own Information Governance?
3. What is the biggest benefit of getting Information Governance right?
4. What is the best way to fail at Information Governance?
5. What is your favorite story about Information Governance?

I wanted to thank each one of my interviewees. I really believe the IG community will benefit enormously from your time and insight.

• Janet B. Heins – Director, Collaboration and IG, Biogen Idec (LinkedIn)
• Stephen Cohen – Records Manager, MetLife (LinkedIn)
• Randy Moeller – Global Records Management and Governance, Proctor and Gamble (Twitter)
• Patrick Cunningham, CRM, FAI – Senior Director, Information Governance, Fortune 500 Electronics Manufacturer (Blog)
• Laurence Hart  - CIO, AIIM International (Blog)
• Galina Datskovsky – Chair of the Board, ARMA International (LinkedIn)
• Darren Lee – VP Governance, Proofpoint (LinkedIn)
• Arlyce J. Vogel, CRM – Corporate Information Management Project Manager, Large Utility (LinkedIn)
• Robert Smallwood –  Executive Director, E-Records Institute & Partner, IMERGE Consulting (LinkedIn)
• Tamir Sigal – VP of Marketing, RSD (Twitter)
• Bassam Zarkout – Chief Technology Officer, RSD (Twitter)
• Robert F. Williams – President, Cohasset Associates, Inc. (Website)
• Conni Christensen – Founding Partner, Synercon Management Consulting (Website)
• Chris Perram, MBA – Owner, Perram Corporation (Website)
• Amir Jaibaji – VP, Product Management, StoredIQ (LinkedIn)
• George Dunn – President, Cre8 Independent Consultants (LinkedIn)
• Tod Chernikoff, CRM (Twitter)
• James Morganstern – Business Development Executive, Integro (LinkedIn)
• Stephen Ludlow – Program Manager, E-Discovery and IG Solutions, OpenText (Twitter)
• Francis Lambert – CEO, Records Technologies (LinkedIn)
• John Montana – CEO, Montana and Associates (LinkedIn)
• Craig Rheinhardt – Director, ECM Product Strategy and Market Development, IBM (LinkedIn)
• Gordon Rapkin – CEO, Archive Systems (LinkedIn)
• Keith D. Davis, MBA, CRM – RIM Program Office, Fortune 15 Healthcare Company (LinkedIn)
• Tom Reding, CRM – Principal, Information Governance, EMC (Twitter)
• Jill Hearn – Principal Product Marketing Manager, EMC SourceOne (LinkedIn)
• Matt Hillery – CTO, Fontis International (Website)
• Gordon E.J. Hoke, CRM – Independent IG Consultant (Twitter)
• Eugene Stakhov – Senior Solution Architect, Lighthouse ECM Group, LLC (LinkedIn)
• Beth E. Chiaiese – Director of Loss Prevention, Foley & Lardner LLP (Website)
• Sue Trombley – Director Consulting, Iron Mountain (Blog)

Tagged: 5 Questions, aiim international, ARMA, compliance, corporate information management, E-Discovery, Information Governance, regulation, speaking

A few weeks ago, I mentioned that I was working on new feature article for Law Technology News about about how making more and more data “easily accessible” is both essential for Big Data to fulfill its promise and also a huge risk to privacy, intellectual property, and so on.

The promise of Big Data is based on a central assumption: that information will be easily, quickly, and cheaply available, on a grand scale. The plumbing of Big Data — the technology infrastructure — is designed to bring internet scale to enterprise data. Some of the surprising insights that data scientists hope to gain from Big Data analytics come from correlating information from disparate sources, in a context that was never imagined when the information was first created — such as correlating the type of computer used to book a trip with how much a traveler is willing to pay for a hotel room. Or using prescription drug history to screen health insurance applicants.

The problem of protecting privacy, intellectual property, and other rights will only grow more complex as our ability to access and process information becomes more sophisticated.

I also write about how these issues came to the forefront in the wake of the shooting tragedy at Sandy Hook Elementary school in Newton, CT. I also explore emerging technology that allows electronic content to “self-destruct.”

The article has now been published, and you can read it here (free registration required).

I was also interviewed about the article by Monica Bay, Editor-In-Chief of LTN, on Law Technology Now. You can listen to our discussion on the embedded podcast below.

Author: Barclay T. Blair

Tagged: big data, E-Discovery, Information Governance, information technology, law technology news, self-destruct, Social Media, technology

This weekend I was finishing up my next opinion piece for the fine Law Technology News. My piece is about how making more and more data “easily accessible” is both essential for Big Data to fulfill its promise and also a huge risk to privacy, intellectual property, and so on. Look for that in the next issue.

Part of what inspired me to write about this was the success of Snapchat, a mobile app that lets users “chat” using photographs instead of text. Neat idea, but the twist is that the images automatically disappear after 1-10 seconds (the time is set by the sender). As  you would imagine, Snapchat has gained a reputation as a teenage sexting tool, despite some indications otherwise. I set it up to see what all the fuss was about, and cajoled my wife to install it as well. Frankly I would say that any service that automatically deletes any self-portrait I have taken after turning 40 is doing me a huge favor. Anyway, Snapchat was quickly copied by Facebook, with its Poke application, although Poke seems to be less popular than Snapchat to date.

I did some more digging around in this space, and it turns out there are a number of startups focused on so-called self-destructing messages. For example:

• Vaporstream offers “secure recordless messaging” technology aimed at enterprise users
• A startup involving Phil Zimmerman, crypto-hero and creator of PGP, called Silent Circle offers secure mobile voice and messaging, including “burn notices” for text messages
• Burn Note: self-destructing email
• Wickr: self-destructing texts, pictures, video
• Gryphn: self-destructing text messages, with screenshot capability disabled
• Privnote: web-based, self-destructing notes
• Tigertext: enterprise-focused secure texting with message timers
• Burner: temporary phone numbers for calling and texting (hat tip to Bill Potter at The Cowen Group for pointing me to the last two on this list)

The category of “disappearing email” has been around at least since the late 1990s. In that era, a company called  ”Disappearing Inc.” got a lot of attention, but was not successful. A similar company called Hushmail from that era is still around, but suffered from some bad press when email that users thought had been “disappeared” was turned over in the course of a lawsuit. In any case, neither company ushered in a new era where email automagically goes away. However, given this new crop of startups, I wonder: were these 90s companies ahead of their time, poorly managed, or just a bad idea?

On the corporate side, I don’t see a large appetite for this kind of technology. I have had this conversation with clients many times, and although they love the idea in concept, they are very worried that using the technology will create the appearance of evil (just as the first thought we naturally have about Snapchat is that is must really be for sexting). Executives in particular feel that the use of the technology creates the impression of having something to hide. Perhaps if email had had this capability from the beginning, the risk would not be there. Corporate culture is conservative by nature, and no company wants to draw attention to itself in this area.

This fear is not without justification. Many general counsels are fearful of deleting any corporate email messages at all, which is why many of the world’s largest and “well-managed” companies have hundreds of terabytes of old email sticking around.  Remember that in the world we live in, prosecutors sometimes chastise companies for not keeping all their messages forever because, after all, tape storage is “almost free.” There certainly is a case to be made that spoliation fears are generally overblown, given the number of times spoliation actually leads to a a fine or judgement, but the fear of throwing away the wrong thing is not groundless. Getting rid of junk defensibly requires a logical, justifiable process.

Unless an organization is in a highly classified environment, I think most general counsels and their litigation partners would tremble at the thought of explaining why most of the company used “normal” email but their executives/salespeople/take your pick used “special” email that disappears. It does not pass the smell test. Selective use is problematic.

On top of that, you have users who find operational benefit from having records of their business activities in email. You also have the emerging world of Big Data, where email in aggregate potentially has big value if you get it onto Internet-scale infrastructure and point the right tool at it.

In any case, check out the full piece when it runs in the next issue of Law Technology News.

Author: Barclay T. Blair

Tagged: compliance, disappearing email, E-Discovery, e-mail, email, Information Governance, law technology news, phil zimmerman, self-destruct, Social Media

Late 2012 I was honored to provide a feature editorial for Law Technology News, a fine publication helmed by Monica Bay. You can read it online here (with free registration) or you can read it in full below.

Girding for Battle:  A clash is brewing between Big Data and e-discovery

When was the last time you sat at your computer and deleted old files? Yesterday? Never? Don’t remember? Before today’s ubiquitous search engines, there was practical value in being a filer rather than a piler — it was difficult to find a document in a filing cabinet without an index.

Today’s sophisticated search engines obviate the need to manually index. Search technology is wonderful if we know what we are looking for, but is it an information management panacea? Information is growing at an astonishing rate, so much so that the numbers used to communicate growth projections are now so huge that they are almost meaningless.

Until recently, this unfettered growth was generally viewed as hazardous. It drives up storage costs, makes it difficult to find the wheat among the chaff, and increases electronic data discovery risk and cost, the argument goes. The resulting mantra: “We need to categorize it, control it, and clean it up!” Companies have spent decades paralyzed by a near inability to adapt modernist paper records management programs to decidedly postmodern information systems. Today, no part of the organization (including IT) exerts centralized command-and control over data, and we have yet to find an easy replacement for the file clerk. Enter Big Data, where uncontrollable information growth is no longer viewed as evil, or even a necessary evil. In the Big Data world, system administrators now treat bursting databases and file shares not as a shameful secret shared sotto voce in committee meetings, but as something to brag about. In Big Data, information has no downside. It is exalted in Davos, where the World Economic Forum recently “declared data a new class of economic asset, like currency or gold.” It’s been profiled by The New York Times. Proponents call it “the new oil,” proclaiming it presents the biggest opportunies since the dawn of the internet.

So why does Big Data matter to the legal community? Because it heralds a new battle, over a single question: Should we keep the information we create forever, or should we throw some of it away? The answer used to be simple: it was not feasible to keep everything. The cost was too high, the effort too great. Overburdened systems fail. Information overload reduces productivity. Data must be migrated from old to new systems, with great difficulty and expense.

The chance that you might have a smoking gun buried in the data creates too high a risk of liability. After all, if we learned one lesson from the seminal EDD cases metastasiz- ing from the bankruptcies of Enron (Andersen v. U.S., 544 U.S. 696, 704 (2005)) and Sunbeam, (Coleman (Parent) Holdings, Inc. v. Morgan Stanley & Co., Inc., No. 502003CA005045XXO- CAI (Fla. Cir. Ct., March 1, 2005)), it is that data skeletons in the closet can be spooky.

But Big Data changes the calculus. The software used by Google and Yahoo to index the internet is open source, called Apache Hadoop. This brings internet scale and speed to just about any organization, and it can be run on cheap, off-the-shelf disk drives. Tools to analyze the data (some first commercialized in EDD) are accessible and powerful, promising profound new business and societal insights drawn from the vast pools of data. The fundamental promise of Big Data is that it enables insights into business (and the world) that were not possible before. Proponents see Big Data creating a better world, one fulfilling the promise of the internet itself.

But Big Data advocates downplay the downsides of data, and specifically, the EDD challenges. In the near-Nirvana contemplated by some Big Data proponents, all data is good and more data is better. In EDD, the opposite is usually true.

A recent study by the Pew Research Center about the future of Big Data was positive overall, but acknowledged concerns related to privacy, social control, misinformation, civil rights abuses, and the possibility of simply being overwhelmed by the deluge of data. Within legal, the burden of finding, processing, and producing Big Data in EDD is a foreign concept to most Big Data advocates. Perhaps this is because the Big Data enthusiasm cycle has not yet reached the “trough of disillusionment” where the hype faces the reality of corporate culture and complex legal and compliance requirements.

Records management doctrines specify that organizations should clearly define the business or legal purpose of a piece of information when created. That analysis determines whether, for how long, and in what form the data should be kept. Records retention schedules are intended to provide a measure of defensibility against spoliation claims, as they evince an intent to delete a record based on a proactive and standardized calculation of its value, rather than a reactive determination based on fears about bad evidence. Many organizations have attempted to play records management catch up in advance of pending litigation and have paid the price.

