Larry Medina's Most Recent Posts

A recent Computerworld article discussed the deployment of EMR/EHR proposed by the Obama administration, but the concerns are more generic than who recommends it.

Once again, we're provided assurances that our personal information will be protected, but there are no details and again, no standards or protocols for privacy protection

Lots of discussion on e-mail once again, and how to effectively manage it, but it all comes down to sound RIM policies and practices

Why waste your time hiring IT staff and attempting to train them in the practices that are second nature to RIM Professionals? Skip the middle man, and go to the source!

There have been many articles that improperly indicate that the scanning of paper documents represents "preservation" of information, one of the most recent ones is here.   While there is some truth to the fact that conversion, scanning, image capture, or however its described is PART of a "preservation strategy", it does not on its own represent preservation.

Paper, while not exactly a search friendly medium for storage of information has a rather strong history as a means of preserving information.  Properly indexed and supported by sufficient finding aids, it satisfies the need to access the information contained on it.  Stored in proper environmental conditions and protected appropriately from fire, flood, and other hazards, it has been known to stand the test of time, lasting in many cases more than 300 years and remaining both viable and legible. One notable case of a major conversion effort was the Domesday Project in the UK, where a historical work dating back to 1089 was converted to electronic format and in the process, a large portion of what was converted was lost and had to be recaptured.  A read of this page gives users a decent understanding of the requirements to successfully capture the complete text for a 1:1 conversion.

This article in Computerworld discusses some of the changes happening in the encryption environment and also addresses some possible options, such as selective encryption, or newer processes that perform encryption "on the fly", but again I'm not convinced that it isn't another case of someone trying to throw a "solution" at an under researched "problem".

I guess there's only so many topics to talk about, and every time there's another data loss publicized, this one comes up.  While there is  no doubt some information needs to be protected through the use of encryption based on its sensitivity, or the manner in which its used, it isn't a requirement for ALL information.  Even personally identifiable information (PII) only needs to be encrypted if it's  handled in a manner that could potentially expose it to others, while in transit, in storage by a third party, or on a system that could potentially be exposed to unauthorized sources.   It's important to do an assessment of the information you have and how it's managed to determine the need for encryption.

After reading a recent article in Computerworld, I thought it might be important to have a discussion about what Records and Information Management (RIM) is from the perspective of a RIM Professional that's been in the field for 35 years.  During this time, there have been many changes to the process made necessary by the explosion of electronic format information (beginning for business actually in the early 1980s), but the practices and principles of RIM have essentially remained unchanged.

While these recent fires aren't directly  "data related", they do involve the destruction of millions of information assets belonging to a vast number of organizations.  And these aren't the first incidents of this type to take place in the past 10 years. In fact, these aren't even the first incidents to take place for this same vendor in the past 10 years.

This vendor has also been involved in the loss of data in the past couple of years, and they're pretty high profile cases, some of which I know you're all familiar with.

Well, when it comes to breaches of privacy, the "Hits Just Keep on Comin' " This past week the Department of Energy announced the loss of PII (Personally Identifiable Information) on 1,500 names. Now, this may sound like a minimal number compared to the VA loss of 26.5 million files, but pay close attention to who the records lost by the DOE belonged to. 

Brooks said the file contained names, Social Security numbers, birthdates, codes showing where the employees worked and codes showing their security clearances. A majority of the individuals worked for contractors, and the list was compiled as part of their security clearance processing, he said.

So, follow the bouncing ball, folks... this is infomation not only related to names, birthdates and SSNs, but it included work location and SECURITY CLEARANCES ... so how much of a leap does it take to determine where these people live?nCan you say ZABASEARCH??

A recent article here in Computerworld Blogs was discussing Information Privacy and was querying what will be the event that becomes the "Enron of information privacy". I find this interesting in that MOST organizations haven't chosen to wait for an event that hasn't happened yet, or that just happened recently, such as the VA incident cited in the blog post.

Most organizations have proactively sought out methods to protect their information from unwarranted access by both physical methods and through use of software, many applying a one-two punch, using a combination of both. This is an issue that goes far beyond the legal concerns of having your employee's information exposed, as it can compromise an organization's competitive position as well. When most people think of privacy, it seems they limit their thinking in terms of PHI (personal health information) and PII (personal identity information) of individuals, which are covered under HIPAA and various State laws, such as California's SB1386. But there is much more to be concerned with that requires protection, so the concept of "Information Privacy" needs to be top-down and cover all organizational information assets. Hopefully, if this law passes, we may ALL have fewer concerns.

Well, not exactly a new topic in this blog, but one that may require more people to speak up, and sooner rather than later.

Articles have been popping up right and left regarding the failure post-deployment of a new application for managing healthcare records of UK citizens in a Government funded initiative to the tune of $6.2B pounds over the next 10 years.  The system is comprised of 4 major components, and is planned to be deployed to 30,000 general practitioners and 300 hospitals, but in its initial deployment has resulted in the apparent confusion, loss and disruption of providing health services to untold thousands of patients.

Well, it isn't new and it's been in discussion for quite some time now, but to have it as a central article in the Wall Street Journal MAY get people openly discussing Open Document Format!

There are many good points made in this article, including the citing of a number of adopters of this standard:

If this standard is to become a reality, we must insist on it. In the U.S., Massachusetts has been leading the way with a mandate that all software purchased by the commonwealth comply with ODF. Globally, 13 nations are considering adopting it. The reason is simple. The data belongs to the people, not to the software vendor that created the file format.

And the most important observation in my mind was the comment  "A "standard" created and controlled by a single company is not a true standard."  Truer words have not been spoken.

This is a subject I've touched on a couple of times already, but it seems as if it's still causing major confusion for many people.

What exactly is ILM is at the heart of the discussion.  Reading all of the articles popping up over the past two years, it's being touted as something new ... and it's being heralded by the Storage Industry as the "greatest thing since sliced bread".  And to them, it's quite apparent that it's going to result in a LOT OF BREAD being made by that industry if people buy into their definitions and explanations of why it's critical to business.

As I've heard said many times, "... the more things change, the more they stay the same ..."

This article regarding the sensitive nature of media and options for long term storage of information goes a long way towards pointing out the obvious, and something RIM Professionals have been trying to convince people of for years now. 

"Unlike pressed original CDs, burned CDs have a relatively short life span of between two to five years, depending on the quality of the CD," Gerecke said in an interview this week. "There are a few things you can do to extend the life of a burned CD, like keeping the disc in a cool, dark space, but not a whole lot more." The problem is material degradation. Optical discs commonly used for burning, such as CD-R and CD-RW, have a recording surface consisting of a layer of dye that can be modified by heat to store data. The degradation process can result in the data "shifting" on the surface and thus becoming unreadable to the laser beam."

There's nothing that beats the establishing of a sensible media migration policy, one that takes into account not only the usage pattern and methods for storage of media, but considers the value of information being stored on the media.  And there are a FEW more things you can do to extend the length of time you can access information stored on CDs, such as burning a second copy that is stored in optimal environmental conditions, not using pens to write on the surface of the media, not applying adhesive labels to them, and keeping them in their jewel cases.

At the risk of sounding like a broken record, once again we see the serious lack of understanding of what the profession charged with the responsibilty of managing an organization's information assets (RIM, Records and Information Management)  expects from the individuals charged with providing the technology and services (IT/IS, Information Technology and Systems).

This article started out on the right track, in fact, it was bringing tears to my eyes... =)   as it clearly stated: