Blogger

Introduction All enterprises, whether they be commercial, governmental, charitable, or any other structure, are regulated in some way when it comes to information management; there are even laws regulating the president of the United States. [1]   This article discusses several regulatory requirements that impact enterprises during information creation, custodianship, archival and disposition cycles. Good practice requires the identification of information types that constitute official records and the creation of a Records Retention Schedule (RRS) to manage the official records. RRS’s specify (among other things) how to properly retain records and what steps are necessary in retaining and disposing of records to comply with regulations. [2]   The following will briefly discuss requirements impacting the duration of records retention, including privacy laws and, even though they do not mandate a definitive retention period duration, statutes of Limitations (SOLs). Finally, this article will then introduce and describe several handling and ancillary requirements related to records retention. Duration of Retention Background Explanation:   Retention Laws and Regulations ...
0 comments
Rapid advancements in technology and globalization have led to an unprecedented rise in data collection. While this information provides a unique insight into global human behavior, it can also promote unethical business practices that violate international privacy standards. As we enter into a new era of data analytics, in-house counsel must strike an important balance between driving revenue and ensuring the continued integrity of company practices under the law. The increased connectivity of people and things is creating previously unimaginable amounts of data. This volume, coupled with the rapid pace of data generation, provides unprecedented real-time insights into the habits, statistics, and patterns of people and processes. The ability to leverage data into actionable intelligence is now critical when making strategic business decisions. The full article can be seen at  ACC ‘s (Association of Corporate Counsel) Docket Magazine   www.accdocket.com  or Download the PDF   he
0 comments
The clock is ticking on the European Union’s new privacy law, the General Data Protection Regulation (GDPR). We’re less than one year away from when the GDPR comes into force, May 25, 2018. This new regulation imposes sweeping privacy protection requirements on any entities that oversee personal data operations or process personal data in the EU. This has the potential to impact companies on an international scale. The new requirements come hand-in-hand with a set of stiff penalties for non-compliance, including punishing fines that can soar to € 20 million or 4% of a company’s annual gross revenue. Unfortunately, many US companies with operations or personal data processing in Europe remain ill-prepared for full compliance. A recent survey of large US companies revealed that although 94% retain personally identifiable information on EU citizens, as many as 40% have no plan for GDPR compliance. [1]   As the deadline approaches, the pressure felt by compliance and IT professionals, records managers, and CIOs at these companies is sure to increase. Readying your company for compliance with the GDPR is a significant undertaking that requires substantial time and resources. But ...
0 comments
Each month, we'll be taking the time to introduce you to someone from the AIIM community. Why? Because you guys are doing some really innovating things and though content may be king, connections are priceless.   This month, we want you to meet Gordon Brown.  We met Gordon at AIIM17, he's no stranger to sharing and is open to mentoring folks too.  Check out our conversation with Gordon and be sure to connect with him! Gordon E. Brown Manager, Records Services Atlanta Housing Authority   Where do you live in? Decatur just outside Atlanta.   How many years have you been in the information management space? I have been in information management for 10 years, all in public service but in different sectors e.g. higher education, state government.   What led you to information management? I was a history graduate that realized that this wasn’t going to cut it in the real world. I had enjoyed using archives during my studies, so I took a master degree that would allow me to either work in archives or records management. After I graduated and was applying for jobs, I decided that whichever came up first was going to be my career path. I got a job ...
0 comments
The employee hiring process inevitably involves the creation of many records involving applicants that are ultimately not selected for a position. The question then becomes how long should these records be kept now that the potential hire is no longer being considered by the company? Also, increasingly, to what extent are these records impacted by privacy laws concerned with personally identifiable information (PII)? The reasons employers elect to keep non-hire records beyond the duration of the selection process are numerous: In case circumstances require them to revisit the applicant pool for one reason or another They may get mixed into a class of records that relate to the general recruitment/selection process and retained accordingly, depending on how the company records retention schedule is organized The potential for litigation often drives company policies concerning the retention of non-hire applicant records A multitude of legal requirements with varying retention periods mandate the retention of these records Whether driven by business or operational needs, common practice, or law, determining the retention period for these records requires ...
0 comments
INTRODUCTION Data privacy laws complicate the ability of companies to manage information by: (1) compelling their destruction before fulfilling business or operational needs; and (2) limiting how information can be shared or transferred. This article discusses anonymization techniques and options to deal with compelled destruction requirements for companies collecting and storing personal information for valid business reasons. It also briefly explores arguments about sharing, transferring, and even publishing personal data that has been anonymized. Laws To explain the options anonymization can provide, it’s useful to first set the legal landscape by discussing data privacy laws and definitions. A type of privacy law that often causes compliance headaches for many companies is compelled destruction requirements, which specify a fixed or event-driven amount of time in which personal data must be destroyed. The Netherlands “Exemption Data Protection Act” contains many examples of compelled destruction requirements. One example, article (8)(5) requires that “payroll data be deleted no later than two years after the employment.” [1]   This demonstrates how little room ...
0 comments
Often people carry a laptop or tablet when traveling for business with no thought to potential restrictions. However, where travel takes you out of country there are additional considerations when it comes to data management. Specifically, not all data are created equal. There are different classes of data, from sensitive, confidential, restricted, public, and a variety of other designations dependent on the level of granularity adopted by a particular company. In most instances, utilizing encryption software on the device is standard practice to safeguard sensitive and confidential information. In fact, this is frequently a direct requirement for personal information and a recognized safe harbor for when that personal data is compromised. However, be careful where your travels require crossing international borders. Legal mandates differ when it comes to allowing entry into a jurisdiction with an encrypted device, which may render security protocols implemented to safeguard information an unworkable solution. This may result in prohibition of entry, decryption of the device and copying it, or even seizure of the device. Not only will you be compromising sensitive and confidential ...
0 comments
A number of the team from Qualsys recently attended the AIIM Forum in London. It was a really interesting day learning about the explosion of information and all of the new and exciting technologies to capture and interpret this data.  We were fortunate to watch the presentation by one of our customers, Rob Gibson, IT Systems Manager at Sodexo, present his Case Study "How to Engage Employees with Compliance." Sodexo has used Qualsys' EQMS solution for the past 4 years, and has an interesting story about using EQMS as a single source of truth to control documents, training records, and audits and the journey to get employees engaging with the system.  Rather than collecting as much data as possible, Rob shared how engaging employees with compliance is about having the right information delivered to the right person at the right time -  but this is not a simple or straight forward journey. If you missed the talk, you can watch it below or read the transcript here What do you think? What are some of your strategies for effectively engaging employees? Are you confident your organisation has a single source of truth?
0 comments
YEAR END EVENT IN LAS VEGAS, NV AIIM Nevada and ARMA Silver State Chapter hosted our year end event at TOP GOLF.  Our speakers Mack Jackson spoke about Cyber Security, Teri Mark, the State Archivist talked about Retention and new policies with the State of Nevada, and former NFL Player, Daymeion Hughes discussed overcoming challenges and working together. Thank you to our speakers and Sponsors, Epson, Canon, Richo, Iron Mountain, Kodak Alaris, and Nexsan for the suppor
0 comments
On November 28, 2011, President Obama signed a Presidential Memorandum entitled   Managing Government Records , initiating “an Executive Branch-wide effort to reform records management policies and practices” of agencies by developing a “21st-century framework for the management of Government records.” To achieve this objective, the Director of the Office of Management and Budget (OMB) and the United States Archivist released the   Managing Government Records Directive   on August 24, 2012. Applicable to all executive agencies and all records, regardless of security classification or other restrictions, the directive requires government agencies to eliminate paper and use electronic recordkeeping, among other things. The directive sets two target dates by which agencies must meet the electronic recordkeeping requirements: By   December 31, 2016 , Federal agencies will manage permanent and temporary email records in an electronic format. This format must support records management and litigation requirements, as well as the capability to “identify, retrieve, and retain the records for as long as they are needed.” In addition, agencies must report annually to OMB and ...
0 comments

Dawning Digital Dark Age

The accelerating pace of technology continues to change the way we communicate and do business. Systems, software, and file formats are in a constant state of flux, rapidly altering how we create, use, and store our data and documents. But the emphasis today is on innovation and productivity, often without consideration for how information will be retained and preserved for use in the future. Some experts have even speculated at the possibility that, as a consequence of the rapid technological development, in the future we may inadvertently render huge quantities of legacy data unreadable, obscuring the past and clouding the efforts of historians and record keepers. The effects may already be being felt, as archivists and records managers are now beginning to take steps to protect records with common industry retention periods of as little as 10 years from the risk of loss of readability or fidelity. Traditional storage solutions are premised on keeping large quantities of data redundantly secured in multiple locations to protect against destruction or loss. But without taking steps to maintain the accessibility of this data so that the “ones and zeroes” can be actually interpreted, ...
