> From:    "Hilliard, Mary" <[log in to unmask]>
> Subject: Re: Toughening up Identity Theft legislation
>
> Hugh,
> As Records Management Officer of UT System (which includes UT Austin),  
> I
> have used this incident as a vehicle to communicate to others in my
> organization how our recently approved Records Management Guidelines  
> for
> UT System Administration
> (http://www.utsystem.edu/records/documents/ 
> UT%20System%20Administration%
> 20Records%20Management%20Guidelines%20041206.doc) provides a model that
> can help with the process of identifying where personal information is
> located and assigning responsibility for its protection.  The thought
> processes on how IT relates to the information in its custody versus  
> who
> "owns" the information are slow to change.  I agree that our profession
> must take an active role in educating others to the value we can
> provide.
>
> Mary Hilliard
> Records Manager, Records Management Officer
> UT System Administration

Mary I downloaded the Records Management Guidelines and I thought it  
was excellent. I think one of the concepts that records managers  
adopted a long time ago of moving inactive records offsite or away from  
the high use records is one that IT often ignores. Why keep Alumni  
records on line constantly?  I think one of the problems with evaulting  
is that everything is exposed all the time or at least that is my  
perception that you can bring up anything at any time. The fact that a  
human has to load a tape or cartridge and review who is requesting the  
information might be a valuable security step to have in the security  
program.  As soon as it has to be offline for security then RM should  
have control of it.

Keep in mind, I was not criticizing UT for being exploited by some  
computer whiz. I just read how Auburn University had a "BOT Attack"  
that shut down their system. So as long as we have online computers we  
are always at the mercy of the next smart kid with a new attack idea.   
My post was to encourage ARMA and Records Managers to be more vocal  
about what Congress is doing to the Identity Theft legislation.

But as you mentioned "
> The thought processes on how IT relates to the information in its  
> custody versus who
> "owns" the information are slow to change.

But I think these instances are great talking points to involve records  
management in the management of IT's records.  Somehow a disconnect is  
there that must be remedied.

I mean, I can understand how Auburn University could be attacked but  
not my beloved UT. How can this occur when "The Eyes of Texas are upon  
you, all the live long day! The Eyes of Texas are upon you, you can not  
get away!"

Therefore I predict UT will catch the felon who stole our files.  And  
then Texas justice will occur!  That's right, we will go make them live  
in College Station.  Oh the Humanity!

[Note: Apologies to Auburn University, Texas A&M University and the  
Town of College Station]

Hugh Smith
FIRELOCK Fireproof Modular Vaults
[log in to unmask]
(610)  756-4440    Fax (610)  756-4134
WWW.FIRELOCK.COM

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance