LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Encryption and the role of the records manager
From:	Glenn Sanders <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Mon, 25 Jul 2005 08:17:20 +1000
Content-Type:	text/plain
Parts/Attachments:	text/plain (68 lines)

A serious issue!

We are in very early days here addressing this one, and I've got as far as
including the following in our generic DRM Procedures (and yes, I AM aware
of the logical inconsistency between para one and the first sentence in
para two):

-------------------------------------------------------------
Encryption

Do not use encryption of individual records for records storage.
Encryption introduces unacceptable risk that records may not remain
accessible throughout their official life.

In particular, do not use the password facility in Word, Excel etc as this
is a very substandard level of protection which is easily breached. If you
do wish to use encryption, consult the DMU to ensure that the unencryption
instructions, passwords and software will be available over the life of
the record, and can during that time be matched to the specific encrypted
records.

It may be appropriate to use encryption for In Confidence, Protected or
Highly Protected records while they are being sent to or received from
external sources. This applies especially to e-mail. However the original
record should not be encrypted. Some encryption systems delete the
original as part of the encryption process ? in this case, work from a
copy of the unencrypted original.

Operating systems and some applications encrypt folders, often in a way
that is not noticed by end users. This is acceptable provided that the
unencryption instructions, passwords or software will be available over
the life of the record, and can during that time be matched to the
specific encrypted records.

-------------------------------------------------------------

Ucontrolled encryption has the ability to make it even more difficult to
ensure that records are available over their required life, regardless of
changes in hardware and software (and certainly not helped by inadequate
storage conditions).

Hugh is right - we have to look at the bigger picture. RM has always
glibly talked about records being 'available over their required life' -
we can easily extend this by defining 'available' to include 'securely and
appropriately' or some suchlike.

Glenn

Glenn Sanders MRMA
[log in to unmask]
[log in to unmask]
Australia

These views are mine alone. They may or may not be those of any
previous or present employers or clients. I don't know. If I'd asked
and they'd agreed, I would have signed it "Harry Peck and Co and
Glenn". Or whatever. But I haven't, so I didn't.

----------------------------------------------------------------------------------------
This e-mail may contain confidential or privileged information. If you have received it in error, please notify the sender immediately via return e-mail and then delete the original e-mail. EnergyAustralia has collected your business contact details for dealing with you in your business capacity. More information about how we handle your personal information, including your right of access is contained at http://www.energy.com.au.
----------------------------------------------------------------------------------------

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US