Mar 27, 2017 | Blog
The health system is undergoing a digital transformation as more health services and practitioners adopt electronic health records. I recently attended a seminar on digital health information held by the International Association of Privacy Professionals, iapp- ANZ, and sponsored by Microsoft, that explored the many benefits, as well as the potential impediments for e-health records.
The panel of experts all acknowledge the benefits of e-health systems, especially for big data analysis supporting better disease recognition, familial tracing and diagnosis and the linking of screening program and treatment data. We are only at the beginning of health system improvements based on digital health records. Researchers are gaining new insights as existing data is enriched, digital images are captured and made accessible for improved or remote diagnosis. Data analytics and new tools can identify disease and treatment patterns in large datasets.
Telemedicine
By Intel Free Press http://www.flickr.com/photos/intelfreepress/6948764580/sizes/o/in/photostream/
Individuals receive better health care from fully informed practitioners. Practitioners need to know that frail or elderly patients are being prescribed a wide variety of medicines that may interact to cause adverse reactions. Hospitals need timely access to diagnostic test results and avoid the costs incurred when tests have to be duplicated because data cannot be accessed. Complete medical history can be accessed when a patient moves hospitals or to a new provider or is frail or incapacitated. Digital access, flexibility and sharing of data leads to better health outcomes and reduced health system costs. Australian governments are currently making significant investments developing e-health platforms to achieve these benefits.
Trust and privacy protection
How will government win trust so that patients accept e-health records? Can patients ensure that their privacy is protected? Can patients control what information is shared, who can access it, and they can withdraw their consent?
Individuals will only agree to upload and maintain their e-health records when they trust the system, when they trust the government to act as the custodian of their private information. A new regime of documented and specific consent is needed that empowers patients to control their e-health record.
Managing consent: what, how and when
1. Consent for a specific purpose
Legislation requires that e-health data can only be used for the purpose that it was collected, in most cases for individual treatment, unless the patient provides consent that information can be used for a secondary purpose. So we have the situation that data has been collected e.g. for a medical research purpose, and now we could re-use this data for analysis, treatment reviews and modelling using new techniques, but this re-use requires patients consent for a secondary purpose. However, gaining patient consent retrospectively is impractical, and requesting consent for potential and future uses is problematic when these are not yet known. Consent will need to become a more nuanced and updateable record which enables a user to withdraw consent at some future time.
2. Consent must not be a pre-condition for service delivery
Health services will need to ensure that default consent is not required or required as a condition to receiving a service. So when a patient gives permission to share test results, that doesn’t give consent for the data to be shared with others, to be sold or re-used for commercial purposes.
3. Keeping records of consent
Health practitioners and consumers need better awareness about privacy protection and the management of user’s consent. A draft consultation paper from the UK’s Information Commissioner provides guidelines on how to manage patient consent, including advice on the recordkeeping requirements for user consents. The guidance is based on principles and supporting guidelines:
- Consent should offer genuine choice and control,
- Requires a positive opt-in, not opt out
- Explicit consent requires clear and specific statement of consent
- Make it easy to withdraw consent, and tell people how
- Keep evidence of consent,
- Avoid making consent a precondition of a service.
- Consent should be clear, concise and easy to understand
- Consent should be separate from other terms and conditions.
- Health services should provide instructions if the patient wants to withdraw their consent.
Health service providers should keep records of consent, including when and how consent was given, and updated. Health services will need to retain records to show evidence of consent. Although there is an overhead to keep sound records, the long term benefits will be a trusted e-health system.
Without trust, without explicit consent and the confidence that consent is controlled by patients, users are less likely to accept and use e-health systems.
About the Author
Kerry Gordon is a Director and Consultant with Recordkeeping Innovation. She works on digital recordkeeping and archives for clients in Australia and SEAsia. Kerry delivers regular training programs in records management and managing digital records. Kerry has a Masters Degree in Information Management from Monash University, Melbourne and has experience in developing large scale strategic studies for digital transition, classification and retention, managing administrative and organisational change, project management and communications supporting information governance.
Feb 1, 2017 | Blog
The Records in Contexts conceptual model by the ICA’s Expert Group on Archival Description were issued for comment in September 2016. The approach creates a conceptual model that unifies previous archival descriptive standards issued by the International Council on Archives (ISAD-G; ISAAR-CPF, ISDF and one I think less than useful, ISDIAH).
This is a really interesting development, much to be encouraged. But getting the conceptual model clear is important. I’ve published my comments here.
This might be a bit esoteric, but hopefully interesting enough for those deep down in the fascinating world of recordkeeping metadata.
barbara
Comments on EGAD – Expert Group on Archival Description, Records in Context – Conceptual Model http://www.ica.org/en/call-comments-release-records-contexts-egad
Introduction
Thank you for the opportunity to comment on the evolving RIC (Records in Contexts). I commend the work of the EGAD group in this complex and demanding work. Exposure to the archival community for comment is appreciated. The introduction of a multi-entity relational model which enables recursive relationships within entities, and extensive relationships between entities is totally supported.
However, as indicated in more detailed comments below, the definition of the entities is problematic, as is the management of relationships. Relationships and their management become critical in this type of model. Modelling relationships has always been difficult and problematic. Other disciplines do not seem to have the same requirements for persistence and management of relationships over time. Indeed it can be said to be one of the key features of the Australian Series System, an intellectual basis from which my practice evolved. As a community I would assert that we haven’t cracked the expression of relationships yet, and neither has the RIC, with problems in the models proposed here.
It is with great pleasure that I read this document, and applaud its aspirational stance. The networked, flexible model for archival description at the basis of RiC-CM will serve the archives profession well into the digital future. The alignment with recordkeeping metadata approaches, which can be seen in the multi-entity and relationship definition, will serve the broader recordkeeping community well. Compatible models for records regardless of the domain they are managed in (current workplaces, archives or in the ‘wild’) will enable much greater interoperability, inheritance opportunities and enhancement rather than replacement of metadata sourced from various processes over time.
Qualification for comments
I have had some involvement in definition of metadata for archives/records through work on the original SPIRT metadata project at Monash University, the development of the ISO Metadata for Records standard suite (ISO 23081) and the AS 5478 Australian Metadata Reference Set. I chaired the Australian Society of Archivists Archival Descriptive Committee for a time, and contributed to the codification of the Australian Series System. I have also had development and implementation experience with jurisdictional metadata standards such as those published by National Archives of Australia, Archives NZ, HK SARs Government Records Service.
Comments on Entities
Archives and records work deal fundamentally with three types of entities in relationship. This has been the bedrock of Australian archival practice for over 50 years. These entities are Records, Agents and Functions. These are the entities that we are professionally responsible for. Other entities introduced into the RIC may well be useful for description (eg Concept/Thing) in the world of semantic web construction. But they are generic and not our core business. While supportive of their inclusion and their potential to link to other professional and cultural domains, the RiC-CM should prioritise those entities which are our core business.
Conceptual diagram from 1990s SPIRT metadata project; http://www.infotech.monash.edu.au/research/groups/rcrg/projects/spirt/deliverables/conrelmod.html
I commend the introduction of limited set aggregations. The inclusion of multiple recursive relationships for Records Set/Agents in particular opens up the data model to be responsive to multiple archival descriptive traditions (although the examples used in the property descriptions could more actively embrace this by using not only ISAD G representations, but also explicitly acknowledging that these can be inherited/used to support other descriptive traditions). The recursive nature also increases the relational power of the model, something endorsed totally.
In the articulation of the entities provided, there seems to be a confusion between conceptually defining our core professional entities (which doesn’t exclude inheriting the expression from others), and the practical demands of constructing system entities or more general descriptive entities. I cannot find the conceptual rationale or logic of separating out some of the entities, rather than making them properties. At minimum an articulation of the logic is required. But I would argue:
- Occupation, Position are attributes of Agents.
- Documentary Form is an attribute of Record Set/Record
- Date and its expression is an attribute of every entity, at every layer of aggregation, and also an attribute of relationships which need to be timebound. An alternative construct is to move further towards making relationships central. If every action is expressed as a dated relationship (for example existence, extent, actions on a record) then all critical statements are made as relationship statements which are dated. This might mean that date is no longer needed as an entity, but becomes critical in expression of relationship – some of this can actually be seen in the graph diagram included in Appendix 1.
- Relationship must be an entity if we are to coherently express and manage relationships over time (see below).
- Place and Concept/Thing is a subject based attribute that can be added to anything and while it links us to the Linked Open Data community and is desirable, it is a set of add ons, nice to have, not critical to our archival practice. In that spirit of great, but not exclusively recordkeeping relationships, I would think that Events could also be added, but recognising a potential overlap with what is currently inadequately expressed as ‘history’ needs distinguishing from recordkeeping events (see further below).
