Fluent Essays

Note: Please write as per the attached course syllabus and textbook.   In the last week of class, we are going to complete a reflection activity. This discussion topic is to be reflective and will be using your own words and not a compilation of direct citations from other papers or sources. You can use citations in your posts, but this discussion exercise should be about what you have learned through your viewpoint and not a re-hash of any particular article, topic, or the book. Items to include in your initial thread:  “Interesting Assignments” - What were some of the more interesting assignments to you?  “Interesting Readings” - What reading or readings did you find the most interesting and why? “Interesting Readings” “Perspective” - How has this course changed your perspective?  “Course Feedback” - What topics or activities would you add to the course, or should we focus on some areas more than others? School of Computer and Information Sciences COURSE SYLLABUS Course Information ITS833 - M20 Information Governance Summer 2021 Full Term Course Format: Hybrid CRN: 31442 Course Description This course presents key issues related to the discipline of information governance and how it is being applied to electronic document and records management, email, social media, cloud computing, mobile computing, and, in fact, the management and output of information organization-wide. IG leverages information technologies to enforce policies, procedures and controls to manage information risk in compliance with legal and litigation demands, external regulatory requirements, and internal governance objectives. Information Governance: Concepts, Strategies, and Best Practices reveals how, and why, to utilize IG and leverage information technologies to control, monitor, and enforce information access and security policies. Course Objectives Upon completion of this course: Students will be able to compare and contrast information governance, IT governance and data governance. Students will be able to understand information governance principles Students will be able to understand strategic planning and best practices for information governance Students will be able to understand information governance policy development Learner Outcomes Learn how to perform research identifying and analyzing technological challenge Build critical thinking skills to develop and apply solutions that achieve strategic and tactical IT-business alignment Develop professional skills and expertise to advance knowledge in your chosen field or discipline within information technology Conduct research with professional and ethical integrity Address complex technical questions and challenge established knowledge and practices in the area Identify, comprehend, analyze, evaluate and synthesize research Communicate effectively and employ constructive professional and interpersonal skills Critically evaluate current research and best practices Demonstrate Governance leadership skills at the team and enterprise levels following tenets of professional, social, and ethical responsibility Recommend Governance strategies that support enterprise mission and objectives Course Website Access to the course website is required via the iLearn portal on the University of the Cumberlands website: http://www.ucumberlands.edu/ilearn/ or https://ucumberlands.blackboard.com/ Required Books and Resources Title: Academic Writer Website: http://ucumberlands.libguides.com/c.php?g=504168 About: This is APAs resource for APA format, style, citations, and document types (like how to write a literature review). UC has a dedicated link for students to create their Academic Writer account, and that link can be found here Title: Information Governance ISBN: 9781118421017 Authors: Robert F. Smallwood Publisher: John Wiley & Sons Publication Date: 2014-03-28 Course Required text can be found and purchased via the UC Barnes and Noble Bookstore: https://cumber.bncollege.com/shop/cumberlands/page/find-textbooks Suggested Books and Resources Writing Center Website: https://www.ucumberlands.edu/learningcommons/writingcenter About: This website includes beginning information about the Writing Center. Look for The Learning Commons in your class list in iLearn. Once you open The Learning Commons course, look for the Writing Center on the left menu bar Writing Center Subtitle: This website includes beginning information about the Writing Center. Look for The Learning Commons in your class list in iLearn. Once you open The Learning Commons course, look for the Writing Center on the left menu bar. Publisher: https://www.ucumberlands.edu/learningcommons/writingcenter Academic Writer Website: http://ucumberlands.libguides.com/c.php?g=504168 About: This is APAs resource for APA format, style, citations, and document types (like how to write a literature review). UC has a dedicated link for students to create their Academic Writer account, and that link can be found here Academic Writer Subtitle: This is APAs resource for APA format, style, citations, and document types (like how to write a literature review). UC has a dedicated link for students to create their Academic Writer account Publisher: http://ucumberlands.libguides.com/c.php?g=504168 The Learning Commons (TLC) Website: http://ucumberlands.libguides.com/c.php?g=504168 About: TLC is here to help you succeed in your courses, from your first day at Cumberlands through completing your degree.TLC offers a variety of academic resources both virtually and in-person that are informal and with qualified Academic Fellows. The Learning Commons (TLC) Subtitle: The Learning Commons (TLC) is here to help you succeed in your courses, from your first day at Cumberlands through completing your degree.TLC offers a variety of academic resources both virtually and in-person that are informal and with qualified Academic Fellows. ucumberlands.libguides.com Publisher: http://ucumberlands.libguides.com/c.php?g=504168 Grammarly Website: https://www.grammarly.com/ About: Compose bold, clear, mistake-free writing with Grammarly’s AI-powered writing assistant Zotero Subtitle: Zotero is a free, easy-to-use tool to help you collect, organize, cite, and share research Publisher: https://www.zotero.org/ Zotero Website: https://www.zotero.org/ About: Zotero is a great, easy to use