Schedule a Demo

Request a Quote

About the Author

Sandra E. Serkes, President & CEO of Valora Technologies Inc.
Ms. Serkes is a dynamic leader with an extensive background spanning over 20 years in software marketing, product management and corporate strategy, particularly in document processing, computer telephony and speech recognition. One of Valora's original founders, Ms. Serkes has been actively involved in Valora since its inception in 2000. Today, Ms. Serkes oversees Sales & Marketing, Finance & Administration, Operations, Engineering and Corporate Strategy.

A graduate of both Harvard Business School and MIT, Ms. Serkes is a frequent industry speaker and panelist. She is an active participant in the Women Presidents' Org., The Commonwealth Institute, the MIT Enterprise Forum, the Massachusetts Software Council and the Network of Harvard Alumnae. Ms. Serkes serves on the boards of several technology and service start-ups. Ms. Serkes was named a 2006 "Woman to Watch" by Women's Business Magazine.



What is AutoClassification and Why Should I Care? Webinar Recording

What is AutoClassification and Why Should I Care?

Join industry experts Julie Colgan and Sandra Serkes for part one of a 4-part webinar series discussing the impact AutoClassification makes when analyzing, organizing and controlling documents, files, and other enterprise content.

This session covered the history and evolution of AutoClassification as an indispensable tool for Enterprise Content Management (ECM) and Information Governance (IG).

View the PowerPoint featured in this video here.


November 17, 17|Categories: Feature 1, News|

AutoClassification 101: A webinar series

AutoClassification 101: A webinar series brought to you by DTI/Epiq and Valora Technologies


What is AutoClassification and Why Should I Care?

Join industry experts Julie Colgan and Sandra Serkes for part one of a 4-part webinar series discussing the impact AutoClassification makes when analyzing, organizing and controlling documents, files, and other enterprise content.

This session will cover the history and evolution of AutoClassification as an indispensable tool for Enterprise Content Management (ECM) and Information Governance (IG).

Learn how and why:

  • AutoClassification is a game-changer for understanding and managing content
  • What types of structured and unstructured data are good candidates for AutoClassification
  • What types of rich metadata result from an AutoClassification process
  • AutoClassification drives automated business rules for retention, legal hold, remediation, migration and much more
  • AutoClassification integrates with your Information Governance and Records programs to ensure compliance
  • Identification, redaction, and remediation of sensitive data and Personally Identifiable Information (PII) / Protected Health Information (PHI) are easily handled with AutoClassification


Session 1: What is AutoClassification and Why Should I Care?
Wednesday, November 15
1:00 PM EST

Image result for Register now logo blue

Upcoming sessions include:

  • Session 2 January 17, 2018 “Creating Structure from Unstructured Data”
  • Session 3 March 21, 2018 “Follow the Rules! Using Valora PowerHouse and BlackCat to Execute Against Your Retention Policy”
  • Session 4 May 16, 2018 “The Future of IG and Content Services”

Presented by:

Julie Colgan, Director of Strategy and Innovation

Julie joined DTI in 2016 to lead the Management Solutions strategic pathway as well as oversee and lead our RIM, IG and Technology areas. Prior to joining DTI, Julie has served as the Head of IG Solutions for Nuix where she led the Information Governance business line, including the development and oversight of market and product strategy. Julie’s stellar background also includes being the past president of ARMA International and serving as the Chair of the Board of Directors for ARMA.

Sandra “Sandy” Serkes, President & CEO
Valora Technologies

Sandra (“Sandy”) Serkes is a dynamic leader with an extensive background spanning over 20 years in entrepreneurship, software marketing, product management and corporate strategy, particularly in information governance, predictive analytics, document data mining and processing, computer telephony and speech recognition.
A graduate of Harvard Business School and MIT, Ms. Serkes serves as an Adjunct Professor to the Columbia University School of Professional Studies, Knowledge Management Program, where she lectures on “Solving Information Governance & Knowledge Management Problems with Pattern-Recognition Technologies & Predictive Analytics.” since Fall 2015.

Copyright © 2017, All rights reserved.

