Blogger

Meet Kristen Marquez!  Kristen joined AIIM in February 2021, and in this short time, I really feel I've known her for years - it's her great personality:)  It's always really great to have such a connection with someone you've never met in person.  Kristen is definitely a person with patience and endurance.  Please reach out and introduce yourself to Kristen here !  Name: Kristen Marquez Position: Records Analyst Company : Eastern Municipal Water District Where do you live in? I live in Menifee, CA How long have you worked in information management?  7 Years What does your work entail? Do you have company support? How are you helping drive the goals of your office through your work? My work as a Records Analyst keeps me busy! I wear a lot of hats. My days usually include: Public Records Requests and legal service eDiscovery Administration of the District’s EDMS and Offsite storage Retention, disposition, and governance of data Ensure legal and regulatory compliance Support for our Records department has been steadily growing over the past few years. We have partnered with our Information Technology department to explore new technologies that will continue ...
0 comments
Author: Tim Brady, CEO, Colligo The Colligo team recently held a webinar, How to Succeed on Your Governance Journey & Arrive at Destination Compliance . We’re believers in the mantra that while compliance is the destination or end-goal, governance is the journey. As part of this, Colligo recommends leveraging metadata as the essential ingredient for gaining traction in your governance and compliance efforts. Governance and compliance are not easy, particular in the rapidly changing work environment. We conducted several participant polls during the webinar that delivered insightful results. Below is a summary of respondents’ feedback and our analysis of the numbers, as we help you and your organization on your governance journey. You can also view the full webinar here . 1.    The shift to the Cloud and Microsoft 365 still has a long way to go Plenty of attention over the past year has been centred around the rapid ascent of applications like Teams and the Microsoft 365 suite, alongside general cloud adoption. And while this trend has been very strong, the reality is this shift still has a long way to go, and we are still in the middle stages of adoption. During our ...
0 comments
GROWTH IS EXCITING, BUT… It can be challenging too. Much like a growing child, the many internal systems of the enterprise grow at different rates. It is not only the expansion in volume you will need to consider. Any expansion in volume must be met with a proportionate expansion in capacity across the functional areas of the enterprise.  Little systemic niggles that were dismissed with ease as negligible on a small scale get magnified. Eventually, these become bottlenecks, magnifying your inefficiencies and choking your growth.  For instance, as your team size increases internal communication inefficiencies emerge. Or, you may need to add administrative layers you didn’t need before. Effective hiring itself becomes an important workflow that you may need to optimize or create from scratch. Set processes that were running smoothly, might quite suddenly require a dramatic overhaul.  ALONG COMES A CHALLENGE WITH AN OPPORTUNITY IN TOW. However, this is a typical step in the transformation of a fledgling business into a mature enterprise. And today, many of the solutions to the scaling challenge lie in technology.  Take, for example, the challenge of document ...
0 comments
Author: Tim Brady, CEO, Colligo eDiscovery is a massive challenge for businesses today. As fines and non-compliance penalties continue to increase, eDiscovery should be a top agenda item for almost every organization. However, proactive eDiscovery and other legal compliance activities should not be partitioned off and exist in a silo, but rather as part of a well-functioning business strategy across legal and IT, enabling better teamwork and collaboration.    What is eDiscovery?   eDiscovery, sometimes referred to as electronic discovery or document discovery, is the process of discovery in litigation that is carried out in electronic formats; eDiscovery encompasses what most often is referred to as electronically stored information (ESI). Emails, messages, documents, accounting records and databases, CAD files, websites, and many other pieces of content could be relevant as part of electronic discovery.    Source: https://www.justice.gc.ca/eng/rp-pr/cp-pm/aud-ver/2018/edis/p1.html Why is it a problem?   eDiscovery is expensive. Costs primarily occur at the review and processing stage of the cycle. According to AIIM, 30-70% of the eDiscovery ...
0 comments
How much value is sitting in your organization’s content? You may not even know – and it’s even more likely you haven’t tapped into the entirety of that value. More than half (56%) of respondents say their organization has not realized the full value of its content, according to ASG’s 2021 Survey Report,  What’s Slowing Modernization? Barriers Hindering Enterprise IT Systems and Content Management . Not realizing the value of content is a major missed opportunity for organizations, especially given how much unstructured data most organizations possess. According to ASG’s 2021 Survey Report, three-quarters (75%) of respondents say at least some of their organization’s data is unstructured. What is the result of so much under-utilized information? Dark data – and 30% of respondents say most if not all their content is “dark” (collected, processed and stored, but not used). So, How Does Records Management Help with Unstructured Data? Organizations are struggling to realize the value of content because it’s scattered across the enterprise – including on Microsoft 365 (58%), shared drives (53%) and email (51%). Almost one-third (32%) of respondents say content still exists ...