Big Data advocates argue that the economies of scale now make it feasible and desirable to capture and store information that currently has no clear or definable business value. Although large organizations have long collected and analyzed data (using business intelligence software), proponents argue that Big Data is different. They posit that cheaper storage and technical innovations make it easier and faster than ever before to analyze that data, eliminating the need to identify the business purpose of data before it is collected and retained.

With Big Data, no rigid “schema” or organizational approach is necessary before capturing content (unlike in a traditional database). Data professionals now (or in the future) can ask open-ended questions of the data. That includes questions that may be not be germane now, but may be critical in an unpredictable future.

As a result, more data will be kept longer, in a manner that is unmoored from records management tenets. Without a doubt, this philosophy will complicate the governance and e-discovery of data.

HITTING DELETE

So, when was the last time you sat down in front of your computer and deleted old files? In the world of Big Data, this is not only unnecessary, it’s undesirable. And it’s a waste of time.

Should we keep everything forever? Absolutely not. Too much information still has a downside. It is a liability, as well as an asset. Information has risk. Information has real, unavoidable legal and regulatory requirements. Information has a bite that Big Data proponents ignore at their peril.

But the good news: The same tools and infrastructure that empower the potentially profound insights of Big Data can and should be employed to help organizations make informed decisions about data retention. A vast amount of unstructured data in many organizations (over half, according to some studies) is duplicate, outdated, transitory junk that has no business value. Getting rid of this information en mass, without dragging every employee into the process, is now possible.

E-discovery is the place where the cost of information management myopia becomes painfully visible, and is why EDD has consistently driven innovation in handling and under- standing vast amounts of data. However, even with these innovations, the risk and cost of information in EDD is undeniable, and is correlated to the overall volume of information in the organization.

These are the contours of the coming battle between Big Data and e-discovery. It is a philosophical and cultural battle. It is the responsibility of EDD and information governance attorneys and practitioners to gird themselves for this battle. Learn about Big Data, and inform the discussion and decisions in your organization.

Reprinted with permission from Legal Technology News. Further duplication prohibited. 

Common Big Data Use Cases

• Sentiment analysis. Analyzing sentiment on social media networks in order to improve marketing campaigns and customer service programs.
• Fraud Detection. Analyzing transactions for patterns and events that may indicate fraud (familiar to anyone who has received a phone call from their credit card company when first using the card outside their home country).
• Retail pricing optimization. Setting the price of a product based on sophisticated analysis of purchasing patterns, customer demographics, and geographic demand variations

Who should you talk to?

Big Data projects are likely being planned in your organization, or your client’s organization right now. Here are some people and places to pay attention to:

• Marketing and customer service. A common real-world current application of Big Data techniques in social media sentiment analysis. These programs are typically driven by marketing or customer service groups.
• IT: Information Security. The IT professionals responsible for information security may already be collecting and analyzing log files from the hundreds or thousands of devices that generate them in the company. This may not technically be a Big Data project yet, but find out what their plans are for correlation with other data sources that may give rise to privacy and other concerns.
• Data scientists and analysts. If your organization is currently hiring data scientists or analysts, there is a good chance that Big Data projects are ongoing. Find out who these people are and learn about their plans. Not only is their work typically very interesting, it may also have serious legal and regulatory implications related to retention, privacy, and e-discovery.

Chart: Drawing the Battle Lines

 

Author: Barclay T. Blair 

Tagged: big data, compliance, E-Discovery, electronic data discovery, Information Governance, law technology news, Legal Technology News, technology, world economic forum

Do you have a social media policy? No? Well, come get one. I am very pleased to announce two new Social Media Governance workshops this fall where we build a social media policy together. We ran one of these this spring and received great feedback, so we decided to expand. And this time, thanks to our sponsors and hosts, OpenText, ARMA Metro NYC , and Williams Mullen, attendance is free. But, spots are limited, so please register soon.

What is the Social Media Governance Workshop?

It’s a hand-on half day. It’s an interactive event where a small group of practitioners are lead through a series of presentations and exercises that teach them how to craft a social media governance policy and program. The workshop examines the business, legal, and technology issues related to social media use in the enterprise through real-world examples and use cases. It provides examples of how leading organizations have addressed social media governance issues and provides a forum for participants to discuss issues unique to their organizations.

Why Do We Need a Social Media Governance Program?

Social media has emerged as the next governance frontier for the enterprise. Employees at organizations large and small are using social media to conduct business – with or without the knowledge and support of their organization.  Social media can bring many benefits but it also carries risks – especially if it is not formally legitimized and governed. At the same time, a heavy-handed approach to governance will simply frustrate users and diminish the value of the technology. Organizations need to take a balanced approach. This hands-on, practical workshop will teach practitioners how to help their organizations achieve balance in social media governance.

What You Will Take Away

Workshop participants will learn how to develop a social media governance policy and program at their organization that effectively balances business, cultural, legal, and technology requirements.  Each workshop participant will leave the workshop with a social media policy template that they can continue to develop and customize for their organizations.

Topics covered include:

• The technology behind social media and the challenge it represents
• Typical use cases for social media in the enterprise
• Organizational and cultural issues: how much governance is right for your organization
• Legal and regulatory issues related to social media and how they affect your organization
• Key components of a social media policy
• Real-world examples of social media governance issues and solutions

Event Details

Registration is currently being accepted for two events.

#1: Raleigh, North Carolina

Wednesday, October 3, 2012
9:00 AM – 1:00 PM
Lunch will be served.

301 Fayetteville Street, 17th Floor
Raleigh, North Carolina

This event is sponsored by OpenText and Williams Mullen.

Click here to register. Given the workshop format, space is limited, so register now. 

#2: New York City

Thursday, October 11, 2012
9:00 AM – 1:00 PM
Lunch will be served.

New York Life Insurance Building
51 Madison Avenue
New York, NY 10010

This event is sponsored by OpenText and ARMA Metro NYC.

Click here to register. Given the workshop format, space is limited, so register now.

Author: Barclay T. Blair

Tagged: social media governance, social media policy

This was fun – we picked 20 of the top questions about information governance, and answered them all in 40 minutes. I like the format of this too – you can jump to the question you want to hear answered.  Check it out here.

Tagged: compliance, E-Discovery, Information Governance, information technology, speaking, webinar

 

“It was a profoundly man-made disaster — that could and should have been foreseen and prevented. And its effects could have been mitigated by a more effective human response . . . For all the extensive detail it provides, what this report cannot fully convey — especially to a global audience — is the mindset behind this disaster.”

Kiyoshi Kurokawa, Chairman of the Fukushima Nuclear Accident Independent Investigation Committee, July 2012

“In the first minute after the autopilot disconnection, the failure of the attempt to understand the situation and the disruption of crew cooperation had a multiplying effect, inducing total loss of cognitive control of the situation . . . A review of pilot training did not provide convincing evidence that the associated skills had been correctly developed and maintained.”

French air investigator’s final report on the 2009 crash of Air France Flight 447, resulting in 228 deaths, issued July 2012. ˆ

“’Someone was in danger,’ explained Mr. Lopez . . . ‘I wasn’t going to choose my job over someone in danger. My job is to help people in distress. It was a moronic rule in my opinion that they set up. I understand the liability issues, but . . .’ He breached protocol by running to an area outside his beach zone without waiting for his supervisor to arrive to cover his station, posing a potential liability problem.”

Lifeguard Says He Chose Saving Man Over Saving Job, New York Times, July 5, 2012

The most powerful earthquake in Japan’s recorded history. A Tsunami with 130′ waves that penetrate six miles inland. Thousands of lives lost. Reactors in a coastal nuclear power plant start to melt down.  Radioactive gas is released into the atmosphere.  It’s a nuclear disaster. The cause? Obvious: forces of nature.

Wrong. Organizational culture.

On an Air France flight from Rio de Janeiro to Paris, instruments designed to measure airspeed fail, causing some autopilot systems to fail. The crew, confused about their speed and angle of flight, put the plane into a stall and it crashes into the ocean, killing everyone on board.  The cause? Obvious: mechanical failure.

