Privacy and the monetization of data

In this article, David Rabb discusses the various privacy implications of the monetization of data. Rabb focuses specifically on Personally Identifiable Information (PII) that companies can obtain about people through cookies, IP addresses, GPS, and so forth. Companies have often touted the anonymity of cookies but, as Rabb points out, there are many ways to tie cookies to known individuals, a process that often includes “consent” consumers don’t know they’ve granted. Other theoretically anonymous identifiers such as device IDs and IP addresses can also often be connected to PII. And research has shown that even less specific information, such as a collection of taxi trips or a combination of birthdate [sic] and Zip code, are [sic] often enough to identify specific individuals.

I don’t think that most internet users are naive enough to think that companies don’t have their PII but, as Rabb points out, customers may broadly assume your company knows everything about them but they can still be surprised at the data presented in specific situations – especially if that data is wrong.

Information managers face the increasingly complex task of maintaining the security of PII, ensuring this information is accurate, using only the personal information needed for a specific task, and ensuring that the privacy rights of customers are respected.

Text messages as health records

A research study from York University, one of my almae matres, studied text messages sent between nurses and physicians in deteriorating internal medicine patients requiring escalation to intensive care unit (ICU) to identify issues in failures to rescue. Looking at records from 2012 to 2014 at the Toronto General Hospital, the team found that message quality was positively linked to survival. The study highlights the need for a standardized and responsive text-based communication system.

As a taxonomist and cataloguer, I’m pleased to see a degree of authority control (or standardized vocabulary) used in these text messages, as shown in this legend of abbreviations:

RR = respiratory rate; NP = nasal prongs; bpm = beats per minute; BP = blood pressure; pt = patient; NS = normal saline; TM = tracheostomy mask; A&O = alert and oriented; ABG = arterial blood gas; CCRT = critical care response team (rapid response team).

I’m interested also in whether hospitals have a plan for managing these records. I consider these records to have business value, since they document decisions made, and transmit patient information. Are these text messages subjected to any records and information management policies and standards? Are they subject to retention schedules? Given the potential confidential nature of the content of these messages, how is their security maintained? Are personnel using mobile devices that are owned by the hospital and protected by firewalls? There is certainly a lot of ground to explore here. I think a discussion with the authors might be interesting.

 

National Archives of Australia’s new information management standard

The government of Australia has been a significant leader in the field of information management for several years, and serves as the standard I use in my RIM classes to demonstrate IM best practices. Continuing this fine tradition, the National Archives of Australia has just published a new Australian Government standard to manage business information.

The new Information Management Standard (IMS) outlines principles to help agencies meet business, government and community needs in relation to how information is managed across the sector and aims to help them maximise the business benefits of well-managed information in the Australian Government.

The eight principles are:

Principle 1: Business information is systematically governed
Principle 2: Necessary business information is created
Principle 3: Business information is adequately described
Principle 4: Business information is suitably stored and preserved
Principle 5: How long business information should be kept is known
Principle 6: Business information is accountably destroyed or transferred
Principle 7: Business information is saved in systems where it can be appropriately managed
Principle 8: Business information is available for use and reuse.

This standard complements the National Archives’ Digital Continuity 2020 plan.

 

The changing role of the Chief Information Officer

In this article, Andrew Horne, IT practice leader at CEB, discusses the changing role of the Chief Information Officer (CIO). Horne argues that while the importance of managing digital data is increasing, the recognition of this importance could lead to the decline of the CIO position, as this management becomes more integrated throughout various management levels, rather than the purview of one individual.  Horne suggests that CIOs can explore different paths in this changing landscape:

  1. Digital Evangelist.  Digital evangelists put next-generation technology capabilities such as big data, machine learning, and the Internet of Things into context and explain how they enhance or transform the enterprise’s products, channels, and operations.
  2. Modernizer. As modernizers, CIOs build and manage the next generation technologies and platforms that support digital transformation and enable interoperability of digital product portfolios. They also continually adapt IT’s processes and skill sets in areas such as business engagement, iterative development, customer experience and data management to the changes triggered by digitization.
  3. Productizer. An alternative path for CIOs may open up in companies that are selling digital products or services to end customers for the first time. So as a digital business grows, productizer CIOs will need to choose whether to become full time product owners and give the CIO role to someone else, or stay CIO and find a dedicated leader to take the digital business to the next level.

Although I find the terms above a little cringe-worthy perhaps, given my dislike of jargon and buzzwords, Horne does point to the importance of flexibility in the area of data management, especially as more functions become automated. The ability to adapt quickly to new environments is certainly something that information management programs need to incorporate into their curricula.

 

Ten principles of information management

Defining the principles of information management has never been easy; those of us in the field know what we do, and appreciate the value of our knowledge, but defining what we do to people outside our field can be challenging. This lack of clarity is not a reflection of any weakness in the area of information management but, rather, a reflection of the breadth of its scope and relevance. In this article, James Robertson outlines the key features of information management, which he draws from a number of “critical success factors” from various information management programs. Robertson makes a point of emphasizing that information management is not about just information technology; those of us in the field understand the frustration of having all our skill sets subsumed under the umbrella of technology: From the outset, it must be emphasised that this is not an article about technology. Rather, it is about the organisational, cultural and strategic factors that must be considered to improve the management of information within organisations.