reference management tool, and its free Grammarly Subtitle: Compose bold, clear, mistake-free writing with Grammarly’s AI-powered writing assistant Publisher: https://www.grammarly.com/ Requirements and Policies Academic Dishonesty Policy As a Christian liberal arts university committed to the pursuit of truth and understanding, any act of academic dishonesty is especially distressing and cannot be tolerated. In general, academic dishonesty involves the abuse and misuse of information or people to gain an undeserved academic advantage or evaluation. The common forms of academic dishonesty include: 1. cheating – using deception in the taking of tests or the preparation of written work, using unauthorized materials, copying another person’s work with or without consent, or assisting another in such activities; 2. lying – falsifying, fabricating, or forging information in either written or spoken presentations; 3. plagiarism – using the published writings, data, interpretations, or ideas of another without proper documentation. Episodes of academic dishonesty are reported as appropriate to the Vice President for Academic Affairs. The potential penalty for academic dishonesty includes 1) a failing grade on a particular assignment, 2) a failing grade for the entire course, 3) suspension or expulsion, or (4) revocation of a degree. Attendance Policy Course enrollment and participation will be monitored and verified for all students during the first two weeks of classes. Lack of participation during this time may jeopardize enrollment status. Each student is expected to meet course expectations by completing the coursework required each week. Active participation and staying abreast of the material is essential to success. Program specific attendance policies may still apply. E xecutive Residency Attendance Policy Attendance to each Executive Residency class session is mandatory. Students may make-up no more than one (1) residency session throughout the duration of their academic program. Missing a second residency will result in the student being dismissed from the University. Each student must be in attendance for the entire duration of the required residency weekend. Late arrivals and/or early departures are not permitted. Punctuality is important as each student is required to have the documented in-seat time per course requirements. A missed session will result in the student attending a make-up session, and paying a $300 Residency Make-Up fee. In addition, the student may be asked for documentation from the program department providing an explanation as to why the schedule residency session was missed. Make-Up sessions must be completed prior to the end of the term. Noncompliance with this policy will result in dismissal from the executive program. Study after study has linked successful academic performance with good class participation. Those who assume positions of responsibility must “show up” in order to be effective. Therefore, students are expected to actively participate in intelligent discussion of assigned topics in all areas (Discussion Board Activities, Synchronous Sessions, Forums, Shared Papers, etc.) to help process course material and/or to demonstrate understanding of course content. Point adjustments will be taken for non- participation. D isability Accommodations University of the Cumberlands accepts students with certified disabilities and provides reasonable accommodations for their certified needs in the classroom, in housing, in food service or in other areas. For accommodations to be awarded, a student must submit a completed Accommodations Application form and provide documentation of the disability to the Disability Services Coordinator (Mr. Jacob Ratliff, Boswell Campus Center, Student Services Office Suite, jacob.ratliff@ucumberlands.edu ). When all paperwork is on file, a meeting between the student and the Coordinator will be arranged to discuss possible accommodations before accommodations are formally approved. Students must then meet with the Coordinator at the beginning of each semester before any academic accommodations can be certified for that term. Certifications for other accommodations are normally reviewed annually. Course Evaluations The course evaluation will be open during the last two weeks of the term. To access the evaluation (during that time), visit https://uofcumberlands.campuslabs.com/eval-home/ and log-in using your UC credentials. A reminder email notification will be sent when the evaluation is available. We value your feedback. Every evaluation is confidential and anonymous. The anonymous results of the course evaluations are not available for faculty to see until after final grades are submitted. Your thoughtful responses guide future improvements for the course and programs. Academic Appeal Both undergraduate and graduate students have the right to challenge a grade. If discussions with the course instructor and department chair do not lead to a satisfactory conclusion, students may file a formal written appeal with the Vice President for Academic Affairs, who will forward the appeal to the chair of the Academic Appeals Committee. This formal written appeal must be filed by the end of the 4th week of classes in the next regular term following the term in which the course in question was taken. The Academic Appeals Committee then gathers information from the student, the instructor, and any other relevant parties. The Committee will deliver its recommendation on the complaint to the Vice President for Academic Affairs. After reviewing this recommendation and concurring or amending it, the Vice President for Academic Affairs will inform the student and instructor of the disposition of the complaint no later than the last day of classes of the term in which the complaint was filed. Records of all actions regarding academic grade appeals, including their final disposition, are maintained by the Vice President for Academic Affairs and the Academic Appeals Committee. ( Undergraduate Catalog/Graduate Catalog ) Student Responsibilities Students should: Use University of the Cumberlands email system for all academic, administrative, and co-curricular communication between faculty, staff and peers. Check for email and class announcements using iLearn (primary) and University of the Cumberlands