February 24, 2025 • 10 mins
I spoke with Doug Kaminski, the Chief Revenue Officer at Infinnium, a data governance platform. We discussed how information governance affects an organization's data security, best practices for organizations to build better data hygiene, and ways that artificial intelligence is affecting these efforts.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome to Reinviting Professionals, a podcast hosted by industry analyst Ari Kaplan,
(00:07):
which shares ideas, guidance and perspectives from market leaders shaping the next generation
of legal and professional services.
This is Ari Kaplan and I'm speaking today with Doug Kaminsky, the Chief Revenue Officer
at Infidium, a Data Governance Platform.
Hi Doug, how are you?
(00:28):
I'm good Ari, how are you?
I'm great, I feel privileged to speak with you today and I'm looking forward to our
conversation.
So tell us about your background and your new role at Infidium.
For the last 30 years I've been working with corporate legal teams and their outside
council and it's been on services and software.
Infidium was a very interesting company because they have developed a Data Governance platform
(00:53):
that truly has been revolutionary.
It's people that see it say, this is everything I've wanted for the last 10 years.
It's obviously that the things that we're doing have a lot of appeal to people.
How does information governance affect an organization's data security?
I'm on the EDRM Global Advisory Council and helped revise the IGRM.
(01:15):
They've also been an arm of president of some chapters so I had a foot in the IG space
above and beyond the discovery and more people are realizing that what's in their data has
an impact under data security overall.
But you don't protect the birthday wishes and the meeting announcements the same way that
(01:36):
you protect things that have sensitive data or personal information.
So I think GDPR and CCPA and CPRA, all of the alphabet soups of regulations that tie
into data privacy and data security is getting people to realize that there's stuff out there
that shouldn't be out there.
(01:57):
So they're starting to look more carefully at it whether it's because they need to for a
compliance reason or they're just taking a proactive stance and saying, if and when we
have a data breach, we need to know where's all of our stuff or sometimes proactively.
More cyber insurance carriers are requiring copies of records retention and info-gov policies
(02:18):
to see if you are protecting your data and you know where it is as part in parcel of this.
So even to underwrite a company for cyber breach insurance, they're looking at, how are
you maintaining your data?
What is your hygiene around that?
What are some best practices for organizations to build better data hygiene?
(02:40):
Storage is cheap and as a result, we don't really look at our data in age things off if
they don't have a business regulatory compliance or legal value.
We don't broom this stuff.
So the notion of rot or dark and dusty data is prevalent in pretty much every organization.
(03:00):
We don't do a lot about it because storage is cheap, but what's contained in that storage
is the important part.
So a lot of companies are grappling now with what is in the data.
Some of it start with sensitive data.
They start with recognizing that not all data should be protected the same way and I'm
not talking about perimeter security because most companies do a decent job of that.
(03:23):
It's really, how do we know it's inside the data?
Because that's what legal and compliance and risk is interested in in 2014.
The Sony data breach exposed over 30,000 records because in HR, professional went to work
for Sony, brought some of their files with them and had them parked on a file share.
And when the hackers came and grabbed everything, that was swept up with it too.
(03:47):
So there was a lot of personal data relating to salaries and gender and many other things
that were exposed because the spreadsheet was exposed.
Now, they clearly didn't know it was there.
So policies as well as processes or even tools to identify, whereas our sensitive data
(04:08):
as well as our confidential data inside the organization.
Now the technology has progressed to the extent where we can use tools to find out where is
all of our sensitive data and it doesn't shut things down.
That's part of the reason I'm at Infinium.
We found ways to be able to interrogate data at the source.
(04:29):
So you don't have to pick up and lift and shift data anymore to find out what's inside
it and it does it at exabyte level scale.
So we had a client with a digital subject access request, which has a lot to do with sensitive
data, with 36,000 names in it.
And they were using traditional e-discovery tools to be able to index this data and run queries
(04:54):
to see what of these 36,000 names are in here.
That was taking months and they hadn't gotten there much of it.
There was over 100 terabytes of data.
We were able to accomplish the same thing in less than a month because of the way we go
about things to those other tools as well.
But not many that will allow you to at speed in the scale get answers from your data where
(05:15):
it resides.
So you don't have to pick it up anymore and move it somewhere else to be able to get answers
out of it.
What are the challenges of implementing some of these best practices?
I believe it or not is just the silo effect.
So inside organizations because I've worked in IG and with a lot of teams for a long time
is that there's no one data cop will say there's no one person that owns data.
(05:40):
The business has it and if you look at the IGRM that we revised a couple of years ago, you'll
see there's kind of pie slices and they're all colorful.
And each of those pie slices sometimes exist as a silo.
But I've been finding that legal operations has been doing a good job of kind of breaking
down the barriers in the silos and getting legal and discovery and IG and privacy
(06:04):
and all these folks talking together to do it better.
So that's one of the challenges.
The other is until now a lot of the technology didn't exist to allow you to get answers.
So data mapping or data remediation exercises were long drawn out of fares that rarely had
ROI.
How is AI affecting these efforts?
(06:27):
There's little AI big AI.
