Bob’s Blog

How to Grow with DPO

Document Process Outsourcing (DPO) is not new. It has been a part of the business landscape for over three decades now. Many businesses have DPO confined to their document scanning operations, and should take a step back and look at DPO for capturing inbound documents, forms and invoices (both electronic and paper), multi-channel communications, and support for managing documents related to their LOB activities.

Globalization has transformed market reach, re-defining the concept of multi-national operations. This, combined with a growing challenge in meeting regulatory compliance, makes it more difficult for businesses to match the appropriate skill sets within their organizOutsource in houseations to accomplish the tasks. Re-mapping labor costs and local skill sets is only part of the equation. The use of partitioning capture activities and fragmentation of document processing by region, ensures data privacy laws are met. This is rapidly becoming a vital part of the business requirement – to securely capture and manage business information – rather than a passe someday we may do it approach.

In My View

Modern businesses must maintain focus on their core competency, and be less concerned with non-core services if they are to grow and prosper. DPO is one area where businesses can take advantage of outsource services not only to capture documents that are static in their physical retention areas, but expand DPO use to include all aspects capture.

Incorporating DPO as part of an overall strategy requires planning to ensure that the provider you choose aligns with your information management strategy. Regulatory requirements like the European Union (EU) General Data Protection Rules (GDPR) must be a consideration and will help not only in choosing an approach to DPO but also in determining choice of on-shore, near shore and offshore locations. Steps you can take to assess first use or expansion of DPO in your organization includes:

  • Identify business opportunities where DPO will benefit in both labor and physical costs – include mailroom, archive, and LOB possibilities
  • Calculate all related value areas like labor, physical plant, overhead to maintain the facility, etc.
  • Document your regulatory requirements and match these to the DPO provider of choice
  • Standardize and automate your processes whenever and wherever possible
  • Establish goals and metrics related to DPO to ensure service levels are being met

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, a recognized expert in the application of advanced technologies and process improvement, and Journalist on Information Technology for Document Strategy. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob can be reached at bob@boblarriveeconsulting.com and his website is www.boblarriveeconsulting.com

_________________________________________________

Prepare to Meet Godzilla!

OK, now that I have your attention, Let’s talk about disaster preparedness and recovery. No, Godzilla is not attacking the city, but disaster does come in many forms and it can be natural or human-triggered. Disaster can come in the forms of fire, flood, earthquake, or even a disgruntled employee. All of these can cause disruption and chaos in your business.

Godzilla

We often hear the term disaster recovery in relation to information management, but the fact is if you have to recover, the disaster has already happened. The real question now is, were you prepared? Do you have a disaster preparedness plan and if so, is it up-to-date?Disaster preparedness should be part of an overarching information governance (IG) policy that includes guidelines on secure access, privacy protection, retention, legal discovery, legal hold, and back up and recovery procedures.

Developing a disaster preparedness plan requires businesses to identify their critical business information – information required to keep the business running. Once this information is identified, it must be prioritized for recovery – what is needed first and what can wait until later. Alternative information management practices should be designed to ensure that information is readily available should disaster strike. For example, recovery of sales and financial information would take priority over pending employee applications in human resources (HR). Additionally, there must be alternative processes and methods designed to capture this information, record it properly, and prepare it for import should that need arise.

In My View

Information restoration processes must be designed and employees need to be trained in what steps are to be taken, technology to be used, and the “we’re live” criteria to be operational during the event. If the back-up files are maintained offsite, who is responsible for acquiring them and bringing them into the system? Who in the business unit is responsible for validating the completeness and integrity of the restored information? What measures will you take to audit and validate data and information collected and distributed during the event.

Disaster preparedness should be an integral part of your overall governance program with emphasis on business continuity not just recovery. Planning and preparation by design minimizes disaster impact and recovery times. This may be a good time to assess how cloud applications will benefit your operations in times of disastrous events. No matter what your approach is, the key is to have something in place before Godzilla strikes and you realize you cannot run your business.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, a recognized expert in the application of advanced technologies and process improvement, and Journalist on Information Technology for Document Strategy. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob can be reached at bob@boblarriveeconsulting.com and his website is www.boblarriveeconsulting.com

_________________________________________________

Intelligent Information Preservation

Electronically stored information (ESI) is growing at an exponential rate. It is stored on corporate servers, laptops, shared network drives, smartphones, tablets and even extending beyond the corporate walls to cloud repositories like Dropbox, Box and other storage media. These extended repositories might be sanctioned and more often are unsanctioned by the corporation. This creates an environment of digital storage that is uncontrolled, managed by individual users, and hopes of finding information when it is needed. Even when products like SharePoint have been implemented to get control over the uncontrolled, the result is typically the creation of an environment of contained information chaos, due to the lack of governance over the information and use of the technology.

Imagine your organization having to produce electronic information for civil litigation or regulatory audit. Now imagine that as part of this process, you must find all relevant information including email, audio/video files, spreadsheets, and more. Where do you search? Do you search your network servers, individual PCs, Mobile devices, and removable storage devices like thumb drives or is it all of the above? Documented cases have shown it is all of the above and that if you do not comply with the request, the fines and costs levied could be significant.

Disconnected repositories for different content types such as email, create their own problems when it comes to legal discovery processes and the application of legal or information overloadlitigation holds to prevent discoverable content being deleted as part of the end-of-retention period process. Every organization is responsible to comply with discovery requests in civil litigation, the question is how prepared is the organization to comply?  When faced with eDiscovery, organizations must be able to produce the materials, defend how it is maintained, retained and disposed of. When a discovery order is received, the organization needs to have established and consistent processes on placing a legal hold to suspend disposal and commence gathering, filtering and delivery of the requested materials.

Ignorance of regulation and poor content and records management practices are no excuse for non-compliance. Organizations must be proactive in establishing policies and procedures and providing tools and training employees need to ensure corporate compliance. Technology will help enable us to reach and maintain compliance but it must be viewed as a tool to support the policies and practices the organization has adopted within its information management structure and governance.

There are eDiscovery applications and technology enabling organizations to pull information and records from the massive volumes spanning an enterprise, including emails and eliminate exact copies to reduce the effort and cost of reviewing the remaining content. The costs and management of eDiscovery actions can be lowered and managed more effectively using a combination of information governance, designed and consistent business processes, and technology to automate wherever possible. Once the required information has been identified, collected, and sorted, it must be preserved and stored for safekeeping. In an on-premise scenario, use of durable electronic media is chosen to preserve the information over long periods. Additionally, there is a requirement for sharing this information in a collaborative way between legal staff, business manager, and any party involved in the litigation, presenting an access and authorization challenge.

In My View

Many organizations lack focus and do not understand the benefit and advantage they gain through optimization of their information management practices in relation to litigation support. In many cases, you will find at minimum, duplicate files – or even up to hundreds of files with the same titles – residing in the vast silos of storage strewn about the enterprise. These not only cost you in the area of systems administration, they also put you at risk and increase your eDiscovery costs when required to find and present information related to an audit or litigation. Someone has to sift through the mountain of content to determine relevance, produce it and present it to the courts or auditors.

Get control over your content, identify what information has business value and manage it properly. Information that is redundant, out of date, or trivial – referred to as ROT – should be removed from your repositories. Leverage technology that supports your information management practices in ways that enable you to find the information you need, when you need it and position your organization to be defensible when it comes time to face the Judge.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, a recognized expert in the application of advanced technologies and process improvement, and Journalist on Information Technology for Document Strategy. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob can be reached at bob@boblarriveeconsulting.com and his website is www.boblarriveeconsulting.com

_________________________________________________

Help! My Filing System is Failing!

Have you ever had this happen to you? You place your car keys down someplace and can’t find them. You save a file on your PC, share drive, or network drive and can’t remember where exactly it is. Even doing a search for it somehow doesn’t seem to locate Confusedit because you are not searching the right location, or perhaps you named it something different from what you thought. Yep. This is a true indication your filing system is failing. Oh, not the technology, that is working fine – as it was configured to do. What is failing is your cerebral filing system. You know, your brain’s ability to recall exactly where you placed that file and what you called it. Or where your keys are now after your wife moved them. (The reason for that is the location metadata in your brain was not updated because your kinetic connection was down at the time the keys were moved..)

The filing scenario is one that plays out many times in a business day. Regardless whether it is a paper or digital file, without some form of enforced governance and standard way of maintaining your files, they will from time to time go missing. While search capabilities have improved significantly, and contextual search may bring you closer for finding what you are looking for, the common complaint I still hear is that finding – not searching – is still a challenge in many businesses.

In My View

There are many time in this scenario where technology was installed and released to the business population without really identifying the purpose for it, the problem it will solve, and planning to implement it in a useful way. Too many times the business relies on the technology “solution” to make everything better, when they haven’t identified what is wrong or where improvement is needed. Combine this with a lack of governance and employee training, and the finished project yields a less than stellar result. And like the car keys, if the file has been moved without proper ways to locate it or track it as it migrates its way through its life-cycle, it is considered missing or lost creating a state of chaos and frustration for all parties.

