Following on from last month’s edition “more questions than answers” I would like to first say thank you to those people who have added to the debate.
I would also like to thank Gail Murphy for the many conversations we have that go to make up these newsletters, believe me it makes the writing so much easier.
We would like the opportunity to discuss one of the aspects of the last edition in more detail, namely digitising the collections of material we hold and the implications for doing so
In this issue we will look at:
- Jumping onto the digital bandwagon
- Medical record debate
- Quality control
- Machine memory
Jumping onto the digital bandwagon
We may feel that digitising our paper based records and collections of material will be the panacea to all our problems. But is it? We have a look at the benefits, the downsides and future challenges we face.
- Increases access to collections of material, including rare and fragile material that otherwise wouldn’t be seen except by very few people. Take for example genealogical material: births, marriages and deaths, registers of everything and anyone convicts, passenger lists and migrants. Then there are sites dedicated to grave (head) stones and places of burial / cremation. Or how about the dead sea scrolls, or the out of print / copyright material held by collecting institutions across the world which are being slowly digitised by Google et al. But we are not just talking about general material; take your own organisation for instance. Do you have offices across the state or across states and countries? If your material / records are digitised and made available via the Wide Area Network or the Corporate Intranet everyone then has access to business critical decision making material.
- Enhances the capabilities for searching and browsing collections / records
- Potential for raising profile of institutions as well as records departments where a large number of people within an organisation still have little or no idea what you do
- Potential for raising money for institutions who would like to digitise more of their old, rare and fragile material
- Takes up a lot less space than their paper based equivalent (obviously), and with the price of mass storage devices getting ever cheaper why would you want to use media such as CD’s, DVD’s which have a limited life span?
- Mass storage devices are easy to backup / copy making your digital archive much easier to keep safe.
- Paper copies that need to be kept can be done so away from the main seat of operations. Cost of offsite storage is considerably cheaper than onsite / in-office storage. And –
- Protection of the collections from potential disasters.
- The speed of obsolescence of the hardware and software in the digital realm means you have to have a refresh rate built in to the digitisation process, otherwise you may end up not being able to read something. For instance VHS tapes, Audio Tapes, 51/4 inch floppy discs, 3 inch and 12 inch floppy discs.
- Digital rot not just in the physical sense, but it is impossible to detect just by looking at a digital medium if the data stored on it is still complete. Despite what the manufacturers say, CD’s, DVD’s etc have not been around long enough to test their theory that they have a 200 year lifespan, or whatever they predict is true given they won’t be around to compensate you, and given the fact there won’t be a machine to read them in 200 years it’s a bit of a moot point. And it is the same with USB sticks, these dinky little things have a lifespan of around 1,000 writes, so whatever you do, don’t rely on them to store anything precious. Please also bear in mind the potential loss of data during the conversions. External hard drives are also prone to failure and you don’t know if and when it will so backup your backups. But as we mentioned in the Benefits section it is far easier to migrate / copy from a mass storage device to another mass storage device than it is to load individual discs into a machine and copy the material to another / similar device.
- Poor metadata means you can’t find what you are looking for. Organisations that do not currently use a Business Classification Scheme (BCS) or some form of document naming conventions for their records will need to rely on people instinctively knowing what to call a document so it can be found at a later date, or knowing who wrote it. The same rule should also apply to business related emails subject lines with Re: should be avoided at all cost. There are those who argue that with products like Gmail you don’t need to use a BCS because they allow you to do a global search well that is true, but most organisations don’t use Gmail / Google desktop to run their records management service, and would organisations want to risk allowing Google to index the hard drives / servers anyway?
- Easy to delete, alter It is very easy for anyone to alter or delete electronic records, even with the tightest security measures in place; you just have to have the correct access. “Most people agree that if you have a paper document you can preserve the object and you preserve the record. With E-records, people experience the record through a performance (by using appropriate software/hardware). Therefore with e-records if you preserve the performance you can preserve the record. However, there is the issue of data migration if the record has been migrated through various versions questions you need to ask yourself are:
- o Is the version that I am viewing the version that the originator wanted me to see?
- o Is it in the correct format?
- o Can I see the object in the same way as the original creator saw?” (Taken from Issue 19 of Information Overload on digital archiving).
- Whilst user education may prevent inadvertent use of old documents, (version control) some organisations may feel it essential to use encryption and digital signaturing technology as a way of ensuring data security.
