Debra Logan

A member of the Gartner Blog Network

Debra Logan
Research VP
5 years at Gartner
25 years IT industry

Roles and Responsibilities Debra Logan is a vice president in Gartner Research. She covers enterprise content management, records management, knowledge management and worker productivity, intellectual capital, and intellectual property topics and compliance as related to documentation... Read Full Bio

A Whole Lotta Lawyers

by Debra Logan  |  February 10, 2010  |  2 Comments

I spent part of last week at Legal Tech, the ‘world’s largest Legal Technology conference.’  I certainly hope that claim is true, because it was indeed a large gathering.  Although my own interest in information governance encompasses quite a few areas, I am very focused on how information management and risk management are related.  The need for information governance becomes apparent at a show like Legal Tech, where you can see the consequences of not taking care of governance in the first place.  All those lawyers, paralegals, lit support managers, vendor representatives, judges and who knows who else were there to find better ways to manage information using technology. 

The ‘stuff’ of a legal case, at least a civil case,  is essentially two people or groups who have different stories concerning a particular event.  It can be as simple as ‘you breeched a contract’ versus ‘no I didn’t’ or perhaps ‘yes I did but here’s why’.  It can also be very complicated.  Particularly in large companies, no one has the whole picture and that picture must be pieced together from the stories people tell and the documentary evidence or testimony that they can produce that supports their side of the argument.   Of course, that documentary evidence is now mostly electronic.  Electronically stored information(ESI) is a HOT topic in legal circles and most lawyers don’t know all that much about it, or if they do, are concerned with making use of it in any way they can, offensively or defensively.  The problem these days is naturally compounded by the sheer volume of the stuff.  With companies being in the state they are regarding the proper management of information, lawyers can no longer conduct exhaustive searches of all that is available.  In large class action suits (think of the tobacco litigation) there are millions upon millions of  individual items that might be considered, millions of items to find, and millions to produce.  It cannot be done without technology, certainly. 

The legal profession has come to this conclusion.  Lawyers, whether they be in-house or outside counsel, are in search of technology that will help them ‘find the truth’ and support their side of the argument.  The legal profession is are also beginning to side with IT in the cause of proper information governance inside the organizations they work for.  They know that if there were less and if it were better organized, or even if they could simply find whether or not a certain information set existed, their lives would be less complicated  and their company’s legal bills would be smaller. 

When I first started covering compliance, retention,  archiving, records and information management at Gartner, I rarely if ever spoke to lawyers.  Now I speak to them all the time.  They are allied with IT in an effort to try and bring costs down, reduce risk and generally sleep better at night by championing the cause of information governace.  To them it means less information to ask about, less to search and less in which their opponents might find the mythical smoking gun email – which isn’t mythical by the way – or alternatively the faster they do find the smoking gun, the shorter (and less expensive) the case will be. 

So,  if you have not yet spoken to your legal department – or if you are a lawyer who has not yet formed a bond of mutual interest with your in-house IT department – about any information governance plans you may have, you should do so.  You are on the same side, one that supports a program, a way of thinking and a way of working that reduces the burden of information overload by practicing good governance.


Category: Uncategorized     Tags: , , , ,

How Can Governance Succeed?

by Debra Logan  |  January 25, 2010  |  7 Comments

So, I managed to log on after only four attempts today.  My method of stubornly typing in all four of the password variations I use, instead of actually looking at where I have written it down is a habit that persists from the good old days of programming.  Those were the days that even if there WAS documentation, reading it was an admission of weakness.  This is a good sign:  it means I’ve used this tool often enough to be almost able to use it easily, kinda.  Anyway, you know how when you’re doing one of those ‘If your house was on fire and all the people and pets and other living stuff, including your plants if are that way inclined, were safe, what would you grab as you left?  My new answer is:  the notebook with all my passwords in it.   Without it,  I would be completely unable to administer my life.

The last post on ‘Reasons that information governance fails’ relied heavily on Jared Diamond’s reasons for the collapse of societies and even civilizations.  As it happens, these are not the only reasons, but he does capture succinctly the all-too-human tendency to focus on the short term and the personal, versus the longer term and the societal.  In simple terms, Diamond used evidence of societal collapse to demonstrate how difficult it is to put the long term interests of a bunch of people we haven’t met before our own short term self interests. Even if people see something coming – which they often don’t, despite the fact that everything looks obvious in retrospect – they tend to push it off and go with the old adage that ‘the future will take care of itself.’  Diamond was not judging anyone,  and neither am I, simply talking about the way things are.  Simply put, its hard for us to put the concerns of ‘the future’ over the concerns of the day.  It takes an effort of will and it takes incentives.  It also takes an understanding of or at least a stab at guessing what will be important ‘in the future’.  This applies equally to important environmental concerns on a global scale and to doing tasks during our daily work lives that may or may not be important in the future.  Information about the future is in notoriously short supply.

 Another source that I talk about in regard to the failure of organizations to account for common resources is ‘The Tragedy of the Commons’  in respect to common IT resources.  The essay is in fact about how common resources, usable by all, but belonging to no one, are abused to the point of exhaustion.  I use the example of file shares and storage arrays.  The essay was written by Garrett Hardin and talks about ‘the commons’ as all the earth’s resources that are not specifically within national territories, but even those within country borders.  A perfect example would be international waters.  But that’s not the point of the post. The point of the post is that how applying methods and insights from outside one’s profession and usual ways of thinking are often the most useful of all.

