NEW YORK -- A consultant specializing in information governance told a Storage Decisions crowd Tuesday they must...
help their organizations understand the realities and limitations of technology as it fits with compliance because "If you don't do it, nobody else will.
"Lawyers create policies that are well written, astonishingly intelligent and absolutely impractical," said Barclay Blair, information governance practice director at Phoenix-based Forensics Consulting Solutions LLC. "Somebody has to help understand the realities of technology. You bring an understanding of how information management works."
During his talk, "A Storage Manager's Role in Information Governance," Blair defined information governance as "the people, processes and tools to help organizations help manage information better."
"Whose problem is this?" he asked. "Who should be responsible? The storage manager? Compliance manager? Litigation attorneys? Business managers? That's a complicated question. But there's no question the storage manager has some kind of role in the governance of information."
Blair said that role is to bring the storage voice to governance policy development. He said storage managers must learn the basic principles of compliance, including the most important regulations affecting their companies, educate business people on the difference between backup and archiving, and help the organization understand the full hard and soft costs of storage archiving by boiling it down to cost per gigabyte.
Tackling the problem consists of setting a foundation (policies), implementing it (tools and training), remediation (cleaning up the past) and continuous improvement (audit and adjustment). The goals are to reduce risk and costs.
"Cleaning up the past isn't the first step, it comes along later," he said. "Let's build the world we want to move into first."
Blair said storage managers should address PST/NSF files, implement a legal or litigation hold process, reduce volume with smart storage and archiving, and use data classification tools. He advised against imposing mailbox size limitations without a retention and archiving strategy, and said not to let employees decide how long email records should be retained.
He added that email is today's culprit because "email is frankly a disaster when it comes to compliance and litigation. No one on the planet decided to use email, it just came along. They didn't think about the legal and compliance implications of the technology. The world is awash in email; we've lost control of it."
However, he said organizations must consider how to manage the proliferation of social networks and other new collaboration tools. "If we're going to use them, we have to legitimize their use, formalize their use and socialize their use," he said.