Spring Cleaning your records and information: Learn from the Clutter Clearing Experts!
April 2019 Edition
Reed Smith, LLP on Defensible Data Remediation
Defining Ethical and Moral Obligations of the Records Manager
Shouting from the Mountain RIM - From Listserv to IG GURU®!
"You Gotta Be In It to Win It" - News about the ARMA NJ Spring Recruitment Drive, #RIMMONTH, a game changing privacy and retention development tool from UCF
Farewell, Treasurer :( Hello, Treasurer :)
ARMA New Jersey Chapter's Newsletter
Mary Hamm, President, ARMA NJ
Updates from our President
Spring is a time of new beginnings and a renewal of life after the long dark, gray days of winter. It is also a wonderful time to renew those New Year’s resolutions of advancing your education and professional development and ARMA NJ is here to help you achieve those goals.
ARMA NJ has a CRM/CRA Workshop on April 10 [Register here] to provide you the opportunity to prepare for this valuable credential and move your career forward.
Following the workshop we have one of our informative Chapter Events “Destroying the Digital Tower of Babel’ presented by Mark Patrick, immediate Past Chairman of AIIM [Register here].
If that is not enough, we will once again present INFORM 2019 and have expanded it to four tracks of educational opportunities, preceded by a day of Professional Development Workshops at Princeton University on June 12 and 13 (more to come).
Please also read our newsletter with articles on the future of our profession in IG Guru, professional ethics by Pascale Privey, a graduate of Dr. Stephen Dalina's Rutgers program and defensible disposal by INFORM'19 sponsor Reed Smith LLP.
So join us as we welcome spring and renew our commitment to continuing education and professional development.
Apr. 10 . Apr. 10 .
BDO Offices Woodbridge . BDO Offices Woodbridge
8am-5pm CRM Workshop . 5:30pm Destroying the Digital Tower of Babel with Mark Patrick, CIP, Immediate Past Chairman of AIIM
Webinar on the Customer Experience
Jun. 12 All Day
INFORM 2019 A Professional Development Day with 1st all-day IGP ARMA Workshop outside of ARMA Live
Jun. 13 All Day
INFORM 2019 4 learning tracks of Risk, Privacy & Security, RIM/IG Best Practices, Strategy & Communications. Come hear what all the buzz is about!
Join us April 10 at BDO offices in Woodbridge, NJ for a highly interactive session you won't want to miss. Speaker Mark Patrick, CIP, Immediate Past President of AIIM, presents "A holistic approach to intelligent information management in high compliance environments."
Thanks to our event sponsor
And please invite your IG, IT and Digital Transformation colleagues to attend with you.
ARMA NJ is proud to announce INFORM 2019 -- our all day educational event on June 143h at Princeton U! Join us for a day of educational sessions, networking, business partner solutions and more. 3 tracks including IG, new tech, and more.
Upcoming Meetings and Events
Same day come prep at our CRM Workshop!
David Cohen,1 Esq.
Partner, Reed Smith, LLP
The business world began its evolution from paper to electronic formats for generating and storing most business records many years ago. However, it is only more recently that certain unintended consequences of this shift have become apparent. Organizations are creating electronic information at a fast clip, and concurrently growing unnecessary volumes and copies of redundant, obsolete, and trivial (“ROT”) data. The failure to remediate or delete excess information results in increased data security risks, data privacy risks, litigation risks, storage costs, and lowered productivity and efficiency when still useful information is intermingled with obsolete data.
Why Is Defensible Deletion Necessary?
Industry observers estimated in 2014 that we were doubling our volume of electronic information created every two years.2 In 2018, it was estimated that 90% of all data in existence was created in the previous two years.3 With this exponential rate of growth, businesses must acknowledge that much of this information is excess data. It is a best practice to retain only information useful for business purposes or legal compliance. The negative consequences of “hoarding” ROT include:
Increased Cost of Data Storage.
Only a single record copy of a business document is needed for retention compliance, but many organizations are paying to host and store the same information in multiple locations across email servers, production systems, or databases. This cost is compounded when old information is retained even after it becomes obsolete for any useful purpose.
Lowered Productivity and Efficiency.
It is estimated that only about 5% of all emails constitute records requiring long term retention.4 The more information an organization or an individual retains, especially that which has no further business value, the longer searches will take to find those items which are actually required for business or legal use. An organization’s network performance can lag due to excess ROT data, and this lag is also analogous to the extra time an employee uses up trying to sift through useless records while seeking what they really need.
Increased Data Privacy and Data Security Risk.
Most organizations collect and retain information about customers, employees, contractors, and other individuals who have a range of data privacy and data breach rights. The trend is toward increased individual privacy rights, as evidenced by the European GDPR (General Data Protection Regulation) and new state laws in the U.S. such as the CCPA (California Consumer Privacy Act). High-profile data breaches put such personal details at risk, and can result in severe reputational damage—as well as extensive liability exposure—for organizations. In short, the greater the volume of personal data collected and stored, the higher the data privacy and data security risk.
Increased Litigation Risk.
No organization is immune from the possibility of litigation, and a common litigation strategy in the U.S. is to promulgate broad information requests to opposing parties. Once litigation is filed or reasonably anticipated, a company must suspend deletion of potentially relevant information. We have seen parties be disadvantaged in settlement negotiations purely because they are hamstrung by the enormous costs of preservation, collection, processing, and review for potential production of items that could and should have been deleted as obsolete long before litigation or an investigation began, or was even anticipated. Because e-discovery is the most time-consuming and expensive phase of most large U.S. lawsuits, a meritless or weak lawsuit can suddenly be valued far higher than it should be due to e-discovery costs. These costs increase with the amount of excess data a company retains. An organization that over-retains data almost always disadvantages itself in complex litigation with broad discovery requests.
How Does an Organization Implement a Defensible Data Remediation Program?