- Retention and Disposal of electronic records is not quite as straight forward as their paper based equivalents. How can you be sure you have every copy, from every hard drive, back up tape, storage device etc. Lots of copies may keep stuff safe but can be a litigious nightmare in e-discovery. Please bear in mid that retention periods are the same regardless of the format given that some records may have to be kept for very long periods we will have to ensure we can maintain access to these electronic records. We know how hard it can be to implement a retention and disposal schedule for our paper based records, how can we ensure compliance for the electronic ones as well?
- “To be relied upon for business, legal and other purposes digital records need to be meaningful and trustworthy. They must be fixed, inviolate representations of business activity, preserved in context and protected from loss or alteration.” http://futureproof.records.nsw.gov.au/about/
- Born digital material, including emails, websites and the myriad of file formats of the documents / records created using computers and other electronic media. These are growing exponentially and unfortunately not everything is being captured into recognised electronic document records management systems (EDRMS).
- Social media including facebook, twitter and the software used to post the status updates (Ping / Tweetdeck / Tumble etc etc) are not being managed effectively (if at all).
- Cloud computing organisations looking to outsource their digital storage yet this may be a digital disaster waiting to happen. Cloud storage vendors are just as vulnerable to takeovers and falling over just like any other business. And then there are the legal implications where is your information being stored and does it meet your country’s record keeping laws?
Case in point New Zealand’s Inland Revenue released this notice:
Inland Revenue is aware that “cloud computing” is becoming a popular way for businesses to set up their IT infrastructures. We are concerned that the use of cloud computing may mean businesses are not meeting their record keeping obligations under the Inland Revenue Acts.
Section 22 of the Tax Administration Act 1994 (“TAA”) requires a person who carries on any business or any other activity for the purpose of deriving assessable income in New Zealand, to keep sufficient records in New Zealand, in the English language, to enable the Commissioner to readily ascertain information about their tax affairs. The same requirements for GST records are contained in section 75 of the Goods and Services Tax Act 1985. Similarly, section 32 of the TAA requires that all gift-exempt bodies must keep in New Zealand sufficient records to enable the Commissioner to determine both the sources of donations made to them and the application of their funds.
It is the Commissioner’s view that only business records stored in data centres physically located in New Zealand will comply with the record keeping obligations in the Inland Revenue Acts. Taxpayers are responsible for ensuring they comply with their record keeping obligations. Therefore, taxpayers using a cloud computing service will need to be satisfied that all their business records will be stored in data centres located in New Zealand.
The failure to keep the books and documents in New Zealand as required by the Inland Revenue Acts is an absolute offence under section 143 of the TAA. A person convicted of this offence is liable to a fine.
Despite this, using cloud computing to backup business records will not breach record keeping obligations, provided the primary business records are stored in New Zealand.
More at – http://www.ird.govt.nz/technical-tax/revenue-alerts/revenue-alert-ra1002.html
Increased charges reported in the ComputerWorld news analysis on 1st February 2011 one of the largest players in the Cloud Storage service has been forced to change its pricing and its policy. The company says it could no longer offer unlimited storage because it needed to curb the “power users” (around 10% of the million or so users) who store 90% of the total data held by the CS provider. And they’re not alone in changing their pricing and policies – “Others are already doing things like bandwidth throttling to help control the volume of data being stored and limiting the types of files you can backup, but as far as raising prices we haven’t seen that yet by others,” said Gartner analyst Adam Couture. This may be a problem for organisations that are looking to outsource their digital world if you are looking to outsource to the cloud, please read the fine print. Read more – http://bit.ly/gqCiiJ
The Fine Print
- Licence agreements – Have you read every single line of a licence agreement for every piece of software you have downloaded? What happens when the licence agreements change and you weren’t aware that it had think facebook for example.
- Conditions of use this is another nightmare take for example this website http://www.workforceguardian.com.au/index
The website above is a cloud service for managing HR in Australia. The paragraph below is from the terms of the contract. The last paragraph is interesting because it indicates that it will delete information 30 days after you cease subscription which means that the subscriber will be not meeting legislative requirements for retention of employee records.
All documents, forms and other information created by you through the use of the online products and services are maintained on secure servers. WG and its suppliers will take all reasonable steps to maintain the confidentiality of, and restrict access to, this information and will not disclose any of this information to anyone unless required to do so by law. Unfortunately, no data transmission over the Internet can be guaranteed as totally secure. Whilst WG strives to protect such information, WG does not warrant, and cannot ensure, the security of any information that you transmit to WG and any information which you transmit to us is therefore transmitted at your own risk.