Robertson’s 10 principles of information management:

  1. Recognize (and manage) complexity
  2. Focus on adoption
  3. Deliver tangible & visible benefits
  4. Prioritize according to business needs
  5. Take a journey of a thousand steps
  6. Provide strong leadership
  7. Mitigate risks
  8. Communicate extensively
  9. Aim to deliver a seamless user experience
  10. Choose the first project very carefully

Robertson does an excellent job of explaining the scope and breadth of information management, and I will be sure to incorporate this article in my courses.

Information management bad habits begin in the boardroom

This post by Elizabeth Bramwell discusses what she calls bad habits from senior management in the area of information management. Examples of these bad habits include leaving business-sensitive or confidential information on the printer for all to see, losing this information in a public place, and not ensuring that proper security protocols are in place to protect this information. Bramwell says that instead of leading by example, business leaders are guilty of sidestepping company policy to get things done or are simply unaware that what they are doing goes against any policy. The growth of information sources is a contributing factor to these types of behaviours: The rise of cloud services and mobile device usage, along with the emergence of the Internet of Things (IoT) has led to an explosion in data generation within organisations. This has put pressure on people to manage more information than ever before. At the same time, business leaders want decisions to be data-driven.

Bramwell concludes that implementing a strong information governance policy requires a consistent, clear and cohesive approach to managing information in all formats. For business leaders in particular, this starts with getting their information management habits in order. Only then can they expect best practice to be followed throughout the organisation.

Seven Chrome extensions to help with productivity

Anyone who knows me will tell you that I love being organized. I have a weakness for to-do lists and organization-based apps. This post discusses seven Chrome extensions to help enhance personal productivity; the post is geared towards teachers, but I think that these extensions could have a broader scope. Since I use a Chromebook at home (I still use a laptop at the office),and thus must work exclusively online, these extensions could become even more relevant.

  1.  Prioritab
  2. Google Keep
  3. Add Tasks to Do It (Tomorrow)
  4. Wunderlust New Tab
  5. OneTab
  6. Save to Google Drive
  7. Print Friendly

Survey on the use of risk management information systems (RMIS)

This report, published by StrategicRisk, summarizes the result of a survey taken of organizations that use risk management information systems. The report, unfortunately, does not provide details about the  nature of the methodology, such as the size of the population, how the population was chosen, variables used, and so forth.  The images below summarize some of the report’s key findings: capture

capture

capture

capture

 

Information management is the key to cybersecurity

Joe Shepley discusses the key role that information management plays in cybersecurity. Organizations may have very robust cybersecurity software and systems, but data theft is something that can be managed only with proper information management processes. Data theft is what happens when a bad actor — either internal or external — enters the network and takes control of a device or devices in order to steal or compromise data (e.g., through encryption). 

An effective information management program helps organizations keep the data they need (i.e., data with legal or operational use) and purge the data they don’t (i.e., data that’s past its legal or operational life). Effective information management reduces the information footprint of an organization, which means less data for bad actors to steal. It also means that an organization’s limited resources can focus on protecting a smaller set of relevant data.

Shepley proposes the following steps to ensure proper data retention:

  1. Data map – Determine what data we have, where data is and who owns it.
  2. Policy infrastructure – Put policies in place to manage information throughout its lifecycle (including data that’s been orphaned or abandoned).
  3. Content assessment – Scan content to determine what is junk, stale and sensitive, as well as whether the security and access for this content is appropriate.
  4. Remediation and clean up – Based on policy and the results of the content assessment, purge junk/stale content and remediate inappropriate security and access.
  5. Monitoring and prevention – Scan the environment on an ongoing basis to identify both non-compliant activity (e.g., mishandled PHI) and growth of stale/junk data and take action to address.

I am glad to see that all these activities are covered in my records and information class.

 

Ethics in information management

In this article, Daragh O’Brien discusses the role of ethics in information management. O’Brien suggest that he has found only one article, published in 1999, that discusses this topic. Considering how frequently one hears about the need for, and importance of, ethics in information management, I am surprised by this finding, and will certainly investigate it further. O’Brien does say that information managers do practice ethics, but that perhaps we have not established rigorous benchmarks of quality: We cannot rely on a person with a hammer at the end of the information production line to knock the ethical dents out of our data economy. The risks to people and to society are far too great and potentially irreversible.

O’Brien suggest three normative theories of ethical conduct that should be considered in information management:

 

screenshot-2016-12-01-at-6-38-16-am

O’Brien suggests that as Information Management professionals, we need to evolve our organisations to at least the Stakeholder Value Theory when considering ethical conduct in our organisations. Until we do even those industries such as the automotive manufacturing industry who have recently explicitly adopted standards for consideration of ethical issues in the design and manufacture of products and services, will struggle to make sustainable progress. This is the change that has to happen to help us align the internal business, information, and technology functions of the organisation to consistently deliver ethical outcomes.