webmail (secondary) daily. Demonstrate Cumberlands Character in and outside the classroom per the University Mission & Vision Ensure you have consistent required technology for the course Participate in courses regularly to: Find announcements and updates Complete assignments on time. Keep in mind that all deadlines use Eastern Standard Time (EST). Engage in discussion Connect with fellow students and faculty Present written work in an academic and professional manner. Take examinations on the designated dates and times. Students should make arrangements with faculty before the designated date for any needed accommodations. Contact faculty or student success coordinator with questions or concerns. Course Policies Students are expected to: Review any assigned reading material and prepare responses to homework assigned. Actively participate in activities, assignments, and discussions. Evaluate and react to each other’s work in a supportive, constructive manner. Complete specific assignments and exams when specified and in a professional manner. Utilize learned technologies for class assignments. Connect content knowledge from core courses to practical training placement and activities. Course Evaluation A student will be evaluated/weighted on the following basis: Reflective Activity & Weekly Discussions (Weeks 1, 2, 4, 5, 7, 8, 9, 10, 11,13) 27.5 \% (25 points each) Residency (Paper & Presentation) 50\% (500 points) Practical Connection Activity (Residency) 10\% (100 points) Research Papers 75 points each - 7.5\% (150 points) Final Research Paper 5\% (50 points) Total: 100\% (1,000 points) Grading Scale Graded work will receive a numeric score reflecting the quality of performance as given above in evaluation methods. The overall course grade will be determined according to the following scale: A= 90 – 100 (90\% - 100\%) B= 80 – 89 (80\% - 89\%) C = 70 – 79 (70\% - 79\%) F < 69 (Below 69\%) Course Schedule Course Weekly Schedule Reading/Topics Assignments and Due Dates 16 Weeks Week Date Topic/Required Readings 1 5-3- 2021 Introduction to Information Governance and Data Governance Textbook: Chapter 2 – Information Governance, IT Governance, Data Gover Information Governance Principles Readings: ARMA International, The Principles , ARMA International Retrieved from: https://cdn.ymaws.com/www.arma.org/resource/resmgr/files/Learn/2017_Gen Saffady, William,PhD., F.A.I. (2015). Records management or information gov 41,47. Retrieved from https://search.proquest.com/docview/1696246911?acc Shevde, Nishad, (2018). Measuring Information Governance Success. Retriev management/measuring-information-governance-success/ 2 5-10- 2021 Best Practices for Information Governance Textbook: Chapter 4 – Information Risk Planning and Management and Cha Information Governance Readings: Tallon, Paul, (2016). Corporate Governance of Big Data: Perspectives on Valu https://ieeexplore.ieee.org/abstract/document/6519236 3 5-17- 2021 Internal and External Drivers/Legal Drivers for Information Governa Textbook: Chapter 6: Information Governance Policy Development And App Records Management and Chapter 8 - Information Governance and Legal Fun Readings: Vogel, H. S., & Rood, D. K. .(2019). Dealing with subpoena requests for digita Retrieved from http://eds.a.ebscohost.com/eds/pdfviewer/pdfviewer?vid=17 d1adf1d7c39c\%40sessionmgr4008 4 5-24- 2021 Textbook: Chapter 7 – IG for Business Units Textbook: Chapter 10 – Information Governance and Information Technolog Readings: Calderaro, A., & Craig, A. J. S. (2020). Transnational governance of cybersecu cyber capacity building. Third World Quarterly, 41(6), 917–938. https://doi.or Setyadi, R. (2019). Assessing Trust Variable Impact on the Information Techn Models: A Model Development Study. 2019 International Conference on Sust (ICSECC), Sustainable Engineering and Creative Computing (ICSECC), 2019 I https://doi.org/10.1109/ICSECC.2019.8907224 5 5-31- 2021 Textbook: Chapter 8- Information Governance and Legal Functions Readings: Griffin, J. G. H. (2014). The future of technological law: The machine state. In Technology, 28(3), 299–315. https://doi.org/10.1080/13600869.2014.932520 Vogel, H. S., & Rood, D. K. .(2019). Dealing with subpoena requests for digita Retrieved from http://eds.a.ebscohost.com/eds/pdfviewer/pdfviewer?vid=17 d1adf1d7c39c\%40sessionmgr4008 Zarsky, T. Z. (2014). Social Justice, Social Norms and the Governance of Soci 6 6-7- 2021 Textbook: Chapter 9 – Information Governance and Records and Information Readings: Md Ajis, A. F., & Hajar Baharin, S. (2019). Dark Data Management as frontier Symposium on Computer Applications & Industrial Electronics (ISCAIE), Com (ISCAIE), 2019 IEEE 9th Symposium On, 34–37. https://doi.org/10.1109/ISCAI Tallon, P. P., Ramirez, R. V., & Short, J. E. (2013). The Information Artifact in IT Governance. Journal of Management Information Systems, 30(3), 141–178. h Residency Weekend June 11-13, 2021 Friday – EASTERN TIME 5pm – 10pm Class Saturday – EASTERN TIME 8:00am – 7:30pm Class 1.5 hour lunch break (scheduled time at faculty discretion) Sunday– EASTERN TIME 8am – 1pm Class 7 6-14- 2021 Reading Assignments Textbook: Chapter 11 – Information Governance and Privacy and Security F Borgman, C. L. (2018). Open Data, Grey Data, and Stewardship: Universities Journal, 33(2), 365–412. Retrieved from: http://eds.a.ebscohost.com/eds/pdfv 4af5-9c62-d1adf1d7c39c\%40sessionmgr4008 Qin, H., Li, Z., & Yang, J. (2020). The Impact of Online Media Big Data on Firm Method. Mathematical Problems in Engineering, 1–7. https://doi.org/10.1155 / Savić, D. (2019). When is ‘grey’ too ‘grey’? A case of grey data. Grey Journal 8 6-21- 2021 Information Governance for Email and Social Media Textbook: Chapter 12 - Information Governance for E-Mail and Instant Mess for Social Media Readings: TOWER, 2004. E-Mail Management: Avoiding the 6 Common Mistakes. Best P Compliance. Pages 6 – 8. Retrieved from http://www.marms.org/wp-content/ u REGULATORY-COMPLY.PDF There are many articles in the source that should other electronic communication media. Jackson, O. (2018). GDPR: companies at risk over unstructured data. Internat http://eds.a.ebscohost.com/eds/detail/detail?vid=31&sid=73312ccd-f875-4a d1adf1d7c39c\%40sessionmgr4008&bdata=JkF1dGhUeXBlPXNoaWImc2l0ZT 9 6-28- 2021 Reading Assignments Textbook: Chapter 13 – Information Governance for Social Media Ahmed, J., Yildirim, S., Nowostaki, M., Ramachandra, R., Elezaj, O., & Abomoh Data Protection in Online Social Networks: A Blockchain-Based Approach. 20 and Computer Technologies (ICICT), Information and Computer Technologies ICICT, 307–312. https://doi.org/10.1109/ICICT50521.2020.00054 Elsayed, M., Abdelwahab, A., & Ahdelkader, H. (2019). A Proposed Framewor in Social Media. 2019 14th International Conference on Computer Engineerin and Systems (ICCES), 2019 14th International Conference On, 61–65. https:/ Jackson, O. (2018). GDPR: companies at risk over unstructured data. Internat http://eds.a.ebscohost.com/eds/detail/detail?vid=31&sid=73312ccd-f875-4a d1adf1d7c39c\%40sessionmgr4008&bdata=JkF1dGhUeXBlPXNoaWImc2l0ZT 10 7-5- 2021 Information Governance for Mobile Computing Textbook: Chapter 14: Information Governance for Mobile Devices Readings Limantara, N., Kosala, R., Ranti, B., & Supangkat, S. H. (2019). Human and Te Mobile Devices in Learning Activities. 2019 International Conference on ICT f (ICISS), 2019 International Conference On, 7, 1–5. https://doi.org/10.1109/ICI Rothstein, M. A., Wilbanks, J. T., Beskow, L. M., Brelsford, K. M., Brothers, K. B McGowan, M. L., & Tovino, S. A. (2020). Unregulated Health Research Using M Recommendations. Journal of Law, Medicine & Ethics, 48, 196–226. https://d Shankar, A., & Kumari, P. (2019). A Study of Factors Affecting Mobile Governa Extension of the Technology Acceptance Model (TAM). South Asian Journal of 11 7-12- 2021 Information Governance for Cloud Computing Textbook: Chapter 15 – Information Governance for Cloud Computing Readings: A Comparative Study of Data Deduplication Strategies. (2018). 2018 First Int Computing and Communication (ICSCCC), Secure Cyber Computing and Com Conference On, 68. Retrieved from https://ieeexplore.ieee.org/document/870 Patricia C. Franks. (2015). New Technologies, New Challenges: Records Reten 39(2), 191–209. Retrieved from http://eds.a.ebscohost.com/eds/pdfviewer/pd d1adf1d7c39c\%40sessionmgr4008 12 7-19- 2021 Emerging Topics in Information Governance Textbook: Chapter 16 – Leveraging and Governing Emerging Technologies Readings: A. F. Md Ajis and S. Hajar Baharin, Dark Data Management as frontier of Info on Computer Applications & Industrial Electronics (ISCAIE), Malaysia, 2019, p https://ieeexplore.ieee.org/document/8743915?arnumber=8743915 Shetty, Sony (2017). How to Tackle Dark Data”. Retrieved from https://www .g dark-data/ 13 7-26- 2021 Records Preservation Textbook: Chapter 17 – Long-Term Digital Preservation Readings: Park, S. H., Zhang, Y., & Keister, L. A. (2020). Governance Innovations in Eme Perspectives, 34(2), 226–239. https://doi.org/10.5465/amp.2017.0177 P. C. Franks, Government use of cloud-based long term digital preservation Heritage, Granada, 2015, pp. 371-374, https://doi.org/10.1109/DigitalHeritag Pike, E. R. (2020). Defending Data: Toward Ethical Protections and Comprehe 69(4), 687–743. Zwarich, N., & Park, E. G. (2017). Toward E-Mail Governance: Policies and Pra Journal of Information & Library Sciences, 41(3), 169–185 14 8-2- 2021 Reading Assignments Textbook: Chapter 18 – Maintaining an Information Governance Program an Knud Brandis, Srdan Dzombeta, Ricardo Colomo-Palacios, & Vladimir Stantch Cloud Scenarios. Applied Sciences, 9(2), 320. https://doi.org/10.3390/app90 2 Sam Lubbe, & Osden Jokonya. (2011). Using information technology governa creator of business values – a case study. South African Journal of Economic https://doi.org/10.4102/sajems.v12i1.264 15 8-9- 2021 Reading Assignments Arshad, A., Bin Noordin, M. F., Bint Othman, R., & Mehmood, W. (2018). Desig Systems – Development of an Integrated Component-Based KM Model for Eff Conference on Information and Communication Technology for the Muslim W Technology for the Muslim World (ICT4M), 2018 International Conference on, https://doi.org/10.1109/ICT4M.2018.00065 Jimenez, J. I., & Jahankhani, H. (2019). “Privacy by Design” Governance Fram Health Information (PHI) Processed by IoT-based Telemedicine Devices and A 12th International Conference on Global Security, Safety and Sustainability ( (ICGS3), 2019 IEEE 12th International Conference On, 212. https://doi.org/10 Tse, D., Chow, C., Ly, T., Tong, C., & Tam, K. (2018). The Challenges of Big Da International Conference On Trust, Security And Privacy In Computing And C Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Tru Communications/ 12th IEEE International Conference On Big Data Science A IEEE International Conference On, TRUSTCOM-BIGDATASE, 1632–1636. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00240 16 8-16- Short Week 2021 Review the Research Videos Online Last Day of Class is Thursday, August 19, 2021 Syllabus Disclaimer This syllabus contains important information critical to your success in this course. It includes guidelines for this course and the instructor’s current expectations about content, schedule, and requirements necessary for each student to achieve the best educational results. While you must review and become familiar with the contents of this syllabus, the instructor reserves the right to make adjustments or change in the syllabus from time to time. Any changes to the syllabus will be discussed with the students. INFORMATION GOVERNANCE Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offi ces in North America, Europe, Asia, and Australia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers’ professional and personal knowledge and understanding. The Wiley CIO series provides information, tools, and insights to IT executives and managers. The products in this series cover a wide range of topics that supply strategic and implementation guidance on the latest technology trends, leadership, and emerging best practices. Titles in the Wiley CIO series include: The Agile Architecture Revolution: How Cloud Computing, REST-Based SOA, and Mobile Computing Are Changing Enterprise IT by Jason BloombergT Big Data, Big Analytics: Emerging Business Intelligence and Analytic Trends for Today’s Businesses by Michael Minelli, Michele Chambers, and Ambiga Dhiraj The Chief Information Offi cer’s Body of Knowledge: People, Process, and Technology by Dean Lane CIO Best Practices: Enabling Strategic Value with Information Technology (Second Edition) by Joe Stenzel, Randy Betancourt, Gary