0 comments
For US taxpayers, May 17 (Tax Day) is fast approaching, and the question is often asked – How long should I keep my tax records? Here is a brief rundown of required or suggested recordkeeping periods for income tax records in the United States and other jurisdictions around the globe. These time periods do not account for business needs, industry practice, or other legal requirements or exceptions applying to various tax-related records that could potentially increase the required time to keep such records. United States: As we have   previously discussed,   the general IRS-suggested records retention period for US citizens starts at three years, and fluctuates to up to seven years (and in some cases, indefinitely), depending on various circumstances and limitation periods. Source Canada: Keep supporting tax documents for six years after the end of the tax year to which they relate. Source Mexico: Keep tax and accounting records five years from the date taxes were filed or due. Source United Kingdom: Individuals (not carrying on a business ): keep records for 22 months from the end of the tax year to which the records relate Self-employed ...
0 comments
Since the GDPR passed in 2018, we have seen an ongoing worldwide ripple effect, as other jurisdictions have begun passing their own data protection laws that mirror, or in many respects comply with GDPR requirements. Here are a few such new or upcoming laws worth noting:   Brazil – General Data Protection Law (LGPD) (Law No. 13,709/2018)   – Approved in August 2018, the law originally was supposed to take effect on August 15, 2020. However, due to COVID-19 concerns, the majority of the law will not go into effect until May 2021, with the enforcement of sanctions beginning August 1, 2021. Similar in many respects to the GDPR, the LGPD is Brazil’s first comprehensive data protection law bringing clarification and consolidation to data protection requirements spread across a variety of Brazilian laws and regulations. It has the stated purpose of safeguarding “the fundamental rights of freedom and privacy and the free development of the personality of the natural person.” This law sets forth the rights of data subjects and covers many of the same issues covered in the GDPR, including setting up an enforcement authority and penalties for those who don’t comply. The LGPD broadly ...
0 comments
In light of the COVID-19 (coronavirus) viral disease   officially being classified as a pandemic , nations around the world are grappling with how to best manage and prevent further spreading of the disease. One such measure we see being taken, especially in early stages of the fight, is   contact tracing , where persons infected with the virus and those they have been in contact with are closely monitored, to help predict and prevent further transmission of the disease. While contact tracing can be vital to helping control the spread of a disease, it can also raise significant personal data concerns. During this process, information is gathered and potentially shared amongst employers, health officials and government agencies. This might include information such as a person’s health data, address, family members, employment details, travel schedules, and even personal contacts. To what extent can this personal information be gathered? Is consent required? How long will it be kept? What rights and protections does an individual have regarding such data that has been collected? As things currently stand, here is a snapshot of how several governments are dealing with data protection ...
0 comments
Privacy may very well be the fastest-growing area of law so far in the 21 st   century. While the US, at the federal level, has resisted a broad privacy law similar to the GDPR, momentum is steadily gaining for privacy legislation at the state level. This blog explores US privacy law’s recent developments from a records and information management (RIM) perspective. I. Recently Enacted Privacy Legislation The number of new bills introduced in 2020 broadly regulating privacy illustrates the subject’s popularity. In 2020 there were more than 20 privacy bills introduced at the state level in the US. [1]   Federally, there were dozens of bills and discussion drafts introduced during the last two sessions of congress. [2]   While most of the recent broad privacy bills met their demise in legislative committees, here are some of the ones that survived and became law. California’s Privacy Rights Act (CPRA) The biggest development in US privacy law in 2020 was the passage of the CRPA by ballot initiative during the November election. The CPRA amends the California Consumer Privacy Act (CCPA) in major ways. Here is a summary of these changes: New Privacy Authority Created: ...
0 comments
If the last year has taught us anything, it is to sanitize, sanitize, sanitize. You are probably sanitizing your hands, your house, everything you touch, but what about the personal information you process? Laws and regulations increasingly require entities to sanitize, pseudonymize or anonymize the personal information that they collect or process. Other than defining and requiring sanitization, these legal requirements often neglect to inform regulated entities what sanitization encompasses.   Pseudonymization, Anonymization, and Sanitization Defined The GDPR has introduced a multitude of data protection-related terms. Pseudonymization, anonymization, and sanitization are terms that are often used interchangeably. According to GDPR Article 4, subsection 5,   pseudonymization   is “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information […] to ensure that the personal data are not attributed to an identified or identifiable natural person” [1] . Anonymization   relates to “a data processing technique that removes or modifies personally identifiable information; ...