A number of elements are critical to a robust and defensible information governance program, which, by its nature, incorporates data remediation. There are two overarching pieces to this program: 1) a backward-looking aspect that incorporates deletion/disposal of obsolete information, and 2) a prospective, forward-looking aspect that proactively seeks to limit the ongoing and future retention of trivial or redundant information. At the core of both, a records retention schedule should identify what must be kept for business and regulatory compliance purposes, and for how long. Companies that have not updated their retention schedules in a long time should do so before starting data remediation projects.
Backward-Facing Remediation of Obsolete Data:
Identifying sources of obsolete records across the enterprise requires input from the business lines and IT, as well as reviewing hard copy record repositories. Metadata information and document indexes should assist in this review, but, when in doubt, it is advisable to use sampling to confirm the accuracy of these items and indexes to ensure this information is reliable. Classifying the information into record types to match up against the records retention schedule will enable identification of obsolete records and non-record information that may be deleted. Of course, any active litigation holds must be kept in mind throughout to ensure that no information requiring preservation for a legal matter is deleted. This means that having a handle on legal holds is another prerequisite to starting data remediation.
Forward-Facing Future Processes:
It is important to draft or refresh information governance policies and procedures addressing company practices relating to records management, data classification, electronic communications, BYOD programs, legal hold management, data security, and more. Employees should be trained on these items to improve employee compliance. Such policies and procedures also provide a defensible framework, founded on business and legal concerns, for regular and routine deletion of ROT data in the face of any future audits, regulatory inquiries, or litigations. Business departments should maintain and oversee their record repositories to ensure company records are consistently identified and properly maintained.
How Do We Avoid Deleting Data That We Need?
Correctly Identifying Records. In the course of identifying ROT for deletion, it is important to obtain the input and sign-off of all relevant stakeholders across departments – information technology, records management, legal, tax, business leaders, HR, marketing, etc., to ensure that the universe of needs that may apply to a single document is addressed. For example, a payroll document may require retention both by HR and Accounting for various reasons and different retention periods. A well-constructed records retention schedule will address all the business, operational, and legal needs. Legal hold policies and procedures, if implemented correctly, will ensure that no documents or data will be compromised when subject to legal hold.
Training. A well-structured suite of information governance policies will ensure that employees know what records they are responsible for creating, as well as where and how to maintain them. Employees should be educated as to the risks of poor records management practices – not just the impact to their companies but also negative consequences that can befall individual employees.
Recognizing What Is Truly Needed and Letting Go of the Rest. It is often human nature to retain items “just in case” they are ever needed for future use, but the reality is that less than half a percent (.5%) of all data collected is ever analyzed or used.5 The desire to retain for this reason is rarely borne out in practice, while the negative consequences outlined above are very real.
An organization’s risk profile is impacted by a number of factors – the relevant industry and applicable regulations; the jurisdictions in which it operates; its size, complexity, and stakeholders; and its litigation risk, among many other items. Information governance programs must be customized to each risk profile, and even departments and branches within a single organization may be subject to customized requirements for retention and deletion.
Accordingly, there is no “one size fits all” approach to information governance or data deletion, but there are common core principles and tips that are applicable across organizations. Legal counsel and expert consultants with past experience in the field can help customize the right program for each company, help move these projects forward, and help avoid “reinventing the wheel.” Developing a comprehensive information governance plan, complete with appropriate remediation of obsolete data, can seem like a daunting undertaking. However, such efforts can be accomplished in quite manageable phases, and the payoff starts almost immediately, while the alternative of not deleting obsolete data and otherwise managing information properly is fraught with continued and increasing risk and liability exposure.
 Ms. Lust and Mr. Cohen are attorneys in the Records & E-Discovery Group of Reed Smith, LLP, where they have many years of experience counseling clients on defensible records remediation, as well as other information governance and e-discovery issues.
 See, e.g., Vernon Turner, The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things, EMC Digital Universe with Research & Analysis by IDC (April 2014)
 Bernard Marr, How Much Data Do We Create Every Day? The Mind-Blowing Stats Everyone Should Read, Forbes (May 21, 2018)
 Marty Heinrich, Tim Shinkle, A Practical Approach to Email Records Management, GCN Industry Insight (Mar. 13, 2015)
 John Burn-Murdoch, Study: less than 1% of the world's data is analysed, over 80% is unprotected, The Guardian (Dec 19, 2012),
How to Improve Compliance, Lower Costs and Reduce Enterprise Risk
Karen Lee Lust, 1 Esq.
Counsel, Reed Smith, LLP
Spring into RIM!
Planning a Spring Break beach trip? Load up your reader with The Life-Changing Magic of Tidying, Clear your Clutter with Feng-shui and The Gentle Art of Swedish Death Cleaning. IG may not have done clutter zone feng shui bagua or spark joy records, but ARMA and Organize Your Office: A small business survival guide to managing records were first to this de-cluttering party with taxonomy, transparent access and disposal. Death cleaning vs. M&A. Late much, Marie Kondo?
What sparks joy on your shelf?
books on the art of disposal!
Now it's time for your 3-month program of transforming from Coach Potato to IG Road Runner! Get certified like our own ARMA NJ member Torey King, CRM. Inspire your organization. Visit ARMA International starting in APRIL for special RIM month promotional items at https://www.arma.org/page/rimmonth. where they provide thought leadership pieces, online resources and educational tools that reinforce the importance of RIM and IG. Check in with ARMA International starting now in April for new and updated information! Use hashtag #RIMMONTH.
What else sparks joy? RIM month in april!
Carl Mazzanti recently joined our ARMA NJ chapter.
We had the pleasure of meeting Carl at our Professional Development Chapter event entitled "Msaters of Change," which was graciously hosted by the law firm of Drinker, Biddle & Reath, LLP at their Florham Park offices. We wanted to share with you his Information Governance background which we learned through this interview..
What led you to this profession?
I co-founded and serve as Vice President of eMazzanti Technologies. Our IT consulting firm serves the New York metropolitan area and internationally. My company specializes in information governance, cloud solutions, multi-site implementations, outsourced network management, remote monitoring and support for small and mid-sized businesses. Under my leadership, the company made the Inc. 5000 list of fastest growing companies eight consecutive years.
