Preface xvii Acknowledgments xix Part One--Information Governance Concepts, Definitions, and Principles 1 Chapter 1 The Information Governance Imperative 3 Early Development of IG 4 Big Data Impact 5 Defining Information Governance 7 IG is Not a Project, But an Ongoing Program 9 Why IG is Good Business 9 Failures in Information Governance 11 Form IG Policies, Then Apply Technology for Enforcement 14 Chapter 2 Information Governance, IT Governance, Data Governance: What''s the Difference? 19 Data Governance 19 Data Governance Strategy Tips 20 IT Governance 21 IT Governance Frameworks 22 Information Governance 25 Impact of a Successful IG Program 25 Summing Up the Differences 26 Chapter 3 Information Governance Principles 29 The Sedona Conference® Commentary on Information Governance 29 Smallwood IG Principles 30 Accountability is Key 34 Generally Accepted Recordkeeping Principles® 35 Contributed by Charmaine Brooks Assessment and Improvement Roadmap 42 Information Security Principles 45 Privacy Principles 45 Who Should Determine IG Policies? 48 Part Two--Information Governance Risk Assessment and Strategic Planning 53 Chapter 4 Information Asset Risk Planning and Management 55 The Information Risk Planning Process 56 Create a Risk Profile 59 Information Risk Planning and Management Summary 65 Chapter 5 Strategic Planning and Best Practices for Information Governance 69 Crucial Executive Sponsor Role 70 Evolving Role of the Executive Sponsor 71 Building Your IG Team 72 Assigning IG Team Roles and Responsibilities 72 Align Your IG Plan with Organizational Strategic Plans 73 Survey and Evaluate External Factors 75 Formulating the IG Strategic Plan 81 Chapter 6 Information Governance Policy Development 87 The Sedona Conference IG Principles 87 A Brief Review of Generally Accepted Recordkeeping Principles® 88 IG Reference Model 88 Best Practices Considerations 91 Standards Considerations 92 Benefits and Risks of Standards 93 Key Standards Relevant to IG Efforts 93 Major National and Regional ERM Standards 98 Making Your Best Practices and Standards Selections to Inform Your IG Framework 105 Roles and Responsibilities 105 Program Communications and Training 106 Program Controls, Monitoring, Auditing, and Enforcement 107 Part Three--Information Governance Key Impact Areas 113 Chapter 7 Information Governance for Business Units 115 Start with Business Objective Alignment 115 Which Business Units are the Best Candidates to Pilot an IG Program? 117 What is Infonomics? 117 How to Begin an IG Program 118 Business Considerations for an IG Program 119 By Barclay T. Blair Changing Information Environment 119 Calculating Information Costs 121 Big Data Opportunities and Challenges 122 Full Cost Accounting for Information 123 Calculating the Cost of Owning Unstructured Information 124 The Path to Information Value 127 Challenging the Culture 129 New Information Models 129 Future State: What Will the IG-Enabled Organization Look Like? 130 Moving Forward 132 Chapter 8 Information Governance and Legal Functions 135 Robert Smallwood with Randy Kahn, Esq., and Barry Murphy Introduction to E-Discovery: The Revised 2006 and 2015 Federal Rules of Civil Procedure Changed Everything 135 Big Data Impact 137 More Details on the Revised FRCP Rules 138 Landmark E-Discovery Case: Zubulake v. UBS Warburg 139 E-Discovery Techniques 140 E-Discovery Reference Model 140 The Intersection of IG and E-Discovery 143 By Barry Murphy Building on Legal Hold Programs to Launch Defensible Disposition 146 By Barry Murphy Destructive Retention of E-Mail 147 Newer Technologies That Can Assist in E-Discovery 147 Defensible Disposal: The Only Real Way to Manage Terabytes and Petabytes 151 By Randy Kahn, Esq. Chapter 9 Information Governance and Records and Information Management Functions 161 Records Management Business Rationale 163 Why is Records Management So Challenging? 165 Benefits of Electronic Records Management 166 Additional Intangible Benefits 167 Inventorying E-Records 168 RM Intersection with Data Privacy Management 169 By Teresa Schoch Generally Accepted Recordkeeping Principles® 171 E-Records Inventory Challenges 172 Records Inventory Purposes 172 Records Inventorying Steps 173 Appraising the Value of Records 184 Ensuring Adoption and Compliance of RM Policy 184 Sample Information Asset Survey Questions 190 General Principles of a Retention Scheduling 191 Developing a Records Retention Schedule 192 Why are Retention Schedules Needed? 