Design ahead for information integrity
You never know how the information and data you collect today will be used in the future. The integrity of information and data management practices is always tested when information and data is reused. This really rings true when it’s accessed for a purpose other than was originally intended, or as in the following example, following a significant period of time between uses.
In 1982 a police officer (now a colleague of mine) arrested a citizen for committing a serious offence. The citizen escaped and evaded prosecution by going on the run. For 33 years this remained a cold case however in 2015 the person was apprehended.
The criminal has since been committed for trial based on the quality of the evidence produced in 2016, and is to appear before the District Court later this year. In 1982 the police records were documented with the end in mind, providing the evidence required to convict the offender.
It’s worth noting the police recordkeeping in 1982 was very different:
- there were no tape recorders – all statements, interviews. etc. were manually typed
- DNA testing did not exist
- all evidence briefs were compiled personally, manually and with no legal advice
- all records and items of evidence were physical.
Even though policing practices and technologies have changed significantly since 1982 the integrity of the original records were of a standard which enabled an arrest 34 years on. Will the information and data created today still have integrity, be accessible and of use in 2050, 34 years from now?
Putting the outcome first
Starting with the outcome in mind is today known as a ‘by-design’ approach thanks to Ontario’s Information and Privacy Commissioner Dr Ann Cavoukian. Based on Dr Cavoukian’s Privacy by Design approach I have adapted the following set of by-design principles for managing information and data:
1. Be proactive, not reactive: A by-design approach is characterised by proactive rather than reactive or remedial measures. Anticipate and prevent information and data management disasters before they happen and plan to prevent issues occurring. Steps to consider include:
- Critical evaluation of new and existing systems for the functionality to effectively manage information and data throughout its lifecycle
- Inclusion of information and data management requirements in new project specifications
- Classification and retention periods applied at creation
- Continual disposal actions.
2. Treat information as an asset – the default setting: Information and data management by design seeks to ensure that information is valued as an asset by the organisation and is intrinsically managed throughout its lifecycle, remaining accessible (regardless of format) as required. The cost associated with creating, capturing and managing information greatly exceeds the cost of acquiring and managing most other organisational assets – so treat information as your greatest asset.
3. Lifecycle management embedded into design: A by-design approach is embedded into the design and architecture of all systems and business practices to ensure that information and data lifecycle management is integrated and seamless, not bolted-on after the fact. This way users of business systems don’t even realise they are creating, capturing or managing reliable records with context.
4. Win-win outcome: By-design approaches to information and data management reduce the need for duplication, ensure evidence of business decisions are captured at the source, integrate context (metadata), enable timely disposal, reduce costs through more efficient management practices and ensure storage facilities don’t become a catch-all for the things you don’t wish to deal with. This benefits individual business areas and the organisation as a whole. A zero-sum approach, where one business area gains and another loses, does not support a positive or win-win outcome.
5. Secure lifecycle protection: When embedded as an essential component of a system or business process, a by-design approach protects information and data throughout its lifecycle in a manner that is fit for purpose. Not all information and data is sensitive or requires high level security measures – understand your ecosystem, risks and regulatory environment. Appropriate classification and associated security measures are essential to good practice from start to finish
6. Visibility and transparency – keep it open: Information and data management by design seeks to assure the business that corporate systems and practices can be designed based on sound management practices. The transparency of practices to manage information and data appropriately for the organisation is essential to success.
7. Respect information integrity: By-design approaches require information workers to protect and uphold the quality and integrity of information and data. Remember, information is of value when used, poor quality information has a lower value and information without context loses integrity.
Citizens and consumers have the right to expect that information and data funded from the public purse will be managed in a manner that maximises return on investment; private enterprise needs to operate as efficiently as possible to turn a dollar. Safeguarding data and information integrity enables great decisions (based on great data) and endless opportunities for re-use. This doesn’t occur by accident.
So start with the end in mind and make it by design.
Michelle Teis is an enterprise information management strategist and principal consultant at Glentworth.