1 / 36

Secure and Sensitive Records: Technology and Information Management Considerations

Secure and Sensitive Records: Technology and Information Management Considerations Cheryl McKinnon Product Manager, Government Solutions Hummingbird Cheryl.McKinnon@Hummingbird.com December 16, 2004 Agenda Technology and Information Management Challenges facing State Government

Jims
Download Presentation

Secure and Sensitive Records: Technology and Information Management Considerations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure and Sensitive Records:Technology and Information Management Considerations Cheryl McKinnon Product Manager, Government Solutions Hummingbird Cheryl.McKinnon@Hummingbird.com December 16, 2004

  2. Agenda • Technology and Information Management Challenges facing State Government • Information Management Best Practices • Leveraging Technology to Overcome Challenges

  3. Challenges Facing State Government • Public Sector Pressures • Government “On Line” / E-Gov Initiatives • Keep public sector on cutting edge of technologies to deliver services to constituents • Need to understand both limits and possibilities of new communication platforms • Internal paperwork reduction mandates

  4. Challenges Facing State Government • Many Knowledge Workers Not Desk Bound • Professionals • Attorneys, Consultants, Executives, Political and Campaign Organizers • Law Enforcement • Field Officers, Supervisors, Inspectors, Detectives, Security Officials • Emergency Services • Disaster Relief, Project Officers, Military, Health Care Professionals • Inspection Agencies • Food System, Customs, Case Workers, Transportation, Labor or Health

  5. Mobile, Distributed Knowledge Workers • Requirements: • Access to up-to-date policies and procedures, manuals, forms • Connectivity to corporate databases • Access to departmental intranets or portals • Ability to communicate and collaborate real-time • With Regional or Head Office • With contractors, clients or constituents • With other stakeholders • Stay informed while in field – act with current information

  6. Challenges: Technology Rapidly Evolving • Slippery Slope of Instant Communication • Managers, Executives and Remote Workers become dependent on instant access to messaging capabilities • More data and information demanded • Access to documents and records • Be notified when certain events occur or information is completed • Ability to act on documents received • Know when colleagues are available

  7. Challenges: Technology Rapidly Evolving • E-Mail • Many organizations still grappling with management of e-mail volume • Types of devices which can send and receive e-mail exploding • Broader use of Laptops and Wired Homes • Cell phones • Other PDAs: Blackberries, Palm Pilots • Structured Capture, Control and Management of E-mails • Still lagging compared to other electronic document forms • IT staff often still exerts lifecycle management authority • Often loss or inappropriate storage of e-mails which should be considered organizational records

  8. Challenges: Technology Rapidly Evolving • E-Mail • Rate of adoption will continue to grow exponentially • IDC Survey, September 2002 • 16.2 billion messages per day worldwide, growth rate of 19% per year • Projecting 60 billion per day by 2006 • Continued proliferation of e-mail enabled-devices • Ubiquitous messaging, connectivity • Becoming dominant form of business communication

  9. E-Mail Challenges • AIIM: 25% to 50% daily on e-mail tasks • Gartner: Over 75% of organizational know-how is buried in e-mail • 34% of business e-mail is unnecessary (occupational spam) • Survey by the AMA / U.S. News & World Report / ePolicy Institute finds: 50% of the largest U.S. companies have no e-mail retention and deletion policy in place

  10. Challenges: Technology Rapidly Evolving • New Channels of Communication • Web Sites • On Line Collaboration • Text Messaging • Camera Phones • Instant Messaging • Wireless Networks

  11. Challenges: Technology Rapidly Evolving • Next Wave of Information Explosion • Next generation of electronic records created through these new channels • How will organizations capture these records and ensure they are managed according to records principles? • Compliance Risks • Preservation Concerns • How do we apply same business rules and lifecycle requirements to this next generation of records? • What gap in the organizational or archival history will occur if we don’t plan now?

  12. Challenges: Technology Rapidly Evolving • Organizations Driven by Productivity Gains from Mobility • Even most basic devices can immediately garner 10% efficiency gain for individual user (Gartner Research, March 2003) • Communication Platform does not release organization from meeting mandated industry regulations or corporate transparency legislation • Technologies that lend themselves to strong record keeping practices need to be evaluated

  13. Challenges: Privacy Concerns • Information Practices Act • Individuals have a right of privacy in information pertaining to them. • The right to privacy is being threatened by the indiscriminate collection, maintenance, and dissemination of personal information and the lack of effective laws and legal remedies • The increasing use of computers and other sophisticated information technology has greatly magnified the potential risk to individual privacy that can occur from the maintenance of personal information. • In order to protect the privacy of individuals, it is necessary that the maintenance and dissemination of personal information be subject to strict limits.

  14. Challenges: Privacy Concerns • Agencies required to • Protect personal information collected as part of government business • Limits on information use and disclosure • Must account for disclosures • Make collected information available to citizen upon request • Individual can lodge request to inspect files

  15. Challenges: Freedom of Information • Public Records Act • Covers all state and local agencies • Includes records in all formats – including electronic • Onus on agency to justify non-disclosure of records • Defined categories of exempted information (partial list) • Personal, medical information • Attorney-client privileged information • Police data and arrest records • Financial data submitted for licenses, certificates, etc.

