Information management bad habits begin in the boardroom

This post by Elizabeth Bramwell discusses what she calls bad habits from senior management in the area of information management. Examples of these bad habits include leaving business-sensitive or confidential information on the printer for all to see, losing this information in a public place, and not ensuring that proper security protocols are in place to protect this information. Bramwell says that instead of leading by example, business leaders are guilty of sidestepping company policy to get things done or are simply unaware that what they are doing goes against any policy. The growth of information sources is a contributing factor to these types of behaviours: The rise of cloud services and mobile device usage, along with the emergence of the Internet of Things (IoT) has led to an explosion in data generation within organisations. This has put pressure on people to manage more information than ever before. At the same time, business leaders want decisions to be data-driven.

Bramwell concludes that implementing a strong information governance policy requires a consistent, clear and cohesive approach to managing information in all formats. For business leaders in particular, this starts with getting their information management habits in order. Only then can they expect best practice to be followed throughout the organisation.

Advertisements

Seven Chrome extensions to help with productivity

Anyone who knows me will tell you that I love being organized. I have a weakness for to-do lists and organization-based apps. This post discusses seven Chrome extensions to help enhance personal productivity; the post is geared towards teachers, but I think that these extensions could have a broader scope. Since I use a Chromebook at home (I still use a laptop at the office),and thus must work exclusively online, these extensions could become even more relevant.

  1.  Prioritab
  2. Google Keep
  3. Add Tasks to Do It (Tomorrow)
  4. Wunderlust New Tab
  5. OneTab
  6. Save to Google Drive
  7. Print Friendly

Survey on the use of risk management information systems (RMIS)

This report, published by StrategicRisk, summarizes the result of a survey taken of organizations that use risk management information systems. The report, unfortunately, does not provide details about the  nature of the methodology, such as the size of the population, how the population was chosen, variables used, and so forth.  The images below summarize some of the report’s key findings: capture

capture

capture

capture

 

Information management is the key to cybersecurity

Joe Shepley discusses the key role that information management plays in cybersecurity. Organizations may have very robust cybersecurity software and systems, but data theft is something that can be managed only with proper information management processes. Data theft is what happens when a bad actor — either internal or external — enters the network and takes control of a device or devices in order to steal or compromise data (e.g., through encryption). 

An effective information management program helps organizations keep the data they need (i.e., data with legal or operational use) and purge the data they don’t (i.e., data that’s past its legal or operational life). Effective information management reduces the information footprint of an organization, which means less data for bad actors to steal. It also means that an organization’s limited resources can focus on protecting a smaller set of relevant data.

Shepley proposes the following steps to ensure proper data retention:

  1. Data map – Determine what data we have, where data is and who owns it.
  2. Policy infrastructure – Put policies in place to manage information throughout its lifecycle (including data that’s been orphaned or abandoned).
  3. Content assessment – Scan content to determine what is junk, stale and sensitive, as well as whether the security and access for this content is appropriate.
  4. Remediation and clean up – Based on policy and the results of the content assessment, purge junk/stale content and remediate inappropriate security and access.
  5. Monitoring and prevention – Scan the environment on an ongoing basis to identify both non-compliant activity (e.g., mishandled PHI) and growth of stale/junk data and take action to address.

I am glad to see that all these activities are covered in my records and information class.

 

Ethics in information management

In this article, Daragh O’Brien discusses the role of ethics in information management. O’Brien suggest that he has found only one article, published in 1999, that discusses this topic. Considering how frequently one hears about the need for, and importance of, ethics in information management, I am surprised by this finding, and will certainly investigate it further. O’Brien does say that information managers do practice ethics, but that perhaps we have not established rigorous benchmarks of quality: We cannot rely on a person with a hammer at the end of the information production line to knock the ethical dents out of our data economy. The risks to people and to society are far too great and potentially irreversible.

O’Brien suggest three normative theories of ethical conduct that should be considered in information management:

 

screenshot-2016-12-01-at-6-38-16-am

O’Brien suggests that as Information Management professionals, we need to evolve our organisations to at least the Stakeholder Value Theory when considering ethical conduct in our organisations. Until we do even those industries such as the automotive manufacturing industry who have recently explicitly adopted standards for consideration of ethical issues in the design and manufacture of products and services, will struggle to make sustainable progress. This is the change that has to happen to help us align the internal business, information, and technology functions of the organisation to consistently deliver ethical outcomes.