LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Register of deeds: Bill would 'destroy the integrity' of records
From:	Jesse Wilkins <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Fri, 5 Jun 2015 09:39:04 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (59 lines)

The problem here is that the open records laws don't say, "it's open but
you have to come to our vault, be grilled by administrative staff as to
your interests, and begrudgingly be granted access." They mandate public
access to certain records. Open records gadflys/concerned citizens know
this and I know several who are making 6 figures a year by requesting lots
of open records and suing when they are not provided.

When I teach AIIM ERMM classes I also note that things like divorce records
are generally public unless sealed, and those often have quite sensitive
information including medical and financial information, names of minor
children, etc. Same thing with respect to, say, traffic tickets (home
address, driver's license number, and at least while I was at the City of
Denver, SSN, though this has since changed).

So I get the "law of unintended consequences" thing. However, the answer is
not to wring our hands and bemoan the advent of the Internet, but to work
to push changes to those laws to remove that information en toto or at
least where there is no legitimate public interest. Lots of work going on
right now in the content analytics space that would allow for wholesale
automated redaction of names, credit card numbers, etc. but still work to
be done both on the technology and on getting all those clerk & recorder
offices to recognize the need.

As an aside, "The Cloud" is *not* being hacked daily. For all but the very
largest and most competent IT organizations, the cloud is much more robust
and secure than what their IT staff can manage precisely because "the
cloud" - major cloud service providers like Amazon & Microsoft at least -
is such a huge target. I love my IT staff - all 3 or 4 of them - but there
is simply no way they can do the penetration testing and hacking that major
cloud providers see on an hourly basis even if they had those skills. The
cloud providers in contrast hire significant numbers of the best &
brightest and are targeted by the same on an ongoing basis.

Furthermore, it's still the case that most "hacks" are committed either
through social engineering - getting employees to open malware-laced emails
or links, guessing passwords - or through disgruntled current or former
employees. Again, the cloud is much less susceptible to this than most
organizations. It isn't immediately clear to me, but from most of the
stories I've read the OPM breach seems to be a direct hack into OPM's
systems and a result of poor security, not a cloud-based breach.

TL; DR: Cloud is *more* secure, not less, for all but the most
sophisticated organizations. If you want your information to be secure you
are better off having it in the cloud than in your own, probably poorly
secured, systems, accessed by your poorly trained or inattentive staff.

My tuppence the day after heckacious hail in CO,

Jesse Wilkins, CIP, CRM, IGP
Denver, CO
[log in to unmask]
blog: http://informata.blogspot.com
Twitter: http://www.twitter.com/jessewilkins

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US