November 10, 17|Categories: Feature 1, News|

Valora Wins Key Information Governance Award

Valora Technologies Wins Key Information Governance Award for Second Year Running

Finalist, IG Service Provider of the Year, 2017

BEDFORD, MA (USA) – October 10, 2017 – Valora Technologies, Inc. a leader in predictive analytics and AutoClassification for Information Governance, has been named 2017 Finalist for Information Governance Service Provider of the Year at the Information Governance Conference in Providence, RI.   As Best IG Service Provider, Valora received high praise from conference attendees for a combination of demonstrated technical acumen and industry leadership.

The Information Governance Conference notes, “The #InfoGov Awards are a way of recognizing the companies and people that are moving the Information Governance industry forward. The #InfoGov Awards are a completely unbiased awards ceremony, with awards chosen by the community through nomination and voting.”

2017 marks Valora’s second year running as Finalist for Information Governance Service Provider of the Year. Last year, Valora also won Finalist for Best Information Governance Pitch of the Year.  In 2015, Sandra Serkes, Valora’s President and CEO, won Information Governance Expert of the Year.

Left to Right: Collin Cahill, Lynn Thompson, Cliff Dutton. Inset: Sandra Serkes.

“We are honored to receive this continued recognition from arguably the world’s leading authorities on Information Governance,” remarked Serkes.  “We are devoted to promoting the very best practices and technology in the fields of document analytics, classification and machine learning.”

 Earlier in the conference, Serkes served as moderator and panelist for the “AutoClassification in the Real World” session on Wednesday, September 27, 2017.  She was joined by Colin Cahill, Records Manager for Charles Stark, Jr. Draper Laboratory; Lynn Thompson, Data Scientist; and Cliff Dutton, Chief Innovation Officer for DTI, a recent investor in Valora Technologies.

About the Information Governance Con
InfoGovCon is the premier conference for Information Governance practitioners from all facets of Knowledge Strategy, Records Management, Litigation & eDiscovery and Corporate Information & Compliance. The conference aims to build and foster community, promote learning and best practices, and provide networking opportunities for the IG community with its interactive sessions, panels and presentations.

About Valora Technologies, Inc.
 is a world-class provider of AutoClassification, Data Analytics and Machine Learning technologies for the Legal, Records Management & Information Governance markets. We offer data mining, analytics, coding and review, document intake and visualization, and hosted solutions for corporations & government agencies, as well as their advisory, inside & outside counsel organizations around the world.

Valora has developed a strong expertise in the processing, management & analysis of large and small matters with complex requirements, such as short deadlines, sensitive material & mixed languages. Our specialty is providing efficiency, organization and cost control.

For more information, please visit Valora’s websiteLinkedIn profile, or contact us at: 781.229.2265.


Press Contact:
Valora Marketing Department

Read Full Press Release Here

October 11, 17|Categories: News, Valora Technologies Blog|

Boston Voyager – 9/18/17 – Meet Sandra Serkes of Valora Technologies in Bedford

Meet Sandra Serkes of Valora Technologies in Bedford

By Boston Voyager Staff

Today we’d like to introduce you to Sandra Serkes.

So, before we jump into specific questions about the business, why don’t you give us some details about you and your story.
Valora started when its founders realized there was not a good way to “link” data form one area to another, even when the associations were readily apparent. We built a software engine to identify patterns in files and associate related information. There was an immediate need in the legal community where large document populations are the norm and there is an unending need to discover “who knew what when.”

Today we would call such terms “metadata” and the technology that identifies them “AutoClassification.” Originally providing our technological capabilities as an outsourced service, Valora today supports SaaS and cloud-based options in addition to outsourced services, as well as on premises product installations of PowerHouse and BlackCat, our flagship products.

Overall, has it been relatively smooth? If not, what were some of the struggles along the way?
It has not been a smooth road, but what is? Some obstacles we faced were erratic, project-based revenues, and the rise of competition. Any purely services-oriented company will face days of feast and days of famine, as the project work ebbs and flows.

That was one of the driving decisions towards productizing our capabilities and offering more round-the-clock and round-the-world offerings – to even out the demand and utilization. Today about 70% of our work is recurring in nature (rather than one-off), and that has made an incredible difference in our stability and ability to invest in our future.

The second obstacle that we were bound to face eventually was competition. Even the best technologies will eventually come under attack. First, we were hit with low-cost offshore labor as a potential competitive approach and later, other competing technologies. The solution to both was (and continues to be) to keep investing in the technology to make is stronger and more and more capable. Also, today our longstanding reputation has become a strong factor as we have “seen it all” when some newer entrants really haven’t.