- Place is confusing – it seems to be both location (has holding location etc), as well as physical positioning, such as geographical coordinates. I suspect these two quite different notions of Place is made to enable inclusion of ISDIAH, which itself was always out of step with the ICA descriptive entities. Archival repositories are a type of agent, as has been argued before.
Relationships
The relationship based approach is central to our Australian descriptive practice and I support it wholeheartedly. However, it has also been notoriously difficult to achieve an adequate expression of relationships. In traditional Australian practice relationships have been a component of each entity’s description – so a record description would include its relational link to its creating agency, controlling agency, related records etc. Using these relationship traces makes the tracing of relationship networks flexible, time bound and complex.
However we recognise that this de-emphasises the nature of relationship. In other work, we have expressed relationship as an entity itself, allowing relationships to have identifiers, dates and to contain persistent links to the related entities. This has been OK but subject to problems even at a conceptual level in expressing reciprocal relationships and ensuring persistence of relationships. It is the best we have done to date.
In RIC, the adoption of semantic data models, and graph technology construction is highly commendable and I endorse the notion that these are likely to be the technologies of the future. Relationships are central to these technologies and the approach is completely consistent with our Australian archival practice. However it is unclear to me how the technology or the data models document these relationships.
While I do not pretend to understand graph databases, the graph models such as the one attached here indicate that relationships can be managed as entities effectively in graph databases. Surely modelling relationships in this way is more sustainable for archival description. The relationship notion is central, not peripheral.
[diagram from slide 10 of Max de Marzi Graph Databases Use Cases http://www.slideshare.net/maxdemarzi/graph-database-use-cases]
Managing the relationships which are critical as only statements in RDF triples only provides persistence to the nodes that are linked, rather than attributing persistence to the relationships themselves. While the EGAD committee acknowledge that the expression of relationships is still a work in progress, I would suggest that confirming the data model around relationships is essential.
The extensive list of relationships provided is acknowledged as not comprehensive and in need of further work. Given that it is a central component of the RIC model, further development must take place before the model can be endorsed.
In Australian practice we have traditionally identified types of relationship. These are Provenance, Succession, Containment and Associative relationships. The recordkeeping metadata standard introduced a further relationship type of Events or Actions which allowed description of things done to or on records as a further relationship type (see below). Using this type of characterisation of relationships might assist in creating more clarity about what types of relationships are appropriate to each entity. Chris Hurley has proposed a further categorisation of relationships. Developing this thinking would be beneficial in RiC-CM.
Recordkeeping Events
Noting that the introduction to the draft RIC stated ‘RiC-CM also does not yet offer a model of the role of the archivist and the activities he or she performs in the formulation and ongoing maintenance of description’ this points to a conceptual gap in the articulation at present. The property ‘Authenticity and Integrity’ in Records Set/Record (RIC P5 and P22) inadequately encompass the requirements to enable assertions of authenticity and integrity. I would argue that the material not well encompassed in ‘History’ documents the events and actions that are taken on a record and this is the information needed to assert authenticity and integrity over time. For digital records integrity is also the digital checksum or hash of the specific record element. I find the conceptual thinking to be unclear about this.
Within our Australian practice we have identified ‘recordkeeping events’ to document these actions. This may, or may not, be the answer, it does propose a different way of thinking about these actions. Further, such recordkeeping events are expressed as relationships – themselves an expression of something done, by someone, on something at a particular date. Some of the relationships identified in the listing are of this nature (eg was written by, was collected by). This could be extended and, depending on the nature of relationships as they evolve, might prove a mechanism to clarify notions of authenticity and actions.
Particularly when encouraging inheritance of metadata from current recordkeeping systems, attention to recordkeeping events for digital records particularly, is essential.
While not proposed as necessarily authoritative, the work done in AS 5478 Australian Metadata Reference Set for event relationships may be useful. This is attached to this comment for reference.
