When we review an old information management policy to see if it needs updating, what do we look for? Too often an organization will revise the operative content but fail to update the tone of voice. Obviously we check for accuracy to make sure the policy statements still reflect the current decisions of the organization, the references are all valid, and so on. We also check for policy alignment to make sure we aren’t repeating statements now found elsewhere. We...
Read Article
Summary – “Blockchain Technology and Recordkeeping”
This article summarizes a report published by AIEF on May 30, 2019. Additionally, the article is included in Information Management Magazine, ARMA-AIEF Special Edition, which will be available for download in November. A printed version of the special issue will be available as well, for a nominal fee. Blockchain is often defined as ledgers with entries organized in an append-only, sequential chain using cryptographic links and distributed out and stored on a peer-to-peer computer network. It’s an emerging recordkeeping technology...
Read Article
Read Article
Take the IG Maturity Index Survey
Take the IG Maturity Index Survey Now There is still time to participate in the Information Governance (IG) Maturity Index Project. Does your organization have the necessary elements in place to implement a successful information governance (IG) program? Is your organization leading or falling behind others in your industry? Are there gaps in your IG program? Find out by completing a short survey and help us build the IG Maturity Index. (The survey has eight substantive questions plus a few...
Read Article
Read Article
AI, Records, and Accountability
This article is part of a collaboration between ARMA and AIEF and is included in Information Management Magazine, ARMA-AIEF Special Edition, which will be available for download in mid-November. A printed version of the special issue will be available as well, for a nominal fee. Introduction Artificial intelligence (AI) promises wide-ranging benefits for society, but it also poses a host of ethical challenges, such as racial and gender bias, liability for harms caused by AI systems, inequality, economic dislocation, and...
Read Article
Read Article
Summary – “Industry in One: Financial Services”
This article summarizes a report published by AIEF on June 26, 2019. Additionally, the article is included in Information Management Magazine, ARMA-AIEF Special Edition, which will be available for download in mid-November. A printed version of the special issue will be available as well, for a nominal fee. The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably...
Read Article
Read Article
Summary – “Retention of Accounting Records: A Global Survey of Laws and Regulations”
This article summarizes a report published by AIEF on June 3, 2019. Additionally, the article is included in Information Management Magazine, ARMA-AIEF Special Edition, which will be available for download in mid-November. A printed version of the special issue will be available as well, for a nominal fee. This article summarizes the findings of a global survey of legal retention requirements for accounting records, a category of recorded information that is created and maintained by virtually all companies, government agencies,...
Read Article
Read Article
ARMA, AIEF Collaborate for Special Edition of IM Magazine
ARMA International and the ARMA International Educational Foundation (AIEF) are pleased to announce their collaboration on Information Management Magazine, ARMA-AIEF Special Edition, published in mid-November. Download the free PDF format. Purchase in print format. The special edition, which is available for free download or can be purchased in print format, contains summaries of three AIEF-sponsored research reports on the topics of (1) retention of accounting records around the globe; (2) blockchain technology and recordkeeping; and (3) RIM in the financial...
Read Article
Read Article
Anonymization & Pseudonymization as Tools for Cross-Border Discovery Compliance
Introduction Companies that conduct business internationally, and their lawyers, today face a significant challenge balancing U.S. discovery demands against the requirements of Europe’s General Data Protection Regulation (GDPR). Most U.S. courts and investigators expect parties that are involved in litigation or investigations to comply with requests for potentially relevant documents in their possession, custody, or control, regardless of whether the documents are located within or outside the United States. However, the data privacy and data protection rules of many countries...
Read Article
Read Article
Sponsored Content: Microfilm in The Digital World
Bringing the best technology to the full life cycle of microfilm, e-ImageData’s ScanPro® line of microfilm scanners moves you into the digital world with speed and economy. Today, in this digital age, users expect information to be easily and quickly accessible. Information on microfilm is no exception. So, it is no surprise that the focus today is to convert those trillions of stored microfilm records to a digital format to make it possible to quickly locate the information and immediately...
Read Article
Read Article
New Cohasset/ARMA Benchmarking Report Says ‘We Aren’t There Yet’
ARMA International and Cohasset Associates are excited to announce the 2019 Information Governance Benchmarking Report. In 1999, Cohasset Associates launched the survey, which has tracked the evolution of the information profession over the past two decades. In that time, more than 14,000 respondents have helped chronicle the evolution to information governance (IG). On its title page, the newly released edition of the Information Governance Benchmarking Report asks this question: “Are we there yet?” The answer, according to Carol Stainbrook, executive...
Read Article
Read Article
Eisen’s Book on Rule-Writing Delivers on its ‘How-To’ Promises
Usually I pick up a how-to book only if it’s in the way of a book I want to read, but Lewis S. Eisen’s How to Write Rules That People Want to Follow (Pixley Press) conquered my bias rather quickly. Here are four reasons I’d recommend the book to anyone in the workplace: First, the topic is fresh and pertinent. Few would argue against his view that rules too often sound crabby and aggressive and are frequently unclear. In the...
Read Article
Read Article
Will Google Play Fair in the ‘Privacy Sandbox?’
On August 22, Justin Schuh, a director on Google’s Chrome Engineering team, introduced the company’s plans for a “privacy sandbox,” a colorful title for its initiative that purports to strengthen web privacy. The news appeared on Google’s blog in an article titled “Building a more private web.” According to Schuh, the need for a privacy sandbox stems from certain data practices that “don’t match up to user expectations for privacy.” He suggests that when other browsers allow the blocking of...
Read Article
Read Article
Can Information Management Policies Be Both Clear and Concise?
Most information management (IM) professionals would agree that well-written policies are clear and concise. Too often, though, the policies are “dumbed down” because someone is afraid that maybe, somewhere, some individual in the organization might not be familiar with one of the technical words used in the policy. The logic is that if one person doesn’t understand the policy as worded, that lack of understanding would be a terrible thing. The result of such caution is either (1) a policy...