What prompted you to join ARMA International?
I realized l that all of my direct reports joined ARMA members around the nation, but I had not done so yet. I had been meaning to do so for a long time. Customers drive need and innovation. To solve their needs, my team's engagement with ARMA made sense and continues to pay off in spades for our customers and staff. I'm so glad to be a new member.
What do you enjoy most about the information governance?
I enjoy the puzzle of unstructured data and how to mold it into value for an organization. We help our customers discover what's in their data, limit liabilities and drive innovation.
I live by innovation and continuous learning, seek long-term customers who benefit from IG, and enjoy systematically tracking their satisfaction with my 24X7 support and predictable IT costs. I also love to continually train on the latest technologies along with my talented experts on IG, network, cloud/mobile, retail POS, PCI compliance, managed print, and IT security.
What would you consider to be your career highlight or greatest success (e.g., a project or designation)?
Microsoft designated my company as a 2015, 2014, 2013 and 2012 Partner of the Year. In 18 years, the projects, designations and ongoing acclamations continue to get better. Over the period, there are memorable events around mergers, big deals, and business climate changes that drove intense innovation. It's at these moments wher the best of us are challenged, rise to the occasion and win! From the work with the Olympics to the needs of a corporation, I've had the fortune to read about many of the best career highlights in the news.
What advice would you give to an individual considering information governance as a career?
Jump in now! The growth of data is at an explosive rate and IG shepherds are in hot demand.
What do you do for fun?
Outings with the family, snowboarding, sailing, and almost every activity that reminds one of how precious this life is.
What is your favorite place to visit?
If there is Lava nearby, we are going to visit. That's not a restaurant chain. I'm talking about actual Lava Flows. Some of the best places in our world are near volcanic activity. Thankfully over the years, our customer base includes many of these regions which affords a good balance of work and fun with each visit.
What are your favorite movies?
Almost all of the Star Trek movies are favorites of mine which I've watched multiple times.
What has been the most valuable aspect of your ARMA membership?
Peer interaction, knowledge sharing, and best practices are at the heart of my engagement with ARMA. My team lives to serve our customers' needs and our relationships with those who come out of ARMA help us continue to resolve even the most complicated needs.
A Member Profile
meet one of our Newest Chapter members.
You are not the first to ask... I would say keep it... just in case.
Views photographed across the Hudson River by Lucy Rieger, CRM, MLS from ARMA NYC Educational event on March 5th: ARMA NJ Past President & Board Member Ilana Lutman, CRM and Past VP - Membership Liz Steinberg, CRM.
ARMA NJ chapter members Hon. Ron Hedges and Ilana Lutman, CRM, IGP at ARMA NYC Conference
Keynote facilitator Michael Potters of Glenmont Group at ARMA NYC Conference Mar. 5, 2019
As many of you know, my wife recently accepted a job transfer opportunity in Cambridge, MA, and I will be joining her there in April. As I prepare to enter this new chapter of life, I can’t help but reflect upon my 30 years in the records and information management field, and participation in ARMA. I’ve had the good fortune to serve as a member and officer in several ARMA chapters over the years, including a term as president of the former Central New Jersey chapter. Each of these experiences has greatly added to both my professional knowledge and personal development, enhancing my career path for the better. I’d like to thank all of you that I’ve gotten to know and work with through ARMA for your support, professional advice and friendship. I’d also like to thank all the chapter board members I’ve had the privilege to serve with over the past three years. It’s been great to work with and learn from each of you, and I wish you all the best for the future. The chapter should be proud of the direction and initiative shown in putting on the INFORM Conference last year, and continuing this tradition in 2019 and beyond. The educational opportunity afforded by this gathering is critical to RIM practitioners as the field continues to evolve into the more interdisciplinary and technically-challenging realm of Information Governance. Wishing you all the best and hope to see as many of you as possible in the future .
Farewell and Good Luck!
Chapter News :(
Farewell NJ! -- Will Henson, CRM, IGP
Thank you for all you have done for the Chapter and best of luck on your new endeavors!
Get to know Pauline Drummond, ARMA NJ's newest Treasurer.
What led you to the IG profession?
Over the years, I worked in various companies and held various compliance roles in the compliance arena at fortune 500 companies (i.e., banking, a beverage company, a construction company and now insurance). I started in the audit department of a major bank after graduation. During my tenure as an auditor, I found out that I liked reviewing processes, procedures and anything to do with compliance. I also worked on the accounting operations side of the house ran and managed a corporate accounting department, but found that I did not like quarterly and annual closings (the hours were too brutal). I found that working in the compliance field gives me the flexibility and the opportunity to think outside the box and create processes that makes sense for the operations group.
As to what led me to where I am today, let's not just say I did a great job with Business Continuity and Privacy and was “drafted” for Records Management. I didn’t mind. It gave me the opportunity to work on the implementation of the new content management (electronic) repository and automatic disposition.
What prompted you to join ARMA International?
A work associate, Linda Pace.
What do you enjoy most about the information governance or records management?
Thinking outside the box. I find that sometimes the people who write the standards, processes and procedures have no idea of the impact to operations.
Finding a way to transform ideas while making it user friendly for operations while complying to standard makes my day.
What would you consider to be your career highlight or greatest success (e.g., a project or designation)?
I can name three which I am proud to be a part of. I learned a lot from being on those projects and still use the lessons learned.
While working as an auditor, I discovered fraud payments during testing. It took a lot of digging but I found the link and that made me the “defacto” subject matter expert. I was asked to stay on the investigation team and see it through to the end. It was great to see all the deals that went into an investigation.
At my current employer, a second was managing the implementation of the first Business Continuity Pandemic program (aka Health Crisis) from a technology prospective. The project timeline was extremely tight, and my role was two-fold. Making sure all the technology infrastructure was in place and available and from the business side of the operations determining how we would ensure we would have the proper resources to function in a Pandemic mode. The expertise we bought to the table was a project manger’s dream.
