I was reading an article today in the Globe and Mail titled, “Federal agency loses personal data on more than 500,000 student loan borrowers”, and the thing that caught my attention was series of comments within the article and sseveral comments that were posted. Several people who posted a comment indicated that information of this type should not be kept digitally. The article itself quotes the National Chairman of Canadian Federation of Students, Adam Awad as saying, “It highlights how easy it is for information in today’s age to be misplaced, to be misappropriated, to be stolen — if that’s what the case was.” Of course being in this industry for 35+ years, I have heard this over and over again and unfortunate as it all may be, the one thing that all of this points to yet again, is the human factor.
It is not the system, software, or hardware that misplaces, loses, or steals information, it is the human. People are responsible for these actions and the format does not matter. Even in a paper-based world, humans will still misplace, lose, or steal information so the fact the information is digital, should not be the point of blame or focus of attention. The article also cites that a new policy is aimed at banning portable hard drives and unapproved USB drives. Of course this leads me to ask how it would all be enforced and are they really addressing the problem or simply applying a treatment based on symptoms and not the cause? The one good thing I did see in this article that made the most sense to me, is that they will also assess and deploy data loss prevention technology to strengthen security and prevent sensitive information from being placed where it does not belong.
In my view, this is an unfortunate situation, yet it is common in many organizations. While security and loss prevention may be or perhaps are part of the information management discussion and infrastructure, the focus is typically not a holistic view and misses some of the key elements with the weakest link being that of the human element.
I see the use of security, monitoring, and prevention technologies as vital to securing information so that it can be protected and managed properly but you must not stop there. Organizations must put in place user training that addresses the need for security, types of security and technologies to be used, how to use these tools, and appropriate use of additional devices like portable hard drives, USB storage, tablets, smartphones and any other tool available to the user community that can access and store information. Pointing to technology alone is not the answer to this problem nor should it be the only point of blame for technology implemented and maintained to manufacturer specifications will do what it is designed to do. It is the unknown entity, the human element that needs a tighter focus if secure information is to be properly maintained.
If you are ready to move forward and are finding yourself stuck or unfocused and are not sure where to begin or what to do next, seek professional assistance and/or training to get you started. Be sure to investigate AIIM's Enterprise Content Management training program.
And be sure to read the AIIM Training Briefing on ECM (authored by yours truly). Click on the image to download and read.
What say you? Do you have a story to tell? What are your thoughts on this topic? Do you have a topic of interest you would like discussed in this forum? Let me know.
Bob Larrivee, Director and Industry Advisor – AIIM
Email me: blarrivee@aiim.org
Follow me on Twitter – BobLarrivee
www.aiim.org/training
#InformationGovernance #ElectronicRecordsManagement