+61 2 9267 3700

Musing on issues raised at IAPPANZ ‘Trust in Privacy’ Summit, Nov 2016

Image: flickr g4ll4ls

Image: flickr g4ll4ls

The IAPPANZ (International Association of Privacy Professionals, Australia New Zealand Chapter) held its annual summit in November, titled ‘Trust in Privacy’. I really like this conference which gets the top privacy brains talking to the community. Amongst other things there were updates from Privacy Commissioners on their jurisdiction which inter alia (have I been at a legal focussed conference?) allowed me to glean the following interesting issues:

  • 83% of FOI requests at Commonwealth level are for personal information
  • The Privacy Amendment (Re-identification Offence) Bill 2016 has been referred to committee which is anticipated to report in February 2017.

From NZ, some of the top issues reported by John Edwards Privacy Commissioner were:

  • Discussion of mandatory data breach reporting, which surely is coming to Australia in one form or another pretty soon
  • The introduction in Latin America of the concept of ‘Habeas data’ – a right to seek to know what information is held about a person in a data source (manual or automated), with remedies which vary between jurisdiction.

Beyond these very useful and interesting updates on specific jurisdictional issues I was really engaged by the presentation by Malcolm Crompton, himself a previous Privacy Commissioner. My musings are only part of his presentation, available here: (under Privacy regulation and reform). In particular I was struck by:

  • A very interesting diagram of data types and individual awareness, categorising data as provided, observed, derived and inferred from Abrams ‘The Origins of Personal Data and its Implications for Governance’ (2014)
  • The observation that privacy (particularly managing personal information) is really a question of implementing an implicit social licence. If that social licence is not observed or deliberately broken, then there will be backlash. Observing a social licence isn’t the same as compliance with the law.
  • A questioning of whether the privacy framework as currently conceived is really working all that well. It is operating at an incredibly granular level – individual consent to specific information; so much information; managing inferred data rather than data supplied directly by an individual. Is the current framework really feasible as a way forward, and if not, what alternatives might exist.

The discussion during the day reinforced the absolute synergy with recordkeeping issues, as you would expect. But interestingly there was NOT ONE reference to recordkeeping made!!!  None the less, information governance is certainly on privacy professionals’ agendas. And so, too, were the problems of getting appropriate attention from senior decision making levels of organisations. Much synergy but not much appreciation of the need to think outside disciplinary silos – always work in progress.

Innovative Change Management

Working in the records and information management field I am constantly involved in projects delivering outcomes that always result in some level of change to processes or systems, which will have an impact on staff.  How well this change is managed can easily mean success or failure of a project.

I recently participated in a virtual change management summit that was conducted by Change Management Review in the United States.  The summit included a range of speakers from around the globe including, Helen Palmer and Dr Jennifer Frahm from Australia.  The presentations provided some interesting insights into the human and organisational psyches. (more…)

InForum 2016: Valuable insights from the miracle workers

What’s the value of information? That was the theme for the 2016 inForum annual international convention for Records and Information Management Professionals Australasia (RIM) held in Perth, Australia, September 11 – 14.

Speakers measured value in a number of ways and the focus of presentations was varied: there were case studies and tips for rethinking recordkeeping in a world of disruptive technologies, thought-provoking examples of information management deficits, and principles for achieving good data and transitioning to digital recordkeeping.

Catherin Cassarchis, State Archivist and Executive Director at the State Records Office Western Australia, opened the conference with a speech on how records retain layers of value, remarking that archives are like the complex prints of the artist Escher, “as you look at them, your perception changes.” Catherin cited the pioneering Perth-Kalgoorlie water pipeline project of engineer C Y O’Connor, completed in 1903, whose legacy was marred by sustained and publicly-recorded personal criticism in the early years of construction.

It’s time the myth that valuable records are only stored in the EDRMS should be dispelled, according to Janet Villata, Information Analyst at the City of Sydney NSW, noting that key corporate records are moving and morphing in their formats and locations. The resounding message was that it is the role of information managers to adapt how they work, be proactive, focus on high risk and high value records and apply EDRMS principles to new environments.

The point of adapting to changing technology and business needs was also raised by Kathryn Chambers from the Commonwealth Scientific and Industrial Research Organisation (CSIRO). From a records  environment comprising of an unwieldy 32 individual implementations of TRIM and devolved teams working across Australia, records and information management within the CSIRO was dramatically restructured in 2012. Underpinned by the principle that records services could be provided anytime and anyplace, the changes included implementing a single enterprise records management system, providing a triage mindset for records support and adopting a risk and value-based approach to the management of the organisation’s records.

Recordkeeping Innovation’s own consultants Annette Senior and Wendy Buttel, lead a workshop on practical strategies for transitioning to digital recordkeeping. The interactive session included examples of governance, demonstrations on how a workflow can help embed records into business processes and tools for achieving a fully automatic end-to-end process.

The conference ended on a poignant and unsettling account of how incomplete information and incorrectly interpreted records led to an innocent man being convicted of murder and jailed for eight years. Investigative journalist Colleen Egan detailed her examination of the records and the work of a cold case team to prove the innocence of Andrew Mallard.

As a concluding takeout from the inForum conference, it’s interesting to note that the terms ‘archives, records, content, information, data’ were as interchangeable as the job titles of speakers. Lucky participants, such as Recordkeeping Innovation consultant Morgan Gradwell, took home 2016 conference T-shirts with the job title ‘miracle worker’, which sometimes doesn’t feel too far from the truth.

Highlights from the International Congress on Archives, Seoul

Recently Barbara Reed and I attended the International Congress on Archives in Seoul, Korea. Held every four years, this is something of an ‘archives Olympics’, with thousands of recordkeeping professionals coming together for the week to discuss projects and ideas and make new connections.

Some of the highlights from the Congress included:

ICA Congress Closing Ceremony Image credit: @CassPF

  • hearing about the new Records in Contexts (RiC), standard for archival description developed by the ICA – a new standard that embraces introduces multidimensional description of recordkeeping entities that will be better suited to the complexity of digital records;
  • discussing the role of records and archives in reconciliation efforts across different parts of the world, from Latin America to Iceland;
  • a reprise of the workshop held recently on Sydney on Recordkeeping Informatics by Barbara, with Monash University’s Frank Upward and Gillian Oliver of Victoria University, Wellington; and
  • learning about the needs of new archives professionals from a research project done by the ICA New Professionals – a group of bursary holders who traveled to Seoul from all corners of the globe.


Reflections from an Information Management Standards Seminar, 29th July 2016

The other Friday, on a typically frosty Canberran winter’s morning, I attended a one-day seminar on Information Management Standards which was organised by the Standards Australia IT-021 Committee, with assistance from the National Archives of Australia and hosted by the Department of Defence.

There were seven key areas up for discussion, covering a number of standards and series:Standards Seminar IT21

  • Records Management Foundations
  • Management Systems
  • Metadata
  • Risk and Classification
  • Information Management Functionality in Systems
  • Digital Continuity
  • Family of Standards on PDF Format


Automatic Digital Records Management – Are we there yet?

We recently had the opportunity to look broadly at what the industry has to offer in Automatic Digital Records Management. We were interested in exploring products that specifically automated key records processes or controls.  Why? Because organisations want records management processes to be seamless so staff can focus on core objectives.  But as records managers we need to ensure that any automation is not at the expense of the integrity of the record.

Roadmap to automatic digital records management

What did we find? We found automation was mainly in the use of add on tools for traditional records management systems which improved some recordkeeping functionality. We also found some really interesting work in the areas of data analytics and auto classification.

Automation Tools

There are a lot of offerings in the market place that provide limited automation capability. For example, APIs connecting to business systems which allows organisations to manage information in the systems they were created.   There are also some clever workflows that provide user friendly interfaces and automatic capture of metadata and records.  There were lots of other useful tools, too many to mention here.  The fundamental problem with many of these tools is that they are only usable with one specific platform and in reality we keep records across multiple platforms.

Data Analytics & Auto Classification

While auto classification might sound really exciting it has limitations. Auto classification is based on predictive coding for data analytics and machine learning.  Accuracy increases as the machine continues to analyse and learn, but it is not 100% accurate.  Without 100% accuracy the consequences could be significant.  Organisations need to establish an appropriate risk appetite before implementation.  Data analytics is still a new area so it will be interesting to see how vendors take advantage of it, and with opportunities for  improved identification of records of little business value, or those that contain personal information, or those ready to be de-classified. Creative thinking on ways to use these technologies open up many possible additional areas of exploration.  Read the UK National Archive Research Report on The application of technology-assisted review to born-digital records transfer, Inquires and beyond for more details on these type of technologies.

Automatic digital records management in 2050

Did we find any outstanding evidence of really innovative and creative thinking? Is anyone defining the way forward to 2050 when it comes to automation in digital records management? We are not there yet, but there are signs that vendors are rethinking the way recordkeeping should work. Vendors are starting to think more about interoperability, modular designs, and changing models of licencing and alternative means of offering records services.  These will be vital in order to move forward and manage complex frameworks where organisations are coping with numerous systems and regular machinery of government changes.

Our survey was not exhaustive and this blog would have been impossible without the input of vendors. We appreciate the time they took and look forward to seeing what they do next.

3 easy things you can do to get ready for automatic digital records management

  1. Get your business processes documented.
  2. Determine your metadata requirements.
  3. Identify which systems capture your records.

When Automatic Digital Records Management arrives in your organisation you want to be ready, so get started!