RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: The Need to Think Outside the Box - with Examples for Us to Learn From
From:
Larry Medina <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Mon, 26 Apr 2010 17:56:33 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (132 lines) 
>
>This CBS News story addresses the extraordinary records risks associated
>with discarded digital office copiers.
>
>I believe this CBS News story both introduces a new dimension to the
>need for RM professionals to think outside the traditional box and also
>raises many important questions that records management professionals
>need to consider.  Three that immediately come to my mind are:
>


Bob-

For many in RIM, this may be new... for others of us it is far from new. 

I agree that time is long passed for those in this profession to think of
the once comfortable chamber of boxes locked in the basement or dark
warehouse style building and I believe many/most of us have recognized this
and forged new trails. 

Some of us have been involved in the digital space since prior to desktop
computers occupying space on desktops- having stepped into server side
environments when displays on terminals were all green, orange or white text
on a black screen and when programs were run from 80 column Hollerith cards.

As the industry has changed, where what were known solely as documents and
records, have morphed into the broader realm of "information" that requires
management.  And if those involved in the RM process have moved forward into
RIM roles, one of the critical factors has been to continually identify new
sources of "information assets".  By doing so, determinations can be made to
assess the degree to which this information may rise to meet the definition
of a record for an organization, and the level of management it may require. 

To simply cast a broad net over all of it and say it needs to all be
managed, and the same practices and processes should be used to manage it
all makes no sense, and logistically can't be done.  Decisions need to be
made as to the value of the information, if it meets the organizational
definition of a record, and periodically if that definition remains valid.  

As for the copier issue, it goes MUCH broader than this.  As Vladimir
correctly stated, this applies to MFUs/MFPs.  It also applies to FAX
machines.  It applies to pagers, cell phones, smart phones, PDAs, thumb
drives, "xD" cards in cameras, RAM and PRAM chips in devices and computers
and a whole host of other sources.  GPS devices, trip tracking devices in
vehicles, barcode readers and handheld badge readers and other data
collection points supported by devices are also potential sources of concern
if they aren't completely cleared of content before they "go across the
fence" to others.

While I'm not sure that the universe of comprehensive policy and process to
ensure these sources of information are properly protected should belong to
RM/RIM, to the degree we are aware of it because of our exposure to it and
seeing things from a different perspective, I feel it is our responsibility
to ensure others are made aware of it.

As recently as last week, I reminded our Operations Security organization
that I had communicated these concerns to them more than a year ago.  This
was following a "Lessons Learned" communication from an organization about
an MFU that was used to transmit information by facsimile to others
inadvertently transmitted something it shouldn't have.

Similar concerns were expressed when we were informed of the plan to deploy
smart phones for use and one of the 'benefits' cited was the ability for
users to read, reply and deleted email from these devices, and the ability
to remotely clean the contents from the devices if they were lost.  While
this may be a productivity benefit, because some of the content being
deleted may be a record and it's being deleted directly from the server when
read, there is also the potential for a loss of records. I agree reading and
responding serves as a possible benefit, but content should be left on the
server and deleting should be done from a terminal where the user has the
ability to save content where applicable.  This way, if the device is lost
and remotely cleaned, the content still remains on the server.

As for the specific questions?

>*	How many members of the RIM professionals work for organizations
>that have not addressed this issue?  


Not me- this is the second employer in 12 years I've worked for that was
aware of it, as were my clients while I was consulting.

>
>*	Is the cleansing the hard drives in digital copiers (being
>disposed of) a logical RIM policy, along with cleansing other media and
>equipment prior to disposal? 
>

You bet it is, and it's mentioned in RM Policy, but the detailed procedure
and requirements are in the policy of other organizations, along with the
responsibility for carrying out the sanitization.


>*	Do you believe there is an active intersection between an
>organization's records management, information security, and privacy
>programs - and that RIM professionals need to be more sensitive to
>digital security issues? 
>

This is an intersection, but I don't know that it needs to be active. When
potential issues are identified, they need to be addressed organizationally.
 This can be by a committee structure, but in any event, it should happen
prior to when issues arise.  RM needs to be proactive in identifying risks
and ensuring they are communicated formally to others.  

Each organization makes decisions on how to best structure their functional
units as well as which services belong at an institutional level- depending
on the nature of the organization, it may not be appropriate for all of the
above functions to reside in the same aspect of the organization. 
 
>
>Although this CBS news story addresses only one of the growing elements
>that comprise electronic records management, it vivid illustrates the
>ever-changing and ever-expanding challenge facing RIM professional -
>that mandate the need to think outside the traditional RIM "box" in
>order to meet our responsibilities and achieve the performance levels
>expected of us. 
>

Not all records and information are stored in boxes any longer, and if the
RIMs in organizations haven't recognized this and started thinking "outside
the proverbial box", they're doing themselves a serious disservice. 
 

Larry
[log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2