Read Article
Read Article
Managing Legacy Paper Files in the Digital Era
Addressing your organization’s legacy paper files and capturing them in your digital information ecosystem may feel like a daunting task. As discussed in our recent white paper, capture is the first step in the information lifecycle and is essential for achieving digital transformation and enabling the strategic alignment of information activities envisioned by information governance (IG). Paper files are effectively “dark,” inaccessible to your organization’s digital information ecosystem until they are captured through scanning, either imaging or digitization.1 Download the...
Read Article
Read Article
Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach
On July 22, 2019, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. According to the FTC’s press release, the data breach included “names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.” (See FTC press release Equifax to Pay $575 Million as Part of...
Read Article
Read Article
Concerns Over FaceApp Remind Us That Users May Not Fathom the Permissions They Grant Apps
Geoffrey A. Fowler, tech columnist for the Washington Post, opens his July 17 article with a question that’s pertinent to millions of app users: “When an app goes viral, how can you know whether it’s all good fun — or covertly violating your privacy by, say, sending your face to the Russian government?” In an email response, the founder of Russian-based FaceApp answers Fowler’s question: Yaroslav Goncharov asserts user data is not transferred to Russia. But should Russian servers even...
Read Article
Read Article
A Pair of Foundational Concepts
The following is an excerpt from the ARMA Guide to the Information Profession. Words matter and word choices matter. In any profession that is looking to move forward in maturity, there are often vernacular issues that make gaining a comprehensive understanding of the profession a challenge. This is one of the reasons bodies of knowledge are so incredibly helpful: they help to clarify the vocabulary of a profession. The information profession is filled with confusing terms, misused terms, and confusing...
Read Article
Read Article
Goals of New Canadian Digital Charter Include Assuring Privacy, Eradicating Hate Online
Multiple news outlets are reporting on Canada’s new digital charter, which comprises 10 principles that are based on Canadian values that should guide all future government policies, legislation, and programs. When introducing the charter late last month, Navdeep Bains, minister of Innovation, Science, and Economic Development, emphasized that data will drive business in the new digital economy. But he also noted that privacy, security, and “trust” are fundamental priorities, suggesting that Canadians must be able to trust their information is...
Read Article
Read Article
Why Are Businesses Opting for Edge, AI, and IoT – and Are They Wise to Do So?
Edge computing is increasingly associated with at least two “trending” terms in the IT and information arenas: Internet of Things (IoT) and artificial intelligence (AI). Broadly speaking, the term refers to computing that’s done at or near the source of the data. Today, a great percentage of data is stored in the cloud and may therefore be located continents away. These great distances can result in delays in computing, which can impact an organization’s capacity to optimally analyze and leverage...
Read Article
Read Article
Attorneys Respond to Delaware Court’s Affirmation That Emails and Texts May Constitute Corporate Books and Records
In reporting on recent actions in the Delaware courts, WilmerHale attorneys Stephanie C. Evans and Alan J. Wilson remind organizations to carefully manage all evidence of communications among boards and directors, whether it comes in traditional formats or through less formal media. Writing for Mondaq, the attorneys note that several court actions this year in Delaware have clarified the scope of the Delaware General Corporation Law, Section 220, which gives stockholders and directors the right to demand access to an...
Read Article
Read Article
IG Exec Has Learned From Failures, Says IG Success Requires C-Suite Presence
Aaron Bryant, chief IG officer at the Washington State Department of Health, recently provided CIODive.com with an account of the lessons he’s learned in his 14 years as a leader of IG programs and the keys to finding IG success. Bryant, also a faculty member of the Compliance, Governance, and Oversight Council (CGOC), concedes that most information pros know by now that IG success relies on close coordination among stakeholders, but he warns that “operationalizing this can be challenging.” Too...
Read Article
Read Article
Judge’s Ruling May Provide Clues to the Outcome of Employee’s ‘Dropbox’ Privacy Suit
Earlier this year, a judge from the Western District of Pennsylvania acted on behalf of employee privacy rights when she partially denied a public employer’s motion to dismiss a suit that accused it of violating the plaintiff’s Fourth Amendment rights. As summarized on Mondaq.com, Elizabeth Frankhouser, an employee of an educational facility, used her personal Dropbox account to store personal and workplace data. Hence, a link to Dropbox was on her workplace screen, though no data contained in the account...
Read Article
Read Article
As it Nears its First Anniversary, the GDPR Gets Predictably Varied Reviews
Later this month, the EU’s General Data Protection Regulation (GDPR) will mark its one-year anniversary, and multiple news outlets are chiming in with commentary on the impact of the landmark law. Legaltechnews, for instance, reports on an IAPP Global Privacy Summit session in which a European data protection official and others reviewed the law’s first year and forecasted what might come next. Among her comments, Andrea Jelinek, the European Data Protection Board chair and Austrian Data Protection Authority director, noted...
Read Article
Read Article
How to Break the Mold of Negativity Around IM Policies
Most people associate IM policies with notions like requirements and restrictions. Those connotations are unfortunate because that’s not what writing rules is about. Written properly, rules are primarily about getting clarity and about target setting. No matter what the field — IM, IT, Security — rules are about helping people do the right thing. The negative connotations are understandable, though, given the tone of voice of many policy documents. Often organizations claim to hold “respect for others” as a core...
Read Article
Read Article
Mapping Document Management Processes (Leveraging an Information Lifecycle)
(The following is an excerpt from an ARMA White Paper "Reviving Document Management: How the Knowledge and Experience of Document Management Can be Leveraged for Organizational Improvement", sponsored by Access.) Processes around documents must mirror the processes around all organizational information. A consistent lifecycle for all information in an organization must be applied, with room for the unique nuances of document management to assert themselves. For this consistency across systems and classes of information (including documents), one should leverage an...