Also with them, working on the implementation of a new Business Continuation data center in Japan was a third. It exposes me to a different culture and the way business is conducted in other countries. It opened my eyes to a world of possibilities.
What is your best memory of an ARMA International experience?
Visiting the Thomas Edison Museum last October. It was very informative.
Do you or did you have a mentor who has helped you in the information governance or records management fields?
Yes, she was very helpful, provided guidance and that helped me developed critical skills (i.e., thinking outside the box).
What advice would you give to an individual considering information governance as a career?
Approach information governance with an open mind, be flexible, respect others and find ways you help the operation reduce redundancies that can ultimately save money. At the end of the day that is a major contribution to an organization.
What do you do for fun?
Love reading and traveling.
What is your favorite place to visit?
Aruba with my family, love the cool breeze!
What are your favorite movies?
Love all the Marvel movies (Ironman, Avengers etc.…)
What is your favorite quote?
Let no one define who you are and always know
that you can.
Is there anything else you would like to add?
I have been married to my husband Robin for 23 years and we have 2 beautiful kids. Alexa is in college and Paul is in High School. They keep me grounded and let me know every day that I am loved and valued.
A Chapter Leader Profile
meet one of our Newest Board members.
Early Bird Registration
ARMA Regional Leadership Conference
A few Words from our Newest CRM Torey King, joining Allison Matos in '19!
Angel Ramos promotes INFORM'19 in mer/ARMA chapter webinar
MER generously promoted our upcoming INFORM conference during BNY Mellon's Kaushik Kiran, MBA, MCA and our chapter member Angel Ramos' first webinar, jointly promoted by MER and ARMA NJ. To see it, sign up for "Level Up! Assess, Align and Automate your Information Governance Program" at the free MER Sapient Library.
For me, the biggest challenge in the whole process was learning how to prepare for Part 6. The second biggest challenge was actually preparing for Part 6. The Institute of Certified Records Managers (ICRM) website has plenty of information to help you study for the first five exams, but has very little guidance about preparing for Part 6. Therefore, it’s essential to work with a mentor who has access to practice exams and will give you constructive feedback on your practice essays. After I reached out to ARMA NJ and Lucy Rieger was assigned as my mentor, everything fell into place. Thanks again, Lucy!
My advice for those in the process of or considering taking the ICRM exams is to first determine your strengths and weaknesses related to test taking and preparation. Then, develop preparation methods that will work best for you. Seek out the many resources available from ARMA NJ, the ICRM website, and other sources. Communicate with as many of your colleagues who have taken the exams as possible. Track your certification-related expenses so you can apply for the annual La ARMA Nostra Certification Reimbursement Awards administered through the ARMA International Educational Foundation. I was honored to be a recipient of a $500 grant in 2017, which was very helpful in covering exam fees and book purchases. Lastly, know that passing all six exams may take longer and be more challenging than you anticipated. But, remember that the CRM designation is meaningful in our field because the process of earning it is rigorous and through that process you will benefit both professionally and personally.On the morning of September 10, 2018, I received the exciting news via email that I’d passed Part 6 of the Certified Records Manager (CRM) exam and was now a CRM. Hooray! I was relieved and proud to learn that my belief on August 7 that I’d actually passed that grueling four-hour essay exam was correct. I’d been working towards becoming a CRM since the summer of 2015 and had been forced to step away from it for more than a year and a half during that time. Through hard work, good planning, and perseverance, I’d reached a major milestone in my records management career, one that can help me attain more milestones in the future.
Practice what you preach
Earn a chance at an all-expense paid trip to the ARMA Int'l. Conference for new recruits to ARMA New Jersey chapter. Ask them to sign up and mention YOUR NAME and YOUR ARMA CHAPTER'S NAME. Easy-peezy! Plus, your chapter gets a small bonus per member. Plus-plus, chapter bragging rights! You have from April 1 to June 30, so start recruiting. It's time to tell others the value ARMA brings to our members and our profession.
Chapter membership rock solid
ARMA NJ has undertaken its first records and library inventory in more than 2 decades. We plan to practice what we preach by comparing our files against the chapter records retention schedule and weeding obsolete books with no historical value. Secretary Angel Ramos anticipates completing this work by the end of our 2018-2019 season. BooYAH!
Spring recruitment drive = $$$ 4U
It's time to spread the seeds of our profession! Many of you know the value of the New Jersey chapter to your career development. Now our chapter aims to attract more information governance to bolster their credentials and profession by learning the benefits of an chapter membership. And until June 30, ARMA International offers a chance for anyone who successfully recruits members to be entered into a drawing to win valuable prizes that include an expense-paid ARMA International Conference 2019 package. For consideration, have your recruit mention the ARMA NJ chapter and your name. Start your engines!
Recruit new members for raffle & Glory!
Membership within the ARMA-NJ Chapter continues to hold steady. We need help on the Board of Directors with appointing a Membership Director position to help manage the ARMA International Spring Recruitment Drive which launched this month. We'd love to have you on the ARMA-NJ Leadership Team. If you're interested in learning more details, reach out to President President Mary Hamm.
I'm American, so I'm still fighting for my right to be remembered!
Kerry MacInnes of Unified Compliance Framework re-shared an ARMA/UCF webinar link to the RIM Reporter showing the "value of the UCF (with data viewed through the Common Controls hub)...To [her] and [her] GRC Partners, it certainly is a game changer" to information governance, records and privacy professionals for retention schedule and GDPR (General Data Protection Regulation) and state privacy program development.
Them Common Controls Hub is free to ARMA members with a fee charged to be able to connect to citations database and individualize for your organization.
bonuS to our chapter: UCF webinar
from Listserv to IG GURU®!
"[IG GURU®]...reach[es] privacy, security, IT, and legal professionals that weren't previously on the Listserv." - Andrew Ysasi
"[S]ome in the profession ... think IG is just a new name for RM; sadly they are incorrect. Both will grow over time." - Peter Kurilecz
Peter A. Kurilecz,
FAI, CRM, CA, IGP
IG Guru's Peter Kurilecz and Andrew Ysasi generously made themselves available to the RIM Reporter to discuss their new social media platform and the not-so-new Records Listserv.
