Presentation on theme: "TIPS FOR MANAGING YOUR INFORMATION:"— Presentation transcript:
1 TIPS FOR MANAGING YOUR INFORMATION: SOME “INCONVENIENT TRUTHS!”“Our collective capacity to create and disseminate information is in danger of outstripping our ability tomanage it.”(www.jiscinfonet.ac.uk/records management/guide for administrators)PLEASE NOTE:This presentation should be viewed in ”Normal View” so that the note field is visible.TIPS FOR MANAGING YOUR INFORMATION: SOME “INCONVENIENT TRUTHS!”Information overload, especially too much in your inbox, can make you feel like you are fighting a losing battle. We now create and receive more information than ever before, and while technology is very convenient, it also has driven this trend. Information is necessary, and can be an enabling asset; but it also can become an unwelcome burden and a drain on precious time and resources.The workshop is offered from my perspective as a records manager. It aims to address issues faced in managing information in both paper and digital form in the university workplace.It tackles such topics as:organization of files for optima retrievalkeeping your inbox under controlbest practices when using mobile technologies such as laptops and memory sticksaccess and privacy issues arising from legislationsecure disposal of sensitive informationtechniques for keeping digital information long-termthe dilemmas of Web 2.0 technologies.
2 MANAGING YOUR INFORMATION: AN INTRODUCTION The problem spaces:- desktop (paper and electronic)-- shared network drives- collaborative spaces & sharing filesTHE REVOLUTIONSThe latter half of the twentieth century has seen a revolution in the office workplace. Mechanization of the came with the industrial revolution. The typewriter appeared in the mass market in the 1870’s, and with it proliferation of copies using “carbon paper”.The most significant of information is the “record” kept from time immemorial in a “register”. The registration or recording of vital information has a much longer history from the marking of financial transaction on clay tablets to the keeping of parish or municipal registers of births, death or marriages. In the university setting, the Office of the Registrar has kept a permanent record of the academic progress of students and degrees awarded.The office of registration or record and the trusted record keeper have almost disappeared. The problem that arises nowadays is related to who, where and how information is kept in our workplaces, and how to distinguish the important from the FYI.The old style workplace:- paper world- typists and secretaries- records/mail registered in registry offices- less used records stored in boxes in records centres- historical records preserved in archivesThe evolution of the new style workplace:- computers- main frame numbers crunchers- word processing-- desktop computer- networks, client/server, shared drives- Web 1.0 (used for searching for information, communicating via )- Web 2.0 (cloud computing, with desktop client and a server based in California.-
3 ORGANIZATION WORKSPACE ORGANIZATIONGROUPWORKSPACEORGANIZATIONWORKSPACEINDIVIDUAL WORKSPACETHE WORKSPACESIt is especially important to remember that the workspaces are not confined to static geographic places such as offices on campus, but also include any computer desktop whether at off campus locations or in mobile “places”.It is useful to keep in mind the different workspaces that one uses when doing your work at the University. It is even helpful or advisable sometimes to keep your information separated into these different areas.Your own personal virtual workspace or desktop is where you keep your own personal information. This may be information as informal as your shopping list or it may be your own professional research or creative material.You may also work in information spaces that are shared; network drives or web-based collaborative spaces such as wikis, QShare or even a shared filing cabinet.Finally there is a workspace that is delineated as “university workspace”, where the records of your activity in administration of your teaching and research functions reside. These latter might be university committee records, administration of research grant monies, post-it notes, departmental memos, voice mail messages, or scheduling tools such as Oracle Calendar etc.