Wrong. Organizational culture.

A young lifeguard in Florida is fired. Why? Because he disobeyed company procedure to rescue someone he thought was drowning. The procedure had a single purpose: protect his employer from legal liability. He mistakenly believe that he had a single purpose as a LIFEGUARD: guard lives.

I picked each of these three stories from Section A of the New York Times this morning, not because I was looking for them, but because the thread connecting them resonated with me, and some thinking I have been doing about the role of organizational culture in information governance. These are from one section of one newspaper on one day, picked out by someone jostling for a seat on a sweaty F train ride. Not exactly random, but not exactly exhaustive research either.

The hardest part of information governance is changing (or at least challenging) organizational culture.

This is such a glib statement. Borderline tautological. Almost axiomatic. But, there is truth here, somewhere.

For the past twelve years, I have made my living as a subject matter expert. But lately I’ve been wondering which subject matter really matters. Over the dozen years I have thought of myself – and marketed myself – as an expert on a variety of topics (not necessarily at the same time): information security, electronic evidence, privacy, software product marketing, content development, records management, compliance, IT governance, electronic content management, taxonomies, ghost-busting, information architecture, e-discovery,  information governance. I’ve always been this way, I guess. In high school I started an business fixing cars. In university I made extra money teaching university-level classes on HTML and hand-coding webpages for professors.

However, I have never thought of myself — nor marketed myself — as an expert on organizational culture.  I never set out to become an expert. But, after witnessing the gooey inner workings of dozens and dozens of organizations large and small, in multiple industries, I seem to have learned something.  I don’t directly sell what I know corporate disfunction to clients, but it might be the most valuable thing I offer.

Organizational culture is the rocky, rugged shore upon which the bravest barques crash. I have concluded that it is nearly impossible to fundamentally change organizational culture. Not completely impossible, just very difficult.

And yet, the success or failure of most multi-million dollar enterprise software implementations ABSOLUTELY DEPENDS on thousands of individuals changing their behaviour. CRM or sales force automation software mostly fails if sales and marketing people don’t change they way they do their jobs, in dozens of tiny ways, every day. Content management and collaboration software fails if thousands of employees don’t change they way they find, create, and communicate information – assuming you can get them using the platform at all. Enterprise social media fails unless most employees see the rewards of total transparency at work.

This is no secret – those who sell the software will tell you this. For example, here’s a quote from a recent OpenText blog post:

“What’s the biggest barrier you’ll face when deploying collaborative or social software (or even straight document management)? It’s swaying people’s attitudes and behaviors towards their information, knowledge, and content.”

Organizational culture isn’t much easier to engineer than national culture. Despite being forced by Canadian cultural content laws as a teenager to listen to Rush, Corey Hart, Gowan, and Kim Mitchell, I still think they all suck (sorry, Tamir).

Cultural Engineering is hazardous work. In fact, it is so hard that a certain breed of startup software company is choosing to avoid it altogether by chucking the bitter controls that big companies need to function and focusing instead on the sweet candy users want – willfully ignoring the long-term effects on the organization. What are the long-term effects? At minimum, the creation of new toxic silos of disorganized, neglected, disconnected information bristling with all kinds of business and legal jagged edges. At maximum this strategy sends the customer blissfully skipping down a gilded path that can only lead to loss and theft; privacy disasters; millions of dollars spent in unecessary electronic discovery costs and lawyer fees; and fines and penalties for failing to comply with any number of the thousands of laws and regulations affecting a large corporation’s information.

You don’t have to move very much soil in a large company to find the fossilized relics of systems past that were earlier incarnations of this myopia. To whit: a manufacturing client with 34,000 Lotus Notes databases that nobody knew what to do with — the legacy of an earlier generation’s blind bliss of “empowering users” through self-provisioning and finally, once and for all, freeing them from the machinations of their evil IT overlords. The 34, 000 Lotus Notes databases that were the sweetest e-discovery honey hole for every plaintiffs attorney east of the Mississippi; the glorious user-empowered, next generation environment that caused my client to settle case after case because it was cheaper than extracting data from the wonderful, self-provisioned mess. The amazing, hands-off application building environment that they couldn’t afford to keep around, but that was too expensive to get rid of.