Angel Ramos: What argument(s) convinced you, Peter Kurilecz and Marc Wolfe to migrate from the Listserv to IG GURU®? In fact, what discussions led to the original Listserv?
Peter Kurilecz: Marc and I had started to do some succession planning around who could be invited to be new listadmins for RECMGMT-L. Marc has been a listadmin for over 20 years and I for about 15 years. as such we believed that we needed to seek out someone willing to take the duties of a listadmin. During our discussions, Andrew approached us about migrating the listserv to IGGURU. The listserv has been hosted by the University of Florida for about 20 years give or take. Their hosting was a handshake agreement. They could at any time have told us to find a new home. Andrew's proposal was a godsend. We had several discussions, which were fruitful.
Andrew Ysasi: First, I want to thank Angel Ramos, CRM, IGP, MLIS for giving me the opportunity to speak about IG GURU®. IG GURU® started early 2018. I had left the Institute of Certified Records Managers (ICRM) about a year ago to focus on my day job. Soon after I left, something kept pulling me to giving back to the industry. I bought a domain and registered an LLC called IG GURU thinking maybe someday I’ll do something with it. I started posting news that I thought was interesting and timely related to the industry. It was pretty much posting news articles as needed until June.
I heard from a good friend of mine in the industry who wanted to know more about IG GURU®. After that discussion, it dawned on me that IG GURU could be more than just news, and further, my friend said he would sponsor the endeavor and others would likely come aboard. IG GURU® could be the place where people in our industry from various associations, universities, and vendors could all come together and collaborate. After some contemplating and research, it dawned on me that something already existed – the Listserv. I reached out to Peter Kurilecz to ask the basic questions of who owned the Listserv? What was its future? After several calls with Peter Kurilecz and Marc Wolfe, we decided to migrate the Listserv to IG GURU®.
The migration of the Listserv wouldn’t be easy. We broke up the migration into two phases. First, we started with the users and second, the content. Users were invited into the IG GURU® community on September 1st, 2018. Our tech team is working on archiving the content of the Listserv, and we hope to have that completed soon.
Now that the Listserv community is with IG GURU®, there are many more features available to members. First, the forums are broken out into General, Events, Jobs, Marketplace, and News. Unlike the Listserv, vendors now have space where they can promote their services, products, and events without consequence. Further, users can continue to respond to and post questions in the General forum on topics or questions related to Information Governance. Posts can have attachments, and users can update their profile to add a photo and contact info. Second, there is a headline about our industry posted on the main page at least daily during the week. Third, the WordPress app can be downloaded so that you can follow IG GURU® on your smartphone or device. Last, we have wonderful sponsors who are sponsoring future book giveaways and education through our sponsors. The sponsors to date include Access, Interstate, VRC, Zasio, San Jose State University, Polygon, Record Nations, CSR, MER Conference, LexiTrac, Risk Strategies, NRC, Montana and Associates, Admovio, and InfoGov World Magazine.
My desire is that IG GURU® and its members are collectively thought of as the gurus of all things IG. I expect our forum to grow and become more vibrant as our profession grows. I anticipate our community relying on IG GURU® to learn about what is going on in our industry, matters that could impact our industry, looking for a job or candidates, seeing what event may be occurring near them, and finding out the latest and greatest IG solutions available on the market. I hope that our partnerships with associations, universities, and vendors increase. Regardless of why people go to IG GURU®, I hope they are better for being a part of our community. Last, regardless of what happens with the association(s), you belong too, or the job you have, IG GURU® will be there along with the 20-year history of the Listserv.
Angel: Do you have an ETA on Listserv content migration? Will you classify and structure it?
Peter: Andrew can speak to the technical arrangements about migration, but I can tell you that it is being done very carefully since during a previous migration we lost the archives of the early years of the listserv. So far, IIRC 99% of the content has been migrated. The content will be categorized based upon the subject lines of the messages. There is no way to establish categories for the messages; however, the search engine will be better than what Listserv provided.
Andrew: We have the Listserv data, but I'm not happy with how it displays or how it is searchable. I'm in negotiations with Listserv software to purchase a lite perpetual license for me to host archive there.
Angel: How do you plan to promote user adoption of IG GURU®?
Peter: Again, Andrew can provide more detail. Andrew and his team sends out an invitation to a group of listserv subscribers. Wordpress limits how many addresses can be sent. Just like with the Listserv word of mouth will probably be the prime promotional strategy. articles in chapter news letters is another promotional vehicle. Andrew has also created swag with the IG GURU logo/name on it which can be handed out at conferences and trade shows.
Angel: Where do you see the community in 1 year, 5 years and beyond? For example, video and podcast content? ROI calculator tools?
Peter: I'll let Andrew answer.
Andrew: We will certainly see growth. As our sponsors work to promote our site and we become more known by our own efforts we hope to have at least a 20% year over year growth in new users. We reach privacy, security, IT, and legal professionals that weren't previously on the Listserv. Difficult to say whether IG GURU will be the creator tools, however, if the industry needs it I can't see why IG GURU wouldn't take on that type of project.
Angel: Similarly, where do you see the RM and IG professions?
Peter: IG is only going to grow more. I see more and more news articles speaking of the need for IG. There are some in the profession who think IG is just a new name for RM; sadly they are incorrect. Both will grow over time.
Andrew: As privacy regulations continue to roll out globally and as criminals continue to hack, there will be a need for IG and RIM. Like Peter said, they are not the same thing. IG is strategic and integrates with other functions as well as the overall strategy of the business. RIM will continue to evolve as new software, tools, and technologies such as AI and blockchain start to mature.
MS, FIP, CIPM, CIPP, CISM, PMP, CRM, IGP
Shouting from the Mountain RIM
"I remember the Boston College case [about surrendered confidential archives leading to Irish arrests] very well - posted lots of RAIN [...Records and Archives in the News, which Mr. Kurilecz transferred from the records listserv to https://paper.li/RAINbyte/ and later also to https://twitter.com/RAINbyte]."