4 Problem areas, causes and some solutions Creating informationVersion controlmanagementDisposing of informationPreserving informationPROBLEM AREAS TO BE COVERED – THE LIFECYCLE OF INFORMATIONThe job of the record-keeper (like the secretary) is be privy to the information that is classified (as mot important) about an event, a decision or s transaction, and to ensure it is kept safely until it is no longer need and can be safely disposed of by destruction or transfer to an archive.This is the lifecycle of the record and covers the areas that are most important to address when taking responsibility for information that may have implications for other persons:- Creating and receiving- Using- Version control- Storing/maintaining- Retention- Disposal- Preservation
5 Legislation Universities in Ontario come under provincial legislation. Federal legislation covers federal government bodies and commercial enterprises.Provincial legislation:- Freedom of Information, Protection of Privacy- or FIPPAFederal legislation:- Personal Information Protection, & Electronic Documents Act- or PIPEDALEGISLATION – THE EXTERNAL ENVIRONMENTThe legislation that covers our responsibilities in managing the information we hold are found at two different levels:- The government of the Province of Ontario has enacted laws that cover what is called the “MUSH sectors”; the Municipalities, Universities, Schools and Hospitals. The first three of these are covered by laws providing for access to all the records that are created in their capacities as public bodies, and the protection of the personal information these bodies necessarily collected from any individual as a result of the functioning of their institution. Hospitals, and other healthcare institutions are so far covered only by legislation that protects the healthcare records of the individuals with whom they deal.- Federal legislation covers information held by all federal government agencies, along with inter-provincial jurisdictions, and all for-profit commercial enterprises or activity.Ontario universities have come under the Freedom of Information, Protection of Privacy Act (FIPPA) since 2006.There are two parts to the Ontario Provincial legislation: one side of the Act provides to the general public access (with very limited exceptions) to records held by public bodies; and on the other hand the requirement to protect from unlawful disclosure of records containing any information that would allow an individual to be identified. The Act also provides for access (again with very limited exceptions) by any individual to all the information held by the universityabout themselves.The section of Federal Personal Information Protection, & Electronic Documents Act that covers privacy requirements only covers any commercial activities that occur on Campus. The other part of the Act sets out the parameters for ensuring that information that exists for evidential purposes only in digital form can be accepted as evidence by a court of law.Privacy legislation in Canada is based on the principles set out in the Canadian Standards Association, Principles of Fair Privacy Practice.See:It is important to remember the following points:FIPPA provides access to your own information under the custody or control of the universityThe one exception to the previous point is that records relating to employment are excluded form the FIPPAresearch and teaching materials created by you are exempt from the FIPPA
6 Whose information is it? University records- created as part of the business activities of the university- “means any record of information however recorded, whether in printed form, on film, by electronic means or otherwise …”PersonalProfessional/creative, researchGrey areas- personal agenda books- teaching materials/curriculum- sWHOSE INFORMATION IS IT ANYWAY?While the title of the Freedom of Information, Protection of Privacy Act names “Information” as what the public has freedom of access to, in fact it is “records” that are named in the Act itself. Records (and this would include university records) are defined in FIPPA as:“record” means any record of information however recorded, whether in printed form, on film, by electronic means or otherwise, and includes,(a) correspondence, a memorandum, a book, a plan, a map, a drawing, a diagram, a pictorial or graphic work, a photograph, a film, a microfilm, a sound recording, a videotape, a machine readable record, any other documentary material, regardless of physical form or characteristics, and any copy thereof, and(b) subject to the regulations, any record that is capable of being produced from a machine readable record under the control of an institution by means of computer hardware and software or any other information storage equipment and technical expertise normally used by the institution; (“document”)Records are considered to belong to the university if they are under the custody and/or control of the University. The definitions of “under the custody or control” of an institution are of interest. See Order # P120 of Ontario’s Information Privacy Commissioner.The factors relating to “control” are the following:Was the record created by an officer or employee of the institution?What use did the creator intend to make of the record?If the institution does not have possession of the record, is it being held by an officer or employee of the institution for the purposes of his or her duties as an officer or employee?Does the institution have a right to possession of the record?Does the content of the record relate to the institution’s mandate and function?Does the institution have the authority to regulate the record’s use?To what extent has the record been relied upon by the institution?How closely is the record integrated with other records held by the institution?Does the institution have the authority to dispose of the record?The issue of whether or not information is a “record” is important and not always easy to discern. The grey areas of particular concern are and appointment scheduling tools where records and personal information frequently co-exist. The division of workspaces may make the discernment of custody and control more certain. When considering who “owns” the information it is important to remember the three workspaces.
7 Queen’s University Records Management Program QU Records Management PolicyQU Records Management program:QU RECORDS MANAGEMENT POLICY & PROGRAMA university records management policy, program and practice guidelines have been instituted at Queen’s, in part to enable compliance with the legislation, but also to assist in the careful management of personal information, along with university records.The legislation actually requires of the University just three things:- that the university create and provide a “Directory of records” describing all types of records held by the University- that the university describe the information contained in all Personal Information Banks (PIB), i.e. all filing systems containing personal information that are arranged in order using terms that identify the individuals- that the university create and use retentions schedules to control lifecycle of personal informationThe policy can be found on the archives web-site at: There are also, on the same site, guidelines for management of university records.The records management staff are always happy to advise when any questions arise over the care of records and personal information. Contact the main desk of the archives at Extension and ask for records management staff.