 I have been at Gartner for 10 years.  Its decade that has corresponded to a huge growth in the pervasiveness of technology in the daily lives of most citizens (or consumers, if you prefer) in the developed world and beyond.  The books that I have read in that time that have had the most useful influence on my thinking have all been outside the usual run of ‘IT’ ‘Business’ or ‘IT and business’. 

 Once a business book as become popular, its too late for me to read it.  Analysts are expected to be coming up with these ideas, not reading them in other people’s work.  By the time something like ‘The World is Flat’ is written, it should be blindingly obvious to the early adopters of new concepts, which is what we are supposed to be.  Ditto Wikinomics and Blink. And let’s not even discuss ‘Who Moved My Cheese’? They used to assign The One Minute Manager at my old company, when one was promoted to management.  I remember ‘Move the monkey’, meaning that if there was a monkey on your back, you were suppose to Move The Monkey onto someone else’s back.  That probably put me off forever.   I think I stopped even looking in the business book section of the airport after I left my last job, over fifteen years ago now.   In fact, I make it a point not to read them, mostly out of sheer stubbornness, but also because since everyone is talking about them, I can learn all that I need from the snippets I get at work, or from websites.

 Nicolas Carr, Kaplan and Norton:  again, close enough to be kinda like home boys widely read and quoted enough so that you don’t need to hear it again from me.  The books that have influenced me most in the last ten years have been from far outside the disciplines that I know and love.  Authors like Diamond who is a truly a multi-disciplinary thinker, with field experience in some of the remotest places on earth and many many years of teaching experience and creative thinking, are more likely to yield insights.   In Diamonds case,  his insights cross all disciplines:  they are about what people are really like and how they think and act in situations when they are confronted with profound problems, that they may or may not have recognized.   New insights come from the methods, the observations or simply the existence of writers and scientists, those that in the course of their work uncover not only specific truths about their own fields but also underlying truths about human nature and the world.

 When I looked at governance in light of Diamond’s work, I saw what I had been trying to condense and put into words for several years.  We fail at information governance the way we fail at many problems that come upon us slowly and whose ultimate consequences are in the future.  In business unfortunately for many the most important  consequences are only a quarter away.  Even with companies that have long term retention obligations, ‘the company’ may exist in 20, 30 or 90 years, but the individuals who are pondering the problem simply will not be there.  Of course there are shorter term problems and obligations when it comes to information, but even then, many of us do not do a great job in meeting them. We prefer – or are compelled – to look at what is important now, that will feed the next quarter or the next year.  This makes the problem of governance particularly difficult to solve, when so many other things demand our time, attention and money.

 One of the answers then, to the problem of governance, has got to be that it has to be someone’s job.  It may be with a view to keeping things for 90 years (or more, for example if you are talking about government records or nuclear power plants).  The person doing the job may not be around in that period of time, but their performance, pay, promotions and other incentives depend on getting it right today.  And its not only about information retention:  governance should  (doesn’t but should) play a role in how information is created.  Again, this is a matter of making it someone’s job, putting someone in charge.  We cannot usually see the point of governance.  It always, always involves changing the way we work, interfering and intervening in ingrained habits of mind and mouse.  It never, or rarely, anyway, has any immediate payback.  The benefits must be demonstrated before users will buy in.  The only way to do that is to make sure that it happens, without a whole lot of effort on ‘everyone’s’ part, but a lot on the part of someone whose job it is.  Not hard to do in principle, much more difficult in practice.


Category: Uncategorized     Tags: , ,

Four Causes of Information Governance Failures

by Debra Logan  |  January 18, 2010  |  4 Comments

So, before you start reading the main part of this, I need to say:  although it may not seem like it at first, this post is about information governance.  Stay with me, I’ll get there in the end.

 Ready?  The is the answer to ‘why is information governance so hard’?

 In his book Collapse, Jared Diamond chronicles the breakdown and eventual extinction of colonies, societies and whole civilizations.   Diamond does case studies of a number of these, already extinct, but the book begins with a discussion of a set of contemporary issues which center on the Bitterroot Valley in Montana.  Long story short, everyone he describes are acting from a set of motives that mix the good of community with self interest.  What is at stake is the economic viability of the area, which is often, well, almost always, a short term consideration.  People need jobs now.  People need money now. 


The opposing set of interests and motives center around the long term ecological fate of the area.  Many of the issues that face the Bitterroot Valley have to do with water, which is a scare and precious resource.  What usually happens is that short term considerations win out over longer term ones and that it is very difficult to get people (companies or even governments) to sign up to long term plans that sacrifice short term goals. That’s not quite true:  they will sign up.  They just won’t execute when the time comes. 

Diamond’s book was published in 2005, so while writing this, I Googled (how did we LIVE before Google?) the Bitterroot Valley and ended up looking a story from January 14, 2010: ( which demonstrates that the same set of forces are still in play.

I’m not picking on Montana, the Bitterroot Valley or any of the good people there.  I’m simply noting that in the course of human affairs, today’s concerns almost always take precedence over the concerns of next week, next month or next year, never mind years into the future.  Although we worry about the future for our children, many of us have not yet met our grandchildren and certainly only very few of us will live to see great grand kids born.  (To be honest, I wouldn’t want to:  ‘Great Grandma?’  Arrrrggghhh)  Anyway.

 Diamond talks about a number of reasons why we behave this way, which he argues were the cause of the ultimate collapse of these now extinct groups, societies and civilizations.  We are not facing anything as serious as ‘Collapse’, but we have had some spectacular failures in managing and acting on information in the recent past, and this will only get worse, unless we choose to do something about it.

While reading these causes as detailed in Collapse – or rather rereading them – its struck me that these are the very same reasons as to why we (in corporations, government and even personally) are really not all that interested in information governance or if we are, have a difficult time in making it work.  These failures are social, rather than technological. 

The first reason that many of us have an information governance (or information overload) problem is that we failed to see it coming due to lack of  prior experience.  The revolution in information technology that we have experienced over the last 25 to 30 years is unprecedented and has changed the way we live and work.  One of the questions that I always get asked is ‘how much…?’  Well, if you must know, according to a report released late last year:

 In 2008, Americans consumed information for about 1.3 trillion hours, an average of almost 12 hours per day. Consumption totaled 3.6 zettabytes and 10,845 trillion words, corresponding to 100,500 words and 34 gigabytes for an average person on an average day. A zettabyte is 10 to the 21st power bytes, a million million gigabytes. These estimates are from an analysis of more than 20 different sources of information, from very old (newspapers and books) to very new (portable computer games, satellite radio, and Internet video). Information at work is not included.The full report is available online at

To be honest, I think this kind of analysis is meaningless in real terms and not just because it doesn’t include what we do at work.  Its meaningless because no one has any idea (really) of the true nature of a zettabyte (a word that my spell checker doesn’t even seem to know).  In order to make it real, we need to look at it in terms of things we understand, like how much work we can get done in a day with what tools against what goals.  There is only so much that one person can do in a day or even in a lifetime.  A zettabyte sounds to me like more than one lifetime’s worth of work, in fact.  Masses of information tend to work against us, especially if they are unorganized.  The answer is not more.  Its less.

 Robert Jarvis makes this point in an article in the Boston Globe, discussing the recent failure of the U.S. intelligence service to pick up data points and then connect the dots regarding the attempted terrorist act  on Flight 253.  He says that in intelligence work as in life, the problem isn’t too little information, it is too much and even though we have too much, its not perfect and can be interpreted in various ways.  His recommendation is to craft policies, institutions and analytical habits that compensate for our universal human biases.  His recommendation is NOT to gather  more information and better technology to analyze it.

 In IT circles, we talk about  Moore’s Law and Kryder’s Law (about how storage technology keeps getting denser and cheaper) and relied on them to keep us out of trouble.  IT and business people have always assumed that computers would get faster and faster, and that storage would get cheaper and cheaper and that’s how we’d keep up. But that’s not keeping up.  Keeping up implies that the information that we can generate and store can be used – and reused – that it generates some value.  That is what is difficult and that is what we are failing to do, because of its sheer volume and because of our lack of attention to its governance.  Our old assumptions, that technology would solve the problems that technology created, have now stopped working.

The second reason we have not solved the problem is that we fail to perceive it at all. Data and information accumulated, day by day, on our hard drives and in our systems and on a daily basis it didn’t look like all that much.   Then one day, seemingly suddenly, there were terabytes of the stuff, storage was costing a fortune and the regulatory climate had grown increasingly aggressive and sometimes hostile.  It is a problem that only looks obvious in hindsight.  We don’t notice gradual change, because gradual change is normal.  Its like watching your own kids grow up, versus seeing someone else’s that you hve not seen for a while.  In the latter case you remember a four year old and a fourteen year old stands in front of you, seemingly suddenly.  That change was gradual and invisible, while your own children grew gradually but visibly.  So we’re used to information overload and paying lots for storage.  It seems normal and necessary, simply part of the way things are.  Then someone happens – we fail an audit, there’s a lawsuit or an economic crisis forces a rethink of all budgets in the company – and we are forced to look at the problem in a whole new light.  The question of ‘How did THIS happen’? is the one most frequently asked in this situation.  This is even truer of high level managers, who simply stated, do not even  have information management problems.  They have personal assistants who do things for them and get us to do things for them.  IT leaders understand the problem  – it impacts their budget – and users understand the problem – they never see to be able to find what they want – but managers often don’t.  Their failure to perceive is a huge handicap when it comes to getting high level support (and money) to solve the problem.

Third, and this reason is probably the most important one for our purposes, we fail to act on a problem once we have noticed it.  Different groups and individuals have different views of information management.  Users do not want to create more process discipline around the way they create and manage information, nor are they willing to look at what has accumulated and decide whether or not it has value.  That’s taking time away from the things that they need to do to get their jobs done, their objectives met and their promotions secured. There is a clash of interest between corporate interests at the highest level, business users interests and the interests of IT.  Group interests, even within work group and project teams, clash with individual interests.  There is a need for collective action on information governance to take place:  high level executive support, business user buy in and IT advice and implementation.  Information governance is the effective regulation over the use of common resources in a way that satisfies, but not completely, the competing interests of different groups.  People are engaging in perfectly rational but ‘bad’ behavior, because it allows them to put their own self interests first.  Incentives for good behavior need to be implemented, otherwise, nothing will change.

 Diamond’s final cause is that we simply do not have the means available to solve whatever problem it is that we are looking at.  I don’t think this is true in the case of information governance, but I do think that many organizations look in the wrong place for that solution.

So what’s the right one?


Category: Uncategorized     Tags:

What is Information Governance? And Why is it So Hard?

by Debra Logan  |  January 11, 2010  |  2 Comments

 Before I write (extensively)  about why information governance is so difficult and what has to happen to make it happen, I should tell you what I mean by ‘information governance’.  Like the term ‘information’ itself, different people mean different things when they talk about this topic.

There are lots and lots (and lots) of definitions of ‘information’, none of them universally accepted, that finally, once and for all, sort and define the terms ‘data’ ‘information’ ‘knowledge’ and let’s add ‘content’ to that list. You can look in wikipedia if you like, but that too will leave you unsatisfied, as it says ‘Information is a concept that has many meanings’. 

 Instead of trying to define the word information on its own, its easier if we talk about the whole idea of ‘information governance’.  In an organizational context, a few things are implied.  First of all, the information in question is always explicit:  that means its written or recorded in some way, and these days the media is usually digital, although there is still a lot of paper out there.   

 Gartner’s own (official, which means we argued about every word) definition of is as follows:

 Information governance is the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.

 It is derived from our definition of IT governance which ‘may be defined as the processes that ensure effective and efficient use of IT in enabling an organization to achieve its goals’. 

 Note that neither definition includes any notion of coercion, but rather ties governance to accountability that is designed to encourage the right behavior.  There is something buried in the definition which I think is at the heart of what I consider to be the problem that  most of us face when we start talking about information governance.  The word that matters most is accountability.  The root of all of our problems with information, and we do have lots of problems with it, is the fact that there is no accountability for information as such.

 That might sound ridiculous, but think about it.  IT owns the systems that we use to create it and store information.  That means they own the bits and bytes.  But they do not own the ‘information’ or really understand its meaning to the business, beyond who it is created by, what system is used, and various other derived characteristics.  Furthermore, ‘IT’ has no idea what data might be useful in a given business context.  Why should they?  Their job is to manage information technology:  hardware, software and networks.  There is information that is important to them, technical documentation, project documentation and so on, but as for the spreadsheets used by accountants to forecast quarterly results, IT has no idea, nor should it.  Of course, data modelers and other IT types who are focused on defining important system-wide entities for common use need to understand the data they are working with, but its always an interpretive exercise.  The overall requirements of any information system must be specified, ultimately, by the business people who define, understand and own the process and its accompanying data.

 The people who staff the functions that produce and use the information are the people who know its value, understand what they need to save for recordkeeping purposes, can point out the current version of documents, should know how long a given document or set of data is going to be useful from a business continuity perspective.  And while business people may know these things, it is often difficult  – or impossible – to get them to articulate their own information needs. Furthermore, they see no reason why they should.  The resources they use to produce, store and consume information are owned by and paid for by someone besides themselves.  Besides which, the personal hard drive, memory stick, file share, or whatever, are viewed as practically infinite.  And indeed, for most of them (us) they are.  An individual can pile as much stuff as he or she can create and collect on their personally owned desk top or laptop device, buy auxiliary storage at the local electronics store, and get UNLIMITED FREE email, image, data storage from Yahoo or Google.  The very notion that they need to waste their valuable time paying attention to which version of a file is the current one for their project, deleting 10 year old documents from a shared drive or indeed performing any other information management or governance task is viewed as anathema.  And so the circular argument begins:  its not my job, IT should do it, by which they mean buy more storage and get us that piece of magic software that will fix the problem once and for all.

 These days, there is the added complication of ‘compliance’, an all purpose stick with which everyone uses to beat everyone else and mostly has resulted in even more reluctance to manage information in any way other than simply allowing it to accumulate for fear that deleting it is forbidden by some obscure law or regulation.    Lawyers have been increasingly dragged into the discussions about information governance and that usually complicates matters, rather than makes them simpler.  Most legal counsel do not know exactly what business documents must be preserved, in every case.  If there is pending litigation, its easy enough, and that they do understand.  Otherwise, they lob the ball back into the business user’s court and the circular arguments begin again.

 This is not to imply that either lawyers or business people are uninformed or irresponsible.  It’s a matter of domain expertise and a comprehensive lack of clarity in laws and regulations.  Although this doesn’t apply to you, unless you work in the Executive Office of the President, read the definitions in the in the Presidential Records Act (of 1978):

 You only need to read sections two and three.  Clear?  Ok.  Now think about these definitions in relation to e-mail.  How would you do if you were asked to separate your ‘personal’ email from ‘official’ email?  What system do you know of that would allow this separation to happen automatically?  Easy, you say, save it all and sort it out later.  And that, as it happens is what most of us do, with e-mail, files, data and everything.  We save everything  – and lawyers often give this advice – because it’s the easiest thing that we can do that we assume will not get us into any kind of trouble.  I suppose its all in how you define trouble and whose trouble it is.  Most of us don’t have to deal with the trouble this causes:  the wasteful expense, the potential legal repercussions, or the time and energy someone else might have to spend figuring it out one day.  Again, we’re back to accountability. 

 Unless we make information governance someone’s job, its not going to happen.   Most people thing about today, and what needs to be accomplished, rather than what will happen in the future.  Its only human.  We push non-essential decisions off into the future.  Even if we intend to organize things or clean them up, its not something we’re going to do today, because today we have to close the books, or write the code or talk to the client, or whatever else it is that we have to do.

 After writing all these words, it occurred to me that my point about information governance could be made more easily by one of my favourite characters from a Disney movie, ever:  Roz the Slug from Monsters, Inc.

 So how do you get information governance to happen?  Well, you do need Roz, but you also need to change Wizowski’s objectives.


Category: Uncategorized     Tags: , , ,

New Year’s Resolutions: Information Governance

by Debra Logan  |  January 4, 2010  |  3 Comments

Don’t know about you, but I always make New Year’s resolutions.  One of mine is to blog more.  That shouldn’t be difficult, since I managed it about three times in 2009.  In any case, the past is behind us and we can all look forward to a fresh start in whatever areas of our lives that seem to be lacking, whether they be personal or professional.  So I’m starting again with the blogging thing, hoping to muster the time and discipline to make a habit of it.  Wish me luck.

In keeping with the ‘fresh start, renewed ambition theme’, I’m going to suggest a place where most of us – every individual and every company, no matter what the size – could use some serious work:  information governance.   One of my fundamental beliefs, something that has only grown in my tenure at Gartner, is that we regard ‘information’ as a side effect of technology, rather than the object of the exercise.  What I mean by that, is this:  while we have been focusing on faster processing, increased bandwidth and ever denser storage devices, most of us have neglected to pay attention to the vast mountains of data that have been accumulating as a result of all this wonderful technology.  But that’s not really a problem, is it?  Because of course Google-Bing-Clusty-Yahoo can help us find whatever we need in all of that, and voila, we are vindicated. That email from our colleague that proves the point that we have been making (I DID SAY THAT:  SEE?) is easily found on our desktop or in our email archiving system.  But these two examples prove the point.

Everyone, but everyone, in every company that uses desktop or laptop PC, has the job of managing their own information.  Some of us create personal taxonomies and file things carefully.  Others rely on desktop search to find what they need.  In any case, very few can see the point of deleting any of it:  that disk is SO BIG and even if the information is of marginal (or no) value, saving it “just in case” is surely a good idea. 

Think about this for a minute.  How much time do you spend looking for, reading or rearranging files on your desktop?  Even if you have a nifty desktop search engine that achieves perfect precision and recall of every single item you ever look for – and please, let us know if you do have that search engine – of what use is that information to your team or your company?  The answer is ‘none at all’, unless you are there to find and interpret it for them.  While you are on vacation, and I send you an email asking for ‘that document that I know we wrote but that I only have the 37 draft versions of versus number 38, which we decided was final’, I have NO ACCESS to your personal stash of goodies.  And, everyone on our team has the same 38 versions (more or less) stored over and over and over again, on desktop, laptop, shared file drive, memory stick and (sometimes) in printed form, just for safekeeping.  But storage is cheap and search is good (enough).  So what?

There are lots of “so whats?”

Here are the questions that need asking:  How much data does the company have?  Where is that data?  How much is it costing us to store it?  Can we find what we need when we need it? Of what business value is the data that we are keeping? How often is it accessed?  What are our legal and compliance obligations?  Are we using it to its best advantage or are we keeping it because its simply too much trouble to sort the useful from the useless and bin what we can’t use? 

 There are many who argue – many colleagues at Gartner included – that the time of a well-paid knowledge worker should NOT be spent sorting through piles of data.  Far cheaper, is it not, to let the data pile up, on personal hard drives, servers, data centers and then on tape?  Why should we bother with any of it, as we have finished with THAT project and are moving on to the next one.  After all, it’s a New Year and a New Decade even.  Let’s move forward.  That data may not help us – in truth we don’t know – but it certainly isn’t going to hurt us.  And besides, storage is cheap, cheap, cheap and my staff have better things to do than look through old data and make decisions about its disposition.

When you examine these arguments closely, they do not stand up to scrutiny.  Nor do the standard set that revolve around ‘Our lawyers say…’ or ‘We don’t know so…’ or ‘Having that data will vindicate us…’  I’m sure you have some of your own in order to continue to avoid the onerous task of information governance.  I’m going to try and make the case that no matter how onerous it looks, no matter what your lawyers may be saying and however much resistance you think you will encounter in the user community, if you take up the cause of information governance in your organization you will be making a valuable contribution in 2010. 

If you post comments and tell me how wrong I am, that will help me keep my blogging resolution.  Have at it.  I must now go and sort through my saved emails to find the one that tells me how to post this.


Category: Uncategorized     Tags: , ,

What Goes On Facebook, Stays in Facebook. Forever.

by Debra Logan  |  May 7, 2009  |  2 Comments

While skimming through the very excellent Unfiltered Orange ( for the latest e-Discovery news, I came across yet another post talking about the dangers of Twitter, Facebook, and other social networking sites ( 

It pointed out the privacy pitfalls of social networking for individuals and companies, and used a couple of examples of people who had posted stuff they really wished they hadn’t, such as posting a picture of themselves at a party (in full fairy regalia no less) after they had called in sick.  That is, let us say, somewhat careless and a lot naive. 

There will be no prizes for guessing the ages of the individuals who do this kind of thing, one need only look at the demographics of the Facebook population.  Youth is not the sole province of stupidity, stupidity has major branches in all ages, nations, races and creeds.  Perhaps what I am talking about here is inexperience or an inability to learn from it.  Its been a long time since most people  my age have turned up anywhere in full fairy regalia, though I do have a Halloween picture from when I was five, dressed as Glinda the Good Witch, or a reasonable approximation thereof.  The thought of my own youthful indiscretions recorded forever on a social networking site sends a shiver down my spine.  If I do ever don a Glinda costume again, it will be after I’ve won ‘Britain has talent’, and ala Susan Boyle, I’ve landed the part in Wicked.  So, never.

Kids these days, eh?  It must be because Digital Natives are so different from ‘us’.  NOT.  This sort of posting-a-picture-your-friend-took-of-you-unconscious-on-the-sofa story proves that people really don’t change and there are many out there committing the same indiscretions that you and I did, except many of them are doing it for all the Web 2.0 world to see.  Its like running with scissors:  all parents say not to do it, but younger people  think they are immortal and invincible, not to mention having superpowers.  None of their friends has ever put an eye out or gotten into hot water over a Facebook posting.  Why are you buggin’  me about it, Mom?

All of this demonstrates once again how important it is to have company policy regarding the use of social media.  Don’t Twitter about trade secrets, for example, or about the fact that your boss is an ogre and your company run by people who could not organize a drinking competition in a brewery.  Behavior that puts your business at risk needs to be a sackable offence.  It would seem to be common sense, but I’ll bet some are doing it, as some are posting pictures of themselves doing something else while they are bunking off work. 

Your policies should reflect the distinction between public and private.  Risks to the business should be mitigated with guidelines, the simpler the better.  Most people have a sense of where the line is, although it is not a very bright one. They can be trusted not to cross it, mostly.  Behavior that is illegal immoral or just plan daft in the workplace is out of bounds no matter what medium you are communicating in.  And if you do get employees harrassing each other in email, or planning to cook the books onTwitter, or any other form of electronic media that leaves a record, that’s a good thing:  it makes them easier to track down, fire and prosecute. 

The biggest challenge for all of us whether we be digital natives or not, is deciding on the line we wish to put in place between our personal and professional lives.  That’s going to take a while.  People will make mistakes and they’ll pay for them.  That’s just Life.

Meanwhile, how about using this rule:  Before you email, blog, Twitter, update your status on Facebook or anything else, imagine yourself on the witness stand with this being read out in open court.  And oh, yeah, your Mom is in the courtroom.  She’s waving a pair of scissors and saying ‘You never listen and NOW look what’s happened.”  That ought to keep everyone in line.


Category: Uncategorized     Tags: , , , , ,

Legal and IT Are Still Not Communicating

by Debra Logan  |  May 6, 2009  |  5 Comments

 Being an analyst is a funny old thing.  I’ve been talking about e-Discovery for a few years now and so much of what I said and wrote for Gartner at the beginning of the current e-Discovery hype seems very old news indeed.  One of our cardinal pieces of advice is that in matters of data retention, information management policy and particularly e-discovery, that lawyers and IT both had a role to play.  The two groups needed to talk to each other.  From that, Good Things would flow.  Surely I thought, they must all know they need each other by now.  Time to move on.


Not so much.  At last weeks’ Governance Risk and Compliance Summit in Chicago, I learned that there are still many IT types being handed instructions like, ‘Keep all the responsive data’, ‘Data retention policy is your job because data management is your job’, ‘Its up to YOU to create an e-mail usage policy’.  Because the dialog has started, at least among our clients, I also had a chance to hear it from the lawyer’s point of view. 

They are being told things like “Well, we ran the searches you asked for with the keywords you asked for and we got 10 million hits.  They’re here:  c:/lawyer_archive/XYZ-SNAST4.6.27.9/that_ought_to_keep_you_troublemakers_busy_for_a_while.  Let us know if you need any help.” 


Those aren’t dialogs, they are a lazy cop-outs and/or a grave lack of understanding of what really needs to happen.  I used the word grave with intent.  Not understanding technology is becoming a handicap for lawyers and indeed at least one high profile Magistrate Judge has stated that lawyers need to understand technology to do their jobs.  Electronically stored information is now the predominate form of business record.  Lawyers (partners, not junior associate spear carrying types) who know this area stress the need for involvement from senior litigators, because e-Discovery is can often be a strategic issue in preparing a case.


 In dealing with e-Discovery, retention and policy issues, our cardinal piece of advice remains to set up an on-going dialog with one another:  legal and IT. Hey, you might even want to include those much maligned but sadly necessary ‘business users’ at some point. Many companies do already do this, don’t get me wrong, and we are seeing the creation of more positions that are liaison positions, permanent links between the two groups.    But there is still a long way to go.


Here’s some do-it-yourself advice if you need it, particularly if you are from IT and are feeling overwhelmed with the tasks you may be being given to do around e-Discovery. 