0 comments
Establishing a business case for a Master Data Management System (MDM) has become easier as more enterprises recognize the vast benefits of linking its critical data to a single reliable point of reference, which is typically referred to as a master file.  With a centralized MDM, an enterprise can easily and consistently tap into its core data including employee, supplier and customer data, for analytics in support of advantageous and cost-saving business decisions. Formally, MDM is considered an endeavor involving both business and IT to ensure data uniformity, accuracy, accountability and stewardship. Difficulties initiating and maintaining a sustainable MDM are inherently problematic; in that sought after data is typically scattered throughout the organization, unstructured and housed within various systems and applications. For this reason, it is imperative to establish cross-functional governance that will effectively initiate, establish and maintain the MDM initiative components throughout IT and business units alike. When it comes to MDM, metadata is king, and consistency his queen. However, consistent metadata is one of the largest hurdles to overcome in identifying, ...
0 comments
Data management in the modern era faces complications from numerous facets, including controlling volume and securing information from breach. Perhaps less discussed publicly, but a problem faced by every company, is the challenge of migrating data from legacy systems. Systems commonly become obsolete as they are retired by the provider, new technology and features pique interest, or the organization changes. Regardless, once a determination is made to transition, the migration of the data must be properly managed. The features and functions of the new system, as well as the character and use of the impacted data, will dictate the appropriate pathway for transition, which generally fall under the following three options: 1) full transfer of data; 2) partial transfer of data; or 3) continuing retention of data within the legacy system. We cannot comprehensively address all the nuances involved or provide the procedural steps to migrate the data in this article, as that is dependent on the systems and data in question. But the action items noted below identify critical aspects from a data management perspective to raise awareness and support a successful effort. Identify ...
0 comments
It is amazing that we are so habitually programmed into doing something and yet we do it for one aspect of life and completely ignore it in another. How often do we forget taking the trash out of our house when we know that trash collection days are let’s say Tuesdays and Fridays? And if we do forget!? It STINKS right? So knowing the consequences we have programmed ourselves to make sure that our trash cans are sitting out on trash collection days without fail. Even our own body is programmed to function that way! Daily intake into our body and daily we take the trash out. Imagine not taking the trash out there! I am scared to even think about the consequences. So why can’t we program ourselves to just take the trash out in our professional world of working with information? We create so much information so fast that soon it turns into ROT (Get it!! Redundant, Outdated, Transitory). Soon it starts STINKING within our file shares and repositories and even within our highly configured ECM systems. Yes! It STINKS but we can’t smell it. However, have we pondered on the consequences of not taking this trash out? There innumerable examples in this world where such information has led ...
0 comments
Numbers: Measuring the value and success of what’s been done This article, the third in a five part series on technology strategy techniques that bring about lasting change, discusses using numbers to effectively plan and analyze your ECM. If you haven’t read the series, find the additional posts  here . A wide variety of articles can be quickly found online with ideas and instructions to develop a cost/benefit analysis for an ECM rollout. Most of these articles focus on: 1) initial justification of implementing an ECM system, and 2) a whole lot of numbers in complex spreadsheets consisting of hardware and software expenditures, personnel costs, operations, maintenance and support, and more. Dry and complicated? For sure! But in some organizations, these justifications can’t be avoided and are required to get your ECM project off the ground. The core of these calculations require some analysis of these areas: Total benefits: Increase: profit, growth, retention, efficiency, visibility Decrease: costs, time, effort, complaints, attrition, risk, conflict, duplication, administrative burden, infrastructure Project rollout costs Mapping ...
0 comments
Die europäische Standardisierungsinstitution CEN hat Ende Mai 2017 die Normierung des einheitlichen europäischen Rechnungsformates abgeschlossen ( http://bit.ly/CENeInvoicing ). Nunmehr stehen alle notwendigen Spezifikationen für den Rechnungsaustausch in der öffentlichen Verwaltung, die natürlich auch von der Privatwirtschaft genutzt werden sollen, zur Verfügung:  http://bit.ly/CEN-einvoicing Billentis hat in ihrer aktuellen Studie die Marktentwicklung international dokumentiert. Wie Billentis sieht auch der AP Verlag die öffentliche Verwaltung als treibende Kraft der elektronischen Rechnung . Dennoch muss konstatiert werden, dass die deutsche öffentliche Verwaltung im europäischen Vergleich hinterherhinkt. Andere Staaten haben einheitliche E-Rechnungsformate längst umgesetzt - und nicht nur für die öffentlichen Verwaltungen. In Deutschland herrscht außerdem noch sehr viel Irritiation, weil neben dem europäischen Format auch noch das ZUGFeRD- und das X-Rechnungs-Format "unterwegs"sind. Das europäische Format wird allerdings in zwei Stufen auch für die gesamte Öffentliche Verwaltung in Deutschland bindend werden. Unser jüngster Vortrag zum Thema E-Rechnung war beim Neopost ...