Valora Technologies – what should we know? What do you guys do best? What sets you apart from the competition?
Valora is a technology-based provider of automated document analytics, classification and management services for the legal, records management & information governance markets. We offer data mining, analytics, coding and review, document intake and visualization, and hosted solutions for corporations & government agencies, as well as their advisory, inside & outside counsel organizations around the world.

Valora has developed a strong expertise in the processing, management & analysis of large and small matters with complex requirements, such as short deadlines, sensitive material & mixed languages. Our specialty is providing efficiency, organization and cost control.

It would be easy to say we are most proud of our technology, but that is really only part of the total Valora picture.

Indeed, we are most proud of our 16 year longevity in the industry and with our clients, some of whom has been with us almost the entire time!

What sets us apart from others is our commitment to using technology to create clever, efficient and highly functional solutions for our clients. We are known for our ability to problem-solve and our professionalism, and that is the highest compliment a company can get!

What is “success” or “successful” for you?
I have a lot of personal measures for success, and they change a bit over time. Originally, I thought success equaled revenue growth, and then profit, and then stability. Today I would add a personal element to all of that, such as happiness and pride in your work and your accomplishments. Over the years I have become an industry expert and mentor to others and that has been extremely rewarding.

Going forward, my success markers will be an ability to fully realize the potential of our product base and take the company global.

Contact Info:

To read the full article click here.

September 18, 17|Categories: Feature 1, News|

Press Release-Valora Technologies Strengthens Core Engineering Team With Key New Hires


Industry Veterans Mary Vogt and Scott Mackey Drive PowerHouse™ Software Development for Rapidly Growing AutoClassification Firm

BEDFORD, MA – June 30, 2017 – Valora Technologies, Inc., a world-class provider of AutoClassification, Data Analytics and Machine Learning technologies for the Legal, Records Management & Information Governance markets, today announced two key appointments to its expanding Core Engineering Team. Mary Vogt and Scott Mackey join Aaron Goodisman, Valora’s Chief Technology Officer, and the rest of the Valora Engineering team, with specific focus on building out the company’s PowerHouse™ and BlackCat™ AutoClassification and Data Visualization products.

Mary Vogt serves as Senior Software Engineer, with a 20-year background in enterprise document management and web services. She previously worked directly with Mr. Goodisman at SilverStream Software (now MicroFocus), as well as prior engagements with Lotus, FileNet, and as as an independent software consultant. Mr. Goodisman and Ms. Vogt studied together as undergraduates at the Massachusetts Institute of Technology (MIT) and Ms. Vogt also holds a Master’s Degree from Simmons College.

Scott Mackey joins the team most recently from Dell EMC, with previous experience in analytics and full-stack Java development at iRobot, General Dynamics, and other leading Massachusetts technology firms. With 10 years of Java-based development expertise, his background in REST APIs and both Java- and web-based UI design is ideally suited to Valora’s work in enterprise-scale AutoClassification. He holds Bachelor’s and Master’s degrees in Computer Science from the University of Colorado.

“This is pretty much the technology dream team,” remarked Sandra Serkes, Valora’s President & CEO. “We are lucky to draw such outstanding individuals in this very tight labor pool for engineering talent. I think that’s a testament to Valora’s market promise and our solid technology stack.”
Valora will continue adding to its Engineering group throughout the year, capitalizing on its recent investment from DTI Global.

“I’m thrilled to welcome Mary and Scott to the Valora team,” said Valora CTO Aaron Goodisman. “We have a lot of exciting ideas for moving the product suite forward and this group is uniquely qualified to implement them.”

About Valora Technologies, Inc.

Valora is a world-class provider of AutoClassification, Data Analytics and Machine Learning technologies for the Legal, Records Management & Information Governance markets. We offer data mining, analytics, coding and review, document intake and visualization, and hosted solutions for corporations & government agencies, as well as their advisory, inside & outside counsel organizations around the world.

Valora has developed a strong expertise in the processing, management & analysis of large and small matters with complex requirements, such as short deadlines, sensitive material & mixed languages. Our specialty is providing efficiency, organization and cost control.

For more information, please visit Valora’s website, LinkedIn profile, or contact us at: 781.229.2265.


Press Contact:
Marketing Department

View as PDF Here

June 14, 17|Categories: News|

Valora’s GDPR Article Accepted for ICAIL/DESI VII 2017

Valora’s GDPR Article Accepted for ICAIL/DESI VII 2017

The ICAIL conference is the primary international conference addressing research in Artificial Intelligence and Law, and has been organized biennially since 1987 under the auspices of the International Association for Artificial Intelligence and Law (IAAIL).
ICAIL provides a forum for the presentation and discussion of the latest research results and practical applications, fostering interdisciplinary and international collaboration. Conference proceedings will be published by the Association for Computing Machinery.
Valora is proud to announce that this is the second year that we have had a paper accepted and been invited to present at the ICAIL/DESI conference.
June 12, 17|Categories: News|

Understanding the General Data Protection Regulation (GDPR)

As of May 25th, 2018 the European Union (EU) will alter business requirements for companies that possess personal information pertaining to EU residents.  The General Data Protection Regulation (GDPR) applies to any company doing business with customers in the EU, and will have a far reaching impact, beyond just EU borders.  While a primary purpose of the GDPR is to harmonize data privacy protection regulations across the various EU member nations, the potential business interruption for organizations around the world is a serious concern…

Read More Here

Also Available Here, on the University of Maryland Institute for Advanced Computer Studies, via ICAIL 2017

Written By:
Sandra Serkes
Joseph Bartolo, Jr.

May 25, 17|Categories: News|

Columbia University-A Blueprint for Building Innovation Capacity

A Blueprint for Building Innovation Capacity

During the Information and Knowledge Strategy (IKNS) program residency at Columbia University, a panel of speakers representing Nike, World Bank, Wells Fargo, Educational Testing Service, Valora Technologies, and Thompson Reuters convened to answer these questions. Illana Raia, IKNS faculty member and former Knowledge Counsel for Skadden, Arps, served as moderator.

1. Set Your Mark

As Carlos Gámez of Thomson Reuters explained, determining how your company plans to measure innovation involves several steps:

  • First, “you need an innovation strategy – a hypothesis that answers how encouraging and funding certain activities could accelerate business results.”
  • Next, you need real metrics to validate your hypothesis, project by project. “[Metrics] help you learn and place more follow-on bets…you are buying options with this new information,” said Gámez.
  • Panelists concurred that it’s not enough to measure the return on investment without having a sort of rubric for evaluating successful/unsuccessful experiments, disruptive/incremental impacts on the industry, and disruptive/incremental impacts on an organization.
  • “The bottom line is this: it ultimately has to be what the market wants,” said Nathan Bricklin of Wells Fargo.

2. Have an Innovation Mindset

World Bank’s Kelly Widelska and Nike consultant Julie Langford agreed, noted that numerous innovation roles – whether agitator, coach, evangelist, or project manager – require a mindset of thinking outside the box. Certainly, we can nudge, train, and encourage employees to push boundaries and seek creative solutions, but most panelists argued also for an infusion of talent uninhibited by company tradition, functional norms, or industry norms. An innovative culture begins with hiring. “Look for candidates with deep curiosity,” urged Kelli Carlson of Wells Fargo. “To create the right environment, we need lots of that.”

3. Build an Ecology of Risk Tolerance

Once you have established parameters for how you will measure innovation, the next step is inviting a wide swath of creative thinkers and risk takers within your community and placing what Gámez called “bets” on them. Panelists shared their strategies for this:

  • Applaud publicly those who take risk.
  • Simultaneously create a safe environment in which to fail.
  • Extract the wisdom hidden in those failures and broadcast that.

Wells Fargo’s Kelli Carlson advised to “fail fast” but “feel the pain” in order to glean insight from experience. “Failure is the foundation of learning and a far better teacher than success,” added former ETS Chief Learning Officer T.J. Elliott, paraphrasing Bill Gates.

Panelists agreed that what we shouldn’t do is to isolate failures as deviant, and not part of the innovation process. They stressed the importance of seeing the whole picture rather than focusing on a single failure.

4. Bridge and Cross-Pollinate

Innovation often comes from bridging ideas from one domain or application to the next. “Collaborate across your corporate cultures even when it seems impossible,” stated World Bank’s Kelly Widelska, “We have academics co-design with investment bankers.”