Begin by familiarizing yourself with the e-Discovery Reference Model (  You can read all about it there, but I use it to explain the process to IT clients and demonstrate to the lawyers which technology can be used for what part of the process.  The EDRM is vendor neutral, the steps are explained in a wiki on the site, and it really does  help to clarify and explicate the issues.  There are Those Who Say that the model is too simple and doesn’t include things like ‘early case assessment’ (ignore this if you are a novice.)  But we still find it very useful, despite its relative simplicity, and those that do the most complaining are the vendors that can’t sell what they have based on the model.  Simple explanations are always the best, IMHO, and if something cannot be explained simply, then the person doing the explaining doesn’t really understand what they are talking about in the first place.  Either that or they are trying to confuse you into a panic-y state to soften you up for something, usually signing a contract.


So, I will continue to repeat myself, even though I feel I must be boring everyone into a stupor.  My advice does meet my own criteria after all, in being simple:  go knock on the door of your inside counsel and start a dialog.  If you are a lawyer, don’t expect your IT partners to understand what you are talking about when you say ‘Save responsive documents’.  If you do, don’t be surprised when they then complain that the ‘litigation hold policy’ is costing them too much and taking too much of their time.  It is not reasonable to ask them to do this:  storage of electronic information is NOT cheap, despite any rumours you may have heard.  Neither legal or IT should return to their respective tribal habitats until both sides are sure they understand what is being said.  House counsel and in-house IT are on the same side.  Indeed, according to The Sedona Collaboration Proclamation(, you should even be co-operating with your adversaries, on discovery issues anyway, and save the fighting for the substantive issues of the case.  See?  I can speak a bit of Lawyer.


The evidence from the conference is clear.  Two and a half years after the changes to the Rules of Civil Procedure, the respective responsibilities of legal and IT still are not being carried out by many because they don’t understand them.  Only dialog between legal and IT will change that.


Category: Uncategorized     Tags: , , ,

Twitter and e-Discovery

by Debra Logan  |  April 28, 2009  |  4 Comments

Having finally been convinced that blogging might not be such a bad thing after all and it was almost certain that it would NOT bring about the end of civilization as I had previously believed, I now find myself having to pay attention to YASSS (Yet Another Social Software Site), namely, Twitter.

For those of you who are interested, please pay attention to how many times I can work this very trendy phenomena name – Twitter – into my post without actually having to figure out how to participate in it, i.e., Twitter, (or maybe Tweet) it or understand more about it than I already do and just wait for the hits to roll in. That’s leverage.

Last week, my boss sent me a link to a site called Who says all lawyers are technophobes and Luddites? Not me. Some of the most go-ahead technologists I know are lawyers. She asked me if it was worth a First Take (a kind of publication we do to get our first thoughts about newsworthy items into the public domain). Here is the relevant para from the post:

Twitter posts are like any other electronically stored information,” explained Douglas E. Winter, a partner at Bryan Cave in Washington, D.C. and head of the firm’s Electronic Discovery unit. “They are discoverable and should therefore be approached with all appropriate caution.”

Winter said tweets could pose a myriad of legal problems, from the unauthorized posting of copyrighted material to the disclosure of trade secrets or confidential information to explicitly actionable behavior like libel.

I told her that this was not a newsworthy item. She can’t have known: most people who don’t actively follow e-discovery or privacy issues might not.

The reason this is not newsworthy but is worth a blog post and why the Bryan Cave post is a bit behind the times as well, is that simply put, ‘everything that exists is discoverable’ at least pretty much. This would apply to any tweets that had been stored by a company or a user or anyone else. Attorney client communications, data deemed to be inaccessible for technical reasons and a few other kinds of electronic data may be protected, by a specific legal principles or by time and cost constraints. Information deemed to be privileged may also be withheld, but note that you can only do that AFTER there are lawyers involved, meaning you are already in the soup. At that point, you are paying a legal professional to actually read stuff and determine its status in a given case. You’ll already be writing checks.

I’m not claiming this is an exhaustive list, but certainly if something exists, it is subject to legal discovery. Persons outside your company (or not you, in the case of e-mail and other more personal forms) can look at it if they can convince the judge they have a reason. If someone has been up to no good, or are even accused of being up to no good, or wants to prove that they have not been up to anything even remotely unsavory, you can pretty much count on the information being subject to disclosure. It won’t often happen, in fact in the grand scheme of things, it rarely ever does, but it could be.

So you do need a Twitter policy, but that policy mostly consists of common sense. And of course, everyone is likely to act reasonably most of the time. But. The piece goes on to suggest that ‘data needs to be preserved’, implying that we should all be saving Tweets, I guess. That’s where the confusion comes in. The juxtaposition of these thoughts might lead you to believe that it is standard legal advice is to ‘save everything’. As it happens, it often is standard legal advice to save everything. There are very few instances, however, in which you are required to ‘save everything’. If you are covered by the SEC rules that all broker dealer communications be saved for a period of three years, you’d better be doing something about your broker’s tweets.  In a way, you’re lucky if you are covered by that rule.  Most of us wish the rules were as clear for us.  As one SEC official allegedly put it:  when we said everything, we meant everything.  If someone throws a brick through your window, with a note tied to it, you need to save the note, the brick and the string.  But alas, that is not most of us, and we must decide, ourselves, what happens to the note, the brick and the string.