Generative AI is now considered quote unquote AI.
So anybody asked what I did they mean generative AI though AI has been around a long time as
we know algorithms machine learning neural nets natural language processing all these
things have existed 20 30 40 years.
(06:48):
So it's just that they've gotten to be better as the technology and the power has gotten
better.
And AI is good for a number of things.
One is the zero shot AI generative like your chat GPT's that people are used to is great
for creative tasks and summarization.
Whereas the newer forms agentic AI like open AI swarm and other products is fantastic
(07:14):
for classification because it will iterate in an autonomous fashion and be able to hone
in more closely at what is this.
So you might say here's a document that came from our finance team.
Whereas the agentic AI is going to be able to look at it and say okay it did come for
finance.
Like this is a contract full of sale of derivatives between these parties and here's the other components
(07:39):
that are of interest and importance in classifying this document.
So it has to do with the accuracy and the granularity.
We do that ourselves and we have a data breach response tool for review and we do what's
called entity extraction and algorithms do a very good job of that.
But they will get to a certain level of accuracy and then human eyes start looking at it.
(08:02):
That's the simplified version of data breach review.
Whereas using AI we have privately trained LLMs that we can also apply that gets you well
above 90% accuracy.
So similar to say tar in other kind of functions like that it could obviate the need for human
eyes on a lot of this data just validated.
(08:25):
So AI definitely has a big play in all of this in terms of classification with some granularity
and with accuracy.
Where do you see information governance headed?
I definitely see information governance headed to a more holistic approach where we have
a cognizance around all this data and as it's being created it's being classified and it's
(08:52):
being vetted for sensitive data.
We have a client that has an FTP site in a couple file shares and they actually use our
system just to monitor it so that if anybody adds anything that contains sensitive data
but any kind of PXI PCI PI PHI etc as well as a client matter number this is a law firm.
(09:13):
It gives them an alert instantly and they can then automatically set up a rule that quarantines
that data moves it out of that system and puts it somewhere else.
I think we're starting to see more automation and classification around that to handle
things that were largely manual or required a lot of people or various steps and tools
(09:34):
to accomplish.
So AI is getting to be more operationalized and tech enabled so that we can do these things
and more importantly have it pay off because there's value in the data that we don't necessarily
tap because we don't know how to get at what's inside of it.
This is Ari Kaplan speaking with Doug Kaminsky the Chief Revenue Officer at Infinium, a
(10:00):
data governance platform.
Doug thanks so very much and I'm wishing you the very best of luck in your new role.
Thanks so much Ari, it's fantastic talking to you as always.
Thank you for listening to the re-inventing professionals podcast.
Visit re-inventingprofessionals.com or re-caplenedadvisors.com to learn more.
Welcome to Reinviting Professionals, a podcast hosted by industry analyst Ari Kaplan,
(00:07):
which shares ideas, guidance and perspectives from market leaders shaping the next generation
of legal and professional services.
This is Ari Kaplan and I'm speaking today with Doug Kaminsky, the Chief Revenue Officer
at Infidium, a Data Governance Platform.
Hi Doug, how are you?
(00:28):
I'm good Ari, how are you?
I'm great, I feel privileged to speak with you today and I'm looking forward to our
conversation.
So tell us about your background and your new role at Infidium.
For the last 30 years I've been working with corporate legal teams and their outside
council and it's been on services and software.
Infidium was a very interesting company because they have developed a Data Governance platform
(00:53):
that truly has been revolutionary.
It's people that see it say, this is everything I've wanted for the last 10 years.
It's obviously that the things that we're doing have a lot of appeal to people.
How does information governance affect an organization's data security?
I'm on the EDRM Global Advisory Council and helped revise the IGRM.
(01:15):
They've also been an arm of president of some chapters so I had a foot in the IG space
above and beyond the discovery and more people are realizing that what's in their data has
an impact under data security overall.
But you don't protect the birthday wishes and the meeting announcements the same way that
(01:36):
you protect things that have sensitive data or personal information.
So I think GDPR and CCPA and CPRA, all of the alphabet soups of regulations that tie
into data privacy and data security is getting people to realize that there's stuff out there
that shouldn't be out there.
(01:57):
So they're starting to look more carefully at it whether it's because they need to for a
compliance reason or they're just taking a proactive stance and saying, if and when we
have a data breach, we need to know where's all of our stuff or sometimes proactively.
More cyber insurance carriers are requiring copies of records retention and info-gov policies
(02:18):
to see if you are protecting your data and you know where it is as part in parcel of this.
So even to underwrite a company for cyber breach insurance, they're looking at, how are
you maintaining your data?
What is your hygiene around that?
What are some best practices for organizations to build better data hygiene?
(02:40):
Storage is cheap and as a result, we don't really look at our data in age things off if
they don't have a business regulatory compliance or legal value.
We don't broom this stuff.
So the notion of rot or dark and dusty data is prevalent in pretty much every organization.
(03:00):
We don't do a lot about it because storage is cheap, but what's contained in that storage
is the important part.
So a lot of companies are grappling now with what is in the data.
Some of it start with sensitive data.