“Multiple functions need to collaborate,” agreed Wells Fargo’s Kelli Carlson, “to get the ideas that can survive in the wild.” How different organizations achieve this depends largely on corporate culture. Striving for an “empathy culture” — being open-minded even when it feels risky — was a common goal.

“Agitators get attention,” warned Wells Fargo’s Nathan Bricklin, noting that creative input should be sought from all members of a team. He added that, as a manager, you also need to be able to hear those reticent to speak. “You have to be multispeed, fast and slow.” Not all innovations will come in blaze of galloping horses. Some will come slowly, such as in the gnawing realization that a meeting went badly.

5. Do the Unexpected

From bite-sized daily innovation texts to full-scale accelerator programs, the panelists shared how they engage their communities in thoughtful and provocative ways, including gamification, hackathons, product design contests, and innovation jams.

Kelli Carlson described her “daily innovation texts” about the innovation process and high-profile innovations in the industry. She and Nathan Bricklin also described the “Appy Hour,” a monthly (alcohol-free) gathering among the Wells Fargo Innovation Group where “we choose anywhere from 3 to 5 apps, identify their applicability to our group, and then demo them for an hour.”

6. Respect the Past – It Could be Your Future

Finally, panelists urged respectful examination of the past. “Don’t lose the tacit knowledge and experience that made you successful in the first place,” admonished ETS’ T.J. Elliott. He pointed out that balancing innovation with the necessary “operating and maintaining” of a company is a subtle distinction for new innovation leaders. The panelists offered some valuable final tips on how to achieve that balance:

  • Be systematic about what you know.
  • Try, fail, learn, and repeat.
  • Revisit and respect prior attempts (whether you call them failures or not), instead of creating new solutions out of whole cloth.

Valora’s Sandy Serkes pointed out that sometimes reviewing the past can be innovative in itself. “We use different circuits in our brain when we consider something in a new light.”

Learn more about Columbia University’s Master of Science in Information and Knowledge Strategy.

Illana Raia

May 25, 17|Categories: News|

Law Technology Today-May 23, 2017-Why is the General Data Protection Regulation (GDPR) Important?

Why is the General Data Protection Regulation (GDPR) Important?

As of May 25, 2018 the European Union (EU) will alter business requirements for companies that possess personal information pertaining to EU residents. The General Data Protection Regulation (GDPR) applies to any company doing business with customers in the EU, and will have a far reaching impact, greater than many corporations realize. While a primary purpose of the GDPR is to harmonize data privacy protection regulations across the various EU member nations, the potential business interruption for organizations around the world that will result from these new standards is a serious concern.

The applicable fines set forth in the GDPR for failing to comply with regulations are significant. Corporations that handle EU customer data, regardless of where the company is based, can face up to EUR 20 million (approximately $22.3 Million U.S. Dollars) in fines, or 4% of their total global revenue for the preceding fiscal year, whichever is higher, for GDPR noncompliance. Hence, if a company has customers based in the EU, these GDPR requirements must be taken seriously.

The GDPR data protection protocols must be in place for “Personally Identifiable Information” (PII), of all living EU citizens, regardless of where that information is sent, processed, or stored. In addition, the company possessing such PII data must have a process in place to verify and prove that valid protections exist. Corporations are not exempt from the GDPR simply because they don’t have offices there, or don’t process data in the EU. The EU’s concept of data privacy differs greatly from the United States’, but U.S. based corporations doing business with EU citizens will still have to adhere to the strict requirements of the GDPR. The impact of the GDPR reaches nearly all companies, including many who are seemingly unaware of its regulations. In certain specific circumstances, companies must create a position of “Data Protection Officer” (DPO), whom will address GDPR compliance. Hence, the costs to prepare for compliance will include requirements for trained personnel and financial investment in technology.

Having a means to comply with the stringent requirements of the GDPR is no simple task. Planning is required to comply, which is why the regulations are not meant to take effect until May 2018. Some of the complex issues that need to be addressed for GDPR compliance include:

  • How electronic information is stored, transferred, accessed, and secured.
  • Document retention schedules, and how they are enforced.
  • Written proof of compliance.

