Information Governance Challenges in the Life Sciences, and Financial Services Industries

While many of the high-level principles of Information Governance (IG) and the technologies supporting their implementation are almost universally applicable, each industry sector presents different challenges – one-size solution does not fit all. For example, unregulated privately held technology start-ups that are experiencing rapid growth may not have any retention / destruction policies in place; they will expand their IT storage until they crash into a big event, such as litigation, an IPO, or a merger. At that point they might require a top to bottom reconstruction – akin to an emergency room visit after a car crash. Other organizations already function within the constraints of a regulatory regime such as life sciences or financial services. Especially in publicly traded companies, regulated industries are further along the continuum in almost all of the metrics associated with IG principles such as: existence of a RIM program; adoption of a retention schedule; legal hold procedures; and protection of sensitive information. Unlike the emergency room metaphor above, the relative maturity of IG initiatives in these organizations requires more of a performance coach than an emergency room doctor to improve their well-being. Organizations also differ greatly in the need for dispersal of their information …

Read moreInformation Governance Challenges in the Life Sciences, and Financial Services Industries

Cloudy Laws – Cloud Computing Security and Legal Challenges

Cloud computing presents innumerable opportunities and brings with it enormous security and legal challenges. While there is no single accepted definition of the “cloud,” the National Institute of Standards and Technology created a reference model in 2011. NIST defined cloud computing by describing its five essential characteristics, three service models, and four deployment models. (NIST Special Publication 800-145) Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Essential Characteristics Service Models Deployment Models On demand self service Broad network access Resource Pooling Rapid Elasticity Measured Service Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Private Cloud Community Cloud Public Cloud Hybrid Cloud The rapid increase in the availability of cloud computing solutions ranging from Enterprise systems, to Office 365, to the ad hoc use of unencrypted Dropbox accounts, has profound implications for privacy, information security, eDiscovery and legally defensible document retention policies. Hardly a day passes without news of another serious security breach or weakness. The security risks and the costs of misjudgments, mistakes or …

Read moreCloudy Laws – Cloud Computing Security and Legal Challenges