  16. Challenges: Freedom of Information • Agency required to provide prompt access • Must provide assistance in identifying records • Access is free • Subject to photocopy or production cost recovery • Specific timelines to produce off site or large volumes of records

  17. Agenda • Technology and Information Management Challenges facing State Government • Information Management Best Practices • Leveraging Technology to Overcome Challenges

  18. Policy Considerations • Security • Risk assessment and needs analysis before implementing electronic records policy • Compliance • Monitor systems for security and network maintenance purposes • Appropriate Use • Guide end users, avoid exposing organization to risk

  19. Policy Considerations • Confidentiality • Users to understand what information can be disclosed • Privacy • Understand legislation and level of privacy users should/should not expect when using agency email systems • Encryption • Identify under what circumstances email encryption is required • Policies around key protection important to avoid loss of records

  20. E-mail Content Management • Content of e-mail to drive retention • Distinguish transitory, personal, spam e-mail from corporate content • Policy to address management of attachments, drafts, multiple copies or duplicates • Attachments: maintain links to messages, relationships • Drafts: can often be purged when final version approved • Copies/Duplicates: creator’s copy often viewed as original, forward considered owned by forwarder • Threads: final message should prompt filing • Limit or control locations to which messages can be saved • Appropriate content guidelines

  21. E-mail Integrity • Authentic, trustworthy, and complete e-mail records • Must capture who, what, when, and where of original e-mail messages to have legal or business value as records – message metadata • Header information • Body Content • Attachments • Signatures • “An e-mail printed to paper without its routing information and metadata is simply a piece of paper with words on it.” (Randolph Kahn)

  22. Retention & Disposition Considerations • Appraisal and Classification • Specify how email is designated a record • Procedures give users guidance • Preservation • Ensure structure, content, attachments, metadata, links, distribution lists, etc are protected and preserved • Storage medium and format must protect above aspects • Ensure authenticity, reliability and integrity maintained

  23. Retention & Disposition Considerations • User Training • Ongoing • Ensure intent of records program is communicated • Disaster Recovery • Backup programs • Identification of vital records • Business Continuity programs in place

  24. Other Standards • Other standards to consider • DoD 5015.2 – Functional Requirements for ERM software • ISO 15489 – Best Practices Standard • “Performance Guidelines for the Legal Acceptance of Records Produced by Information Technology Systems” (ANSI/AIIM TR31-2003 • “Vital Records Programs: Identifying, Managing and Recovering Business-Critical Records” (ANSI/ARMA 5-2003)

  25. Develop Strategy for Electronic Records Management • IT Concerns: • Must work within existing IT environment • Retention & Disposition of electronic records, including email based on records retention schedule • Outline appropriate use policies • Manage security policies • Manage hardware and network infrastructure • Ensure confidentiality of personal or sensitive data, identify and preserve vital records • Disaster recovery programs • Capture metadata and audit trails

  26. Develop Strategy for Electronic Records Management • Records Managers • Acknowledge e-mail systems and office authoring tools as sources of records • Treat email as any other recorded information • Not separate category of retention/disposition • Look at content and context of message • Assist in retention schedules for e-mail and other electronic records • Work with Legal Counsel to be aware of new legislation and discovery requirements

  27. Develop Strategy for Electronic Records Management • Archives • Mandate is to preserve historically significant records of the state government • Focus on preservation issues • Maintain relationships between records and context of creation

  28. Agenda • Technology and Information Management Challenges facing State Government • Information Management Best Practices • Leveraging Technology to Overcome Challenges

  29. Leveraging Technology • Access Controls • Enterprise Content Management Systems • Ability to secure individual documents/records by groups or users • Who can edit, view, copy, change metadata? • Restrict information returned as part of search result • Ability to default background access controls to ensure compliance • Functional Security Controls • Configure who has access to particular user functions • Declare Records, Set Retention/Disposition Lifecycle, Deletion, Publish

  30. Leveraging Technology • Metadata • Agency can collect specific metadata attributes in order to categorize, sort, search and report on electronic and physical records • Use metadata elements to restrict access to sensitive records • Caveats, codewords, roles, markings • Records exempted from FOI or containing personal data can be marked • Accessible only by authorized users/groups within the agency • Manage records with according to security clearance levels • Secret, Confidential • Restrict access even for IT or LAN administration

  31. Leveraging Technology • Secure Communication Platforms • Work in Progress documents often need collaborative input from internal AND external parties • Other levels of government, other agencies, external counsel or contractors • Protect integrity of internal repositories from external access • Collaboration Sites / Extranets • Push selected documents into secure collaborative site with full encryption • Mirror revisions back into corporate systems

  32. Leveraging Technology • Secure Communication Platforms • Instant Messaging • Rate of adoption slower in government than in private sector • Typically more “locked down” desktop environment • Concerns that “freeware” IM products are not secure, no method by which to capture business related discussions as records • Emergence of Corporate Instant Messaging Platforms • Encrypted communication • Ability to capture chats and discussions as electronic records • Controlled user/group lists • “Presence” notification across desktop tools

  33. Leveraging Technology • Electronic Capture • E-Mail Management • Automated capture of incoming/outgoing e-mail • Client side or server side rules • Capture e-mail specific metadata • Set retention and disposition lifecycle based on content and metadata • Integration with mainstream authoring tools • Capture wordprocessing, spreadsheet, graphic, image, CAD formats • Apply agency metadata, access controls and retention lifecycle

  34. Leveraging Technology • Digital Signatures • Increasing acceptance of electronic and digital signature as part of E-Gov initiatives and other commercial transactions • Non repudiation • Verify integrity of electronic document

  35. Content Lifecycle Management

  36. Questions? Thank You Please see us at Booth 8 in the Vendor Showcase Cheryl McKinnon Cheryl.McKinnon@Hummingbird.com

More Related