Subject to the intellectual property attributable to the underlying forms, documents, agreements, templates, notes and alerts, the information provided by you will remain your property and all copies of your information will be deleted from the WG servers within 30 days of your subscription terminating. You should make yourself aware of your legal obligations in respect of retention periods for business documents. If you wish to download copies of this information, you must advise WG in writing before the termination of your subscription.
As you can imagine, e-discovery can be an absolute nightmare if you don’t have in place things like an organisational BCS or Retention and Disposal Schedule. If you are not capturing all the emails and changes to web pages without keeping track of what/when/where the changes were made. Will you be vulnerable to a request, do you have money set aside to pay the potential fine? Do you have a Director of Jail Terms just in case someone has to take the fall for the company?
Medical record debate
One of the biggest areas we are seeing in the news relates to medical records. Do the benefits of having your medical records available electronically to every doctor / hospital / clinic across the country outweigh the potential problems that may cause?
Given the confidentiality of the material we are talking about, have you given consideration to who is going to be doing the conversion?
- Will records be digitised in-house by staff employed by the organisation?
- Will contract staff be used?
- Will the project be out-sourced?
What guarantees do you have that the information that should be confidential will indeed remain confidential? News reports the world over indicate we are by nature a nosy lot, and it appears that one of the major problems with patient confidentiality comes from people who are employed by the organisations and have access (rightly or wrongly) to patient information.
Three employees at Tucson’s University Medical Center have been fired for improperly accessing the medical records of some of the victims in last Saturday’s shooting spree outside an area mall that killed six people and wounded 13, including U.S. Rep. Gabrielle Giffords (D-Ariz.).
In April 2009, a Kaiser Permanente hospital located near Los Angeles fired 15 workers after they were caught inappropriately accessing the medical records of Nadya Suleman , the California mother who gave birth to octuplets and became a news sensation.
Similarly, in 2008 the medical center at the University of California disclosed that over a 13-year period, as many as 165 doctors, interns and other staffers had improperly accessed data belonging to celebrity patients. Read more
But what about the cases we don’t hear about? Is the reason we don’t hear about them because the system cannot tell who has accessed the material and when. Or is this a case of we know, we fire and we keep a lid on it just in case we’re sued? No-one can know for sure, but I am sure that what we see in the mainstream press / newswires is just the tip of the iceberg when it comes to keeping private information private.
And will that get even worse as and when more information goes online and into the digital realm?
When it comes to digitising material and given the originating documents are usually hand written notes, what about quality control?
- Will every page be checked for accuracy or will it just be a random sample that is checked?
- Will OCR technology be utilised?
- What happens if the OCR technology can’t read the hand writing? Can you just imagine what would happen if you had the wrong drug administered because the system misinterpreted the handwriting?
- What will happen to the original documents?
- What will happen to the scanned documents? Will a retention and disposal schedule be added to the record or will they be retained indefinitely?
- Who “owns” the information? Should you “own” your own records?
- Are you happy for your records to be made available to anyone and everyone?
- What security measures are being put into place to ensure only those who need to see, can?
- What happens if your records are made public (deliberately or accidentally)?
- How will you know?
- Will your records be used for something other than helping to diagnose your latest issue / problem? (think research purposes)
- Would you give permission for them to do that?
- What happens if you decline to give permission or is it a “opt in” unless you say otherwise again how do you know / how will you know?
- Do you ever read all the fine print? Given we do sometimes have to be admitted to hospital in a less than compos mentis state is this even a reasonable thing to expect?
OK, I am just throwing ideas into the mix at the moment, but is anyone else slightly worried about where this may lead?
To make matters even more interesting with regards to the above is the machinery used to scan / store / photocopy the records.
Modern scanning equipment, photocopiers and printers have a memory and retain images of what has been scanned.
Much like a computers memory, these machines store information. What happens when the project is completed do the memories get wiped, or are the operators / owners of the machinery ignorant of this fact.
Given the sensitivity of this kind of material, should we be insisting that all machinery is wiped clean before being allowed off the premises (assuming the scanning took place on site) or do we have to rely on assurances by the out-sourcing companies that they will do it.
I don’t know about you but I can see a million opportunities for the criminal minds to make a lot of money out of this information (or is that just because I write crime fiction in my spare time?). And what about the machinery that is on-sold or dumped because it has been replaced by the next, greatest, bigger and faster machine are these memories wiped?
And of course it is not just medical records we need to worry about but every single piece of information held by organisations we have dealings with over the years. Financial institutions, employers, superannuation companies, social services, retail premises the list is absolutely endless and is quite scary when you stop and think about how much information is out there just waiting to be found and exploited.
With many thoughts