A well thought out, consistent policy, one that is enforced, for all electronic communications, is what you need. And you do need to seek legal advice, as well as best practice advice. Gartner does not give the former, but we do give the latter. We would always recommend that any policy be vetted by legal counsel or outside counsel. However, a policy you craft yourselves, with business leaders and house counsel, using best practice advice from Gartner, the Sedona Group, an ABA publication or a myriad of other sources is going to be a great deal cheaper than some other alternatives.

The law firm of Brian Cave advises us to be cautious, therefore, in our communications. That’s great advice. But how many of you can honestly say your are ALWAYS cautious? Have you ever sent a negative email about a colleague or your company? Attached a copyrighted document to an email, even though you did not have permission to do so? Twittered sarcastically? Posted something on Facebook (like a picture of yourself on the beach when you had called in sick at work?) that may have come to the attention of H.R.? (What? They can look at my Facebook? Yeah, given the right set of circumstances, ‘they’ can and so can the jury).

So, do be cautious but being cautious does not involve a policy of saving everything forever just in case.

As the lawonline post points out ‘de-contextualization’ on media like Twitter is a lot more likely, due to the limited bandwidth. So if you leave it hanging around and it does become subject to discovery, there is gonna be lots more explaining to do. And if you do have a policy, be sure to enforce it, because having an un-enforced policy is worse than no policy at all. Here’s my tip of the day – users don’t go and clean up old email files or any other kind of files even if you ask them nicely. Sometimes they don’t act reasonably or even in their own best interests. Enforcement is a function of legal consideration coupled with IT implementation.


Category: Uncategorized     Tags: , , , ,

Everyone Is Doing It: Even Lawyers

by Debra Logan  |  April 1, 2009  |  3 Comments

Nothing worse than a reformed sinner is a phrase that I have often used in connection with ex-smokers like myself. We hate it more than those of you who never smoked, because of course, we were foolish and reckless enough to do it at one time. The same holds true for adopting a position or point of view that one previously held in contempt. It is thus with a great deal of humility that I write my first ever blog entry and hope that someone reads it.

As recently as late last year, I was a confirmed cynic, dismissing the whole ‘blog’ thing as an exercise in self promotion, a shameless display of one’s personal life and habits for all the world to see, a sign of the dissolution of consensus and the body politic, as we fragmented into a ba-zillion little self interest groups, gazing lovingly at our own navels and calling it ‘social software’. I had better things to do than either write blogs or read them. Anyway, where would I have started? There were and are so many of them. Then I read ‘How the Internet is Destroying Our Culture’ and become truly unbearably smug, as it seem to crystallize and confirm my own mushy and half formed opinions about the utter uselessness – nay DANGER – of it all.

How much more mistaken could I have been? Thanks to colleagues, many of whom I count as friends, I had the scales fall from my eyes. What sealed the deal for me, after a long and somewhat heated exchange with Gene Phifer, Daryl Plummer, Ray Valdes, Tom Austin and other Gartner analysts, was when someone pointed out that Our Competitors, bloggers to a (wo)man, had readership in the millions, while they, and I, with what we think of as more to offer, had readership in the thousands. If we were lucky. With our content locked behind the firewall of Gartner’s subscription model, you had to pay to find out HOW SMART WE WERE. But you’d have to take that on faith, cause of course, you’d never heard of us, cause our content was locked behind the firewall. DUH!

So here I am, writing my first blog entry.

Besides confessing my sins, my main subjects in this blog will be those that I cover for Gartner and probably the occasional rant about something that really bothers me, which I am of course discouraged from doing by my boss, my colleagues and my editors, when publishing ‘officially’ for Gartner. Another opportunity missed in my anti-blog days: Cheap Therapy.

Right now, my main area of interest and research are around the topics of e-Discovery, Information Governance, Legacy Content Management, Records Management, Content Archving and a few other things as well. In e-Discovery in particular, I feel that there are vast gaps of understanding and knowledge between the technical and legal communities and that we must get to grips with a problem that has huge implications for our justice system in the United States, not to mention business competitiveness. In the (related) area of information governance, I like to think about things like what companies should do with their e-mail (don’t save it all, but don’t throw it all away, either), legacy documents (what is in that 10 Terabytes of stuff on the SAN and the file servers, anyway?) and legacy content.

I don’t see any of these issues as issues for IT, but ones that effect all of us in business, politics, you name it. To the extent that we are alive now, we must all deal with the issues of how much information is too much, who to trust in the vast universe of content on the internet, how we make personal or business decisions, when we feel we can never have a complete picture. And oh, yea, how about all those right or left or center wingers, flaming away over there on those other blogs/wikis/twitter sites?

Like it or not, we’re all blogging now, including lawyers discussing e-discovery and other topics I’m interested in.

One of the best (laywer) sponsored sites for e-discovery (let’s give the people some value here, I haven’t compromised my original anti-blogging principles THAT badly, I still want to write stuff worth reading) is this one, at K&L | Gates – W.H Gates Sr founded firm in case you are wondering if they are related.  It contains reasonable synopses of e-discovery decisions and you can also download the full text of most of them from there, if you are stuck for something to do on a rainy Saturday afternoon.  They can be surprisingly amusing.

Excuse me, while I go and figure out how this software works. Tell me it has a spell checker.


Category: Uncategorized     Tags: , , ,