Sodrel’s article is based on CGIRB’s transition to a fully paperless company, a process that started in mind-2008 when CGRIB teamed with Sitrof Technologies to install the Xerox DocuShare software and the Sitrof Compliance Module for DocuShare. DocuShare was first configured to mange CGRIB’s non-regulated documents, such as vacation requests, business development information, training information, PowerPoint presentations, spread sheets, status reports, RFI’s and contracts. After giving the staff time to become familiar with DocuShare, Sitrof installed its compliance module a year later. These systems help to automate the workflow and decision process and improve efficiencies and customer service.

CGRIB was able to transform from a heavily paper-centered company into a completely digital, paperless organization in less than two years. Going paperless enabled CGIRB to become more efficient in all areas, with the added bonus of becoming more environmentally friendly. Sodrel encourages paperless transitions in order to help an IRB quickly collaborate, share documents, and review protocols.

Click here to read the full article.

Congressional demands for information from companies following news stories about privacy now are routine.   E.g. "Markey, Barton Ask Facebook About Plan to Enable Access to Addresses, Mobile Numbers" (February 2, 2011).

On the Senate side, Senator Patrick Leahy (D-VT) has created a first-ever Sub-Committee on Privacy, Technology and the Law within the Judiciary Committee and has appointed Senator Al Franken (D-MN) subcommittee chair.  The committee's mandate includes

oversight of laws and policies governing

• the collection, protection, use, and dissemination of commercial information by the private sector, including online behavioral advertising;
• privacy within social networking websites and other online privacy issues;
• enforcement and implementation of commercial information privacy laws and policies;
• use of technology by the private sector to protect privacy, enhance transparency and encourage innovation; privacy standards for the collection, retention, use and dissemination of personally identifiable commercial information;
• and privacy implications of new or emerging technologies.

Senator John Kerry (D-MA) is expected to introduce a comprehensive privacy regulatory bill that may include FTC rulemaking authority with a specific mandate regarding opt-in and opt-out consent for the online collection of personal information.  The legislation has been rumored for months, but has yet to be introduced, perhaps owing to the need for coordination between the two committees that now have jurisdiction over privacy issues in the Senate, the Commerce and Judiciary Committees.  Commerce Committee Chair Sen. Jay Rockefeller (D-WV) has expressed a strong interest in seeing increased legal protections for privacy.

On the House side,  four major privacy bills have been introduced this year with more likely to come:

(1) the “Do Not Track Me Online Act of 2011"

(2) the “Financial Information Privacy Act of 2011"

(3) the “BEST PRACTICES Act” and

(4) the “Equal Employment for All Act.” 

Representative Jackie Speier (D-CA) introduced the first two bills. The “Do Not Track Me Online Act” would direct the Federal Trade Commission (FTC) to promulgate a Do-Not-Track regulation and would authorize the FTC to require businesses to give consumers an EU-style right of access.  More specifically, the bill would require the FTC to promulgate regulations under § 5 of the FTC Act to require the use of “an online opt-out mechanism to allow a consumer to effectively and easily prohibit the collection or use” of online activity.  Businesses would also be required to disclose their information practices in an “easily accessible” manner.

The new regulation would have broad application, as it exempts only small businesses who are not primarily in the data collection business and who do not collect or store any “sensitive information” (e.g., regarding race, religion, and income).

Representative Speier’s second offering, the “Financial Information Privacy Act of 2011,” would amend the Gramm-Leach-Bliley Act (GLBA) to require notice and opt-in before a financial institution may share “nonpublic personal information” with unaffiliated third parties, a change from the current opt-out regime.  The bill would require notice and opt-out for sharing with affiliates. The bill would also mandate compliance with fairly detailed specifications for the notice and consent forms. For example, the opt-in form for third party sharing would have to be a separate document that “clearly and conspicuously” states the consumer is authorizing “disclosure to nonaffiliated third parties” and must be “dated and signed” by the consumer.

The BEST PRACTICES Act would establish national requirements for collecting and sharing personal information.  Notably,  "opt-in" consent would be necessary before personal inforrmation coule be disclosed to a third party.  Special treatment is accorded for sensitive information, such as medical, financial, sexual orientation, or geolocation information).  For such information, there is a requirement for express affirmative consent for collection, use, and disclosure.   A "safe harbor"  exempting companies from the opt-in consent requirement is provided for in the legislation, so long as companies participate in FTC-monitored universal opt-out programs operated by self-regulatory bodies.

Also in the financial privacy arena, Representative Steve Cohen (D-TN) recently introduced the “Equal Employment for All Act” that would bar employers from using consumer credit reports for “employment purposes.”    With a few exceptions for government jobs, banking-sector jobs, and jobs requiring certain security clearances, the prohibition would be absolute: the source of the report is irrelevant and consumer consent will not cure a violation.   If this bill became law, the federal government would joins sixteen states considering a similar prohibitions – California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maryland, Ohio, Pennsylvania, Missouri, Nebraska, New Jersey, New Mexico, New York, Texas, and Vermont.

In the "still to come" category of legislation, Rep. Cliff Stearns (R-FL), co-sponsor of the Boucher Stearns bill from the last Congress,  reportedly is working on a revised version of that legislation.  Last session's version would have permitted a web site to share user information with unaffiliated third parties for the purposes of marketing, advertising, or selling without express opt-in consent only if it: 

(1) provided users with a “readily accessible” opt-out mechanism;

(2) deleted or rendered anonymous any “covered information” within 18 months after it is first collected;

(3) allowed users to review and modify, or completely opt out of having, any profiles maintained about their preferences by web sites or their advertisement network partners for marketing purposes (these so-called “preference profiles” must be accessible through a hyperlinked “symbol or seal” on the web site and on or near any advertisement served based on the profile); and

(4) prohibited advertisement networks from further disclosing any such information they receive. 

Revisions of the Electronic Communications Privacy Act (ECPA) (to extend protection to data held "in the cloud") and of the Communications Assistance for Law Enforcement Act (CALEA) (to permit law enforcement access to communications on "non-traditional channels" such as social networking sites), both affecting personal privacy, also are on the legislative agenda.

In the contentious and (on the House side) de-regulatory environment that exists on Capitol Hill, it is anyone's bet whether legislation will proceed and become law during he current session of Congress despite the bi-partisan appeal of privacy.  But given the amount of attention privacy is receiving in the media, especially on the heels of the FTC and Department of Commerce reports decrying the current state of privacy, all it will take is a major privacy incident to spur the lawmakers to action.  Recall that the Video Privacy Protection Act of 1988, 18 U.S.C. § 2710 (2002), was passed as a reaction to the disclosure by a newspaper of Supreme Court nominee Robert Bork's video rental records.  Indeed, many of the country's major privacy laws arose in reaction to an indentified problem (financial privacy, health information privacy, children's privacy).  With online privacy now uniformly recognized as a "problem," and with self-regulation so roundly criticized, a legislative fix is not so far-fetched.

Meanwhile, the States continue to incubate new ideas for the protection of personal information.  In Colorado, for example, a bill has been introduced that would allow a business to establish a rebuttable presumption that it was not negligent following a data security breach if it can show that it implemented "best practices" and complied with technology security standards established by the bill to protect personal information.  Just as the data security breach laws created a negative incentive for companies to improve data security because if they do not, they have to report their breaches (the "stick approach"), the Colorado proposal offers a "carrot."  More on state legislative proposals in blog entries to come.

Sitrof Technologies is pleased announced the end customer, Copernicus Group IRB (CGIRB) was named a finalist for the 2011 AIIM Best Practices Award. The Carl E. Nelson Best Practices Award was established to recognize excellence in information management.

Sitrof Technologies implementation of Xerox Corporation’s DocuShare® enterprise content management (ECM) was recognized as a finalist in the Small Company category for their work in transforming Copernicus Group IRB into a paperless company. CGIRB is now 96% paperless after the 2 year implementation. The paperless endeavor involved a massive legacy document scanning operation, including 1.5 million legacy documents totaling 5 million pages, as well as all internal documents and all inbound paper and electronic documents. Utilizing the Sitrof Compliance Module for DocuShare, CGIRB is able to maintaining FDA 21 CFR Part 11 compliance.

“We are excited to be a finalist,” said Bryan Reynolds, Managing Partner of Sitrof Technologies. “This was a huge undertaking requiring a lot of time and resources. The success of the project was due in a great part to the multi-phase plan developed by CGIRB’s director of IT, Jennifer Sodrel. Internal change management can sometimes be the most difficult part of a paperless implementation and Jennifer nailed it.”

"The quality of the submissions for the Carl E. Nelson Best Practice Award continues to improve raising the bar on best practices while emphasizing innovation, benefits and lessons learned," said John Mancini, President, AIIM. "Our AIIM Emerging Technology Advisory Group (EmTAG) selected the finalists in each category for the Best Practices Award. Our professional members are determining the winner in each category. Each of the finalists share many valuable lessons learned to help others with their implementations.”