The best approach is one of taking the time to understand the business problem, how information is managed today, build a framework to standardize and improve business processes and information management practices, and apply technology to enhance your information ecosystem and operations. While we may think our cerebral filing systems are flawless, there is a lot of potential for unexpected results and risk.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, a recognized expert in the application of advanced technologies and process improvement, and Journalist on Information Technology for Document Strategy. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob can be reached at bob@boblarriveeconsulting.com and his website is www.boblarriveeconsulting.com

_________________________________________________

The Expanding Universe of IoT

Internet of Things (IoT) is a term we hear every day and one that conjures different visions and definitions based on the person’s role, industry, and technology awareness. When I have asked what does IoT mean to different people, the responses I get a range from smartphones to smart buildings. While each of these is right, the expanding universe of IoT is much greater and growing each day.

Utility companies are now using smart meters for gas, electricity, and water usage. The transportation industry has enabled systems to monitor cars, trucks, trains and planes iOtfor malfunctions, tracking regular services data, and notifying designated centers of the need. Mobile device carriers can provide plug-in devices that track your driving habits, monitor your vehicle, and provide you with direct feedback to you as you drive. Beyond these, there are medical devices, home appliances, and many other IoT devices that connect to the Internet and provide data back to consumers and manufacturers for various reasons.

In My View

Expansion of IoT is inevitable and the variety of devices, and potential devices, is endless. IoT is limited only by a lack of imagination regarding what the device becomes. In business, it is essential to recognize and embrace the fact that it is here, growing, and will impact your business. What you need to do is understand current IoT capabilities and how it can be applied to your business. From a process perspective, you may look at your current ways-of-working, identify opportunities to improve, and implement an IoT strategy to enhance those processes.

For many businesses, IoT may seem a distant dream. Business leaders who are forward thinking should be and are looking at IoT now, determining how it can be incorporated into their information ecosystems, and how what they do have can be grown to further enhance business operations.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, a recognized expert in the application of advanced technologies and process improvement, and Journalist on Information Technology for Document Strategy. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob can be reached at bob@boblarriveeconsulting.com and his website is www.boblarriveeconsulting.com

_________________________________________________

Change Requires Respect

R-E-S-P-E-C-T I know this is the way it is spelled in the lyrics of Aretha Franklin’s song, but I did it this way today because I want to emphasize the importance of respect in business when it comes to change in the ways people work, in the culture, and in day-to-day interactions.

How many of you have been in meetings where the attendees talk (sometimes yell) over each other, trying to make a point when they should be listening and showing respect for the person who is speaking or presenting? This is not only a challenge in business, we se it everyday in the news where opposing views are shouted at each other with little to no respect for the other person or people on the panel. This lack of respect has been growing over the years and benefits no one. When in a business situation, not a reality show looking for ratings based on controversy, respect is key in moving an organization forward. Leaders need to show respect their employees and employees need to show respect for leadership.

There have been many instances in my career, when a discussion is taking place about a business situation. Ideas are solicited and when these ideas are presented, others in the Tie Hanginterrupt trying to inject their views or shoot down what is being said. In some cases, a manager may criticize the idea and person in this public forum. The result is one where employees feel the work environment is one of closed communication,  there is a decreased in employee interest to get involved, and a sense no matter what the idea is, management won’t listen or take it seriously. All of this because respect has fallen by the wayside.

In My View

In this time when digital transformation is the business mantra, change management is essential. Not just technology but change in the culture and the way businesses interact with each other and with external parties. Resistance to change is normal, but when handled properly and with respect for each other’s views and ideas, the transition happens much more smoothly. Keeping this in mind, I want to share my view of respect.

Realize that everyone’s view is different based on where they are in an organization and their role in getting the job done. A front-line worker will see thing differently than the manager or senior management.

Expect differing views to arise during the conversation, and take time to listen as it is important to understand the entire point of view else you may miss something of importance that could come back to haunt you later in the project.

Show respect for the person talking, by truly listening and taking notes that can be used in questioning once this person has finished. While you, and other participants in this session may be inclined to jump in and offer your views, it is best to note those things for later discussion as often your question will be answered prior to you asking.

Provide a safe environment for discussion by facilitating the session and controlling outbursts rather than ignoring them which is encouragement for this type of behavior. The least productive meetings are those where everyone is talking, no one is listening, and collaboration to reach an end goal falls into chaos with no conclusion.

