220 likes | 317 Views
This time it’s personal: consumerising records management. Michael Gallagher Glasgow City Archives IRMS Scotland Group 11 June 2013. Consumerising recordkeeping. What is it? Why is it relevant to us? What can we do about it? How much of a change is it?. Planet of the apps?.
E N D
This time it’s personal: consumerising records management Michael Gallagher Glasgow City Archives IRMS Scotland Group 11 June 2013
Consumerising recordkeeping • What is it? • Why is it relevant to us? • What can we do about it? • How much of a change is it?
Planet of the apps? • More iPhones sold each day than babies born worldwide • Mobile devices outnumbered humans in 2012 • Range of devices: Laptops, desktops, smartphones, tablets, notebooks.....notepads?
“Working 9 to 5” or “Eight Days a Week”? • Almost 50% while on holiday • Almost 40% while commuting • Almost 20% while driving • 5% in a place of worship • Source: Consumerization of IT Study: Closing the “Consumerization Gap”, IDC/Unisys, July 2011
“Bring Your Own Device” • 75% of organisations currently support it – further 13% planning to by end of 2013 • Good Technology survey, January 2013 • 47% of all UK adults use a personal smartphone, laptop or tablet for work • YouGov survey, March 2013 • 80% will be doing it by 2016 • Gartner, June 2012 • 48% of organisations would never allow it • Cisco/Redshift Research, January 2012
Benefits • Users like it • Cost savings? • Increased productivity and flexibility • Better technology
Challenges • Loss of control of recordkeeping • Compliance/legal • Security risks • Continuity and preserving the record
Loss of control • Decentralisation of recordkeeping • Everyone is a records manager? • What if the device gets lost, or the employee leaves? • Distinction between device and data on it
Whose data is it anyway? • Data Controller: “a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.” • “It is important to remember that the data controller must remain in control of the personal data for which he is responsible, regardless of the device used to carry out the processing.” (ICO guidance, March 2013)
Compliance and legal issues • Data protection and freedom of information obligations • What legal right does an organisation have to look through my stuff? • Balance between keeping company data secure and personal data private
Security risks • Risks associated with mobile working in general • 34 (of 120) undertakings and 5 (of 32) civil monetary penalties related to loss of data using mobile devices • FOI request to ICO (Jan 2011 – Jan 2013) • Data less secure? • Basic security measures, password, encryption, anti-virus • High profile issue: threat of fines, reputational damage
Preserving the record • 5% of corporate data stored ONLY on smartphones • Osterman Research, May 2011 • Individuals making their own decisions on records management • Value of records and the archive not immediate concerns • Personal archives
Challenges • Loss of control of recordkeeping • Compliance/legal • Security risks • Continuity and preserving the record “Consumerisation cannot be stopped. It can only be dealt with.” • BT white paper, The Future of the Office
What are the options? • Do nothing... • Ban it • Provide (and manage) it
Managing BYOD • Establish organisation’s level of influence • Audit types of device/data • Set the rules and create employee agreement • Engage with users
High control * MoD High user focus Low user focus * University * Charity Low control
Agreement with employees • Assess existing policies and create a framework • Alignment with IT, HR, Legal, Finance • Who pays? • What level of support is there?
Set out rights and responsibilities Organisation Employee • Right of access to certain data • Circumstances under which it can access it • Level of support • Powers and sanctions • Follow all relevant policies and procedures • Security measures • Only access certain information • Responsibilities at end of device’s life
Focus on data, not device • Separate corporate and personal data • Classify data or users • Make policies and procedures device-independent • Work with IT on security and compliance • Get data off device and keep safe while on it
Engage with users • Individual responsibilities highlighted • Not unique to the use of personal devices – reposition our efforts • “...worrying lack of guidance from employers on use of personal devices.” (ICO, March 2013) • How good RM can help users • Manage privacy expectations
Conclusions • We can’t stop consumerisation, but we can manage it • Many challenges not unique to this environment • Cooperation vital: with users, as well as IT, HR, management... • Information sexy....information professionals too?