AIIM professional members will chose the winner from the finalists. Award winners will be announced at the AIIM Annual Awards Celebration, March 22 at The W Washington, DC, where John Mancini, AIIM’s President, will announce the winner.

About Sitrof Technologies

Founded in 1999, Sitrof Technologies provides a new breed of information management, data protection and compliance solutions. Sitrof Technologies has earned trusted advisor status with an expanding repeat customer base of over 200 leading enterprise and emerging mid-market companies. Backed by decades of experience and world-class partnerships, Sitrof saves companies millions of dollars across many industries, improving efficiency and mitigating risk.

To learn more email sales@sitrof.com or call 866-545-8954.

Media Contact:

Gwen Hoover
Altitude Marketing
gwen@altitudemarketing.com

Princeton, NJ – July 29, 2010 - The ACE Awards, presented by ECM Connection magazine, are designed to honor the vendors and solutions providers that have gone above and beyond the call of duty to help their clients achieve the best results possible from their ECM implementations.

Sitrof Technologies was nominated for their partnership with Copernicus Group IRB (CGIRB). Using Xerox DocuShare and the Sitrof Compliance Module, Sitrof was able to help transform CGIRB into a paperless  organization to improve efficiency, reduce the need for paper (for cost, storage and environmental reasons) and, most of all, to improve CGIRB’s quality and competitive advantage. The paperless endeavor involved a massive legacy document scanning operation, including 1.5 million legacy documents totaling 5 million pages, as well as all internal documents and all inbound paper and electronic documents while maintaining FDA 21 CFR Part 11 compliance.

This installation is worthy of the 2010 ACE Award because of the level of collaboration, the best-of-breed solution implemented over time and the commitment to excellence by both parties involved.

“This was a huge undertaking requiring a lot of time and resources,” said Bryan Reynolds, Managing Partner of Sitrof Technologies. “Using a multi-phase plan, Sitrof helped CGIRB become paperless which had many benefits including increased quality and efficiency for the review board.”

Read full Copernicus Group IRB Case study.

About Sitrof Technologies

Sitrof Technologies is a document management and records management consulting company that provides the technology to enable companies to create, manage, deliver and archive documents and records across their organizations. Known for their expertise in unstructured data for content management, data protection and compliance, Sitrof brings together people, processes and documents to help clients prosper. Backed by decades of experience and world-class partnerships, Sitrof saves companies millions of dollars across many industries, improving efficiency and mitigating risk.

Sitrof and Xerox Corporation hosted the premier Xerox DocuShare Northeast User Group Thursday, December 11, at the Xerox Park Avenue building in New York, New York. The event, the first of its kind tailored specifically to DocuShare users and prospective users, was a great success attracting over 70 attendees.

The focus of the user group was to bring DocuShare users of all experience levels together to learn from and network with each other. The panel of speakers comprised of industry experts, addressed topics ranging from the state of document management, future endeavors for Xerox Corporation and Sitrof Technologies, the DocuShare product roadmap and end-user case studies detailing DocuShare best practices learned through their experience. The afternoon agenda consisted of dual track sessions giving attendees the choice of attending educational presentations geared toward either the business or technical aspects of DocuShare. Business track topics included maximizing imaging for DocuShare, streamlining business processes and managing compliance with DocuShare; while the technical track sessions addressed performance tuning, using enterprise workflows, EIP enablement and custom tools for metadata quality assurance in DocuShare.

Offering solutions to current document management challenges, participating speakers included representatives from Xerox Corporation, Sitrof Technologies, Massachusetts Public Schools, Medidata Solutions Worldwide®, Copernicus Group IRB, ScanFlowStore and United Nations Population Fund.

"As technology is constantly evolving and advancing, Sitrof realized the importance of holding a user group event to ensure users remain on the cutting edge and are using DocuShare to its maximum potential, increasing profitability in their businesses," said Bryan Reynolds, co-founder and Managing Partner, Sitrof Technologies. "We achieved our goal of providing an ideal forum for DocuShare users to obtain the necessary education and networking opportunities to advance. I am very pleased with the success of this premier event and appreciate the support and participation from speakers and attendees alike. We look forward to hosting similar events in the future and encourage everyone to join us for these unique learning experiences."

Xerox DocuShare Software remains a key solution in advancing towards the 'paper-less office' thus aiding the ever growing and crucially important green movement. As both Xerox Corporation and Sitrof Technologies support green initiatives through their products and practices, all brochures for this event were available for online download and not mass produced.

To learn more about Xerox DocuShare, industry tailored document management solutions or other IT consulting services provided by Sitrof Technologies, please visit email sales@sitrof.com.