Cokins, Alyssa Farrell, Bill Flemming, Michael H. Hugos, Jonathan Hujsak, and Karl Schubert The CIO Playbook: Strategies and Best Practices for IT Leaders to Deliver Value by Nicholas R. Colisto Enterprise Performance Management Done Right: An Operating System for Your Organization by Ron Dimon Executive’s Guide to Virtual Worlds: How Avatars Are Transforming Your Business and Your Brand by Lonnie Bensond IT Leadership Manual: Roadmap to Becoming a Trusted Business Partner by Alan R. r Guibord Managing Electronic Records: Methods, Best Practices, and Technologies by Robert F. s Smallwood On Top of the Cloud: How CIOs Leverage New Technologies to Drive Change and Build Value Across the Enterprise by Hunter Muller Straight to the Top: CIO Leadership in a Mobile, Social, and Cloud-based World (Second Edition) by Gregory S. Smith Strategic IT: Best Practices for Managers and Executives by Arthur M. Langer ands Lyle Yorks Transforming IT Culture: How to Use Social Intelligence, Human Factors, and Collaboration to Create an IT Department That Outperforms by Frank Wanders Unleashing the Power of IT: Bringing People, Business, and Technology Together by Dan Roberts The U.S. Technology Skills Gap: What Every Technology Executive Must Know to Save America’s Future by Gary J. Beach Information Governance: Concepts, Strategies and Best Practices by Robert F. Smallwoods Robert F. Smallwood INFORMATION GOVERNANCE CONCEPTS, STRATEGIES AND BEST PRACTICES Cover image: © iStockphoto / IgorZh Cover design: Wiley Copyright © 2014 by Robert F. Smallwood. All rights reserved. Chapter 7 © 2014 by Barclay Blair Portions of Chapter 8 © 2014 by Randolph Kahn Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifi cally disclaim any implied warranties of merchantability or fi tness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profi t or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com. Library of Congress Cataloging-in-Publication Data: Smallwood, Robert F., 1959- Information governance : concepts, strategies, and best practices / Robert F. Smallwood. pages cm. — (Wiley CIO series) ISBN 978-1-118-21830-3 (cloth); ISBN 978-1-118-41949-6 (ebk); ISBN 978-1-118-42101-7 (ebk) 1. Information technology—Management. 2. Management information systems. 3. Electronic records—Management. I. Title. HD30.2.S617 2014 658.4’038—dc23 2013045072 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 http://www.copyright.com http://www.wiley.com/go/permissions http://booksupport.wiley.com http://www.wiley.com For my sons and the next generation of tech-savvy managers vii CONTENTS PREFACE xv ACKNOWLEDGMENTS xvii PA RT O N E — Information Governance Concepts, Defi nitions, and Principles 1p C H A P T E R 1 The Onslaught of Big Data and the Information Governance Imperative 3 Defi ning Information Governance 5 IG Is Not a Project, But an Ongoing Program 7 Why IG Is Good Business 7 Failures in Information Governance 8 Form IG Policies, Then Apply Technology for Enforcement 10 Notes 12 C H A P T E R 2 Information Governance, IT Governance, Data Governance: What’s the Difference? 15 Data Governance 15 IT Governance 17 Information Governance 20 Impact of a Successful IG Program 20 Summing Up the Differences 21 Notes 22 C H A P T E R 3 Information Governance Principles 25 Accountability Is Key 27 Generally Accepted Recordkeeping Principles® 27 Contributed by Charmaine Brooks, CRM Assessment and Improvement Roadmap 34 Who Should Determine IG Policies? 35 Notes 38 PA RT T W O — Information Governance Risk Assessment and Strategic Planning 41g g C H A P T E R 4 Information Risk Planning and Management 43 Step 1: Survey and Determine Legal and Regulatory Applicability and Requirements 43 viii CONTENTS Step 2: Specify IG Requirements to Achieve Compliance 46 Step 3: Create a Risk Profi le 46 Step 4: Perform Risk Analysis and Assessment 48 Step 5: Develop an Information Risk Mitigation Plan 49 Step 6: Develop Metrics and Measure Results 50 Step 7: Execute Your Risk Mitigation Plan 50 Step 8: Audit the Information Risk Mitigation Program 51 Notes 51 C H A P T E R 5 Strategic Planning and Best Practices for Information Governance 53 Crucial Executive Sponsor Role 54 Evolving Role of the Executive Sponsor 55 Building Your IG Team 56 Assigning IG Team Roles and Responsibilities 56 Align Your IG Plan with Organizational Strategic Plans 57 Survey and Evaluate External Factors 58 Formulating the IG Strategic Plan 65 Notes 69 C H A P T E R 6 Information Governance Policy Development 71 A Brief Review of Generally Accepted Recordkeeping Principles® 71 IG Reference Model 72 Best Practices Considerations 75 Standards Considerations 76 Benefi ts and Risks of Standards 76 Key Standards Relevant to IG Efforts 77 Major National and Regional ERM Standards 81 Making Your Best Practices and Standards Selections to Inform Your IG Framework 87 Roles and Responsibilities 88 Program Communications and Training 89 Program Controls, Monitoring, Auditing and Enforcement 89 Notes 91 PA RT T H R E E — Information Governance Key Impact Areas Based on the IG Reference Model 95p C H A P T E R 7 Business Considerations for a Successful IG Program 97 By Barclay T. Blair Changing Information Environment 97 CONTENTS ix Calculating Information Costs 99 Big Data Opportunities and Challenges 100 Full Cost Accounting for Information 101 Calculating the Cost of Owning Unstructured Information 102 The Path to Information Value 105 Challenging the Culture 107 New Information Models 107 Future State: What Will the IG-Enabled Organization Look Like? 110 Moving Forward 111 Notes 113 C H A P T E R 8 Information Governance and Legal Functions 115 By Robert Smallwood with Randy Kahn, Esq., and Barry Murphy Introduction to e-Discovery: The Revised 2006 Federal Rules of Civil Procedure Changed Everything 115 Big Data Impact 117 More Details on the Revised FRCP Rules 117 Landmark E-Discovery Case: Zubulake v. UBS Warburg 119 E-Discovery Techniques 119 E-Discovery Reference Model 119 The Intersection of IG and E-Discovery 122 By Barry Murphy Building on Legal Hold Programs to Launch Defensible Disposition 125 By Barry Murphy Destructive Retention of E-Mail 126 Newer Technologies That Can Assist in E-Discovery 126 Defensible Disposal: The Only Real Way To Manage Terabytes and Petabytes 130 By Randy Kahn, Esq. Retention Policies and Schedules 137 By Robert Smallwood, edited by Paula Lederman, MLS Notes 144 C H A P T E R 9 Information Governance and Records and Information Management Functions 147 Records Management Business Rationale 149 Why Is Records Management So Challenging? 