Creating an effective compliance strategy will be costly and many companies have not set aside money in their projected annual budget for the funds required to address these concerns, which means they will come from emergency or other contingency planning budgets.

Those corporations who have already begun to address their information management capabilities in general will have an advantage in complying with the GDPR requirements. Many of the key elements of a corporate “Information Governance” (IG) plan are related to the issues of concern for GDPR compliance. The ability to manage information, and address data governance, corporate risk, and regulatory compliance, are existing concerns for corporations, notwithstanding the GDPR. Existing technology for cybersecurity and “Data Loss Prevention” (DLP) can also be utilized to help prepare for the GDPR. Moreover, search and retrieval technology and techniques used for eDiscovery purposes also serve as a means to assist in managing information. The illustration below from Susan Bennett, of Sibenco, provides useful insight into aspects of information governance, many of which help address the specific needs of the GDPR.

(Source: “What is Information Governance and How Does it Differ from Data Governance,” Sibenco, 2017, Information Governance vs Data Governance)

Handling sensitive information, such as PII, is a challenge that pertains to both IG and GDPR compliance. Restrictions imposed on the transfer of PII by the GDPR can be addressed by the use of technology. Identification of sensitive content within a business record, and the ability to redact portions of content, can impact whether that specific file is transferrable under the rules set forth by the GDPR. Having a means in place to identify the content of data will be essential for GDPR compliance. In addition to IG protocols, “Knowledge Management” (KM) practices will also enhance a corporation’s ability to comply with the GDPR. The ability to garner business intelligence about the information the corporation possesses will serve as a significant advantage for GDPR compliance. Knowledge of not only files in possession and control of a business, but also about the content level within those files, will be a prerequisite for doing business with EU customers.

Addressing GDPR Compliance

Since the GDPR specifically requires the ability to prove data protections are in place, documentation of existing privacy safeguards is essential. All documentation and processes must clearly address issues such as: where is the data; what type of data exists; who has access to the data; what is in the data content; how is data stored; how is data transferred; how is newly created data incorporated? Without answers to these questions, GDPR compliance is impossible.

Below are suggestions for IG best practices which can be specifically implemented to address the requirements of the GDPR:

Data Mapping. If a DPO does not know the location and/or the contents of corporate data, it is impossible to fully protect that information per the GDPR requirements. The need for data mapping is rather obvious since the risk of non-compliance is too high without the knowledge of location of all the corporate sources of data. If the data map for the corporation is incomplete or inadequate, a discussion with the I.T. stakeholders in the company should take place to update this information. Collaboration between I.T., management, and the corporate legal department, in order to create a comprehensive data management plan is a vital step toward GDPR compliance. Any corporate data stored by third-party providers, including cloud services vendors, or data archival companies, requires attention. The data in the possession of third-party providers is also subject to the GDPR regulations applicable to the corporation, including information retained by outside counsel law firms. If data in possession or control of the corporation contains PII of EU citizens, GDPR compliance requires steps to protect such information.

Understanding File Contents. Many corporations seem ill prepared for the requirement to know the contents of their internal data. Knowing where data resides is only part of the equation. A corporation must also know what the data is and contains. For example, are the files legally binding in nature, such as contracts and agreements? Do the files contain any sensitive data, such as PII or PHI?

Consent. A key requirement of the GDPR is the need to obtain specific consent from an individual before being obtaining, storing or utilizing their personal data. The corporation must provide a clear affirmative action or statement providing permission to process the individual’s data. In addition, the GDPR establishes that the individual has a “Right to be Forgotten,” and can request their personal information be explicitly removed from use. Without some other legal reason to process an individual’s information, the corporation must respect a request to delete data without undue delay.

Information Request. On a similar note, an individual has a right to request access to the personal information being gathered and stored about them. The individual may request information from a company about any of their personal data, including: who has access to their information, how the data is accessed; where it is being accessed; and the purpose for which it is being accessed. Furthermore, an individual can also seek corrections about their personal data, if the EU resident feels the information is inaccurate. The individual may object to the use of their data for profiling by the corporation.

Retention Schedules. Enforcing corporate document retention schedules, while also maintaining proper litigation hold protocols, is already a challenge for many corporations. There are inherent risks associated with maintaining information when there is no legal obligation to retain possession of that data. An effective means of dispensing with specific information that is outside of an applicable document retention schedule is an important component for both IG and GDPR compliance.