Elicit more detail from the session participants about discussion points that seem contradicting or unclear. For example, if there is a discussion that the process takes too long, try to get a better definition of “too long” and look for a perceived cause.

Clearly and openly communicate the reasons for the session, pending changes, and expected results of both the meeting and pending initiative for the organization as a whole. Address future actions that need to be taken and set timelines for completion.

Take time to recognize all participants and thank them for their input and involvement. Teach by example that respect shown results in respect given and that when respect is present in business, great things can happen.

Conflicting or opposing views are essential to innovation and new ideas. Respect is needed in creating an environment that openly welcomes innovation from all levels.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, a recognized expert in the application of advanced technologies and process improvement, and Journalist on Information Technology for Document Strategy. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob can be reached at bob@boblarriveeconsulting.com and his website is www.boblarriveeconsulting.com

Cultivating Corporate Culture

Innovation is a term we hear a lot these days. Companies realize that they must make changes in order to keep up and survive, or overtake their competition. For many folks, innovation tends to focus on the latest technologies available, but in fact, innovation is not restricted to technology. Innovation is embodies the mindset of change, that is embedded in corporate culture, and applies everything and every situation.

Yes, innovation can focus on new products and services, but it can also focus on other areas like the methodologies and practices used to transact business. Innovation can focus on ideas to change the way current way-of-working are done that may not deliver a new product, but will cut operational costs. Innovation can come from, and many times benefits from the formation of cross functional teams providing different perspectives on a problem or idea that results in a new process, modifications to process, new products, and much more.

When I hear people discuss innovation, it reminds me of my days at RCA in the 1980s. There was an internal program called Improved Quality (IQ) where cross-Lawn Mowing.jpegfunctional teams would form to act on employee suggestions, develop new ideas for products and processes, and work with Senior Management to implement those recommendations. The key to it all, was having a culture that embraced change, encouraged employee feedback, and provided reward for the return these innovations brought the company. One such innovation was better management of landscaping that allowed lawn mowers to cut a greater amount and minimize the amount or trimming that was required after the lawn was cut. Estimated cost saving to the company were around $30k per year.

In My View

Cultivating the corporate culture to embrace change and innovation is not likely going to be an overnight task. Employees may find it difficult if the current culture is one of do the job without open communication. It requires true support from the C-Level executives not just lip service. It requires open communication without fear of retribution if the wrong thing is said or being criticized for seeming to be too far out of the box.  This happened to me when I had my first handheld device, the Palm IIC. (Remember that one?) It was a hand-held device with a cover to protect the screen. In a meeting with the R&D folks, I told them it would be great if they combined this with my cell phone so I could carry only one device. They laughed, said it was a silly idea because no one would want to talk into their hand-held computer, that is what phones are for. Hmm, was I to far out? I wish I had the financial backing needed to have acted on it.

Start cultivating by opening communications and accepting that all ideas and suggestions are valid. While they may not be acted upon, they are valid. Everything we see, use, and own came from some innovation that somebody thought of. Who know’s your companies next innovation may be a far out winner.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, and a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob can be reached at bob@boblarriveeconsulting.com and his website is www.boblarriveeconsulting.com

 

_________________________________________________

Harvesting Information

Imagine for a moment, lush green fields as far as the eye can see. In the cool summer breeze, blades of grass flow back and forth. In the background, you can hear the sounds of a farmer harvesting the dried trimming in a distant field, for use as hay to feed his livestock. As the fields grow, the blades of grass serve many purposes. The keep the soil in tact, return nutrients to the soil, supply nourishment to a plethora of insects and wildlife. While the initial purpose of these fields may be to provide feed for livestock, during their life cycles, they serve many more purposes that often go overlooked.

Now imagine that each of the billions of blades of grass, cultivated for the Harvetingpurpose of feeding the livestock, is a bit of your business information waiting to be harvested from your information ecosystem. The information was created or captured and planted in your repositories with a specific purpose or intended use, yet like the blades of grass and lush fields, this information can also be used to serve many other purposes.

For example, Law Enforcement case information that is siloed within in a precinct or Detectives files serves only that entity. Yet once it is found, identified, classified, and made available to all, could serve to expose patterns or relevant clues to additional cases and result in arrests and convictions. Only when we harvest that information and make it available, will it gain in value by serving the entire business community.

In My View 

Many organizations store billions upon billions of bits of information in their information ecosystems, across their enterprises. Yet this information seldom reaches its full potential and value do to the fact it is hidden. This is where analytics and automation can serve a business well to harvest this abundance of informaiton across the enterprise, identify what it is, and based on profile matching, automatically notify individuals and departments of its existence and potential relationship to cases or other information they are currently using to effectively conduct their business activities.

It can also serve to uncover potential risks related to the security of information sets, redundant – outdated – trivial (ROT) information that can be disposed of, assist in responding to E-discovery requests, and strengthen governance practices to meet regulatory compliance requirements. Is it time to better leverage the informaiton you’ve been cultivating all these years, and gain the most value from your harvest.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, and a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob can be reached at bob@boblarriveeconsulting.com and his website is www.boblarriveeconsulting.com

 

_________________________________________________

And the Breach Goes On….

Sorry, I am a musician of more than 40 years and for some reason I had The Beat Goes On stuck in my mind as I began to write this. (Now you have it too.) I ran across an article today about the recent announcement that the State of Oregon is tightening its laws regarding data breach notifications. They are not alone, as many States are moving in a similar direction and looking at California’s Consumer Protection Act of 2018 as an example.

Since there is no overarching national standard like the European Union (EU) General Data Protection Regulation (GDPR), each State has developed their own variation of laws to protect Personally Identifiable Information (PII), and directions for reporting actual or suspected data breaches.  This prompted me to take a look at some data made available through the Identity Theft Resource Center.

HackerAccording to their report for 2017, the total number of reported data breaches in the U.S. reached 1,579, exposing 178,955,069 records. Think about that for a moment, The number of records reported to be exposed is nearly 179 million across every industry and even the government and military.

 

In my View

While I applaud each State for their efforts and action to provide guidance on data protection and reporting, the plain and simple truth is that it is the responsibility of every organization whether public or private, to ensure the information they hold is safe.  This means there should be governance, training, and technology in place to establish best practices, apply security technologies at various levels and of varying methods, and monitor the environment for purposes of continuous improvement and further strengthening the security of their information ecosystems to prevent external breaches and internal leaks.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, and a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob’s webiste is www.boblarriveeconsulting.com and his email is bob@boblarriveeconsulting.com

 

_________________________________________________

Living in the Jetsonian Age

Ok, so I will now date myself, and many others reading this, but if you don’t know who the Jetons are, I encourage you to search for them and watch these old cartoons. This Hanna-Barbera cartoon creation of the future was originally aired in September of 1962. It focused on a futuristic family known as the Jetsons living in a world of flying cars, robot servants, holographic imaging, buildings constructed using instant cement, video phones and watches, and a wide array of other devices we are now beginning to see on a regular basis. (Yes, even flying cars and printed concrete buildings are now a reality.)

One of the episodes that always stuck with me is when George Jetson is asked about the boss’ latest plans and he responds, “Yeah the slave driver. Imagine putting us back on a Jetson.jpgfour-day work week. What does he think this is? The 20th Century?” The reason I keep recalling this is the number of folks who believed in the early days of document imaging and workflow, and more so today with the new forms of robotics, that technology would free up time for the employees. Some fear it will replace them and become reluctant to accept it. The reality of it all, is technology – to a degree – does such a great job of enabling the workforce that many find themselves working longer hours rather than shorter, in an effort to remain competitive. Even those fortunate enough to work a four day week, find it is a long four days, and they even work on their off days to keep abreast of what is happening with clients and in the office.

In My View

We are entering the Jetsonian Age with technology advancing on all fronts at an exponential rate. The question is, are we ready for it? In many businesses, technology is put in place as a reactive measure rather than being part of a strategic plan. The result is often less than expected and sometimes turns an OK situation into a chaotic one. As an example, I spoke with several people who told me their company had implemented SharePoint without having a strategy in place. Once it was installed, everyone was given access with the directive to migrate their content, and use SharePoint as the main repository. The result was increased difficulty finding content that was once accessible due to a lack of planning and structure.

We are entering the Jetsonian Age and I dare say we already have. If you are not prepared for it, get ready and start planning. The Internet of Things (IoT) is steadily increasing, passing data and information from every device and every location. The winners will be those who have designed their information ecosystems for flexibility and expansion. Is yours?

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, and a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob’s email is bob@boblarriveeconsulting.com and the website is www.boblarriveeconsulting.com

 

_________________________________________________

How Secure is Secure?

You’ve done everything you feel is needed to secure your information assets and keep them safe from the prying eyes of hackers, crackers, and the practitioners of corporate espionage. You have access codes, passwords, encryption, and a thousand other tools in place to prevent outsiders from getting at your company secrets. Whether that be software, hardware designs, recipes for your secret sauce, it is protected and safe within your information ecosystem.  From a technology perspective, there really isn’t much more you can do, but what about the weakest link in your security system, the human element.

According to AIIM in their Industry Watch titled “Governance and Compliance in 2017: A Real World View“, 10 percent of those polled reported data loss in the previous 12 months due to staff negligence and bad practices”.  So I ask the question again, how secure is secure? When you designed and implemented a comprehensive security plan and infrastructure, did you take into consideration the human factor and the possibility that employees may be of great concern even if unknowingly?

As a real world example, let me paint this picture for you. There is a conference, seminar, or networking session taking place that is relevant to your business. Some of conference lunch.jpgyour employees are in attendance for the purpose of gaining new knowledge and expanding their industry network. During the course of a casual conversation, it is revealed that your latest project, product, service, or activity within the company is having issues – something that should be kept confidential. It could even be a reference to a new product in development. It may not even be a conversation with outsiders but two individuals from your organization having lunch and discussing these thing. (I have witnessed this first-hand.)

Close by, not intentionally listening but able to hear this discussion is an investor, or the competition who now has some information that could be damaging to your organization and future business. How do you prevent that from happening. Is it due to staff negligence, bad practices, or poor training in the importance of governance in relation to risk.

In my view

Many organizations are focused on the information ecosystem and technologies to prevent information from being hacked by outsiders and leaked by insiders sharing information via email, shared drives, and even from being copied to memory sticks. Many times where it falls short and fails is the human factor. Employees and contractors are shown how to utilize the technologies, but not made aware of the importance to adhere to the governance policies and processes. If they are made aware, is it in the form of a mention that this is important, or through formal training on the policies, processes, and risks related to this information.

Some organizations function like a military operation with security levels assigned, training provided, and consequences in place should the individual fail to adhere to and comply with the governance and security policies. Others have no formal policies in place and leave it to the discretion of the individual as to how the information in-hand should be managed and secured.

There is no reason for businesses to focus solely on the technology side and believe the human factor will be taken care of as part of technology implementation. The only way to manage that is begin with providing formal education about governance, security, and risk related to corporate information assets. How secure is secure? That is up to you to decide and take action the strengthen the security chain.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, and a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob’s email is bob@boblarriveeconsulting.com and his website is www.boblarriveeconsulting.com

 

_________________________________________________

GDPR: The New Global Standard?

May 20, 2018 began the enforcement of the European Union (EU) the General Data Protection Regulation (GDPR). The short story is that this regulation is designed to protect EU citizens and information gathered and held by organizations that is considered Personally Identifiable Information (PII). Organizations conducting business in the EU, had to make changes to their information governance policies and practices to accommodate the GDPR in areas like presenting all information held on a requesting individual, deleting that information upon request, managing only the information needed for a specific purpose, contact by permission, and more.

On June 28, 2018, California passed the California Consumer Privacy Act (CCPA) of 2018. In many ways, this law mimics the GDPR in the sense it is intended to provide greater access and control by an individual over their PII including the ability to:

  • request to be informed about the kinds of personal data collected and the reasons it was collected.
  •  request deletion of all PII.
  • opt out of the sale of their PII.
  • request access to personal information held, in a format that is transferable to third parties.

LawThis law also provides a broad definition of PII that includes geolocations, biometric data, browsing histories, biometric data, and psychometric data. In short, any PII that could be used to identify you, patterns in your behavior, and other key elements that could enable profiling for use in target marketing, targeted sales, or other areas where targeting certain characteristics would be beneficial to an organization.

In My View

I know I have oversimplified this in my brief interpretation, but the fact remains that in 2020, organizations transacting business in California, must be ready. This means changes in their information governance policies and practices, routine audits to ensure all members of the organization adhere to the new regulations, and perhaps additional or new technologies to support the new ways-of-working.

Is GDPR the new global standard? Maybe not verbatim, but in this case, it appears to be the foundation.

Bob Larrivee is President and Founder of Bob Larrivee Consultancy, and a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of eBooks, Industry Reports, Blogs, Articles, and Infographics. In addition, he has served as host and guest Subject Matter Expert on a wide variety of Webinars, Podcasts, Virtual Events, and lectured at in-person seminars and conferences around the globe.

Bob  can be reached by email at bob@boblarriveeconsulting.com and through the website www.boblarriveeconsulting.com

 

_________________________________________________