4GW: Trusted Information Class Actions...

The SEC is in the middle of a Supreme Court battle and they have called in the "A" team to assist. Former SEC officials William H. Donaldson, Arthur Levitt and Harvey J. Goldschmid want to expand investors' abilities to sue in frauds:

The big-money issue has mobilized lawyers who bring class-action lawsuits and the companies and executives they target in one of the most important securities-law issues to reach the Supreme Court in years.

In cases in which fraud-ridden corporations have filed for Chapter 11 bankruptcy protection, investors may not be able to wrest money from the company itself. Lawsuits against business partners and advisers such as accountants and lawyers may present the only rich and viable option for shareholders and plaintiff lawyers, experts said.

What have we learned since Enron? Do we not have a more ethics based atmosphere at the professional services firms? In the long run, will investors be better off with the ability to sue the advisors of the companies as accomplices to wrong doing? You can bet that if the US Chamber of Commerce has it's way, the SEC is in for a real fight on this one.

Some people are behind bars. Some companies are out of business. And the Dow is again at an all time high nearing the 14,000 threshold. All of the legislation, class actions and fraud allegations are all about one thing. Information. Trusted Information.

A number of trends focused on corporate data continue to distract today's IT departments. Shareholders are clamoring for more transparency as a result of the financial scandals that have shaken confidence in corporate governance around the world. Compliance legislation such as the U.S. Sarbanes-Oxley Act (whose impact is reaching far beyond the U.S.) can result in jail sentences for executives who - even unintentionally - report erroneous information. New privacy laws around the world restrict the use of customer information. Increasing global competition has put pressure on organizations to use their expensive information assets more strategically.

All these issues can be summed up in a single concept: trusted information. Simply accessing data is no longer enough. Today's CEOs, CFOs and knowledge-workers must be able to reliably track the information they use for decisions back to the original source systems in order to ensure its timeliness, accuracy and credibility.

Over the last decade, organizations have invested millions of dollars in systems to collect, store and distribute information more effectively. Despite this, information users at all levels of the organization are often uncomfortable with the quality, reliability and transparency of the information they receive.

Today's organizations rarely have a "single view of the truth." Executives waste time in meetings debating whose figures are correct, rather than what to do about the company's issues. Additionally, they worry about the consequences of making strategic decisions using the wrong information, directly impacting the long-term survival of the organization.

This brief essay by Jeffrey Ritter discusses the compelling forces converging at the beginning of the 21st century that are shaping the need to consider trusted information as a vital asset that should be the priority of any organization:

As the 21st century accelerates, digital devices connected to the Net will continue to be indispensable to modern life. But those devices, and the services provided through them, remain vulnerable to human judgment—the 21st century winners will be those who earn and sustain the trust of those using the devices and the services—whether those are consumers, employees, shareholders, lenders or service providers.

When the law intersects with the validity of information the corporate battle lines are drawn. Think about how much time and dollars are spent proving or disproving the integrity of information in a court of law. Those organizations who know that they are in the "4th Generation Warfare" (4GW) era will survive only if they can grasp this concept. Fourth Generation Warfare removes the front entirely. Attackers rely on a barrage of information salvos and coordinated incidents to paralyze or erode the adversaries political will, rather than seeking decisive hand-to-hand combat. Does this sound familiar to your General Counsel?

We are not talking about Al Qaeda now. We are talking about the class action "Army" that is forming the strategy and the means to wage unconventional battles against your, trusted information. Or is it?

ECM Security: Trusted Information...

When it comes to Enterprise Content Management (ECM), security is an issue that continues to challenge most vendors. John Newton is in search of topics at AIIM that address the security needs of the market place:
Content Log

• Common identity. There needs to be a common way of addressing identity between different services whether those services are in the enterprise or outside.
• Common Models for Rights Management. The big, looming problem in content is the fact that huge numbers of users are adding, accessing or updating an even larger number of pieces of content.
• Distributed Directory Services. Identity is not sufficient for determining roles or entitlements.
• Mashup Frameworks for Security. Mashups, the integration of different systems at the browser level, represent the fastest-growing and easiest mechanism to weld systems together. Almost all mashups have no notion of security and only work on public systems.
• Search and Security. As search becomes increasingly federated, such as through the OpenSearch API, managing identity and entitlements on content becomes very problematic.

Whether John will find the answers is questionable. And that is exactly the issue when it comes to hosting or managing enterprise information. Almost a year ago before Stellant (Sealed Media) was purchased by Oracle, their survey of 29 CIO's who had invested more than $1M. in ECM had these as their top priorities:
The concerns were ranked on a scale of one to eight, eight being the most important.

1. Guarantee ISO 17799 compliance: 6.03
2. Protection of intellectual property during offshoring or outsourcing: 5.52
3. Protection of high- and executive-level communications: 4.79
4. Improvement of workflow-process automation: 4.41

So what?

If you are an ECM vendor and you only have so many bucks to spend on development of the next generation of your software, what are you going to add and what are you going to fix? So why is number one and two so important to CIO's who have invested so much money in their platforms?

Some of the answers can be found in the root cause of their concerns. We found some relevant discussion in a position paper entitled:

W3C Workshop on Transparency and Usability of Web Authentication by Jeffrey Ritter & Said Tabet

Statement of Issues: The conflict between the potential of Web Services and the inadequacy of web authentication is potentially best described as “a failure to communicate”. As enterprises extend and evolve into more dynamic, real-time facilities, central operations require the ability to express their security requirements in greater detail than can be currently enabled. Corporations must define and adhere to increasingly large directories of requirements in the management of their internal security controls; requiring compliance with those controls by participants in the extended enterprise is becoming essential.

Corporate operations increasingly distribute their computing and data processing requirements across a network of third party services, some of which are engaged and employed for controlled, finite sessions. But those third parties, for so long as they are processing data and functioning as part of the operating whole of the primary corporation, are being pressured to demonstrate their adherence to the security controls of their customers. This requirement is an expression of a requirement for trustworthiness—to be engaged as a part of the extended enterprise is to be trusted to perform in compliance with the applicable controls.

The enterprise who has exposure to continuous litigation is evaluating new ways to look at 3rd Parties who manage their information and this includes law firms. When you hand over management of critical and legally binding information to a 3rd party, trust is a key component of that decision. So how do you know if your law firm(s) and database marketing companies such as Merkle, Inc. or other outsourced service providers have the trustworthiness to be part of your extended enterprise? The fact is you don't unless you require the new and existing parts of the information supply chain in your organization to operate as one seamless trusted entity.

The greatest economic risk companies face with electronic discovery is choosing the wrong law firm. Under the new Federal Rules of Civil Procedure, the amounts at stake are not just legal fees or settlement costs; searching for and recovering electronic business records causes productivity losses and threatens revenue. Bottom line, selecting a law firm that is ill-prepared to effectively manage electronic discovery can cost enormously - internal records preservation and production costs are considered one of the largest uncontrolled expenses in corporate America.

So how do you select the right firm?

For corporations, Evaluating the Electronic Discovery Capabilities of Outside Law Firms: A Model Request for Information and Analysis provides corporate law departments, records management and IT departments an invaluable tool to ensure that the legal risks of e-discovery are competently addressed by their outside law firms.

Here is a peek at the line up so far this year by just one government regulator, the SEC.