193 What Records Do You Have to Schedule? Inventory and Classification 195 Rationale for Records Groupings 196 Records Series Identification and Classification 197 Retention of E-Mail Records 197 How Long Should You Keep Old E-Mails? 199 Destructive Retention of E-Mail 199 Legal Requirements and Compliance Research 200 Event-Based Retention Scheduling for Disposition of E-Records 201 Prerequisites for Event-Based Disposition 202 Final Disposition and Closure Criteria 203 Retaining Transitory Records 204 Implementation of the Retention Schedule and Disposal of Records 204 Ongoing Maintenance of the Retention Schedule 205 Audit to Manage Compliance with the Retention Schedule 206 Chapter 10 Information Governance and Information Technology Functions 211 Data Governance 213 Steps to Governing Data Effectively 214 Data Governance Framework 215 Information Management 216 IT Governance 220 IG Best Practices for Database Security and Compliance 223 Tying It All Together 225 Chapter 11 Information Governance and Privacy and Security Functions 229 Information Privacy 229 By Andrew Ysasi Generally Accepted Privacy Principles 231 Fair Information Practices (FIPS) 232 OCED Privacy Principles 233 Madrid Resolution 2009 234 EU General Data Protection Regulation 235 GDPR: A Look at Its First Year 237 By Mark Driskill Privacy Programs 239 Privacy in the United States 240 Privacy Laws 244 Cybersecurity 245 Cyberattacks Proliferate 246 Insider Threat: Malicious or Not 247 Information Security Assessments and Awareness Training 248 By Baird Brueseke Cybersecurity Considerations and Approaches 253 By Robert Smallwood Defense in Depth 254 Controlling Access Using Identity Access Management 254 Enforcing IG: Protect Files with Rules and Permissions 255 Challenge of Securing Confidential E-Documents 256 Apply Better Technology for Better Enforcement in the Extended Enterprise 257 E-Mail Encryption 259 Secure Communications Using Record-Free E-Mail 260 Digital Signatures 261 Document Encryption 262 Data Loss Prevention (DLP) Technology 262 Missing Piece: Information Rights Management (IRM) 265 Embedded Protection 268 Hybrid Approach: Combining DLP and IRM Technologies 270 Securing Trade Secrets After Layoffs and Terminations 270 Persistently Protecting Blueprints and CAD Documents 271 Securing Internal Price Lists 272 Approaches for Securing Data Once It Leaves the Organization 272 Document Labeling 274 Document Analytics 275 Confidential Stream Messaging 275 Part Four--Information Governance for Delivery Platforms 283 Chapter 12 Information Governance for E-Mail and Instant Messaging 285 Employees Regularly Expose Organizations to E-Mail Risk 286 E-Mail Polices Should Be Realistic and Technology Agnostic 287 E-Record Retention: Fundamentally a Legal Issue 287 Preserve E-Mail Integrity and Admissibility with Automatic Archiving 288 Instant Messaging 291 Best Practices for Business IM Use 292 Technology to Monitor IM 293 Tips for Safer IM 294 Team and Channel Messaging Solutions Emerge 294 Chapter 13 Information Governance for Social Media 299 Dr. Patricia Franks and Robert Smallwood Types of Social Media in Web 2.0 299 Additional Social Media Categories 303 Social Media in the Enterprise 304 Key Ways Social Media is Different from E-Mail and Instant Messaging 305 Biggest Risks of Social Media 306 Legal Risks of Social Media Posts 307 Tools to Archive Social Media 309 IG Considerations for Social Media 311 Key Social Media Policy Guidelines 312 Records Management and Litigation Considerations for Social Media 313 Emerging Best Practices for Managing Social Media Records 315 Chapter 14 Information Governance for Mobile Devices 319 Current Trends in Mobile Computing 322 Security Risks of Mobile Computing 323 Securing Mobile Data 324 Mobile Device Management (MDM) 324 IG for Mobile Computing 325 Building Security into Mobile Applications 326 Best Practices to Secure Mo.