0 comments
Virginia has just become the second U.S. state to enact a comprehensive privacy protection law. After passage by overwhelming majorities in both the Virginia Senate and House of Delegates, the Virginia Consumer Data Protection Act [1]   (“VCDPA”) was signed into law by Governor Ralph Northam on March 2. While lawmakers in several other states like New York and Washington have proposed their own privacy bills, those efforts so far have hit various snags and stumbling blocks while winding their way through the legislative process that has thus far stalled their final passage into law. Growing Trend of State-level Privacy Laws The VCDPA is now the first broad state-level privacy law enacted since California’s CCPA. However, it is just the latest in the ongoing push among states to pass their own privacy legislation, spurred by the absence of any federal privacy legislation on par with the EU’s GDPR. It remains to be seen whether the resulting patchwork of state laws can effectively substitute the need for a comprehensive federal privacy law. As a sign that it may not, the VCDPA’s enforcement mechanisms invite concern that the law may not be tough enough to meaningfully change company ...
0 comments
The European Court of Justice’s recent move to strike down the US-EU privacy shield agreement has upended the bilateral personal data transfer framework and pulled the rug out from under numerous American businesses who work with European customers’ personal data. But although the agreement was invalidated, there remain several steps to take and options to pursue that can enable US businesses to help maintain their operations. The 2016 bilateral US-EU Privacy Shield agreement allowed US companies to agree that they would adhere to the privacy and personal data rules and standards of the EU, thereby providing an equivalent level of protection to EU citizens and facilitating personal data transfers between the two. However, the European Court of Justice has now rejected that principle. In its decision(1), the court explained that the Privacy Shield agreement failed to provide adequate protection because it could not stop US intelligence services from accessing the personal data even for companies who were Privacy Shield compliant. Furthermore, it was quite difficult for an EU citizen to file a complaint about a potential violation. Although the decision did strike down the legal validity ...
0 comments
Several internet service provider (ISP) industry groups have joined together in bringing suit against the state of Maine in response to its new privacy law, LD 946 “An Act To Protect the Privacy of Online Customer Information,” asserting that the new rules run afoul of their free speech rights and constitute discrimination against their industry. According to Maine’s Governor Janet Mills, the law, which is set to go into effect on the 1 st   of July, requires ISP’s to obtain customers’ opt-in consent before using, disclosing, selling or permitting access to customer personal information, and prohibits ISP’s from refusing to serve a customer, charging a customer a penalty, or offering a customer a discount if the customer does or does not consent to the use, disclosure, sale or access of their personal information. [1] Lawyers for the ISP’s contend that the new law violates their constitutional right to free expression. According to the lawsuit, the law impermissibly prevents “ISPs from advertising or marketing non-communications-related services to their customers; and prohibits ISPs from offering price discounts, rewards in loyalty programs, or other cost-saving benefits in exchange ...
0 comments
It’s no surprise that a global pandemic has created a lot of records, along with many questions surrounding these records. As organizations adapt to the new and constantly changing COVID-19 landscape, new processes and record outputs abound. We often get questions from our clients asking “is this a COVID-19 record?” and if yes, “how long should we be keeping this record?” Explicit authorities on company recordkeeping obligations have been slow to trickle down and are a bit of a patchwork with federal and state guidance provided only here and there. This blog surveys a few of the common recordkeeping questions we’ve received and provides guidance on addressing COVID-19 records within your records retention schedule. Is a confirmed COVID-19 case recordable? Answer:  Maybe. For U.S. Organizations: The U.S. Occupational Safety and Health Administration (OSHA) has clarified that COVID-19 may be a recordable illness for covered employers if a worker is infected as a result of performing their work-related duties. This seems straightforward enough, but there are various criteria to determine whether the illness is recordable. For COVID-19 to be a recordable illness, the following ...
0 comments
The records and information management world has experienced a gradual yet seismic ideological shift in recent years. Long gone are the days of thinking solely in terms of HOW LONG MUST WE KEEP this information. Today, companies also think strategically, practically, and with privacy legal compliance in mind when it comes to managing their records and information. In this day and age, special considerations such as big data and privacy increasingly drive initiatives. Companies are now asking an equally important question of HOW SOON SHOULD WE DELETE this information, as well as HOW MUST WE DISPOSE OF IT? Why does privacy data deserve its own deletion policy? Organizations replete with privacy data increasingly recognize that the traditional records retention schedule alone is not sufficient to address privacy data for several reasons. Data typically resides within systems and can easily get lost in the mix; this also makes it difficult to locate and recover this data! Data is not considered a “record” per se; but, rather it is the outputs from the data’s system that typically qualify as records subject to the traditional records retention schedule; With the exception ...
0 comments
Today’s age of modernity is introducing more complexity, including new privacy regulations, a more permanent remote workforce and an increased pressure to deliver better service faster.  Many organizations are struggling on this modernization journey. It’s time to identify, prioritize and address the barriers slowing their journey into the future. To do so, we surveyed approximately 250 professionals who manage content and enterprise IT systems about the digital transformation challenges they are encountering around content. Here are the top modernization hurdles they shared with us. Content on shared and personal drives More than half of respondents say they have content living on Microsoft 365 (58%), shared drives (53%) and email (51%). This trend was accelerated by the shift to remote work, as more employees used collaborative services and personal VPNs to store content. Cloud Migration As organizations are embracing new ways of working, accelerating digital transformation and strengthening business continuity plans, many are fast-tracking their move to the cloud with 38% of respondents citing this migration as a top hurdle. ...
0 comments
Meet Ebikpogba!  Ebikpogba became a member in January.  He reached out to @Amy Michalski with an interest in becoming a CIP.  Ebix (as we call him) joined me in the meet and greet the very next week after becoming a member.  His excitement and perseverance in becoming an AIIM member and CIP were admired by others that were on that call.  Thanks for being a willing vessel sharing your journey with us Ebix!  Please reach out and introduce yourself to Ebix here ! Name: Ebikpogba Morowei Position: Operations Information Management Lead Company : Petroleum Development Oman Where do you live?  Muscat Oman How long have you worked in information management?  18 Years What does your work entail? Do you have company support? How are you helping drive the goals of your office through your work? My job, in summary, is to ensure the company’s information (documents, drawings, and data) related to its Oil & Gas Production assets are up to date, easily retrievable, and flagged for review when necessary What has been the biggest success in your career in information management?  I have a few success stories in my career thus far, but I will say developing a standard ...
0 comments
Organizations face growing risks in addressing information governance and privacy, two major concerns that are combining in today’s digital era. A robust information governance and privacy strategy reduces regulatory compliance risk, increases operational efficiency and establishes a competitive advantage. However, too often information governance projects are executed in silos or as one-off efforts during a single point in time. Have you encountered any of these all-too-common situations threatening informational governance? Organizational policies on handling sensitive information have been updated and employees trained on them. The risk is that employees do not understood the policy changes and are not complying. What if you could identify and correct policy deviations as they occurred? A massive data remediation project, including the cleanup of file shares and data stores, is completed. But unfortunately, employees have resorted to the previous habits that led to the cleanup. What if you could keep your information stores tidy and avoid a costly redo of the remediation? Data reconciliation was performed as part of a one-off cleanup or of a periodic reconciliation. However, ...
0 comments
Author: Andy Morris, Colligo Director of Research & Development As remote work continues, law firms are transitioning rapidly from legacy solutions to digital solutions. Attention is shifting from preserving business continuity to looking at how lawyers are accessing and protecting data while they try to stay productive at an unprecedented time. The hasty shift to work from home caught many legal teams unprepared for remote work, and many lawyers are now working from home without assistants just steps away to help manage data files. Legal teams are realizing that if case matter isn’t being captured or shared well, it’s curbing collaboration on files, hampering productivity, and threatening information security if data transits without protection. Inefficiencies accessing case matter & unnecessary storage costs Inefficient discovery may be the first data access issue lawyers encounter while working remote. One member of the legal team tries to find case matter and can’t, or uses documents they realize are out of date, losing hours spent working on them. But there are other burgeoning issues including retention – not so much holding onto files long enough as failing to ...
0 comments
Colligo’s cloud-based Email Manager ‘ add-in ’ rounds out  M365   Author: Andy Morris, Colligo Director of Research & Development “ B ump , ouch.” That ’ s the sound of you coming back down to reality now that the panic of the world ‘working from home’ is maturing into a long – term future.   Do we all go back to an office? Do we continue home working? Is it a hybrid ? I don’t think anyone clearly knows the answer. But one thing for sure is some of the IT changes we made (Yes , I am one of you , too) will not be rolled back .   The reason many of us have been able to convert to working at home so swiftly and efficiently is not just due to our IT skills, but to the Microsoft 365 solution and its existing stable and proven cloud – scalable features.   Microsoft scaled in epic proportions to handle the demand of customers who were thinking about moving to O365 , but never quite got there, or those who had never even considered it, but suddenly got a swift ‘ kick up the arse ‘ (as we say in the UK) from their management with simple demands like , “You better keep my ...
0 comments