- Peter Kurilecz
"IG GURU® could be the place where people in our industry from various associations, universities, and vendors could all come together and collaborate." - Andrew Ysasi
IG GURU® could be the place where people in our industry from various associations, universities, and vendors could all come together and collaborate.
-- Andrew Ysasi
Masters of Information
Ethics is at stake in any professional life, but Records Managers are particularly concerned as they are in charge of storage and final deletion of any written documentation produced within the organization. A code of ethics is mandatory to allow Records Managers to fulfill their task and to train employees to participate in Records Management. Many newsworthy events and legal affairs prove that ethics is at risk in Records Management; they also demonstrate how dangerous unethical behavior can be in such area.
2. Importance of a meaningful code of conduct that the Records Manager should follow
All of us are supposed to behave ethically; it’s a social skill before being a Records Manager’s one. Nobody would assert that organizational ethics is a matter of Records Management only. However, as the custodian of records, a Records Manager oversees the organization’s memory: past facts, including past mistakes; messages, including those which gave dubious advices; memos about mistakes and weaknesses; and so on. What to do with all that embarrassing stuff? The Records Manager position is a critical one for sure; therefore, Records Managers will often feel under pressure.
What to do if someone from the management team asks the Records Manager to delete something embarrassing? What to decide when the same Records Manager discovers potentially harmful records? What if the legal department ask to delete records without justifying such deletion? What if a judge asks for something the Records Management department owns for sure, but the management team asks not to provide? All those situations are critical… and, even when everything is just happening normally, embarrassing choices must be done.
Chris Hurley (2016) propose a table of ethical contents which allows to figure out how complex are ethical behaviors:
Ethical behavior is classified in the second column, second line; which means it’s codified, and results from individual (or group) responsibilities. Protecting one’s organization is ethical; protecting the whole society against one’s own organization is not – even if whistleblowers still are acting in the name of ethics.
The author underlines that professional ethics cannot exist without codification; thus, building a code is mandatory:
“Professional ethics are not unrelated to morality, but they are distinguishable from acts of conscience. An act of conscience emanates from a moral code. A Code of Professional Ethics itemises professional behaviours which are collectively approved as good practice (whatever we may think as individuals) or behaviours which are collectively condemned and are therefore disallowed even if individually we see do not agree with that.” (Hurley, 2016, p.1)
To clarify what ethics means, the author lists several features of it:
“Being ethical is a sub-set of being accountable. This is not the same as being moral. Being accountable means: clarity of role (knowing who is accountable and to whom), clarity of function (knowing what are you accountable for), measurement (having standards or bench-marks to be measured by), monitoring (some method of punishing or correcting deviance)” (Hurley, 2016, p.5)
According to this definition, ethics cannot exist without a standard, which means a record if it exists, it’s available, and it is protected from distortion or destruction. By definition, for ethical behavior to exist, “there must be agreed, or shared, or at least knowable expectations.”(Hurley, 2016, p.4)
3. Personal responsibility of the Records Manager to his/her client, employer and organization
A Records Management professional is the one who knows what is stored, how to store it, and which are the rules to follow. Thus, (s)he’s responsible. Let’s take a recent scandal in Sweden as an example: an administrative organization publicly released personal data about its employees by mistake. Who is responsible? The one who manages records retention cannot pretend (s)he’s not. Protecting privacy is a duty for every organization; the Records Manager is the one who stores and protects records, thus (s)he’s responsible for failure to protect private records. Personal identifiable information (PII) cannot be collected but if the organization needs it, and it must be protected until it’s destroyed. Moreover, rules about them are not the same depending on the country (de Jager, 2002). Applying laws protecting PII is the organization’s responsibility, thus it’s the Records Manager’s responsibility.
Ethics is particularly important to IRM professionals because records are used as proofs, and more generally as repositories of what happened before. They often are our only reliable link to past events – thus, they allow us to trustfully build on this past. In the United States, providing records a judge asks is a legal requirement. The only person who can answer such subpoena is the Records Manager. If he fails, and he has no sturdy Retention Schedule to provide to justify such failure, his/her organization will be fined. It’s another responsibility. Many organizations try to protect themselves by pretending records about a given case of misconduct are not available; such strategy doesn’t pay. Other organizations are trying to find records to prove they are right, or to prove a given employee did a mistake; the Records Manager must provide such content. In administrative organizations, the Freedom of Information laws (FOI laws) requires to provide records to anybody who wishes to consult them; again, the Records Manager is responsible for providing them.
More generally, every document produced by the organization will be managed by the Records Management Department; employees will ask documents they need. Proper storage is mandatory, and the Records Manager is responsible for it.
All those responsibilities are taken in consideration when building the Records Retention Schedule, which will allow the organization to comply with laws and rules, will optimize storage and space use, and will minimize employees’ losses of time. But such schedule is not enough: it must be ethical, but ethical dilemmas will still arise in unusual situations.
4. “Standard” code of conducts that RIM Professionals should be aware of and follow.
Most of us strongly want to be ethical, and the ones who don’t care are generally forced to do it by external constraints - legal or hierarchical. But such will alone won’t lead to the best choi.es. How to achieve an ethical behavior is often dubious, and may lead to contradictory choices depending on who makes the decision. Moreover, figuring out what to do when such contradiction occurs is very time-consuming… Organizations cannot afford letting Records Managers dealing with ethics alone; providing guidelines may help them to adopt a consistent course of action.
Moreover, providing a code of conduct is necessary because it’s the only way to be sure that everybody believes in similar principles, shares the same values, and knows what is expected. Social codes are implicit, and cannot be cited to prove someone made it wrong. When privacy is conflicting with the right to be informed, for example, Records Managers have to build their solution on something explicit, and sturdy, as a code of conduct is.