150 Benefi ts of Electronic Records Management 152 Additional Intangible Benefi ts 153 Inventorying E-Records 154 Generally Accepted Recordkeeping Principles® 155 E-Records Inventory Challenges 155 x CONTENTS Records Inventory Purposes 156 Records Inventorying Steps 157 Ensuring Adoption and Compliance of RM Policy 168 General Principles of a Retention Scheduling 169 Developing a Records Retention Schedule 170 Why Are Retention Schedules Needed? 171 What Records Do You Have to Schedule? Inventory and Classifi cation 173 Rationale for Records Groupings 174 Records Series Identifi cation and Classifi cation 174 Retention of E-Mail Records 175 How Long Should You Keep Old E-Mails? 176 Destructive Retention of E-Mail 177 Legal Requirements and Compliance Research 178 Event-Based Retention Scheduling for Disposition of E-Records 179 Prerequisites for Event-Based Disposition 180 Final Disposition and Closure Criteria 181 Retaining Transitory Records 182 Implementation of the Retention Schedule and Disposal of Records 182 Ongoing Maintenance of the Retention Schedule 183 Audit to Manage Compliance with the Retention Schedule 183 Notes 186 C H A P T E R 10 Information Governance and Information Technology Functions 189 Data Governance 191 Steps to Governing Data Effectively 192 Data Governance Framework 193 Information Management 194 IT Governance 196 IG Best Practices for Database Security and Compliance 202 Tying It All Together 204 Notes 205 C H A P T E R 11 Information Governance and Privacy and Security Functions 207 Cyberattacks Proliferate 207 Insider Threat: Malicious or Not 208 Privacy Laws 210 Defense in Depth 212 Controlling Access Using Identity Access Management 212 Enforcing IG: Protect Files with Rules and Permissions 213 CONTENTS xi Challenge of Securing Confi dential E-Documents 213 Apply Better Technology for Better Enforcement in the Extended Enterprise 215 E-Mail Encryption 217 Secure Communications Using Record-Free E-Mail 217 Digital Signatures 218 Document Encryption 219 Data Loss Prevention (DLP) Technology 220 Missing Piece: Information Rights Management (IRM) 222 Embedded Protection 226 Hybrid Approach: Combining DLP and IRM Technologies 227 Securing Trade Secrets after Layoffs and Terminations 228 Persistently Protecting Blueprints and CAD Documents 228 Securing Internal Price Lists 229 Approaches for Securing Data Once It Leaves the Organization 230 Document Labeling 231 Document Analytics 232 Confi dential Stream Messaging 233 Notes 236 PA RT F O U R — Information Governance for Delivery Platforms 239y C H A P T E R 12 Information Governance for E-Mail and Instant Messaging 241 Employees Regularly Expose Organizations to E-Mail Risk 242 E-Mail Polices Should Be Realistic and Technology Agnostic 243 E-Record Retention: Fundamentally a Legal Issue 243 Preserve E-Mail Integrity and Admissibility with Automatic Archiving 244 Instant Messaging 247 Best Practices for Business IM Use 247 Technology to Monitor IM 249 Tips for Safer IM 249 Notes 251 C H A P T E R 13 Information Governance for Social Media 253 By Patricia Franks, Ph.D, CRM, and Robert Smallwood Types of Social Media in Web 2.0 253 Additional Social Media Categories 255 Social Media in the Enterprise 256 Key Ways Social Media Is Different from E-Mail and Instant Messaging 257 Biggest Risks of Social Media 257 Legal Risks of Social Media Posts 259 xii CONTENTS Tools to Archive Social Media 261 IG Considerations for Social Media 262 Key Social Media Policy Guidelines 263 Records Management and Litigation Considerations for Social Media 264 Emerging Best Practices for Managing Social Media Records 267 Notes 269 C H A P T E R 14 Information Governance for Mobile Devices 271 Current Trends in Mobile Computing 273 Security Risks of Mobile Computing 274 Securing Mobile Data 274 Mobile Device Management 275 IG for Mobile Computing 276 Building Security into Mobile Applications 277 Best Practices to Secure Mobile Applications 280 Developing Mobile Device Policies 281 Notes 283 C H A P T E R 15 Information Governance for Cloud Computing 285 By Monica Crocker CRM, PMP, CIP, and Robert Smallwood Defi ning Cloud Computing 286 Key Characteristics of Cloud Computing 287 What Cloud Computing Really Means 288 Cloud Deployment Models 289 Security Threats with Cloud Computing 290 Benefi ts of the Cloud 298 Managing Documents and Records in the Cloud 299 IG Guidelines for Cloud Computing Solutions 300 Notes 301 C H A P T E R 16 SharePoint Information Governance 303 By Monica Crocker, CRM, PMP, CIP, edited by Robert Smallwood Process Change, People Change 304 Where to Begin the Planning Process 306 Policy Considerations 310 Roles and Responsibilities 311 Establish Processes 312 Training Plan 313 Communication Plan 313 Note 314 CONTENTS xiii PA RT F I V E — Long-Term Program Issues 315g g C H A P T E R 17 Long-Term Digital Preservation 317 By Charles M. Dollar and Lori J. Ashley Defi ning Long-Term Digital Preservation 317 Key Factors in Long-Term Digital Preservation 318 Threats to Preserving Records 320 Digital Preservation Standards 321 PREMIS Preservation Metadata Standard 328 Recommended Open Standard Technology-Neutral Formats 329 Digital Preservation Requirements 333 Long-Term Digital Preservation Capability Maturity Model® 334 Scope of the Capability Maturity Model 336 Digital Preservation Capability Performance Metrics 341 Digital Preservation Strategies and Techniques 341 Evolving Marketplace 344 Looking Forward 344 Notes 346 C H A P T E R 18 Maintaining an Information Governance Program and Culture of Compliance 349 Monitoring and Accountability 349 Staffi ng Continuity Plan 350 Continuous Process Improvement 351 Why Continuous Improvement Is Needed 351 Notes 353 A P P E N D I X A Information Organization and Classifi cation: Taxonomies and Metadata 355 By Barb Blackburn, CRM, with Robert Smallwood; edited by Seth Earley Importance of Navigation and Classifi cation 357 When Is a New Taxonomy Needed? 