Presentation on theme: "This time it’s personal: consumerising records management"— Presentation transcript:
1This time it’s personal: consumerising records management Sample 6This time it’s personal: consumerising records managementMichael GallagherGlasgow City ArchivesIRMS Scotland Group11 June 2013
2Consumerising recordkeeping Sample 6Consumerising recordkeepingWhat is it?Why is it relevant to us?What can we do about it?How much of a change is it?
3Sample 6Planet of the apps?More iPhones sold each day than babies born worldwideMobile devices outnumbered humans in 2012Range of devices:Laptops, desktops, smartphones, tablets, notebooks.....notepads?
4“Working 9 to 5” or “Eight Days a Week”? Sample 6“Working 9 to 5” or “Eight Days a Week”?Almost 50% while on holidayAlmost 40% while commutingAlmost 20% while driving5% in a place of worshipSource: Consumerization of IT Study: Closing the “Consumerization Gap”, IDC/Unisys, July 2011
5“Bring Your Own Device” Sample 6“Bring Your Own Device”75% of organisations currently support it – further 13% planning to by end of 2013Good Technology survey, January 201347% of all UK adults use a personal smartphone, laptop or tablet for workYouGov survey, March 201380% will be doing it by 2016Gartner, June 201248% of organisations would never allow itCisco/Redshift Research, January 2012
6Benefits Users like it Cost savings? Sample 6BenefitsUsers like itCost savings?Increased productivity and flexibilityBetter technology
7Challenges Loss of control of recordkeeping Compliance/legal Sample 6ChallengesLoss of control of recordkeepingCompliance/legalSecurity risksContinuity and preserving the record
8Loss of control Decentralisation of recordkeeping Everyone is a records manager?What if the device gets lost, or the employee leaves?Distinction between device and data on it
9Whose data is it anyway?Data Controller: “a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.”“It is important to remember that the data controller must remain in control of the personal data for which he is responsible, regardless of the device used to carry out the processing.” (ICO guidance, March 2013)
10Compliance and legal issues Sample 6Compliance and legal issuesData protection and freedom of information obligationsWhat legal right does an organisation have to look through my stuff?Balance between keeping company data secure and personal data private
11Security risks Risks associated with mobile working in general Sample 6Security risksRisks associated with mobile working in general34 (of 120) undertakings and 5 (of 32) civil monetary penalties related to loss of data using mobile devicesFOI request to ICO (Jan 2011 – Jan 2013)Data less secure?Basic security measures, password, encryption, anti-virusHigh profile issue: threat of fines, reputational damage
12Preserving the record 5% of corporate data stored ONLY on smartphones Osterman Research, May 2011Individuals making their own decisions on records managementValue of records and the archive not immediate concernsPersonal archives
13Challenges Loss of control of recordkeeping Compliance/legal Sample 6ChallengesLoss of control of recordkeepingCompliance/legalSecurity risksContinuity and preserving the record“Consumerisation cannot be stopped. It can only be dealt with.”BT white paper, The Future of the Office
15What are the options? Do nothing... Ban it Provide (and manage) it Sample 6What are the options?Do nothing...Ban itProvide (and manage) it
16Managing BYOD Establish organisation’s level of influence Sample 6Managing BYODEstablish organisation’s level of influenceAudit types of device/dataSet the rules and create employee agreementEngage with users
17High control * MoD High Low user focus user focus * University Sample 6High control* MoDLowuser focusHighuser focus* University.* CharityLow control
18Agreement with employees Sample 6Agreement with employeesAssess existing policies and create a frameworkAlignment with IT, HR, Legal, FinanceWho pays?What level of support is there?
19Set out rights and responsibilities Sample 6Set out rights and responsibilitiesOrganisationEmployeeRight of access to certain dataCircumstances under which it can access itLevel of supportPowers and sanctionsFollow all relevant policies and proceduresSecurity measuresOnly access certain informationResponsibilities at end of device’s life
20Focus on data, not device Sample 6Focus on data, not deviceSeparate corporate and personal dataClassify data or usersMake policies and procedures device-independentWork with IT on security and complianceGet data off device and keep safe while on it
21Engage with users Individual responsibilities highlighted Sample 6Engage with usersIndividual responsibilities highlightedNot unique to the use of personal devices – reposition our efforts“...worrying lack of guidance from employers on use of personal devices.” (ICO, March 2013)How good RM can help usersManage privacy expectations
22Conclusions We can’t stop consumerisation, but we can manage it Sample 6ConclusionsWe can’t stop consumerisation, but we can manage itMany challenges not unique to this environmentCooperation vital: with users, as well as IT, HR, management...Information sexy....information professionals too?