Such code is displaying general principles which must be translated into specific rules; it’s a framework. Indeed, RIM professional are not allowed to let things happen if not specific rule already exists; they must promote sound ethical records management principles.
5. Who the Records Management professional interacts with within an organization to provide sound ethical principles
Myler (2008) focusses on minimizing risks in an organization by providing a sturdy RM program, and her guidelines apply to providing ethical principles; I listed the ones which allow to figure out who will interact with the Records Manager.
• Gain senior management approval: interaction with senior management
Write a policy statement which clearly defines records-related terms and outlines program requirements.
• Inventory and document the company's records content, by surveying every unit. Analyze and synopsize the inventory interviews and findings, arriving at a classification scheme based on the business' functions: interaction with employees
• Research retention and compliance requirements and create a guideline for them: Interaction with the legal department
• Ascertain the company's operational requirements: interaction with management
• Train staff on the retention schedule and records program: interaction with employees
Moreover, interacting with external partners (like storage companies) is mandatory. The Records Manager must know about how records are dealt with when they leave the organization.
6. List Components of a Records Management Program and note the benefits that moral/ethical business practices play. Continue by supporting the components by citing any legal ramifications of unsound ethical decision making.
A records management program requires a Records Management team / department, an organization-wide inventory of records, clear rules and principles listed in the RM policy, a Records Retention Schedule to give practical guidelines about any existing documents. It should include every record (personal, electronic, public, and so on).
The more complete and clear such program is, the less ethical issues will arise: indeed, there won’t be unintentionally hidden or lost records; if someone decide to hide some records, like meeting minutes or personal messages, it will be easier to notice it; if the firm must defend itself, it will find records for it; if it accuses someone else, it will have proofs; if a subpoena forces it into providing records, there won’t be any ethical issues – records would be available, and provided, or wouldn’t, depending on a clear Retention Schedule.
Unsound ethical decisions, like deleting documents because they may prove the organization is guilty of something, has financial consequences (trouble with taxes and budgets, huge fines), and legal ones: when businesses are facing legal action or audit, being unable to produce records in a timely fashion and issues with retention tracking will be condemned. People having shredded records, or people who kept silent after discovering proves of misconduct, can face personal penalties. People having failed to protect records (vital records, personal records, historical records…) may face charges too.
7. Identify newsworthy events that have tested RIM professionals in their obligation to promote sound ethical records management principles. Continue by analyzing laws that promote ethical record keeping practices. Select a few instances/examples where adherence to ethics could have prevented any negative impact to companies or individuals.
• It was recently revealed that Trump’s crew was using specific communication tools designed to delete information as soon as the message was read, to avoid such messages to be managed as presidential records (kept forever!). It’s an interesting example of arising issue related to technological change: existing Records Management guidelines did not foresee such situation. However, it’s clearly an unethical way to deal with presidential messages, which resulted in a public scandal.
• As European firms seldom have a Records Management Department, my second story is more about the lack of Records Management – but it would have lead a potential Record Manager to an ethical dilemma. As told by Stanley W. Silverman (2015),
“The Volkswagen Dieselgate scandal is a lesson to all boards and CEOs about the importance of tone and culture, as well as providing a hotline for lower level employees to report misconduct within their units of the company. It’s also a lesson of what can happen when the employees of a company purposely do something illegal, not only in terms of financial cost, but also the loss of trust of all of its stakeholders.”
Records Management is not even mentioned – but Volkswagen tried to respond the US inquiry by stating that events were not documented, memos couldn’t be found, and meeting minutes were lacking. Such claims should worsen a case either than making it better. As a result of this strategy, several employees were condemned to long prison terms, and huge fees, in the US. Yes, honest employees could have been whistle blowers if a hotline had existed, but the Records Management could have warned the management team long before – and could have provide documents to the justice. Now let’s imagine a Records Management existed: what would have been the Records Manager behavior? Protecting his/her firm? Or protecting people from pollution, and himself/herself from jail?
• My third story is about banks: in 2017, BNP Paribas, a French bank, was condemned to huge fines because of illegal arrangements between traders; lacks in Records Management made its case harder. According to a Federal Reserve’s press release, “The Board levied the fine after finding deficiencies in BNP Paribas's oversight of, and internal controls over, FX traders who buy and sell U.S. dollars and foreign currencies for the firm's own accounts and for customers. The firm failed to detect and address that its traders used electronic chatrooms to communicate with competitors about their trading positions.”
• And a last one… Include some newsworthy events that have tested RIM professionals in their obligation to promote sound ethical records management principles. In 2013, the Howard University Hospital in Washington had a security breach. One of their employees violated the Health Insurance Portability and Accountability Act (HIPAA). The employee used her status to access patient information, and she sold it, during more than a year. Thousands of patients from the same hospital were also informed that their personal and medical data was at risk when a laptop containing such data was stolen from a hospital worker’s car. Records were not protected accurately in this hospital for sure…
Records deletion may be condemned, and considered as a proof of criminal intentions by a judge; as Cox (2013) reminds us, unauthorized destruction of federal records (by the CIA in the case he studied) may be condemned according to the Federal Records Act, which forbid any records deletion unless the NARA had approved it. Undocumented records deletion is considered as unethical, and, thus, as a presumption of guilt.
More generally, it’s unethical to fail to comply with laws framing records management, like Equal Pay Act, Occupational Safety and Health Act (OSHA), Fair and Accurate Credit Transaction Act (FACTA), Uniform Electronic Transactions Act (UETA) or Federal Family Educational Rights and Privacy Act (FERPA). Such laws impose Records Management principles to protect people; if Records are deleted to avoid issues to be revealed, ethics and justice are both at stake.
Last, keeping unnecessary personal information and putting it at risk also is an ethical error; it can lead to enormous penalties. “Recently a hospital chain named Prime Health Care Services Inc. has agreed to pay $275,000 to settle a federal investigation into alleged violation of patient privacy.”, state Ozair and Alii (2015).