Read Article
Read Article
Establishing a Collaboration Process to Bolster Knowledge Management
Collaboration: interacting with peers and colleagues to exchange ideas, share experiences, work together on projects, and solve problems. Work teams, project teams, and communities need a consistent way to share their knowledge, coordinate their activities, and communicate with one another. Providing a process for collaboration enables basic functions such as document and photo libraries, file sharing, membership rosters, lists, discussions, polls and surveys, calendars, meeting sites, and links. Making this process a standard ensures that there is a consistent way...
Read Article
Read Article
Mind Tools for Managers: A Crash Course in Effective Management Skills
Mind Tools for Managers: 100 Ways to Be a Better Boss focuses on identifying the complete list of skills that managers can master to be better leaders in their organizations. The authors provide working professionals with practical advice for these competencies – such as the ability to adequately cope with change and stress – and they direct their readers to an accompanying website where they can access such external resources as videos, skill-building articles, and worksheets. Key topics from this...
Read Article
Read Article
ARMA Q&A: GDPR Regulations and Electronic Records
Question: "What are the GDPR regulations for personal data in electronic records such as social media, video, and instant messages?" Answer: Since May 28, 2018, the General Data Protection Regulation (EU) (2016/679) (GDPR) has been in force. The GDPR is not new; it is an updated replacement for the now repealed Data Protection Directive (1995/46/EC). Article 3 of the GDPR states that it applies to the processing of personal data by a controller or a processor, whether inside or outside...
Read Article
Read Article
Utah to Become Leader in Digital Privacy
The Utah legislature just passed landmark legislation in support of a privacy law that protects private electronic data stored with third parties (like Google and Facebook) from free-range government access. Molly Davis, in an opinion piece on Wired.com, applauds the move: “Prosecutors and law enforcement may argue they need the power of data collection to protect the public from potential criminals. But individual liberty protections are far more important than perceived safety risks. If there is a legitimate safety concern...
Read Article
Read Article
‘Alexa, Fix My Records!’ A Look at AI in the Information Profession
To many people, “artificial intelligence” is a bit of an oxymoron. It is the suggestion that we can create something that then can be creative on its own. If intelligence is the ability to acquire and apply knowledge and skills, requiring a measure of judgement and reasoning, can we create such a thing through mechanical or digital means? Some scholars suggest that artificial intelligence (AI) isn’t intelligence at all, but rather an advanced machine skill-set that is mathematically driven and...
Read Article
Read Article
The Next Internet: Will it Serve the Public’s Interest?
The Next Internet has arrived. The Internet of previous years has been replaced by a new iteration that is profoundly changing the digital landscape. In Becoming Digital: Toward a Post-Internet Society, Vincent Mosco introduces the Next Internet by analyzing the three pillar technological systems that constitute it, namely cloud computing, big data analytics, and the Internet of things. The central argument is that these three pillar technological systems “comprise an increasingly integrated system that is accelerating the decline of a...
Read Article
Read Article
Migrating Legacy Records – a Case Study
Organizations that maintain electronic records systems may at some point need to undertake either a records conversion or migration to address software obsolescence. This article discusses how the Calgary Police Service’s (CPS) records and information management (RIM) and information technology (IT) teams collaborated to ensure that nearly four million criminal case file records stored in its legacy system – a system used for more than 40 years – were successfully migrated to a new, off-the-shelf records management system (RMS). Migrating...
Read Article
Read Article
ARMA President-Elect Says Expanded California Privacy Bill ‘Ups the Ante’ for IG
California Attorney General Xavier Becerra endorsed a bill last week that expands the state's new privacy act to permit consumers to sue companies over their handling of personal data. The privacy law that was passed in 2018 gave consumers the right to sue only in the case of a data breach. The new bill allows them to sue over any violations. Becerra acted against the wishes of tech lobbyists, according to Reuters. Jason Stearns, ARMA’s president-elect, says the expansion of...
Read Article
Read Article
Beyond Compliance: Eight Steps for Using Privacy By Design to Develop a Privacy Program
Governments globally are passing strict information privacy laws and regulations, and organizations are being hard-pressed to comply with them or suffer stiff penalties. Using the principles of Privacy By Design, organizations can design a privacy program to meet this challenge. Mandatory privacy breach reporting. Privacy impact assessments. Access to information requests. The right to be forgotten. If these terms, which pop up in regulations like the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act, and Canada’s...
Read Article
Read Article
Why Information Architecture is Vital to Information Governance
Whether you are migrating petabytes of content from an obsolete enterprise content management (ECM) platform to a modern content management system (CMS) or just looking to make your intranet less awful, it’s time to get started with information architecture (IA). You know that information volumes, varieties, and velocities are ever increasing in today’s fast-paced digital world. This has created a growing urgency in not only managing all our content and data, but in actually governing it. Organizations need to intelligently...
Read Article
Read Article
Professionals in Data Collection and Management Will Find Value in New Edition of ‘Fundamentals’
Reviewed by Ana Rosa Blue TITLE: Fundamentals of Collection Development and Management, Fourth EditionAuthor: Peggy JohnsonPublisher: ALA EditionsDate: 2018Length: 432 pagesPrice: $85.00 | ALA Members: $76.50ISBN: 13 978-0-8389-1641-4 (softcover)Source: ALA Store Peggy Johnson describes her book Fundamentals of Collection Development and Management (fourth edition) as “a comprehensive introduction for students, a primer for experienced librarians with new collection development and management responsibilities, and a handy reference resource for practitioners as they go about their day-to-day work.” Indeed, those tasked with...
Read Article
Read Article
Master Leader or Master Servant?
