This time it's personal

This time its personal: consumerising records management

Michael GallagherGlasgow City Archives

IRMS Scotland Group11 June 2013

Sample 61Consumerising recordkeepingWhat is it?

Why is it relevant to us?

What can we do about it?

How much of a change is it?

Sample 62Planet of the apps?More iPhones sold each day than babies born worldwideMobile devices outnumbered humans in 2012Range of devices:Laptops, desktops, smartphones, tablets, notebooks.....notepads?

Sample 63Working 9 to 5 or Eight Days a Week?Almost 50% while on holidayAlmost 40% while commutingAlmost 20% while driving5% in a place of worshipSource: Consumerization of IT Study: Closing the Consumerization Gap, IDC/Unisys, July 2011

Sample 64Bring Your Own Device75% of organisations currently support it further 13% planning to by end of 2013Good Technology survey, January 201347% of all UK adults use a personal smartphone, laptop or tablet for workYouGov survey, March 201380% will be doing it by 2016Gartner, June 201248% of organisations would never allow itCisco/Redshift Research, January 2012

Sample 65BenefitsUsers like it

Cost savings?

Increased productivity and flexibility

Better technology

Sample 66ChallengesLoss of control of recordkeeping

Compliance/legal

Security risks

Continuity and preserving the record

Sample 67Loss of controlDecentralisation of recordkeeping

Everyone is a records manager?

What if the device gets lost, or the employee leaves?

Distinction between device and data on it

Whose data is it anyway?Data Controller: a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.It is important to remember that the data controller must remain in control of the personal data for which he is responsible, regardless of the device used to carry out the processing. (ICO guidance, March 2013)

Compliance and legal issues Data protection and freedom of information obligations

What legal right does an organisation have to look through my stuff?

Balance between keeping company data secure and personal data private

Sample 610Security risksRisks associated with mobile working in general34 (of 120) undertakings and 5 (of 32) civil monetary penalties related to loss of data using mobile devicesFOI request to ICO (Jan 2011 Jan 2013)Data less secure?Basic security measures, password, encryption, anti-virusHigh profile issue: threat of fines, reputational damage

Sample 611Preserving the record5% of corporate data stored ONLY on smartphones Osterman Research, May 2011Individuals making their own decisions on records managementValue of records and the archive not immediate concernsPersonal archives

ChallengesLoss of control of recordkeepingCompliance/legalSecurity risksContinuity and preserving the record

Consumerisation cannot be stopped. It can only be dealt with. BT white paper, The Future of the Office

Sample 613

Sample 614What are the options?Do nothing...Ban itProvide (and manage) it

Sample 615Managing BYODEstablish organisations level of influenceAudit types of device/dataSet the rules and create employee agreementEngage with users

Sample 616High user focusLow user focusHigh controlLow control* Charity* MoD* University

.Sample 617Agreement with employeesAssess existing policies and create a frameworkAlignment with IT, HR, Legal, FinanceWho pays?What level of support is there?

Sample 618Set out rights and responsibilitiesOrganisationEmployeeRight of access to certain dataCircumstances under which it can access itLevel of supportPowers and sanctions

Follow all relevant policies and proceduresSecurity measuresOnly access certain informationResponsibilities at end of devices life

Sample 619Focus on data, not deviceSeparate corporate and personal dataClassify data or usersMake policies and procedures device-independentWork with IT on security and complianceGet data off device and keep safe while on it

Sample 620Engage with usersIndividual responsibilities highlightedNot unique to the use of personal devices reposition our efforts...worrying lack of guidance from employers on use of personal devices. (ICO, March 2013)How good RM can help usersManage privacy expectations

Sample 621ConclusionsWe cant stop consumerisation, but we can manage itMany challenges not unique to this environmentCooperation vital: with users, as well as IT, HR, management...Information sexy....information professionals too?

Sample 622