LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Mime-Version:	1.0
Sender:	Records Management Program <[log in to unmask]>
Subject:	Re: Records Director's Access to HR Personnel Files
From:	"John J. O'Brien" <[log in to unmask]>
Date:	Thu, 8 Nov 2007 08:22:27 -0500
Content-Transfer-Encoding:	8bit
Content-Type:	text/plain; charset="ISO-8859-1"
Reply-To:	Records Management Program <[log in to unmask]>
Parts/Attachments:	text/plain (89 lines)

Differing a bit (in detail, but not principle) with Ray, I offer the following.

IT personnel, sometimes even junior and part-time administrators, may
(depending on organisational protocols and awareness) have access to
virtually everything. In paper-based systems, clerks can flip through files.
Diskettes have walked out the door with highly sensitive data and records
after word processing. We may be surprised who, exactly, has access to what.

Access should derive from the nature of the work role and a well managed
infrastructure will be able to track all access by every person to ensure
accountability.

With this in mind, comprehensive access belongs most properly to the most
senior competent individual who is responsible for recorded information
content management - meaning, not technology, that is: the management level
RM officer.

In my own experience in a past government position, during strikes,
emergencies, unforeseeable events it was my responsibility and right
according to post to ensure the efficacy of all record related processes.
Often this entails accessing confidential workflows and data.

The issue, IMO, is whether the systems (electronic and otherwise) are
properly designed to facilitate the appropriate access and whether the
protocols have checks and balances to ensure accountability and prevent abuse.

There is no role (to my knowledge) that demands a more comprehensive access
to recorded information holdings than the corporate records executive.
Properly, again, that executive is in management at a reasonably senior
level, ethically bound and senior enough to be expected and accountable for
doing what is right.

In my own case, in extremely confidential matters, it was only I (within
management) who had both the expertise and responsibility to access certain
information for the Deputy Minister when that person was not willing to
disclose to a broader population that a matter was under investigation. And
in one occasion, only I as excluded management who was given detail about
what was actually sought in a review of certain confidential records subject
to privacy legislation (with a potential to save many millions CAD) where,
through my management role and as part of an investigation access was deemed
legally supportable, where providing more general access to staff performing
search functions was deemed to be too broad an access and a risk to the
investigation.

This level of responsibility comes with risk and, as Ray notes, there is
risk of abuse. IMO, that's life. Somebody has to take accountability and
it should be someone who is ethically sound and knowledgeable about RIM. As
an example, I brought forward the facts when even more senior positions
either refused to comply with policy or acted in ethically questionable ways
relative to record holdings. Yes, there were consequences--politics being
what they are, the messenger may get shot, but the understanding of the
value of the program and the ethical standard is upheld. (And the lack of
integrity in certain very senior persons has not held me back in the long
run and, ultimately, that lack resulted in a "departure" only six months
later ;-)

Point being, I do think the most senior management level with direct RM
responsibility and RM professional standing should have access to everything
as a safeguard for organisational purposes. I do not think that person
should have carte blanche access to whatever he/she feels like--procedures
should require signing authorities and tracking of action taken with
oversight be a designated authority (usually a committee such as the
exeuctive committee).

Cathy, know well what you are asking for. As noted, I believe it is
responsible--but does require that certain protocols and protections are
established, senior officials understand that you will quit and talk before
using your access in unethical ways (say that nicely ;-) I am not aware of
best practices that support your goal. For me, it resulted from an
educational process involving many levels and cogent arguments made on a
variety of matters directly to senior exec. I also found that as an
excluded manager, I had insight into how management uses information that
enabled me to position the issues properly. Good luck (happy to chat off
line if desired).

John James O'Brien, CRM, MALT
[log in to unmask]
Partner & Managing Director
IRM Strategies

www.irmstrategies.com

IRM Strategies

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US