Fellows Forum Starting with his role as a team captain on the football field, Dave McDermott set out to become a good leader. From that experience, his father, workplace mentors, and an enlightening book he learned that a successful leader has to serve those he is leading, being willing to “pick up a broom and sweep floors right along the side of the people he or she is responsible for.” Many, many years ago I was fortunate enough to be...
Read Article
Read Article
Isaza Responds to Illinois Supreme Court Ruling on Biometric Privacy
In January, the Illinois Supreme Court ruled an individual does not have to plead an actual injury or harm, apart from the statutory violation itself, in order to sue under the Illinois Biometric Information Privacy Act (BIPA), as reported by Jeffrey Neuburger of Proskauer. The long-awaited decision stems from Rosenbach v. Six Flags Entertainment Corp. According to Neuberger’s account, because the BIPA statute does not define “aggrieved,” many legal arguments and amicus briefs have tried to influence the Court as...
Read Article
Read Article
Legalweek 2019 Kicks Off With Former United States Attorneys General Loretta Lynch and Alberto Gonzalez Focused On Cybersecurity
Two former U.S. Attorneys General helped kick off Legalweek 2019 by sharing their thoughts on such pressing issues as cybersecurity, privacy, civil rights, and more. Former attorneys general Albert Gonzalez and Loretta Lynch spoke frankly in a discussion attended primarily by attorneys and moderated by ALM’s Molly Miller. (ARMA International, a track sponsor of Legalweek 2019, was represented in the audience as well.) Miller, the chief content officer for ALM, asked Gonzalez and Lynch to describe what the U.S. government...
Read Article
Read Article
Dropbox Buys Hello Sign, Adds its Coveted Workflow Capabilities
Dropbox has announced its acquisition of HelloSign, an organization that provides document workflow and e-signature services. Whitney Bouck, COO of HelloSign, told ARMA International that the company is “thrilled to be joining the Dropbox family.” She said, “With so many similarities between our products, business models, and cultures, it’s a natural fit. This move will accelerate our mission to give customers a better way to get work done.” Quentin Clark, Dropbox’s senior vice president of engineering, told TechCrunch that the...
Read Article
Read Article
Google Is Fined $57 Million, First Major Penalty Under Europe’s Data Privacy Law
The New York Times was among the many sources recently reporting that the French data protection authority fined Google about $57 million for “not properly disclosing to users how data is collected across its services – including its search engine, Google Maps and You Tube – to present personalized advertisements.” It’s the largest penalty given for violating the General Data Protection Regulation (GDPR). According to the Times, it “shows that regulators are following through on a pledge to use the...
Read Article
Read Article
Stuck in Rewind? Dynamic E-Discovery for Cloud Data
An array of new cloud-based digital sources has emerged across the corporate landscape: chat tools, collaboration platforms, cloud productivity suites, and more. Programs like Slack, Office 365, and Salesforce bring many new and exotic challenges to corporations trying to organize, control, and produce data from these programs, and e-discovery can be particularly daunting when wrestling with the unique characteristics of this data. In many cloud-based platforms, documents are saved approximately every 30 seconds to ensure that the user’s working data...
Read Article
Read Article
Information Governance Body of Knowledge Published
Published on Oct. 22, the Information Governance Body of Knowledge (IGBOK) provides information governance (IG) stakeholders – information management, information technology, legal, risk/compliance, privacy, security, and business unit heads – the clear, concise, and practical guidance they need to govern their organization’s information assets effectively. Filled with strategic advice, policy guidance, “how to” processes, and valuable templates, IGBOK was developed by a group of subject matter experts representing the IG stakeholder groups; collectively, this group has more than 500 years...
Read Article
Read Article
To Improve Your Information Systems, You Must Understand the Architecture
Information Systems: Process and PracticeEditors: Christine Urquhart, Faten Hamad, Dina Tbaishat, and Alison YeomanPublisher: Facet PublishingPublication Date: December 2017Length: 288 pagesPrice: $89ISBN: 978-1783302413 In Information Systems: Process and Practice, Christine Urquhart and a group of highly respected researchers study the concept of information architecture (IA) within information systems (IS) management. The book explores how IA can help library science and other information professionals meet the challenges of today’s technology-driven world and capitalize on the power of data management. Two Areas...
Read Article
Read Article
New Edition on Metadata Use Provides ‘Tutorial’
Metadata for Information Management and Retrieval: Understanding Metadata and its Uses, 2nd ed.Authors: David HaynesPublisher: Facet PublishingPublication Date: 2018Length: 288 pagesPrice: $69ISBN: : 978-I-85604-824-8Source: alastore.ala.org As part of my activities as a records manager and archivist, I regularly collect and create metadata without articulating my philosophy about doing so or possessing great expertise in either activity. This book encourages reflection on how and why we use metadata. It is aimed at information professionals in museums, libraries, and archives, as well as...
Read Article
Read Article
U.S. Seeks a New Start to Talks on Global Cybersecurity Practices
Cyberscoop.com reports that at the recent United Nations (U.N.) session, White House officials gauged interest in restarting talks on global cybersecurity norms. Such negotiations crumbled in 2017 because of acrimony among certain countries, reportedly due to disagreements between Washington and Moscow and others over the right to self-defense in cyberspace. In a recent meeting with agents from some 20 U.N. countries, U.S. Deputy Secretary of State John J. Sullivan encouraged renewing the conversation at the U.N. Group of Governmental Experts...
Read Article
Read Article
Proposed NAFTA Replacement Recognizes Need For Privacy Framework
Recently the United States, Mexico, and Canada proposed a new trade pact to replace the North American Free Trade Agreement (NAFTA). According to the HuntonPrivacyBlog, the new pact recognizes “the economic and social benefits of protecting the personal information of users of digital trade” and will require the three nations to “adopt or maintain a legal framework that provides for the protection of the personal information of the users[.]” This framework, according to the Hunton blog, should include such principles...
Read Article
Read Article
Wendy’s Sued for Mismanagement of Employee Fingerprints
As reported by ZDNet.com, a class-action lawsuit has been filed in Illinois that claims Wendy’s restaurant chain has broken state laws by improperly storing and managing employee fingerprints. The complaint centers on Wendy’s practice of using biometric clocks that scan fingerprints when employees arrive at work, when they leave, and when they use the point-of-sale and cash register systems. The suit contends that Wendy’s breaks the Illinois Biometric Information Privacy Act (BIPA) because the company doesn’t inform its employees how...
Read Article
Read Article
California Consumer Privacy Act Is Work in Progress, Says Attorney
In a recent piece on Information-Management.com, Matthew Nelson, an attorney with DiscoverReady LLC, says the 2018 California Consumer Privacy Act (CCPA) is constantly evolving, evidenced by the September passing of Senate Bill 1121, which serves rather like an amendment to the CCPA. Nelson says because of SB-1121, consumers bringing a private right of action no longer must notify the attorney general. Further, organizations no longer must disclose on their website or in their online privacy policy that a consumer has...
Read Article
Read Article
Q&A: Fingerprint Security
Question: With fingerprint security technology now used in so many businesses for secured door access, what category does it fall under (e.g., personally identifiable information)? How is the data deleted upon employee termination? Answer: Fingerprint information falls under a type of record referred to as biometrics. These questions bring up several facets of biometric recordkeeping: use, retention, and governance. Biometric Information Uses In addition to being used for secured door access, fingerprints are used routinely in the workplace for timeclock...
Read Article
Read Article
Big Bucket Retention: Objectives, Issues, Outcomes
Fifteen years after its introduction by the U.S. National Archives and Records Administration as a strategy for improving federal agencies recordkeeping performance, the big bucket approach to record retention is in common use. This article summarizes an interview-based study of the objectives, issues, and outcomes of current big bucket retention initiatives in 14 organizations. The study was conceptualized and underwritten by the ARMA International Educational Foundation, www.armaedfoundation.org A traditional retention schedule provides a detailed enumeration – sometimes described as a...
Read Article
Read Article
Blockchain Redux – Cracking the Code on Cryptocurrencies
This article focuses on a facet of blockchain – cryptocurrencies – which are also known as virtual currencies, crypto coins, digital assets, or digital coins. In the November/December 2017 issue of Information Management, author Victoria L. Lemieux provided a SWOT analysis of blockchain recordkeeping, a groundbreaking electronic ledger technology. Deployed for decentralized, secure recordkeeping, its uses continue to be explored and include purposes such as health care, (e.g., electronic medical records), government records management (e.g., deed recording,), and legal services...
Read Article
Read Article
Lost in the Clouds: Liability for Personal Information Breaches
This article summarizes several U.S. Court decisions regarding liability in breaches of personal information collected by third-party service providers on the behalf of other organizations. This is just one aspect of a study of information management-related cases that was solicited by the ARMA International Educational Foundation and underwritten by the ARMA Metro New York City Chapter; it is available at armaedfoundation.org. Organizations have a penchant for capturing increasingly large amounts of information and storing it in distributed systems (i.e., computer...
Read Article
Read Article
Report Says Healthcare Insiders Pose Greatest Data Security Threat
A Verizon report suggests that nearly 60% of data security incidents at healthcare organizations are caused by insiders, according to an article on Law.com. The “Protected Health Information Data Breach Report” implies that healthcare is the only industry in which internal players are the greatest threat to an organization’s data security. The study reviewed 1,368 security incidents involving patient medical records in 27 countries. It included confirmed breaches and security incidents in which data was at risk but not confirmed...
Read Article
Read Article
Norway Plans 1,000-Year Digital Archive for Everything
ZDNet.com reports that near the Arctic Circle, experts at the National Library of Norway’s (NLN) secure storage facility are implementing an astonishing plan for digitizing everything ever published in Norway: books, newspapers, manuscripts, posters, photos, movies, broadcasts, and maps, as well as all websites on the Norwegian domain. The work was begun 12 years ago and will likely take 30 years to complete. According to the article, the library has more than 540,000 books and 2 million newspapers in its...
Read Article
Read Article
Canadian Government Is Improving its Cybersecurity
Eweek.com reports that the government of Canada is taking an active, aggressive strategy to defends its networks from cyber attacks. In October, Scott Jones, head of the Canadian Centre for Cyber Security at the Canadian Security Establishment (CSE), summarized the steps being taken and how individuals and organizations can benefit from the same approach. “Every day, the CSE blocks hundreds of millions of malicious activities directed at the government of Canada... We decided to break the cycle and make it...
Read Article
Read Article
Facebook Says Breach Affected About 50 Million Accounts
As widely reported, the mid-September Facebook data breach may have affected nearly 50 million accounts. Bloomberg.com refers to it as “the latest in a series of missteps that are undermining confidence in the company’s social network and business model.” In a statement, Facebook said it has fixed the breach, which had let hackers take over accounts. The accounts of Chief Executive Officer Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg were among those targeted by the hack, according to Bloomberg....
Read Article
Read Article
Gartner Foresees the End of On-Premises ECMs in 2019
A recent Gartner Inc. report predicts the current enterprise content management (ECM) market will “devolve into purpose-built, cloud-based content solutions and solution services applications.” According to an article on idm.net.au, the Gartner study finds that organizations are increasingly adopting cloud solutions rather than on-premises ECMs. Software as a service (SaaS) remains the biggest segment of the cloud market, with global revenue predicted to grow 17.8% to reach $85.1 billion in 2019. “The increasing adoption of SaaS applications and other cloud...