Specific comments
Granularity: One of the things we know about translating archival descriptive systems to digital records is that increased layers of granularity of description are required. Thus what may be expressed as a ‘Record’ in the paper world, may in fact be composed of many digital components. Thinking of a file, traditionally considered an item in archival descriptive systems ( a ‘Record’ in RiC-CM) because it is a complete, and ‘issuable’ thing, can disaggregate into many many specific images of individual pages, each one of which can be considered an ‘issuable’ thing. Is it the intention to manage images of an individual page as a ‘Records component’? I suspect that this will not work particularly well, and certainly considerations of sequence must be addressed (noting that this too is explicitly noted as requiring further development p39). Alternative renditions or formats (microfilm, pdf, jpeg etc) may also exist for each page. Perhaps a better expression is to allow ‘Record’ too to become recursive.
Parallel provenance or multiple simultaneous provenance: Increasingly archival practice is allowing alternative models of description to co-exist with ‘official’ interpretations. This allows alternative versions of context to be constructed, and to have equal validity with ‘official’ expressions. How will RiC-CM enable these alternative expressions?
User contributions: Linked to the need to enable multiple provenance expressions but not the same, is the increasing prevalence of user contribution to archival descriptive systems. This might be through alternative expressions in the metadata of an archival descriptive system, or alternatively, the contribution of other items to an archival system. These need to be managed and attributed appropriately to the contributor. At present such notions do not appear to be enabled in RiC-CM and they are already a requirement of practice.
Digital records: presumably as a requirement to encompass the existing ICA descriptive standards, the examples and properties fields seem to reflect a paper based paradigm. Better examples and further thinking on characteristics of digital records would enhance the RiC-CM model.
I welcome the advent of RiC-CM and encourage the EGAD Group to continue development of this exciting initiative.
Yours sincerely
Barbara Reed
Director, Recordkeeping Innovation Pty Ltd
Dec 20, 2016 | Blog
The EU funded Pericles project held its final project conference in London on 30 November to 1 December. PERICLES (Promoting and Enhancing Reuse of Information throughout the Content Lifecycle taking account of Evolving Semantics – http://pericles-project.eu/) is a collaborative, interdisciplinary project aimed to address the challenge of ensuring that digital content remains accessible in an environment that is subject to continual change. I have been lucky enough to be tangentially involved in the project, injecting (as you would expect) continuum ideas.
At the conference, I was asked to speak on two panels, one on OAIS (Open Archival Information Systems) the influential standard defined by the space community and now due for systematic review, and on Risk Assessment. In the panel on Risk Assessment I was asked to make some comments ‘representing’ the recordkeeping community in thinking about risk assessment for preservation in the active life of complex digital objects. This panel consisted of Pip Laurenson and Patricia Falcao (Tate Modern), Tomasz Miksa (senior researcher at SBA research working on preservation of open source systems and workflows) and Simon Waddington (from Kings College London working on e-infrastructure and repository technologies).
Source @dpc pic.twitter.com/OEuOntPRJc
My contribution (in summary form) was:
The issues of preserving complex digital objects is a recursive one, and it is necessary to define the environment or available locus of attention/action first. So for these comments, my comments are directed at the risks and problems in the current workplace environment.
The current workplace has these problems with complex digital objects, too. It is a design issue. As a community we have known about these issues for over 20 years – perhaps most accessibly expressed by Terry Cook in ‘It’s 10 o’clock: do you know where your data are?’ in 1995 (available but irritatingly behind a paywall!). Examples from the workplace are: Microsoft excel spreadsheets with embedded formulae or linked spreadsheets or the encouraged practice of emailing links, not documents. The issue here is at least in part the lack of stable document identifiers, using the URL name which are at high risk of damage or loss with system upgrades or reconfiguration. The lack of persistent relationships between individual ‘document like objects’ is also a problem.
This is a systems design issue in the workplace. When should records be left in their self-referential environment? This is the current strategy of ‘in-place’ records, or retaining records in the business system. When should they be moved out of these creating environments? There are problems with how complex objects survive the transition between these environments in every day workplaces – not just in digital preservation environments. If the records don’t survive in tact in the workplace, digital preservation after the event comes far too late.
Migration is a specific point of risk. Again, this observation is not new. It was made most coherently by David Bearman in 2006 (‘Moments of Risk: Identifying Threats to Electronic Records’ Archivaria, 62, 2006 http://archivaria.ca/index.php/archivaria/article/view/12912/14148). The two most prominent techniques are migration and emulation. Emulation is in common use in the workplace – the use of ‘readers’ to enable readable versions is often built into other software. Migration in the workplace is far more common than appreciated. There are different types of migration – software migration between versions of a product, software migration to new products, migration of systems or records between organisations. The migration rule of thumb is that there will be a 5 year interval before some type of migration is needed. If we think about how long some records need to be kept – the life of a person, perhaps – then the migration risks are huge. And not only that, but the common techniques for migration migrate the objects, but there is significantly less attention paid to ensuring the metadata, relationships and links are maintained.
The recordkeeping community has recognised this set of problems for a long time. Various initiatives are in place to address it. One of the most recent is to re-orient the old notion of appraisal to use the same disciplinary expertise now directed to determining what records need to be created/kept and apply the analysis framework multiple times at specific points of risk. This is the thinking embedded in the revised ISO 15489 – 2016. The community has also done significant work, like many other communities, in identifying risk and defining approaches to risk assessment. In particular, the ISO TR 18128, Risk Assessment for Records provides disciplinary guidance.
The problems aren’t so different for the current workplace. If we think about risk and preservation as recursive, occurring in different environments on an almost continuous basis, we can identify intervention points which have maximum impact.
Dec 20, 2016 | Blog
The EU funded Pericles project held its final project conference in London on 30 November to 1 December. PERICLES (Promoting and Enhancing Reuse of Information throughout the Content Lifecycle taking account of Evolving Semantics – http://pericles-project.eu/) is a collaborative, interdisciplinary project aimed to address the challenge of ensuring that digital content remains accessible in an environment that is subject to continual change. I have been lucky enough to be tangentially involved in the project, injecting (as you would expect) continuum ideas.
At the conference, I was asked to speak on two panels, one on OAIS (Open Archival Information Systems) the influential standard defined by the space community and now due for systematic review, and on Risk Assessment. Inadvertently I was part of an all women expert panel – how good is that! – along with Kara van Malssen (AV Preserve), Angela Dappert (British Library), Pip Laurenson (Tate) and Barbara Sierman (National Library of the Netherlands), all moderated by William Kilbride of the DPC. My comments (in abbreviated form) on OAIS are below:
OAIS
Image: Wikipedia
I present a view from the archives/records community. This isn’t my specific area of expertise, so I ventured forth to check the validity or otherwise of my views from better informed digital archives colleagues, including Adrian Cunningham from QSA, Ross Spencer from Archives NZ, Richard Lehane from State Archives and Records NSW and Andrew Waugh from Public Record Office of Victoria. I don’t speak for them, but I did try to benchmarks my remarks against their experience and opinions.
OAIS operates effectively as a ‘lingua franca’. The OAIS reference model is designed as a conceptual framework in which to discuss and compare archives. The high level reference model approach and terminology is (kind of) foreign to all disciplines, so we all have to translate our practice into that expression.
- This has been particularly useful when dealing with the genuinely different approaches to digital preservation across disciplinary boundaries, encouraging a common language for communication between cognate disciplines and dealing with practical implication of institutional mergers etc. The model as lingua franca is useful because digital preservation MUST be inter-disciplinary.
- Beyond that, at the level of detail, there is mixed use and mixed response from the recordkeeping community.
- There is some wariness that the language is also something of a barrier to communication. Used wrongly, it can be a bit snake-oilish – our technology creates SIPs, AIPs and DIPs – digital preservation problem solved! Yes, well not quite. And clearly there are specific disciplinary issues in how each discipline defines the detail of the SIP, AIP and DIP.
OAIS has an inherently custodial world view (perhaps a bit like the term data curation which generally speaking doesn’t resonate well in the recordkeeping space).
- It presumes that the object of digital preservation is stored in a custodial repository – for recordkeeping, we are increasingly aware that we need to be non-custodial in a distributed environment.
- It has some preconceptions about what is being preserved – a fixed, static (end product) object view. This is problematic for managing digital objects. Records are objects plus their metadata. And what is a record is often a packaging of ‘cascading inscriptions’ (Latour) linked to their ever evolving contexts, at multiple and different levels of aggregation, relationship and complexity.
There are some issues, and different views, on what the boundaries of OAIS and digital preservation are or should be:
- OAIS assumes that things are already there and ready to go as SIPs. This is not usually the case for archives/records. Lots of intensive work is commonly required before a SIP-ready thing can be assumed. Is the answer to create a work-around, or to introduce a pre-ingest phase, as some have suggested? I think that the necessary inter-disciplinary nature of practice means that this will be problematic. Lowest common denominator, or approaches driven by one loud disciplinary voice, will not suit all. This might be a particular matter for individual disciplines to address and then seek to harmonise?
