This document discusses challenges related to records management and social media for businesses. It provides guidance on developing governance and policy approaches to address these challenges. Key points include establishing roles and responsibilities, focusing social media policies on principles rather than trying to address all instances, and ensuring proper handling and retention of business records created through mobile and social media.

1. A Call To Action: RIM and eDiscovery for
the Next Generation
Summary of Key Findings
Michael Salvarezza
LRN
September 24, 2012
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 1

2. Challenges
Social media
and business
transformation
Explosive Growing urgency Rapid expansion
growth in in laws and
volume of to gain control compliance
content creation of this dynamic regulations
MiFID
Title 21 CFR 11
PATRIOT ACT
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 2

3. Records Management vs.
Social Media vs. Business
Social Media Records Businesses
promotes: Management care about:
• Sharing is about: • Agility
• Collaboration • Governance • Complexity
• Open • Access to
• Rapid access information
to information • Insights
• Casual, derived from
informal, spon information
taneous • Speed and
results
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 3

4. Governance Approach
• Legal, IT, business units
(e.g., sales)
• Define
roles/responsibilities
• Include
next-generation
workers
4
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 4

5. Policy Approach
• Social media, BYOD, mobile
computing, cloud computing
• No policy can address
all instances, so focus on principles
and extend trust
• Focus on what is critical
to the business to keep
• Recreate vs. capture
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 5

6. Set Policies: General Principles
• Lead with trust…and then
provide guidelines
• Encourage responsible use
• Frame policies to address
responsibility, not productivity
• Grant equal access
• Provide training
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 6

7. Social Media Policies: Elements
• State objectives and purpose
• Include definitions and examples
• Define what is proprietary or confidential and prohibit its use on these sites
(e.g., customer information, financial data, legal matters)
• Identify what is expressly prohibited (e.g., libelous comments,
illegal activity, obscenity)
• Specify who may speak on
behalf of the company
• Specify who will own work
products created on sites
• Include legal and regulatory
issues that apply
• Refer to specific security concerns
• Include discipline and ramifications
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 7

8. Sample Guidelines
When on a social media site:
• Listen first, talk later; pause and reflect before actually posting
• Identify yourself; avoid anonymity
• Respond to ideas…not people
• Be respectful; always seek to add value
• If you are not authorized to speak for
the company, specify that opinions
are your own
• Know the facts and cite sources; do not guess
• Do not go “off the record”
• If you respond to a problem, you must follow up
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 8

9. Records Management of Social Media
• Consider where the business record is created:
– If the record is created outside of the social media site,
the copy posted to the social media site could be considered
a “convenience” copy
– If transactional information created on a social media site is a
business record under your policy, then have a mechanism in place
to capture, store, search, and retrieve those records
• Ensure procedures specify that Records Managers review
the social media site framework before the site is launched
– To assess capability for proper handling of business records
• Educate employees through training sessions and communications
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 9

10. Mobile Computing and BYOD Policy
Considerations
General Principles:
• Make sure the policy is enforceable.
• Do not rely on device specificity. (Devices become obsolete rapidly).
Rather, make sure the policy is broad and general.
• Orient the policy from the business value perspective.
• Provide training on appropriate
use of devices, proper management
and security of information,
segregation of personal and
business data and IT information
management controls.
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 10

11. Mobile Computing Policy Considerations
Policy Considerations:
• Define accountabilities for control (user, IT, business unit, etc.)
• Address the distinction between personal and business data
• Ensure proper controls in the event of theft or loss of the device
• Provide coverage for business provided devices and personally
owned devices
• Address funding of devices or the
cost of controls, especially for
personally owned devices
• Address different geographies
• Focus on both employees and
contracted resources
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 11

12. Mobile Computing Policy Considerations
Policy Considerations (continued):
• Define the appropriate use of business records on these devices and
address requirements for retention of records
• Security Awareness/Privacy Awareness/Compliance
– Awareness should be addressed
• Human Resource considerations
• Use of devices for personal use
• Use of devices after hours and on
personal time
• Use of devices while engaged in travel
• Inappropriate data and website access
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 12

13. Rethink
“We can’t solve
problems by using the
same kind of thinking
we used when we
created them”
Copyright © 2011 LRN Group Inc. All rights reserved

14. Inspirational Leadership for
Records Management
• Ambiguity is actually OK
• Take risks – go on a TRIP
• Challenge the status quo –
try something different
• Find the value proposition
• Elevate the conversation
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 14

15. Single or double line title without
division line
CONFIDENTIAL ©2012 LRN Corporation. All Rights Reserved. 15