358 Taxonomies Improve Search Results 358 Metadata and Taxonomy 359 Metadata Governance, Standards, and Strategies 360 Types of Metadata 362 Core Metadata Issues 363 International Metadata Standards and Guidance 364 Records Grouping Rationale 368 Business Classifi cation Scheme, File Plans, and Taxonomy 368 Classifi cation and Taxonomy 369 xiv CONTENTS Prebuilt versus Custom Taxonomies 370 Thesaurus Use in Taxonomies 371 Taxonomy Types 371 Business Process Analysis 377 Taxonomy Testing: A Necessary Step 379 Taxonomy Maintenance 380 Social Tagging and Folksonomies 381 Notes 383 A P P E N D I X B Laws and Major Regulations Related to Records Management 385 United States 385 Canada 387 By Ken Chasse, J.D., LL.M. United Kingdom 389 Australia 391 Notes 394 A P P E N D I X C Laws and Major Regulations Related to Privacy 397 United States 397 Major Privacy Laws Worldwide, by Country 398 Notes 400 GLOSSARY 401 ABOUT THE AUTHOR 417 ABOUT THE MAJOR CONTRIBUTORS 419 INDEX 421 xv PREFACE I nformation governance (IG) has emerged as a key concern for business executives and managers in today’s environment of Big Data, increasing information risks, co- lossal leaks, and greater compliance and legal demands. But few seem to have a clear understanding of what IG is; that is, how you defi ne what it is and is not, and how to implement it. This book clarifi es and codifi es these defi nitions and provides key in- sights as to how to implement and gain value from IG programs. Based on exhaustive research, and with the contributions of a number of industry pioneers and experts, this book lays out IG as a complete discipline in and of itself for the fi rst time. IG is a super-discipline that includes components of several key fi elds: law, records management, information technology (IT), risk management, privacy and security, and business operations. This unique blend calls for a new breed of information pro- fessional who is competent across these established and quite complex fi elds. Training and education are key to IG success, and this book provides the essential underpinning for organizations to train a new generation of IG professionals. Those who are practicing professionals in the component fi elds of IG will fi nd the book useful in expanding their knowledge from traditional fi elds to the emerging tenets of IG. Attorneys, records and compliance managers, risk managers, IT manag- ers, and security and privacy professionals will fi nd this book a particularly valuable resource. The book strives to offer clear IG concepts, actionable strategies, and proven best practices in an understandable and digestible way; a concerted effort was made to simplify language and to offer examples. There are summaries of key points through- out and at the end of each chapter to help the reader retain major points. The text is organized into fi ve parts: (1) Information Governance Concepts, Defi nitions, and Principles; (2) IG Risk Assessment and Strategic Planning; (3) IG Key Impact Areas; (4) IG for Delivery Platforms; and (5) Long-Term Program Issues. Also included are appendices with detailed information on taxonomy and metadata design and on re- cords management and privacy legislation. One thing that is sure is that the complex fi eld of IG is evolving. It will continue to change and solidify. But help is here: No other book offers the kind of compre- hensive coverage of IG contained within these pages. Leveraging the critical advice provided here will smooth your path to understanding and implementing successful IG programs. Robert F. Smallwood xvii ACKNOWLEDGMENTS I would like to sincerely thank my colleagues for their support and generous contribu- tion of their expertise and time, which made this pioneering text possible. Many thanks to Lori Ashley, Barb Blackburn, Barclay Blair, Charmaine Brooks, Ken Chasse, Monica Crocker, Charles M. Dollar, Seth Earley, Dr. Patricia Franks, Randy Kahn, Paula Lederman, and Barry Murphy. I am truly honored to include their work and owe them a great debt of gratitude. PA RT O N E Information Governance Concepts, Defi nitions, and Principles 3 The Onslaught of Big Data and the Information Governance Imperative C H A P T E R 1 T he value of information in business is rising, and business leaders are more and more viewing the ability to govern, manage, and harvest information as critical to success. Raw data is now being increasingly viewed as an asset that can be leveraged, just like fi nancial or human capital.1 Some have called this new age of “Big Data” the “industrial revolution of data.” According to the research group Gartner, Inc., Big Data is defi ned as “high-volume, high-velocity and high-variety information assets that demand cost-effective, inno- vative forms of information processing for enhanced insight and decision making.” 2 A practical defi nition should also include the idea that the amount of data—both struc- tured (in databases) and unstructured (e.g., e-mail, scanned documents) is so mas- sive that it cannot be processed using today’s database tools and analytic software techniques. 3 In today’s information overload era of Big Data—characterized by massive growth in business data volumes and velocity—the ability to distill key insights from enor- mous amounts of data is a major business differentiator and source of sustainable com- petitive advantage. In fact, a recent report by the World Economic Forum stated that data is a new asset class and personal data is “the new oil.” 4 And we are generating more than we can manage effectively with current methods and tools. The Big Data numbers are overwhelming: Estimates and projections vary, but it has been stated that 90 percent of the data existing worldwide today was created in the last two years 5 and that every two days more information is generated than was from the dawn of civilization until 2003. 6 This trend will continue: The global market for Big Data technology and services is projected to grow at a compound annual rate of 27 percent through 2017, about six times faster than the general information and com- munications technology (ICT) market. 