- Superficially the OAIS model applies to a single system – of course, it doesn’t have to be read that way, but it commonly is. Different functions can be (and in reality, are) handled by different systems – the business system of an archives supports much more than creating and managing AIPS or DIPS, but these can certainly be part of the larger system. The constructs of SIPs, AIPs and DIPs are useful for thinking about interfaces to other systems.
- Archives (generally) don’t perceive everything within the frame of a single OAIS but rather as modular components – the archival descriptive system is and will continue to be separate from the digital preservation component. The multiple ways that existing systems need to be interfaced in changing ways over time needs to be respected. Metadata needs to be moved into different systems, to serve different purposes.
- Not all metadata are simply preservation metadata – some are part of the creating environment, some are part of the archival descriptive system, and some are specific preservation metadata. There is endless discipline-specific detail on metadata requirements. The metadata for digital preservation are part of that discussion. In recordkeeping environments, we are managing metadata in independent systems. The OAIS metadata model is not prescriptive, but implicit. Even if we expand it to include PREMIS metadata, it is only part of the requirements for recordkeeping. We have complex requirements and ongoing issues about representations of relationships in recordkeeping that we have yet to find a definitive answer for (if one exists!).
- The function of access is common ground to all OAIS disciplines – but is this digital preservation? This is a well worn argument. In the archives/records discipline I would assert that they are intimately related, but not the same thing. It is a specialised component, and again, if the thinking is modular rather than monolithic, then the OAIS model requirements are valid.
- Some of the conceptualisations are irritating and wrong from a recordkeeping perspective. Of particular irritation value is the documentation of preservation actions. These are records – they are critical records for preservation, allowing us to assert the authenticity and integrity of the objects being managed. But in OAIS, these records are squished into ‘administrative functions’, really a substantial misconception here. Such records are part of the systematic recording of the ‘recordness’ of an object. What, of the functionality buried in the administrative or event components of OAIS needs to be managed as records? Appraisal thinking is conspicuously absent in the model as it currently stands.
Dec 20, 2016 | Blog
Image: flickr g4ll4ls
The IAPPANZ (International Association of Privacy Professionals, Australia New Zealand Chapter) held its annual summit in November, titled ‘Trust in Privacy’. I really like this conference which gets the top privacy brains talking to the community. Amongst other things there were updates from Privacy Commissioners on their jurisdiction which inter alia (have I been at a legal focussed conference?) allowed me to glean the following interesting issues:
- 83% of FOI requests at Commonwealth level are for personal information
- The Privacy Amendment (Re-identification Offence) Bill 2016 has been referred to committee which is anticipated to report in February 2017.
From NZ, some of the top issues reported by John Edwards Privacy Commissioner were:
- Discussion of mandatory data breach reporting, which surely is coming to Australia in one form or another pretty soon
- The introduction in Latin America of the concept of ‘Habeas data’ – a right to seek to know what information is held about a person in a data source (manual or automated), with remedies which vary between jurisdiction.
Beyond these very useful and interesting updates on specific jurisdictional issues I was really engaged by the presentation by Malcolm Crompton, himself a previous Privacy Commissioner. My musings are only part of his presentation, available here: http://iispartners.com/Publications/index.html (under Privacy regulation and reform). In particular I was struck by:
- A very interesting diagram of data types and individual awareness, categorising data as provided, observed, derived and inferred from Abrams ‘The Origins of Personal Data and its Implications for Governance’ (2014) http://informationaccountability.org/wp-content/uploads/Data-Origins-Abrams.pdf
- The observation that privacy (particularly managing personal information) is really a question of implementing an implicit social licence. If that social licence is not observed or deliberately broken, then there will be backlash. Observing a social licence isn’t the same as compliance with the law.
- A questioning of whether the privacy framework as currently conceived is really working all that well. It is operating at an incredibly granular level – individual consent to specific information; so much information; managing inferred data rather than data supplied directly by an individual. Is the current framework really feasible as a way forward, and if not, what alternatives might exist.
The discussion during the day reinforced the absolute synergy with recordkeeping issues, as you would expect. But interestingly there was NOT ONE reference to recordkeeping made!!! None the less, information governance is certainly on privacy professionals’ agendas. And so, too, were the problems of getting appropriate attention from senior decision making levels of organisations. Much synergy but not much appreciation of the need to think outside disciplinary silos – always work in progress.