1 comment
As more companies invest in efforts to reduce their paper footprint, we recommend taking into consideration a few key guidelines when moving forward with initiatives to scan or image paper records. Initially, a determination must be made on whether the documents are suitable candidates for conversion. There are many reasons why a document should be maintained in paper copy, including: Highly confidential/sensitive material that should not be exposed through a digital migration Legal requirements to maintain in paper format (e.g., wet signature, dual copy requirements and so forth) Evidence of certain important legal obligations or rights (e.g., contracts of certain value, insurance contracts) or legal holds These examples reflect some of the considerations attendant to digital conversion and demonstrate a mix of practical, legal and business reasons for retaining paper copies. The important takeaway is to confer with the interested stakeholders prior to the scanning effort and reach a consensus on what records should be digitized. If the scanned document is intended to be the “official” copy, there may be additional requirements in terms of storage. These ...
1 comment
Bisher dachte man beim Begriff Blockchain immer an digitale Währungen, neue Geschäftsmodelle für Banken und Versicherungen. Aber Blockchain verändert auch andere traditionelle Anwendungsfelder - so zum Beispiel das Records Management. http://bit.ly/RM-Blockchain Daher ist der Schritt in die gleichermaßen abzusichernde revisionssichere Archivierung naheliegend. Records Management und revisionssichere Archivierung betreffen auch vorrangig kaufmännische, handels- und steuerrechtliche Vorgaben, wo es um Verfälschungssicherheit und Nachweisfähigkeit geht. Was man jedoch bedenken muss ist, es geht hier um eine spezielle Lösung für die Datenbank, also bei einer traditionellen Referenz-Datenbank-Architektur eines revisionssicheren Archives um die Metadaten und Verwaltungsdaten. Die Objekte (Belege, Dokumente etc.) werden ja in einem separaten Speicher referenziert. Dieser ist aber nicht durch Blockchain abgesichert. Lediglich wenn man die Dokumente auch direkt als BLObs Binary Large Objects in der Datenbank mitspeichern würde, ergäbe sich das gleiche Schutzprinzip. Das würde aber die Nutzung durch die großen Datenmengen entscheidend verlangsamen. Allerdings ist für die revisionssichere ...
1 comment
Electronic signatures and digital signatures are often used interchangeably in conversations, but they carry significant legal, evidentiary, and practical differences within the context of records management. Electronic signatures are any form of endorsement or assent captured electronically and adopted with the intent to sign a document. They can include printed facsimiles of ordinary signatures, typed signatures, automatic signatures appended to the bottom of an email, or even a simple typed letter “[X].” Digital signatures are a specialized type of electronic signature. They use a cryptographic protocol which employs public and private encryption keys to numerically “sign” a document. The signing process uses the private key unique to the signer in order to cipher the contents of the document and incorporate that data into the digital signature. Later, anyone with the public key can decipher the digital signature to verify that the document and signature are authentic. If the signature cannot be read, then the signature is invalid or the document has been altered. The digital signature process ensures that documents were actually signed or sent by the purported person at ...
0 comments
What if there was a storage medium capable of storing billions of gigabytes of data in the size of a sugar crystal, with the ability to securely preserve it for centuries without decay or data loss? How far-fetched does it seem to be able to shrink the same amount of information currently filling a big data center down to the size of a sugar cube, and then to store it in a garage for hundreds of years without deterioration? With the development of DNA-based storage, this dream is closer to reality than we might think. As the digital universe expands to tens of trillions of gigabytes within the next few years alone, the question of how to store all of this data becomes increasingly more complicated. Current storage technologies severely lack the capability or capacity to meet the demands of such exponential data growth. Long considered a pipe dream, scientists have sought to utilize the DNA molecule and its distinct properties for data storage. With its incredibly compact and dense nature, durability, and long shelf life, DNA seems uniquely suited for both large volume and long-term storage. In fact, it is estimated that less than 20 grams of DNA could store all the digital ...
0 comments