LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Content-Transfer-Encoding:	8bit
Sender:	Records Management Program <[log in to unmask]>
Subject:	Re: Encryption and the role of the records manager
From:	David Povey <[log in to unmask]>
Date:	Mon, 25 Jul 2005 09:21:25 +1000
Content-Type:	text/plain; charset="iso-8859-1"
MIME-Version:	1.0
Reply-To:	Records Management Program <[log in to unmask]>
Parts/Attachments:	text/plain (21 lines)

Hi Listservers,

Encryption is a looming issue for records managers and two possible but contradictory processes are evident. Firstly is the model proposed by Glenn Sanders, which is that encrypted records shouldn't be stored in the records system because of de-encryption issues. My experience of this is as follows: my (past) company became involved in a contract dispute with Oracle, and the departed CIO's files are encrypted. These files included his contract negotiations. He was happy to have them decrypted, but the keys were destroyed when he left the company. Ooops! [A minor second issue was that he's made a spelling mistake when indexing his emails in Outlook, into a folder called "ocarle", rather than "oracle"!] Result is that evidence couldn't be presented - embarrassing to admit that records are available, but unreadable due to encryption. Case won by Oracle with costs.

My other, more recent experience, involved planning for an Enterprise Content Management system. Avoiding silos (I could discuss this further later: suffice to say that silos are not always evil) meant that access to records of departments was defaulted to open, and so I proposed encryption (with appropriate key management) as a solution for storing commercial-in-confidence and similar records. In other words, positively promoting encryption as a secure means of keeping information secret from prying eyes, including the prying eyes of records staff and system administrators. The alternative would have been to allow sensitive material to be stored outside of the ECM, which would have defeated the purpose (and for legal reasons, the ecm was intended to hold everything).

David Povey
Records Management Consultant
Help Desk Co-ordinator
Codafile Australia
Mob: 0403 886 589
Ph: +61 2 9460 7011
Fax +61 2 9460 7838
Freecall 1800 443 453 (Aust)
[log in to unmask] <mailto:[log in to unmask]>
[log in to unmask] <mailto:[log in to unmask]>
http://www.codafile.com

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US