Michael Gallagher Glasgow City Archives IRMS Scotland Group 11 June 2013
What is it? Why is it relevant to us? What can we do about it? How much of a change is it?
More iPhones sold each day than babies born worldwide Mobile devices outnumbered humans in 2012 Range of devices: Laptops, desktops, smartphones, tablets, notebooks.....notepads?
Almost 50% while on holiday Almost 40% while commuting Almost 20% while driving 5% in a place of worship Source: Consumerization of IT Study: Closing the “Consumerization Gap”, IDC/Unisys, July 2011
75% of organisations currently support it – further 13% planning to by end of 2013 Good Technology survey, January 2013 47% of all UK adults use a personal smartphone, laptop or tablet for work YouGov survey, March 2013 80% will be doing it by 2016 Gartner, June 2012 48% of organisations would never allow it Cisco/Redshift Research, January 2012
Users like it Cost savings? Increased productivity and flexibility Better technology
Loss of control of recordkeeping Compliance/legal Security risks Continuity and preserving the record
Decentralisation of recordkeeping Everyone is a records manager? What if the device gets lost, or the employee leaves? Distinction between device and data on it
Data Controller: “a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.” “It is important to remember that the data controller must remain in control of the personal data for which he is responsible, regardless of the device used to carry out the processing.” (ICO guidance, March 2013)
Data protection and freedom of information obligations What legal right does an organisation have to look through my stuff? Balance between keeping company data secure and personal data private
Risks associated with mobile working in general 34 (of 120) undertakings and 5 (of 32) civil monetary penalties related to loss of data using mobile devices FOI request to ICO (Jan 2011 – Jan 2013) Data less secure? Basic security measures, password, encryption, anti- virus High profile issue: threat of fines, reputational damage
5% of corporate data stored ONLY on smartphones Osterman Research, May 2011 Individuals making their own decisions on records management Value of records and the archive not immediate concerns Personal archives
Loss of control of recordkeeping Compliance/legal Security risks Continuity and preserving the record “Consumerisation cannot be stopped. It can only be dealt with.” BT white paper, The Future of the Office
Assess existing policies and create a framework Alignment with IT, HR, Legal, Finance Who pays? What level of support is there?
ORGANISATIONEMPLOYEE Right of access to certain data Circumstances under which it can access it Level of support Powers and sanctions Follow all relevant policies and procedures Security measures Only access certain information Responsibilities at end of device’s life
Separate corporate and personal data Classify data or users Make policies and procedures device- independent Work with IT on security and compliance Get data off device and keep safe while on it
Individual responsibilities highlighted Not unique to the use of personal devices – reposition our efforts “...worrying lack of guidance from employers on use of personal devices.” (ICO, March 2013) How good RM can help users Manage privacy expectations
We can’t stop consumerisation, but we can manage it Many challenges not unique to this environment Cooperation vital: with users, as well as IT, HR, management... Information sexy....information professionals too?