Read Article
Read Article
New California Laws Ask IoT Makers for Security Features
California Gov. Jerry Brown has signed two bills that are designed to make manufacturers of Internet-connected devices more responsible for ensuring the privacy and security of Californians, as reported on GovTech.com. The bills require manufacturers to equip connected devices with a “reasonable security feature or features” that are appropriate to their nature, function, and the information they may collect, contain, or transmit. The security features must be designed to protect the device and its information from “unauthorized access, destruction, use,...
Read Article
Read Article
GDPR Invites Collaboration, E-Discovery Panel Says
As reported on Law.com, analysts and attorneys specializing in e-discovery recently suggested the EU’s General Data Protection Regulation (GDPR) may be worth embracing largely because it encourages collaboration among stakeholders and provides an opportunity to embed privacy into the discovery process. That was the view of some panelists in a session titled “International e-Discovery and Data Protection,” held at Relativity Fest 2018, an annual event that focuses on issues in legal discovery. “Eighteen months ago, there seemed to be a...
Read Article
Read Article
Sedona Conference® Explores GDPR Impact on E-Discovery
Law.com reports on a web seminar hosted by The Sedona Conference® international electronic information management, discovery and disclosure working group, which looked at how e-discovery professionals and courts are subject to the EU General Data Protection Regulation (GDPR). Importantly, the panel suggested that the wide scope of what the GDPR considers to be personally identifiable information makes it probable that any EU data collection conducted by U.S. attorneys would have to comply to GDPR standards. In the data-gathering phase at...
Read Article
Read Article
Report Finds Big Increase in Cyber Attacks, Reveals 5 Top Methods
TechRepublic.com cites a recent report from a security company that suggests cyber attacks continue to increase in occurrence. The report, from Positive Technologies, says that the second quarter of 2018 saw a 47% increase in cyber attacks when compared to the same period in 2017. Targeted attacks outnumbered mass campaigns, which indicates a growing sophistication among the cybercrooks. Increasingly, data theft is driving the attacks, with many criminals seeking personal data (30%), credentials (22%), and payment card information (15%). Hackers...
Read Article
Read Article
ACLU Counsel Says Be Wary of Federal Privacy Legislation
In a Washington Post op-ed piece, Neema Singh Guliani, senior legislative counsel at the American Civil Liberties Union (ACLU), warns that the growing push for federal privacy legislation is bad news for consumers. Guliani cites several examples of how states are leading the efforts to protect consumer privacy, including California’s recent consumer privacy act and the Illinois law that sets limits on the commercial collection and storage of biometric data. According to Guliani, the U.S. Chamber of Commerce and lobbying...
Read Article
Read Article
ARMA, AIEF Collaborate for Special Edition of IM Magazine
ARMA International and the ARMA International Educational Foundation (AIEF) are pleased to announce their collaboration on Information Management Magazine, ARMA-AIEF Special Edition, published in mid-November. Download the free PDF format. Purchase in print format. The special edition, which is available for free download or can be purchased in print format, contains summaries of three AIEF-sponsored research reports on the topics of (1) retention of accounting records around the globe; (2) blockchain technology and recordkeeping; and (3) RIM in the financial industry. Full reports can be downloaded from the AIEF site. The special edition also includes two additional articles: one on...
Read Article
Read Article
Will Google Play Fair in the ‘Privacy Sandbox?’
On August 22, Justin Schuh, a director on Google’s Chrome Engineering team, introduced the company’s plans for a “privacy sandbox,” a colorful title for its initiative that purports to strengthen web privacy. The news appeared on Google’s blog in an article titled “Building a more private web.” According to Schuh, the need for a privacy sandbox stems from certain data practices that “don’t match up to user expectations for privacy.” He suggests that when other browsers allow the blocking of cookies, it actually undermines privacy “by encouraging opaque techniques such as fingerprinting.” The fingerprinting technique consists of developers harvesting small...
Read Article
Read Article
Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach
On July 22, 2019, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. According to the FTC’s press release, the data breach included “names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.” (See FTC press release Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach, July 22, 2019.) Equifax agreed to pay between $575...
Read Article
Read Article
Concerns Over FaceApp Remind Us That Users May Not Fathom the Permissions They Grant Apps
Geoffrey A. Fowler, tech columnist for the Washington Post, opens his July 17 article with a question that’s pertinent to millions of app users: “When an app goes viral, how can you know whether it’s all good fun — or covertly violating your privacy by, say, sending your face to the Russian government?” In an email response, the founder of Russian-based FaceApp answers Fowler’s question: Yaroslav Goncharov asserts user data is not transferred to Russia. But should Russian servers even be our chief concern? Fowler’s article opens with a focus on that issue – including a link to an article...
Read Article
Read Article
Attorneys Respond to Delaware Court’s Affirmation That Emails and Texts May Constitute Corporate Books and Records
In reporting on recent actions in the Delaware courts, WilmerHale attorneys Stephanie C. Evans and Alan J. Wilson remind organizations to carefully manage all evidence of communications among boards and directors, whether it comes in traditional formats or through less formal media. Writing for Mondaq, the attorneys note that several court actions this year in Delaware have clarified the scope of the Delaware General Corporation Law, Section 220, which gives stockholders and directors the right to demand access to an organization’s books and records “where a proper purpose can be demonstrated.” Importantly, the courts have affirmed that emails, text messages,...
Read Article
Read Article
Utah to Become Leader in Digital Privacy
The Utah legislature just passed landmark legislation in support of a privacy law that protects private electronic data stored with third parties (like Google and Facebook) from free-range government access. Molly Davis, in an opinion piece on Wired.com, applauds the move: “Prosecutors and law enforcement may argue they need the power of data collection to protect the public from potential criminals. But individual liberty protections are far more important than perceived safety risks. If there is a legitimate safety concern requiring access to a person's data, law enforcement will still be able to obtain a warrant. Without that warrant requirement...