It’s not always easy to state if adherence to ethics could have prevented any negative impact, but some stories clearly prove that such adherence would have make a difference: for example, allowing an hospital worker to store personal data (not even encrypted) in his laptop was unethical; to let traders sending messages without storing them (BNP Paribas), or to delete meeting minutes (Volkswagen) also was. In the first case, more ethics would have lead to better data protection (and the hospital wouldn’t have sent thousands of warning messages); in the second and third ones, maybe the related plots would have been revealed before, or at least the firm would have been condemned to slighter penalties.
All those considerations prove that being ethical is a good way to protect oneself, and one’s organization, specially when records management is at stake. However, I’d like to emphasize, as to conclude, that ethics is a value even when nothing is to fear!
ARMA International. (2017). Code of professional responsibility. Retrieved from http://www.arma.org/who-we-are/code-of-professional-responsibility
Cox, D. (2013). Archival Ethics, Law and the Case of the Destroyed CIA Tapes. Journal Of Information Ethics, 22(2), 90-101. doi:10.3172/JIE.22.2.90
de Jager, P. (2002, September/October). Ethics: Good, evil, and moral duty. The Information Management Journal, 82-85. Retrieved from
Hurley, C. (2016): Ethical dilemmas in records management. figshare.
https://doi.org/10.4225/03/58057775c8770 Retrieved: 19:11, Nov 19, 2017 (GMT)
Myler, E. (2008, Jan/Feb) Minimizing Risks through a Corporate Information Compliance Initiative. Information Management Journal, Vol. 42 Issue 1, p58-63
Ozair FF, Jamshed N, Sharma A, Aggarwal P.(2015) Ethical issues in electronic health records: A general overview. Perspect Clin Res. 2015 Apr-Jun;6(2):73-6. doi: 10.4103/2229-3485.153997. Review.
Links to news articles:
Federal Reserve (07/17/2017) press release retrieved from
Henley. J. (2017) Sweden scrambles to tighten data security as scandal claims two ministers. The Guardian retrieved from https://www.theguardian.com/technology/2017/aug/01/sweden-scrambles-to-tighten-data-security-as-scandal-claims-two-ministers
Mazmanian A. (10/10/2017) Can anyone check the president on records management? FCW magazine. retrieved from
Silverman S. (10/05/2015) VW employees responsible for 'Dieselgate:' Where's the legal, moral, & ethical compass? Bizjournal retrieved from https://www.bizjournals.com/philadelphia/morning_roundup/2015/10/volkswagen-dieselgate-legal-ethics-silverman.html
The Records Manager's ethical and moral obligations in an organization and as a professional
Above left, PSE&G's Charlene Trexler and Jim Sloan going through catalog files
The ARMA New Jersey chapter offers business partners
the opportunity to put their company's name, products, and services before the highly targeted audience of records and information management professionals in the tri-state area. Interested in advertising in our newly designed newsletter? Full page ads are now available in addition to our other sponsor and advertising opportunities. Contact us to learn more!
Be seen in our newly
Your ad here.
Workers handling documents-headed-to -the-shredder save 1904 to 1940s Bowery Savings Bank Records. Well past retention requirements and misclassified as "old newspapers and trash" by Capital One, now records continuum provides them with historical and intrinsic value for researchers if no legal, fiscal or administrative value. Of course, living data subjects with PII are unlikely.
The #metoo project at Harvard continues to collect over 50 hashtags like #TimesUpTech and #ChurchToo to preserve the #MeToo Movement with tools like Social Feed Manager, Webrecorder, Media Cloud. Coalition for Networked Information’s Clifford Lynch notes in famous 2017 paper about discomfort most traditional archivists do not engage in the effort to “create, capture, curate the “‘Age of Algorithms’” documentation (Clifford Lynch, “Stewardship in the "Age of Algorithms", ”First Monday, v22n12, https://firstmonday.org/ojs/index.php/fm/article/view/8097/6583).
New Yorker’s Nora Caplan-Bricker says, “Survivors used #MeToo to dredge their experience for inclusion in history.” (Nora Caplin-Bricker, “The Challenge of Preserving the Historical Record of #MeToo,” (11 Mar. 2019), https://www.newyorker.com/tech/annals-of-technology/the-challenge-of-preserving-the-historical-record-of-metoo).
Take a virtual tour of #metoo Digital Media Collection at the Schlesinger Library on the History of Women in America, Radcliffe Institute for Advanced Studies, Harvard University at https://www.schlesinger-metooproject-radcliffe.org/.
Thanks to Tweet by Peter Kurilecz on Twitter.
Peter Kurilecz (@RAINbyte)
3/11/19, 10:00 PM
The Challenge of Preserving the Historical Record of #MeToo | The New Yorker bit.ly/2EXsBjR
Check out this article regarding a microbiology experiment that is planned to be executed across 500 years. (Zhang, Sarah, "The 500 Year Long Science Experiment," The Atlantic, (2019).
Information management Challenges in the news
NASA unsealed pristine Moon Rocks for the first time in 50 years, preserving their Intrinsic value.for scientific study.
Lunar Library backs up civilization (Gunia, Amy, "A 30-Million-Page Library Has Blast Off to the Moon As a 'Civilization Backup'," Time, (2019).
Stay up to date and follow us on Twitter.
ARMA New Jersey Chapter is comprised of a diverse group of Information Management professionals who are a multi-faceted representation of industries across NJ, NY and Eastern PA.
The ARMA NJ Chapter Meetings, guest presentations and information seminars allow us to offer to you: networking, professional exchange of information, identification of business trends and an interactive, fun-filled atmosphere while learning.
New Jersey Chapter
Anne Marie PHILLIPS
Immediate Past President
Director of Hospitality
Director of Sponsorships
Director of Technology
Director of Webinars
Director of Newsletters
Dana Van DEUSEN
Secretary & RIM Reporter contributor
Director of Treasury Operations
Director of Membership
Director of Live Programming
Immediate Past President
Visit us at ARMANNJ.org
Meet our board.
Connect with over 200 connections on our
Connect with us.
Join our email distribution list.
Thanks to our event sponsor