Security Breaches. An overarching component of the GDPR is the need to provide cybersecurity protections to prevent data breaches, as well as express provisions regarding notifications of data breaches to both the supervisory authority and to individuals whose information has been exposed. Hence, corporations must not only be aware when a breach has occurred but also must have a means to notify those impacted by the breach of what specifically was exposed.

Data Transfer. The GDPR places explicit restrictions on transfers of personal information. Corporations must have an enforceable plan to prevent unauthorized data transfers, and the GDPR puts forth stringent requirements regarding data transfers to locations outside of the EU. Whether a data transfer is permissible under the rules of the GDPR, will require answers to a series of queries about the content of the information. If PII, or otherwise sensitive information, exists in the data at issue, additional restrictions will be applied, possibly revoking permission for the transfer of that information. An entire file might be improper to transfer under certain circumstances, thereby prohibiting access for persons outside of the EU to view such information. In other instances, a portion of the content of a file might block the permissible transfer, however if actions are taken to redact the specific content in question, the remainder of the file might be permissible for a data transfer.

What Is Auto-Classification and How Does It Assist with GDPR Compliance?

It is clear that properly managing all data in a corporation’s possession to comply with GDPR regulations is an extremely onerous task for most businesses. The GDPR requirements necessarily create an increased reliance upon automation in order to properly manage the lifecycle of corporate information.

The explosion in the volume of data in the possession of corporations has already led to the advancement in various technologies that assist managing information. Corporate best practices for IG, KM, E-Discovery, compliance and cybersecurity, all provide guidance for the use of technology which help address GDPR regulations. One particular automation technology that will serve as a tremendous asset to corporations struggling with GDPR mandates is referred to as “Auto-Classification.”

Auto-Classification Software data mines information at the content level, and then categorizes files based on the information’s substance. This technique is already being utilized by many corporations as part of their IG strategy. Auto-Classification’s ability to group information by category or by specific characteristics will prove useful for GDPR compliance. Similarly, Auto-Classification’s ability to detect the presence of PII and other sensitive content will likely become a best practice when it comes establishing GDPR protections.

One impediment in complying with GDPR is the vast amount of “Dark Data” currently residing in most corporate networks. Dark data is information existing on shared file servers, or in employees email inboxes whose content or purpose is largely unknown. Auto-Classification helps manage unwieldy unknown information and sheds light on the contents and origins of such data. Corporations utilizing document management systems (DMSs) or enterprise content management systems (ECMs) rely on Auto-Classification to categorize files outside of the document/content management platform, subsequently placing that information into folder-level taxonomies within their systems.

Auto-Classification software uses both pattern-matching algorithms as well as artificial intelligence to detect file contents and attributes such as: personal information; authorship and origin; type or format of document; and expected retention period. In addition, Auto-Classification technologies are configured follow a set of customized rules regarding file disposition. For example, a rules-based Auto-Classification system will enforce a specific document’s retention schedule, and then place the file into the proper folder taxonomy structure. Auto-Classification technology specifically meets the GDPR requirements to have a system in place that can detect what information it has, where it lives and how it will be handled under differing circumstances.

With a proper Rules Engine, sensitive information is protected via individual security level restrictions, including limitations based on the geographical location of the user attempting access. Rules are also used to block improper information transfer to locations outside the EU. Furthermore, rules are used to trigger certain events, such as an expiration date associated with certain data which would make such information eligible for deletion.

Conclusion: Advantages Of Using Automation For GDPR Compliance

While compliance with GDPR regulations will be no small task for most enterprises, the use of automation makes the task more manageable. Though not every organization is as proactive as they should be, there is still time for those companies to prepare for the GDPR regulations, and avoid the imposition of fines. Enterprises that have been more proactive in automating their IG strategies are in a better position to comply with the GDPR than others. Companies most likely to avoid fines are those with a DPO in place, who can document the automated steps taken to provide the required protections to personal sensitive data. Similarly, corporations with established IT security protocols and passed audits will have an easier path toward GDPR compliance.