They start with recognizing that not all data should be protected the same way and I'm
not talking about perimeter security because most companies do a decent job of that.
(03:23):
It's really, how do we know it's inside the data?
Because that's what legal and compliance and risk is interested in in 2014.
The Sony data breach exposed over 30,000 records because in HR, professional went to work
for Sony, brought some of their files with them and had them parked on a file share.
And when the hackers came and grabbed everything, that was swept up with it too.
(03:47):
So there was a lot of personal data relating to salaries and gender and many other things
that were exposed because the spreadsheet was exposed.
Now, they clearly didn't know it was there.
So policies as well as processes or even tools to identify, whereas our sensitive data
(04:08):
as well as our confidential data inside the organization.
Now the technology has progressed to the extent where we can use tools to find out where is
all of our sensitive data and it doesn't shut things down.
That's part of the reason I'm at Infinium.
We found ways to be able to interrogate data at the source.
(04:29):
So you don't have to pick up and lift and shift data anymore to find out what's inside
it and it does it at exabyte level scale.
So we had a client with a digital subject access request, which has a lot to do with sensitive
data, with 36,000 names in it.
And they were using traditional e-discovery tools to be able to index this data and run queries
(04:54):
to see what of these 36,000 names are in here.
That was taking months and they hadn't gotten there much of it.
There was over 100 terabytes of data.
We were able to accomplish the same thing in less than a month because of the way we go
about things to those other tools as well.
But not many that will allow you to at speed in the scale get answers from your data where
(05:15):
it resides.
So you don't have to pick it up anymore and move it somewhere else to be able to get answers
out of it.
What are the challenges of implementing some of these best practices?
I believe it or not is just the silo effect.
So inside organizations because I've worked in IG and with a lot of teams for a long time
is that there's no one data cop will say there's no one person that owns data.
(05:40):
The business has it and if you look at the IGRM that we revised a couple of years ago, you'll
see there's kind of pie slices and they're all colorful.
And each of those pie slices sometimes exist as a silo.
But I've been finding that legal operations has been doing a good job of kind of breaking
down the barriers in the silos and getting legal and discovery and IG and privacy
(06:04):
and all these folks talking together to do it better.
So that's one of the challenges.
The other is until now a lot of the technology didn't exist to allow you to get answers.
So data mapping or data remediation exercises were long drawn out of fares that rarely had
ROI.
How is AI affecting these efforts?
(06:27):
There's little AI big AI.
Generative AI is now considered quote unquote AI.
So anybody asked what I did they mean generative AI though AI has been around a long time as
we know algorithms machine learning neural nets natural language processing all these
things have existed 20 30 40 years.
(06:48):
So it's just that they've gotten to be better as the technology and the power has gotten
better.
And AI is good for a number of things.
One is the zero shot AI generative like your chat GPT's that people are used to is great
for creative tasks and summarization.
Whereas the newer forms agentic AI like open AI swarm and other products is fantastic
(07:14):
for classification because it will iterate in an autonomous fashion and be able to hone
in more closely at what is this.
So you might say here's a document that came from our finance team.
Whereas the agentic AI is going to be able to look at it and say okay it did come for
finance.
Like this is a contract full of sale of derivatives between these parties and here's the other components
(07:39):
that are of interest and importance in classifying this document.
So it has to do with the accuracy and the granularity.
We do that ourselves and we have a data breach response tool for review and we do what's
called entity extraction and algorithms do a very good job of that.
But they will get to a certain level of accuracy and then human eyes start looking at it.
(08:02):
That's the simplified version of data breach review.
Whereas using AI we have privately trained LLMs that we can also apply that gets you well
above 90% accuracy.
So similar to say tar in other kind of functions like that it could obviate the need for human
eyes on a lot of this data just validated.
(08:25):
So AI definitely has a big play in all of this in terms of classification with some granularity
and with accuracy.
Where do you see information governance headed?
I definitely see information governance headed to a more holistic approach where we have
a cognizance around all this data and as it's being created it's being classified and it's
(08:52):
being vetted for sensitive data.
We have a client that has an FTP site in a couple file shares and they actually use our
system just to monitor it so that if anybody adds anything that contains sensitive data
but any kind of PXI PCI PI PHI etc as well as a client matter number this is a law firm.
(09:13):
It gives them an alert instantly and they can then automatically set up a rule that quarantines
that data moves it out of that system and puts it somewhere else.
I think we're starting to see more automation and classification around that to handle
things that were largely manual or required a lot of people or various steps and tools
(09:34):
to accomplish.
So AI is getting to be more operationalized and tech enabled so that we can do these things
and more importantly have it pay off because there's value in the data that we don't necessarily
tap because we don't know how to get at what's inside of it.
This is Ari Kaplan speaking with Doug Kaminsky the Chief Revenue Officer at Infinium, a
(10:00):
data governance platform.
Doug thanks so very much and I'm wishing you the very best of luck in your new role.
Thanks so much Ari, it's fantastic talking to you as always.
Thank you for listening to the re-inventing professionals podcast.
Visit re-inventingprofessionals.com or re-caplenedadvisors.com to learn more.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.