Some observers are criticizing today’s startup software companies for focusing on trivial problems (Nicholas Carr, for example: ”An app for making vintage photos isn’t exactly a moonshot”). There’s even a parody website on the subject. I don’t know if this is true, or if it just seems this way (the topic has the smell of a “trend piece,” like the rise of Satanic cults in the 1980s). If it is, maybe there are BIG IMPORTANT sociological reasons for this. But one thing is certain: building software that provides real value to a big organization is hard, if only because cultural engineering is hard.

So, what are the enterprise startups working on? Well, here’s one category: shared drives in the cloud. It just makes me — I don’t know  — tired? that some seem to think that putting a shared drive in the cloud is innovative. Or even edgy and “disruptive.” Conceptually, there is nothing innovative about it. Yes, the mobile and the multi-device user gives it legs. But it’s still just a damn shared drive — a great way to share information, but terrible for almost anything else. What happens after that glorious moment that the content is shared? Does the content just disappear? Are we keep supposed to never think about it again? What if we want to keep some information and throw some away? What if some of it needs special treatment because of some pain-in-the-ass law? Why are we pretending that shared drives in the cloud are immune from the problems of old-fashioned Windows networked shared drives? Shared drives stand in the way of every big company’s effort to do something meaningful with their pile of unstructured content. Do you spend millions cleaning them up? Millions migrating them to SharePoint? Even with the best “automated classification tools,” this still costs a large company millions — IF it can get the lawyers to bless the plan in the first place.

A few days before Microsoft purchased the company, I saw a senior executive from Yammer speak. It was a product pitch with the self-laudatory axiom, “adoption is the new ROI” as its centrepiece. Yammer (which some have called “FaceBook for the enterprise”) built its company in large part by offering the service to corporate users for free, then charging IT administrators to manage the resulting mess. The axiom was proven out by the company, as user counts no doubt were a central metric used by Microsoft to justify its $1.2B investment, but as an axiom for enterprise software it is gibberish. And cynical. Companies in this space also seem to love marketing slogans like, “75% of the Fortune 500 use our software,” which tells you about as much about their enterprise penetration as it would if Rovio, the maker of Angry Birds, claimed that  ”100% of the Fortune 500 use our software.”

Are these companies thinking big? Do they have an enterprise moonshot? Are they tackling the truly complicated information problems of the large enterprise?

Many companies, both old and new, are tackling complicated problems. Bringing Internet scale to enterprise data. Layering massively powerful analytical tools on top of the data. Empowering the messy, risky big decisions that must be made about vast pools of we create. Refusing to be cowed by legal FUD. Cleaning up mind-boggling volumes of junk. Investing the time and money it really takes to understand vertical, business unit, and departmental problems, and deliver unsexy, but truly valuable software and process. Empowering users in a way that balances shiny new toy syndrome with the complex realities of a real-world operating environment.

But, perhaps even these companies are focusing their attention on enterprise problems that do not require cultural change or engineering. Problems that do not require any change in what a user does or does not do. Billions of dollars of enterprise software have been sold over the years because the person writing the checks believed that changing user behaviour was possible. The engineering of organizational culture has been the sine qu non of enterprise software.

Have we now reached the point where it is simply old fashioned to believe that it is possible or desireable to dicate, or at least motivate, a user to do something, or to not do something? Perhaps, but any number of corporate programs, from safety to sales practices to performance reviews, rely on this dynamic. At the same time, it’s obvious that culture engineering adds significant friction to the process of selling and implementing enterprise software, so providers are logically looking for ways to minimize or avoid it altogether.

Engineering organizational culture is engineering human behaviour itself, on a large scale. In that sense, it is not mysterious. Show the value of the change to the individual. Use incentives and consequences to create social pressure –  the true motivator. Rinse and repeat. Despite the challenges, I don’t think we have moved past the need for organizational change in the world of Information Governance.

Tagged: aiim, ARMA, cio, compliance, E-Discovery, Information Governance, information technology, Social Media