Favourite Jeopardy question never-asked by Alex Trebek:
“This value underpins information governance and, taken to its logical conclusion, can transform a culture at large.”
And the correct response?
To my mind, the smart money is on accountability. Not in the sense that an individual is assigned responsibility but a more nuanced tour of accountabilities over the course of a record lifecycle, from cradle to grave, creation to cremation.
Let me to explain.
In my previous column I looked at the emerging field of information governance. I showed that its emergence is not so different from the earlier drive to develop personal information rights legislation except that information governance is broader in scope.
So the Fair Information Principles brought us into the discussion but they don’t take us out of it. For this, information professionals often look to frameworks such as the D.I.R.K.S. (Designing and Implementing Recordkeeping Systems) used in Australia or the Generally Accepted Recordkeeping Principles® (or “the Principles”) that originated in the United States at ARMA International. These Principles are broader than the Fair Information Principles and provide a framework for managing records in a way that ensures that risk and compliance standards, and policies and legislation issues, are identified and addressed. See the table for a comparison.*
|Generally Accepted Recordkeeping Principles||Fair Information Principles||Information Security Guiding Principles||Record Characteristics per ISO-15489|
|Integrity||Limiting Use, Disclosure and Retention||Availability||Integrity|
That said, isn’t there a simpler way to approach this? I think so. And I think accountability is the key.
Two quick examples:
- copying the body of an email into a Word document, saving that new document, then deleting the original email; or
- editing a database field in software that does not retain the earlier entry.
These examples are very common in my view. Employees often have no issue with them and no sense that anything is awry. So what’s the problem? In the first case, if the organization no longer has the original file with the headers and routing information, how can anyone be sure that the record hasn’t been altered? And in the second case, if the organization has no record of the earlier database entry, how can anyone be sure that the data hasn’t been compromised? The first weakens the authenticity of the record while the second degrades the integrity of the data. If these are in doubt, how can the organization assure its stakeholders that it is operating according to its stated promises? Absent such assurances, is it truly accountable?
If you permit my premise that accountability is key, a simple way to approach information governance is by adopting a proactive rather than reactive approach. Let’s call this “Governance by Design”**. This is a two-step process that parses the nuances of accountability against the stages in a record lifecycle.
As the illustration shows, a record lifecycle consists of the following stages: creation, use, maintenance, retention, and disposition. To assess corporate accountability you simply test each stage against the various principles, as shown. The sample questions are far from exhaustive due to space but should show a fairly simple way forward. This approach has served me well over the years: it is visual, easy to remember, and predicated on the basis that information governance is synonymous with an accountability-framework. Easy-peasy, and hope it helps you, too.
Let’s now turn to the second part of our fictional Jeopardy question: Can recordkeeping be transformational?
This part is admittedly far more speculative than my earlier argument but the more I learn about records processes throughout the world the more I discover the importance of a “records mind set”. It is as though writing things down has a transformative effect on an individual level (think: personal mission statement) which, when taken together collectively, can transform not just an organization (e.g., corporate mission statement) but also a people as a whole (e.g., constitution).
My sense is that good record keeping leads to good organization and this improved order has to reap some benefit culturally. Once that preference sets in, there is no going back and after a certain critical turning point business without records just doesn’t “feel right”. But how do you get to that point?
Records are by-products of business processes. It is precisely because a transaction occurs that records emerge as evidence of the operation. A record is an offshoot, in other words. Yet in developing countries with less well-entrenched accountabilities (think: less offshoots), it stands to reason that a commitment to recordkeeping at the personal level can help to instill those same sensibilities more broadly. After all, the sensibilities that we enjoy in Canada were cultivated somewhere. Would the turning point have been when enough people kept sufficiently good accounts in their books?
So for me the answer is, Yes: recordkeeping can be transformational. If I am correct this places a transformative tool squarely into the hands of a people: even countries that lack legislation driving accountability (think: top-down) can potentially bring about cultural change by altering the attention given to organization at the personal level (i.e., bottom-up).
Next time: In my final column in this series I will bring together the views and advice of various veteran information professionals in Canada and abroad on this emerging field. Stay tuned.
* I encourage readers who would like more information about these approaches to information governance to consult Robert F. Smallwood’s “Information Governance: Concepts, Strategies, and Best Practices” (2014). Smallwood’s text is up-to-date and offers useful coverage of today’s records challenges. It’s the best one on the market right now.
** Hat tip to former Ontario Privacy Commissioner Ann Cavoukian’s very successful “Privacy by Design” campaign.
Chris Graves is the Associate University Archivist / Records Manager at the King Abdullah University of Science and Technology (KAUST) in Saudi Arabia. The Red Sea Dispatches column documents Chris’ experience in a new job in a new place. The views expressed in this article are those of the author and do not necessarily represent the views of, and should not be attributed to, the King Abdullah University of Science and Technology (KAUST).
Editor’s Note: This is the second in a three-part series on information governance: