PREFACE xv ACKNOWLEDGMENTS xvii PART ONE--Information Governance Concepts, Definitions, and Principles 1 CHAPTER 1 The Onslaught of Big Data and the Information Governance Imperative 3 Defining Information Governance 5 IG Is Not a Project, But an Ongoing Program 7 Why IG Is Good Business 7 Failures in Information Governance 8 Form IG Policies, Then Apply Technology for Enforcement 10 Notes 12 CHAPTER 2 Information Governance, IT Governance, Data Governance: What''s the Difference? 15 Data Governance 15 IT Governance 17 Information Governance 20 Impact of a Successful IG Program 20 Summing Up the Differences 21 Notes 22 CHAPTER 3 Information Governance Principles 25 Accountability Is Key 27 Generally Accepted Recordkeeping Principles® 27 Contributed by Charmaine Brooks, CRM Assessment and Improvement Roadmap 34 Who Should Determine IG Policies? 35 Notes 38 PART TWO--Information Governance Risk Assessment and Strategic Planning 41 CHAPTER 4 Information Risk Planning and Management 43 Step 1: Survey and Determine Legal and Regulatory Applicability and Requirements 43 Step 2: Specify IG Requirements to Achieve Compliance 46 Step 3: Create a Risk Profi le 46 Step 4: Perform Risk Analysis and Assessment 48 Step 5: Develop an Information Risk Mitigation Plan 49 Step 6: Develop Metrics and Measure Results 50 Step 7: Execute Your Risk Mitigation Plan 50 Step 8: Audit the Information Risk Mitigation Program 51 Notes 51 CHAPTER 5 Strategic Planning and Best Practices for Information Governance 53 Crucial Executive Sponsor Role 54 Evolving Role of the Executive Sponsor 55 Building Your IG Team 56 Assigning IG Team Roles and Responsibilities 56 Align Your IG Plan with Organizational Strategic Plans 57 Survey and Evaluate External Factors 58 Formulating the IG Strategic Plan 65 Notes 69 CHAPTER 6 Information Governance Policy Development 71 A Brief Review of Generally Accepted Recordkeeping Principles® 71 IG Reference Model 72 Best Practices Considerations 75 Standards Considerations 76 Benefits and Risks of Standards 76 Key Standards Relevant to IG Efforts 77 Major National and Regional ERM Standards 81 Making Your Best Practices and Standards Selections to Inform Your IG Framework 87 Roles and Responsibilities 88 Program Communications and Training 89 Program Controls, Monitoring, Auditing and Enforcement 89 Notes 91 PART THREE--Information Governance Key Impact Areas Based on the IG Reference Model 95 CHAPTER 7 Business Considerations for a Successful IG Program 97 By Barclay T. Blair Changing Information Environment 97 Calculating Information Costs 99 Big Data Opportunities and Challenges 100 Full Cost Accounting for Information 101 Calculating the Cost of Owning Unstructured Information 102 The Path to Information Value 105 Challenging the Culture 107 New Information Models 107 Future State: What Will the IG-Enabled Organization Look Like? 110 Moving Forward 111 Notes 113 CHAPTER 8 Information Governance and Legal Functions 115 By Robert Smallwood with Randy Kahn, Esq., and Barry Murphy Introduction to e-Discovery: The Revised 2006 Federal Rules of Civil Procedure Changed Everything 115 Big Data Impact 117 More Details on the Revised FRCP Rules 117 Landmark E-Discovery Case: Zubulake v. UBS Warburg 119 E-Discovery Techniques 119 E-Discovery Reference Model 119 The Intersection of IG and E-Discovery 122 By Barry Murphy Building on Legal Hold Programs to Launch Defensible Disposition 125 By Barry Murphy Destructive Retention of E-Mail 126 Newer Technologies That Can Assist in E-Discovery 126 Defensible Disposal: The Only Real Way To Manage Terabytes and Petabytes 130 By Randy Kahn, Esq. Retention Policies and Schedules 137 By Robert Smallwood, edited by Paula Lederman, MLS Notes 144 CHAPTER 9 Information Governance and Records and Information Management Functions 147 Records Management Business Rationale 149 Why Is Records Management So Challenging? 150 Benefits of Electronic Records Management 152 Additional Intangible Benefits 153 Inventorying E-Records 154 Generally Accepted Recordkeeping Principles® 155 E-Records Inventory Challenges 155 Records Inventory Purposes 156 Records Inventorying Steps 157 Ensuring Adoption and Compliance of RM Policy 168 General Principles of a Retention Scheduling 169 Developing a Records Retention Schedule 170 Why Are Retention Schedules Needed? 171 What Records Do You Have to Schedule? Inventory and Classification 173 Rationale for Records Groupings 174 Records Series Identification and Classification 174 Retention of E-Mail Records 175 How Long Should You Keep Old E-Mails? 176 Destructive Retention of E-Mail 177 Legal Requirements and Compliance Research 178 Event-Based Retention Scheduling for Disposition of E-Records 179 Prerequisites for Event-Based Disposition 180 Final Disposition and Closure Criteria 181 Retaining Transitory Records 182 Implementation of the Retention Schedule and Disposal of Records 182 Ongoing Maintenance of the Retention Schedule 183 Audit to Manage Compliance with the Retention Schedule 183 Notes 186 CHAPTER 10 Information Governance and Information Technology Functions 189 Data Governance 191 Steps to Governing Data Effectively 192 Data Governance Framework 193 Information Management 194 IT Governance 196 IG Best Practices for Database Security and Compliance 202 Tying It All Together 204 Notes 205 CHAPTER 11 Information Governance and Privacy and Security Functions 207 Cyberattacks Proliferate 207 Insider Threat: Malicious or Not 208 Privacy Laws 210 Defense in Depth 212 Controlling Access Using Identity Access Management 212 Enforcing IG: Protect Files with Rules and Permissions 213 Challenge of Securing Confidential E-Documents 213 Apply Better Technology for Better Enforcement in the Extended Enterprise 215 E-Mail Encryption 217 Secure Communications Using Record-Free E-Mail 217 Digital Signatures 218 Document Encryption 219 Data Loss Prevention (DLP) Technology 220 Missing Piece: Information Rights Management (IRM) 222 Embedded Protection 226 Hybrid Approach: Combining DLP and IRM Technologies 227 Securing Trade Secrets after Layoffs and Terminations 228 Persistently Protecting Blueprints and CAD Documents 228 Securing Internal Price Lists 229 Approaches for Securing Data Once It Leaves the Organization 230 Document Labeling 231 Document Analytics 232 Confidential Stream Messaging 233 Notes 236 PART FOUR--Information Governance for Delivery Platforms 239 CHAPTER 12 Information Governance for E-Mail and Instant Messaging 241 Employees Regularly Expose Organizations to E-Mail Risk 242 E-Mail Polices Should Be Realistic and Technology Agnostic 243 E-Record Retention: Fundamentally a Legal Issue 243 Preserve E-Mail Integrity and Admissibility with Automatic Archiving 244 Instant Messaging 247 Best Practices for Business IM Use 247 Technology to Monitor IM 249 Tips for Safer IM 249 Notes 251 CHAPTER 13 Information Governance for Social Media 253 By Patricia Franks, Ph.D, CRM, and Robert Smallwood Types of Social Media in Web 2.0 253 Additional Social Media Categories 255 Social Media in the Enterprise 256 Key Ways Social Media Is Different from E-Mail and Instant Messaging 257 Biggest Risks of Social Media 257 Legal Risks of Social Media Posts 259 Tools to Archive Social Media 261 IG Considerations for Social Media 262 Key Social Media Policy Guidelines 263 Records Management and Litigation Considerations for Social Media 264 Emerging Best Practices for Managing Social Media Records 267 Notes 269 CHAPTER 14 Information Governance for Mobile Devices 271 Current Trends in Mobile Computing 273 Security Risks of Mobile Computing 274 Securing Mobile Data 274 Mobile Device Management 275 IG for Mobile Computing 276 Building Security into Mobile Applications 277 Best Practices to Secure Mobile Applications 280 Developing Mobile Device Policies 281 Notes 283 CHAPTER 15 Information Governance for Cloud Computing 285 By Monica Crocker CRM, PMP, CIP, and Robert Smallwood Defining Cloud Computing 286 Key Characteristics of Cloud Computing 287 What Cloud Computing Really Means 288 Cloud Deployment Models 289 Security Threats with Cloud Computing 290 Benefits of the Cloud 298 Managing Documents and Records in the Cloud 299 IG Guidelines for Cloud Computing Solutions 300 Notes 301 CHAPTER 16 SharePoint Information Governance 303 By Monica Crocker, CRM, PMP, CIP, edited by Robert Smallwood Process.