Read Article
Read Article
ARMA President-Elect Says Expanded California Privacy Bill ‘Ups the Ante’ for IG
California Attorney General Xavier Becerra endorsed a bill last week that expands the state's new privacy act to permit consumers to sue companies over their handling of personal data. The privacy law that was passed in 2018 gave consumers the right to sue only in the case of a data breach. The new bill allows them to sue over any violations. Becerra acted against the wishes of tech lobbyists, according to Reuters. Jason Stearns, ARMA’s president-elect, says the expansion of “the most significant change in the U.S. privacy landscape” heightens the need for a strong IG program within organizations. “This...
Read Article
Read Article
Isaza Responds to Illinois Supreme Court Ruling on Biometric Privacy
In January, the Illinois Supreme Court ruled an individual does not have to plead an actual injury or harm, apart from the statutory violation itself, in order to sue under the Illinois Biometric Information Privacy Act (BIPA), as reported by Jeffrey Neuburger of Proskauer. The long-awaited decision stems from Rosenbach v. Six Flags Entertainment Corp. According to Neuberger’s account, because the BIPA statute does not define “aggrieved,” many legal arguments and amicus briefs have tried to influence the Court as to its meaning. John J. Isaza, Esq, of Rimon P.C., tells ARMA International the issue is not necessarily settled: “Despite...
Read Article
Read Article
Dropbox Buys Hello Sign, Adds its Coveted Workflow Capabilities
Dropbox has announced its acquisition of HelloSign, an organization that provides document workflow and e-signature services. Whitney Bouck, COO of HelloSign, told ARMA International that the company is “thrilled to be joining the Dropbox family.” She said, “With so many similarities between our products, business models, and cultures, it’s a natural fit. This move will accelerate our mission to give customers a better way to get work done.” Quentin Clark, Dropbox’s senior vice president of engineering, told TechCrunch that the workflow capabilities were integral to the acquisition: “What is unique about HelloSign is that the investment they’ve made in APIs...
Read Article
Read Article
Google Is Fined $57 Million, First Major Penalty Under Europe’s Data Privacy Law
The New York Times was among the many sources recently reporting that the French data protection authority fined Google about $57 million for “not properly disclosing to users how data is collected across its services – including its search engine, Google Maps and You Tube – to present personalized advertisements.” It’s the largest penalty given for violating the General Data Protection Regulation (GDPR). According to the Times, it “shows that regulators are following through on a pledge to use the rules to push back against internet companies whose businesses depend on collecting data.” The ruling hits at Google’s basic practice...
Read Article
Read Article
Information Governance Body of Knowledge Published
Published on Oct. 22, the Information Governance Body of Knowledge (IGBOK) provides information governance (IG) stakeholders – information management, information technology, legal, risk/compliance, privacy, security, and business unit heads – the clear, concise, and practical guidance they need to govern their organization’s information assets effectively. Filled with strategic advice, policy guidance, “how to” processes, and valuable templates, IGBOK was developed by a group of subject matter experts representing the IG stakeholder groups; collectively, this group has more than 500 years of experience and expertise. Those who purchase this edition of IGBOK will receive the second edition free of charge. Learn...
Read Article
Read Article
U.S. Seeks a New Start to Talks on Global Cybersecurity Practices
Cyberscoop.com reports that at the recent United Nations (U.N.) session, White House officials gauged interest in restarting talks on global cybersecurity norms. Such negotiations crumbled in 2017 because of acrimony among certain countries, reportedly due to disagreements between Washington and Moscow and others over the right to self-defense in cyberspace. In a recent meeting with agents from some 20 U.N. countries, U.S. Deputy Secretary of State John J. Sullivan encouraged renewing the conversation at the U.N. Group of Governmental Experts (GGE), according to a U.S. State Department statement. “[N]onbinding norms of responsible behavior during peacetime provides important guidance to states,...
Read Article
Read Article
Proposed NAFTA Replacement Recognizes Need For Privacy Framework
Recently the United States, Mexico, and Canada proposed a new trade pact to replace the North American Free Trade Agreement (NAFTA). According to the HuntonPrivacyBlog, the new pact recognizes “the economic and social benefits of protecting the personal information of users of digital trade” and will require the three nations to “adopt or maintain a legal framework that provides for the protection of the personal information of the users[.]” This framework, according to the Hunton blog, should include such principles as limitations on collection, choice, data quality, purpose specification, use limitation, security safeguards, transparency, individual participation, and accountability. The agreement...
Read Article
Read Article
Wendy’s Sued for Mismanagement of Employee Fingerprints
As reported by ZDNet.com, a class-action lawsuit has been filed in Illinois that claims Wendy’s restaurant chain has broken state laws by improperly storing and managing employee fingerprints. The complaint centers on Wendy’s practice of using biometric clocks that scan fingerprints when employees arrive at work, when they leave, and when they use the point-of-sale and cash register systems. The suit contends that Wendy’s breaks the Illinois Biometric Information Privacy Act (BIPA) because the company doesn’t inform its employees how it uses their data and fails to obtain a written release with their explicit consent to obtain and handle the...
Read Article
Read Article
California Consumer Privacy Act Is Work in Progress, Says Attorney
In a recent piece on Information-Management.com, Matthew Nelson, an attorney with DiscoverReady LLC, says the 2018 California Consumer Privacy Act (CCPA) is constantly evolving, evidenced by the September passing of Senate Bill 1121, which serves rather like an amendment to the CCPA. Nelson says because of SB-1121, consumers bringing a private right of action no longer must notify the attorney general. Further, organizations no longer must disclose on their website or in their online privacy policy that a consumer has the right to delete personal information. Importantly, SB-1121 also made the CCPA effective immediately, but it extended the compliance deadline,...