Return on investment is often a key metric required by corporations before they approve expenditure of funds. While companies may have been reticent about investing in IG technology previously, the GDPR requirements serve as a stark turning point to that strategy. The potential for business interruption caused by the GDPR, not to mention its stringent fines for non-compliance, prove out any return on investment calculation several times over. Furthermore, the benefits derived from improved information management techniques assist not only GDPR compliance, but also corporate efficiency and knowledge management capabilities.

Certainly technology is creating some unique challenges for business. Protecting the privacy of individuals is increasingly difficult as the volume of personal data in possession of corporations continues to explode. However, through intelligent use of a proper combination of people, process and technology, the challenges of GDPR compliance can be adequately met. Conversely, waiting for the deadline of May, 2018 to approach without taking steps to address that challenge could prove very costly.

Lack of preparedness for GDPR is an alarming concern. According to a Symantec survey in 2016, “91% (Ninety-One Percent) of 900 business IT decision makers polled in the U.K., France, and Germany have serious concerns about their ability to be compliant by May 2018. The attention paid to the looming threat from the GDPR’s effective date May 25, 2018, will only grow as that date approaches.

About the Authors
Ms. Serkes is President & CEO of Valora Technologies, a leading provider of document, data and content analytics solutions for Information Governance and eDiscovery. One of the company’s original founders, Ms. Serkes takes a very active, day-to-day executive role in the company. In her tenure, Valora has successfully landed some of the most prominent corporate, legal and government clients in the world. A Harvard Business School MBA and MIT graduate, Ms. Serkes is a frequent industry speaker and panelist.
Joe Bartolo, J.D., Senior Solutions Consultant for Valora Technologies, is a former litigator in New York State, with 11+ years of experience working for eDiscovery providers. Joe is a VP in the Metro New York Chapter of ACEDS, and is the Co-Chair of their Educational Committee. Mr. Bartolo is a former working group leader in the EDRM, and has instructed continuing legal education courses about eDiscovery and information governance throughout the United States. Joe received a Juris Doctorate Degree from Rutgers School of Law – Newark in 1992, and a Bachelor of Arts Degree in Political Science from New York University in 1989. Follow Joe on Twitter @joseph_bartolo.
View Full Article Here

CMS Wire – April 12, 2017 – The Information Governance Supporting Software Market Heats Up


Just a few years ago, only a handful of companies were talking about achieving information governance. Often, it was despite their current set of tools and software. They discussed workarounds — workflow tools — used like duct tape to the enterprise, piecing together a strategy.

Fast forward to today.

Dramatic Changes in Information Governance World

Those visionary smaller software companies that saw and embraced the opportunity are growing up. Companies like Valora Technologies, RecordLion, FileFacets, Adlib Software and so many others are now reaping the rewards. And larger players who expanded their offerings, companies like IBM, Box, Microsoft, Alfresco and others, are seeing those investments begin to pay dividends.

We can see it in the news: Valora Technologies received a large investment infusion from DTI in late March. Only a week before, Gimmal purchased RecordLion to expand its offerings, a purchase likely paid for with an undisclosed investment infusion it received earlier in the year.

Late last year, it was FileFacets that received $4 million in Series A funding.

Buckle in for a wild ride.

Don’t Call It the Information Governance Market

Let me be clear: information governance isn’t a piece of software or technology, it’s a strategy.2 So before anyone says “Information Governance Market,” let’s remember that there really is no such thing, since there is no technology solution to a strategy problem.

However, to implement information strategy, one needs supporting technology — so the market could be more accurately defined as the “Information Governance Supporting Software Market.” It is that information governance supporting software market that is absolutely red hot right now and will only grow in the years to come.

The Information Coalition defines information governance as,

“The overarching and coordinating strategy for all organizational information. It establishes the authorities, supports, processes, capabilities, structures, and infrastructure to enable information to be a useful asset and reduced liability to an organization, based on that organization’s specific business requirements and risk tolerance.”

Companies can no longer afford to separate their various information-focused disciplines. Records managers cannot fight over the same information that the data scientists are using, which legal and compliance are also tapping into. A unified strategy must emerge, and that strategy is Information Governance.

When your company is ready, a new and maturing software market is ready for you.

About the Author

Nick Inglis is president of the Information Coalition and co-founder of The Information Governance Conference. He is the author of the AIIM SharePoint Governance Toolkit and creator of the Information Governance Model.

April 12, 17|Categories: News|
Load More Posts