7 Many more comparisons and statistics are available, and all demonstrate the incredible and continued growth of data. Certainly, there are new and emerging opportunities arising from the accu- mulation and analysis of all that data we are busy generating and collecting. New enterprises are springing up to capitalize on data mining and business intelligence opportunities. The U.S. federal government joined in, announcing $200 million in Big Data research programs in 2012.8 4 INFORMATION GOVERNANCE Big Data values massive accumulation of data, whereas in business, e-discovery realities and potential legal liabilities dictate that data be culled to only that which has clear business value. But established organizations, especially larger ones, are being crushed by this onslaught of Big Data: It is just too expensive to keep all the information that is being generated, and unneeded information is a sort of irrelevant sludge for decision makers to wade through. They have diffi culty knowing which information is an accurate and meaningful “wheat” and which is simply irrelevant “chaff.” This means they do not have the precise information they need to base good business decisions upon. And all that Big Data piling up has real costs: The burden of massive stores of information has increased storage management costs dramatically, caused overloaded systems to fail, and increased legal discovery costs. 9 Further, the longer that data is kept, the more likely that it will need to be migrated to newer computing platforms, driving up conversion costs; and legally, there is the risk that somewhere in that mountain of data an organization stores is a piece of information that represents a signifi cant legal liability.10 This is where the worlds of Big Data and business collide . For Big Data proponents, more data is always better, and there is no perceived downside to accumulation of mas- sive amounts of data. In the business world, though, the realities of legal e-discovery mean the opposite is true. 11 To reduce risk, liability, and costs, it is critical for unneeded information to be disposed of in a systematic, methodical, and “legally defensible” (jus- tifi able in legal proceedings) way, when it no longer has legal, regulatory, or business value. And there also is the high-value benefi t of basing decisions on better, cleaner data, which can come about only through rigid, enforced information governance (IG) policies that reduce information glut. Organizations are struggling to reduce and right-size their information footprint by discarding superfl uous and redundant data, e-documents, and information. But the critical issue is devising policies, methods, and processes and then deploying information technol- ogy (IT) to sort through which information is valuable and which no longer has business value and can be discarded. IT, IG, risk, compliance, and legal representatives in organizations have a clear sense that most of the information stored is unneeded, raises costs, and poses risks. According to a survey taken at a recent Compliance, Governance and Oversight Counsel summit, respondents estimated that approximately 25 percent of information stored in organizations has real business value, while 5 percent must be kept as busi- ness records and about 1 percent is retained due to a litigation hold. “This means that The onslaught of Big Data necessitates that information governance (IG) be implemented to discard unneeded data in a legally defensible way. THE ONSLAUGHT OF BIG DATA AND THE INFORMATION GOVERNANCE IMPERATIVE 5 [about] 69 percent of information in most companies has no business, legal, or regulatory value. Companies that are able to dispose of this data debris return more profi t to sharehold- ers, can leverage more of their IT budgets for strategic investments, and can avoid excess expense in legal and regulatory response” (emphasis added). 12 With a smaller information footprint , organizations can more easily fi nd what they tt need and derive business value from it.13 They must eliminate the data debris regularly and consistently, and to do this, processes and systems must be in place to cull valuable information and discard the data debris daily. An IG program sets the framework to accomplish this. The business environment has also underscored the need for IG. According to Ted Friedman at Gartner, “The recent global fi nancial crisis has put information gov- ernance in the spotlight. . . . [It] is a priority of IT and business leaders as a result of various pressures, including regulatory compliance mandates and the urgent need for improved decision-making.” 14 And IG mastery is critical for executives: Gartner predicts that by 2016, one in fi ve chief information offi cers in regulated industries will be fi red from their jobs for failed IG initiatives. s 15 Defi ning Information Governance IG is a sort of super discipline that has emerged as a result of new and tightened legislation governing businesses, external threats such as hacking and data breaches, and the recog- nition that multiple overlapping disciplines were needed to address today’s information management challenges in an increasingly regulated and litigated business environment.16 IG is a subset of corporate governance, and includes key concepts from re- cords management, content management, IT and data governance, information se- curity, data privacy, risk management, litigation readiness, regulatory compliance, long-term digital preservation , and even business intelligence. This also means that it includes related technology and discipline subcategories, such as document management, enterprise search, knowledge management, and business continuity/ disaster recovery. Only about one quarter of information organizations are managing has real business value. With a smaller information footprint, it is easier for organizations to fi nd the information they need and derive business value from it. IG is a subset of corporate governance. 6 INFORMATION GOVERNANCE IG is a sort of superdiscipline that encompasses a variety of key concepts from a variety of related disciplines. Practicing good IG is the essential foundation for building legally defensible disposition practices to discard unneeded information and to secure confi dential in- formation, which may include trade secrets, strategic plans, price lists, blueprints, or personally identifi able information (PII) subject to privacy laws; it provides the basis for consistent, reliable methods for managing data, e-documents, and records. Having trusted and reliable records, reports, data, and databases enables managers to make key decisions with …