Read Article
Read Article
Report Says Healthcare Insiders Pose Greatest Data Security Threat
A Verizon report suggests that nearly 60% of data security incidents at healthcare organizations are caused by insiders, according to an article on Law.com. The “Protected Health Information Data Breach Report” implies that healthcare is the only industry in which internal players are the greatest threat to an organization’s data security. The study reviewed 1,368 security incidents involving patient medical records in 27 countries. It included confirmed breaches and security incidents in which data was at risk but not confirmed as having been compromised. Reporter Kristen Rasmussen says employers may take comfort in knowing that not all the internal breaches...
Read Article
Read Article
Norway Plans 1,000-Year Digital Archive for Everything
ZDNet.com reports that near the Arctic Circle, experts at the National Library of Norway’s (NLN) secure storage facility are implementing an astonishing plan for digitizing everything ever published in Norway: books, newspapers, manuscripts, posters, photos, movies, broadcasts, and maps, as well as all websites on the Norwegian domain. The work was begun 12 years ago and will likely take 30 years to complete. According to the article, the library has more than 540,000 books and 2 million newspapers in its archive. Because the materials have been mass-scanned and OCR-processed, their content is free-text searchable.NLN’s mandates are for long-term safe storage...
Read Article
Read Article
Canadian Government Is Improving its Cybersecurity
Eweek.com reports that the government of Canada is taking an active, aggressive strategy to defends its networks from cyber attacks. In October, Scott Jones, head of the Canadian Centre for Cyber Security at the Canadian Security Establishment (CSE), summarized the steps being taken and how individuals and organizations can benefit from the same approach. “Every day, the CSE blocks hundreds of millions of malicious activities directed at the government of Canada... We decided to break the cycle and make it harder for people to discover our vulnerabilities,” he said in a keynote. Jones says the CSE is making it more...
Read Article
Read Article
Facebook Says Breach Affected About 50 Million Accounts
As widely reported, the mid-September Facebook data breach may have affected nearly 50 million accounts. Bloomberg.com refers to it as “the latest in a series of missteps that are undermining confidence in the company’s social network and business model.” In a statement, Facebook said it has fixed the breach, which had let hackers take over accounts. The accounts of Chief Executive Officer Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg were among those targeted by the hack, according to Bloomberg. Because of user data leaks, security breaches, and the spread of misinformation, Facebook has had to confront hostile congressional hearings...
Read Article
Read Article
Gartner Foresees the End of On-Premises ECMs in 2019
A recent Gartner Inc. report predicts the current enterprise content management (ECM) market will “devolve into purpose-built, cloud-based content solutions and solution services applications.” According to an article on idm.net.au, the Gartner study finds that organizations are increasingly adopting cloud solutions rather than on-premises ECMs. Software as a service (SaaS) remains the biggest segment of the cloud market, with global revenue predicted to grow 17.8% to reach $85.1 billion in 2019. “The increasing adoption of SaaS applications and other cloud services impacts the management, dissemination and exploitation of enterprise content,” said Craig Roth, research vice president at Gartner. While SaaS...
Read Article
Read Article
New California Laws Ask IoT Makers for Security Features
California Gov. Jerry Brown has signed two bills that are designed to make manufacturers of Internet-connected devices more responsible for ensuring the privacy and security of Californians, as reported on GovTech.com. The bills require manufacturers to equip connected devices with a “reasonable security feature or features” that are appropriate to their nature, function, and the information they may collect, contain, or transmit. The security features must be designed to protect the device and its information from “unauthorized access, destruction, use, modification or disclosure.” The laws define a connected device as one with an Internet protocol (IP) or Bluetooth address that...
Read Article
Read Article
Sedona Conference® Explores GDPR Impact on E-Discovery
Law.com reports on a web seminar hosted by The Sedona Conference® international electronic information management, discovery and disclosure working group, which looked at how e-discovery professionals and courts are subject to the EU General Data Protection Regulation (GDPR). Importantly, the panel suggested that the wide scope of what the GDPR considers to be personally identifiable information makes it probable that any EU data collection conducted by U.S. attorneys would have to comply to GDPR standards. In the data-gathering phase at pretrial, bulk collection would not be advisable because counsel must comply with GDPR protocol even when merely transferring data to...
Read Article
Read Article
Report Finds Big Increase in Cyber Attacks, Reveals 5 Top Methods
TechRepublic.com cites a recent report from a security company that suggests cyber attacks continue to increase in occurrence. The report, from Positive Technologies, says that the second quarter of 2018 saw a 47% increase in cyber attacks when compared to the same period in 2017. Targeted attacks outnumbered mass campaigns, which indicates a growing sophistication among the cybercrooks. Increasingly, data theft is driving the attacks, with many criminals seeking personal data (30%), credentials (22%), and payment card information (15%). Hackers are compromising online platforms, e-commerce sites, online ticketing systems, and hotel booking sites, according to the report. “Cyber-attacks in Q2...
Read Article
Read Article
ACLU Counsel Says Be Wary of Federal Privacy Legislation
In a Washington Post op-ed piece, Neema Singh Guliani, senior legislative counsel at the American Civil Liberties Union (ACLU), warns that the growing push for federal privacy legislation is bad news for consumers. Guliani cites several examples of how states are leading the efforts to protect consumer privacy, including California’s recent consumer privacy act and the Illinois law that sets limits on the commercial collection and storage of biometric data. According to Guliani, the U.S. Chamber of Commerce and lobbying organizations that represent Amazon, Airbnb, Google, Microsoft, and many other digital behemoths are urging Congress to adopt a federal privacy...
Read Article
Read Article
IM Magazine UPFRONT
News & Analysis
The latest news and breaking analysis from ARMA International's IM Magazine.
About Us
For over 50 years, Information Management has been your trusted source of professional knowledge.
We're ARMA International's Information Management Magazine, sharing best practices and the experiences of trusted professionals in the information space. Now, we're making IM more accessible to you, in your browser and on the go.
© 2019 ARMA International