Scott Burt is Vice President of Corporate Strategy for Innovative Driven, an IBM Business Partner that specializes in information governance and e-discovery. While many IBM Business Partners in the practice known as Enterprise Content Management (ECM) have legal or compliance experts, who advise on regulatory risk and data privacy and help design and deploy Records Management applications, Innovative Driven is an entire organization that focuses on this area. Based in Arlington, Virginia, the company has locations throughout the United States and Canada and some presence in Europe.
Q: What is Information governance and e-Discovery?
Scott: As a business, you have a lot of obligations and duties around the business content that you need to keep, how it needs to be maintained, how it’s secured and who has access. You have a lot of risk in that data being exposed to bad actors, both internally and externally, and you have a serious obligation if you have litigation or an audit - you must be able to locate and produce everything that's relevant. All of those things are really big challenges.
As an example, let's take a company with 30,000 employees. Basically, you have 30,000 authors. Each one a content creator who is saving documents, creating records, working with customer data, updating contracts, and exchanging financial documents. That organization needs to have a coherent policy about where that content is stored, how to retrieve it later, and it better be secure. If they do it haphazardly or if they over retain, if they don't have a good program in place to keep their house clean like those hoarder TV shows, when a legal action occurs, they can be in a real mess. They can be subject to huge fines and other painful punishments.
Our mission is to help companies through that whole process of information architecture design and data privacy and security obligations, so that they are well organized, well secured, well maintained, and they can find everything to comply with laws and regulations. That’s the proactive side. If there is a legal action, we can help with the e-discovery process. That’s the reactive side.
Q: There are highly regulated industries in our customer base – Financial, government, healthcare, for example. Do you have any particular industry expertise?
Scott: We go across industries. The capabilities we offer really apply across verticals, certainly there's some specialties, like financial, government and healthcare, but then there's industries where you might not expect that they are keenly aware of regulation. Take manufacturing. You might not think of manufacturing as a highly regulated industry or that they really care about this, but they really do. They've got product liability and intellectual property that they want to protect. Since Financial companies face a ton of regulations, in many cases, they have large teams built and they're further along on the maturity level. And so today in 2022, a lot of the opportunity for us lies in other industries.
Q: What brings new business, is it a terrible incident a disaster or are you seeing people try to get better governance ahead of time?
Scott: A terrible incident and disaster is very straight forward. It’s a gotta fix and gotta do it now. We can get right to work with a clear mission to help get it resolved and get them under control, both reactive as well as when they then “get religion” and want to get their house in order on the proactive side with information management across their business. We’re seeing an ever-growing demand around regulatory requirements and companies having to get compliant, even if it had been on the back burner before. One of the big drivers is data privacy in the United States today. Until now, the U.S. has been slow to adopt privacy regulations to protect the consumer. Europe is way out front on this. But it's coming. California, Colorado, Virginia, and even federal legislation has been introduced. Everybody that operates in those states has a lot of new obligations with which they need to comply. But I will say that the ones that really get it the best are the ones that have the religion from having lived through a class action lawsuit.
Q: Do you have an example?
Scott: Sure. A 30,000 employee company had an existing employee who was passed over for a promotion. That person filed a lawsuit and it became a class action lawsuit on age discrimination. Suddenly, they had to produce all the communications and content for every manager of the company going back many years. Then lawyers needed to review all that content to figure out what’s pertinent and not. Employment related actions like that impact every industry. They really understood then that they needed to get their house in order for the future.
Q: During the pandemic, did the regulators take time off? How did the pandemic affect regulatory crackdown?
Scott: Well, there's a lot of different regulatory institutions, with different characteristics, so there was some impact. But I will say, the number one driver remains the legal side of things for e-Discovery - being able to be better prepared for an event of litigation - and that absolutely did not slow down.
Q: Many of IBM Business Partners develop software solutions that sit on top of the Cloud Pak for Business Automation or aspects of it. Has Innovative Driven developed some special tools?
Scott: At Integro, we built a product for email management, which was revolutionary at the time, because companies want to be able to automate and manage retention, and email is not a records class, just like paper is not a records class. What's written on the paper and what's written in the email determines if it's just “transient content,” as we call it – meaning you can delete it tomorrow and no harm, no foul - or if it qualifies as record. And if it's a record, it's because what it says matches up to one of your records classes that might be in HR, intellectual property, Financial, etc. Every company looks at the laws and regulations and their own business needs and they define it for themselves. And that becomes their “records classification schedule” and then related to that is their retention schedule. E-mail is a challenge, because there's so much of it and everybody's a creator of it. And so most people were just keeping everything and archiving it all, which people are trying to get away from. It’s legally risky and it’s expensive. Our solution, called Innovative Email Manager, makes it super easy for an end user to declare an individual email as a record. And then we can pump those things into IBM Enterprise Records to be properly stored, retained, and disposed at the right time.
Q: When a company engages you, where do you start with them?
Scott: The whole information governance space is very much a journey. It’s like cybersecurity, for example, you don't do one project and say you’re done. This is inherent to your culture, processes, systems and methodologies. You’re always going to be improving and going to the next level and responding to new regulations that come up in new jurisdictions. So where do you start is by asking, “where are we now?” A lot of companies that are newer to this, their houses are a mess. They’ll have file shares back to the early 1990s, and they didn't tell employees, “Here's what you should store and these are the folders you should use.” It was a free-for-all. Fast forward to the iPhone Age and the volumes of content, the legal exposure of the content, the cyber security and ransomware challenges, privacy, credit card information and regulations, all those things have exerted tremendous force on companies. So, depending on where they're at, they need to update their policies, have a records program, and a good legal hold program in place. That's really the foundation or the cornerstone. And then you want to be going to your areas of highest risk.
Q: Is there “low hanging fruit” in Governance?
Scott: What's the easiest thing to remediate? The causes of the biggest risk? It might be you your email archive where you are retaining every email sent and received by the company for the last 10 or 15 years. Now that we have put in controls, let's go through and cleanse and get rid of all the transient content out of your email. And maybe give you a faster, better, more responsive, reliable system as well.
Q: Do you have a rule of thumb for retention of content?
Scott: There are only 3 reasons why you need to keep something at an organization, whether it's a piece of paper with your notes on, an email, invoice or a contract in PDF format:
- Do you have a legal obligation? Meaning there's an e-Discovery and a legal obligation to save and retain everything that might be relevant for that matter
- There's a regulatory requirement, for example, by law you need to keep your HR reviews or payment information for a certain amount of time for every employee
- There’s business value in the content. Maybe there's no regulatory or legal requirement on it, but it's important to you. Maybe it’s your design drawings for a new product, and you might someday need those to defend a patent.
If you don’t answer yes to one of those three, you not only can, but you should get rid of it because you're keeping it for no reason. Ideally, every piece of content ever created in your enterprise - from the moment it's created - has an expiration date assigned to it. That would solve so many problems. If something gets classified as a record by a person or software, then the retention is automatically adjusted to reflect the proper retention. We use AI and rules to auto-classify as much as possible. So, that's the Nirvana – the point where everything has a retention assigned to it, everything's organized and named consistently, and everyone can find what they need to find.