8 CREATING INFORMATIONLost information is not only inconvenient, but is a huge waste of time and resources.Losing information containing personal details of an individual is not compliant with the law.Use good file names: objective, meaningful, concise, standardizedScanning and indexing (the “paperless office”)Electronic records management systemsCREATING AND RECEIVING INFORMATIONIn the old style office workplace incoming mail was (and often still is) “registered” , that is franked with an acknowledgement of receipt and date stamped. It was then sorted and delivered to the intended recipient or office of responsibility for carrying out the relevant function. Records created by an individual were filed in the organizations classified filing system in a central registry office.The present day equivalent of this system is an enterprise-wide Electronic Records Management System (or ERMS) software that would open a window on the desktop of the record creator whenever the “Save” icon is clicked, and would offer a classification hierarchy relating to the tasks of the individual creator in a File/Folder hierarchical directory familiar to any Microsoft or Apple/Macintosh user. Folders would have retention, auditing and security capabilities built-in. But ERMS software for an organization is very expensive, and not always as user friendly as its designer supposed.A popular alternative is often considered but has inherent dangers. The idea of the elusive “Paperless Office” is pursued by acquisition of an Electronic Document Management System (EDMS). This type of system typically holds documents scanned from a paper format. The problems with these systems are several; indexing systems are often minimal or inadequate; implementation of retention controls are not automatic and are frequently inadequate; rigorous and onerous quality controls are essential to ensure that scans are readable; and constant monitoring has to take place to ensure that no pages are missed during the scanning process especially when this is is automated.In the everyday world of Queen’s, we can still be aware of what our best practices should entail, and keep our message folders, and directories, folders and files well organized for optimum retrieval, and disposal.The dangers of a lack of good practices include losing important information, wasting precious time having to search for information in poorly organized, or even unorganized filing systems, or accidental deletion of needed information etc.Records need care in management throughout their life-cycle. This first phase of the lifecycle of the record requires care when:- creating record- receiving- naming files and folders- saving or filing into folders or filing systems- classifying documents or files
9 Issued or draft - “I” or “D” Time specific Point (not attach) VERSION CONTROLIssued or draft - “I” or “D”Time specificPoint (not attach)WatermarksTHE SHARED WORKSPACE & VERSION CONTROLIt is essential when working in a collaborative environment that care is taken to use files names that indicate the status of the document being worked on. This might include using conventions such as “I” for Issued and “D” for Draft.Files names can be time and/or date specificIt is very useful to use watermarks or the footnote to mark a document as draft.Remember not to attach documents to drafts but point to relevant documents and appendices.
10 - Emails are disclosable - Evidence of decisions and actions lost DANGERS OF- Mixed messages- s are disclosable- Evidence of decisions and actions lost- Sensitive information disclosure- Lack of privacyMANAGEMENTis fraught with pitfalls. Firstly, the message frequently contains content that refers to more than one task, and therefore cannot be easily filed in folders that hold records relating to just one task.More importantly, s are NOT secure carriers of messages, and therefore should NEVER contain any personal information, nor any content that the sender is not willing to share with others. So warning! do not use them fors are disclosable under the Freedom of Information regulations. This fact is often forgotten, especially since the nature of the media present itself as being a personal form of communication.Information Technology departments (and this stands for Queen’s ITS too) have limits on the retention of messages that do not take into account the importance of the message as a record, nor do they line up with assigned retention schedules for those records.
11 MANAGING EMAIL - 2 Manage your inbox File core business records Short term informal messages – keep current onlyPersonal – delete once read.Limit main recipientsUse cc for “information only”One topic only perBe specific in subject linesDo not include original text when replyingMANAGEMENT – 2Rule number one would be “Ensure appropriate use”; avoid including the malicious, offensive, sensitive and personal information.Rule two : It is important to try to manage your inbox.- create less and create better- clear out the trash regularly- keep inbox for those messages that still require an action on your part- manage messages according to importance of content, setting aside those that are “records”- change password and make sure each new iteration is adequate (particularly important where a mobile device is used!)- web-based IMAP is more secure against loss than POP as all messages remain on the server- restrict the content of the message to ONE TOPIC PER ONLY!!!- be transparent and specific in your subject lines.- limit the use of the “To” section to the intended main recipients, that is those who need the information in the body of the message in order to make a decision or take action. The “Cc” section should be kept for those recipients who only need the message for “information only”- do not include original text in the body when replying unless it is important to keep the thread of the meaning from previous messages- do not delete messages that are relevant to a current FIPPA requestRule three: Practice the six “D”s:- Decide- Do it- Delegate it- Defer it- Delete it- Daily.
12 DISPOSING OF INFORMATION DON’T KEEP MORE THAN YOU NEEDOffice of primary responsibilityAsk records management or archives staff for advice on the valueHow long should it be keptRecords retention schedules – safeguardsSecure disposal of paper recordsSecure disposal of electronic recordsDISPOSING OF INFORMATIONDisposing of information as soon as it is no longer needed is good practice. Keeping that message just in case leads to massive accumulations, and presents a much more difficult task when the time comes to do the “spring cleaning”.To help in this a good records management program designates an Office of Primary Responsibility = OPR. This means that the main office (or main officer – such as the chair or secretary of a committee) responsible for any particular task is given responsibility for keeping the record. The subsidiary office or the other members of a committee may then discard any duplicate material knowing that the record is being kept elsewhere.There is a requirement regarding the disposal of record that contains personal information about which a decision has been made or action taken. This FIPPA prohibits the destruction of such records until a minimum of one year has passed.Do remember to ask RM or Archives staff for advice on the value of records and how long to keep them. Records retention schedules will cover all records types once they are written and approved but until then ask advice.One simple rule of thumb may be applied however. Keep a financial record that will be need to be audited for a full 7years or one year after the audit has taken place .Record retention schedules are drafted by records management staff in negotiation with senior management heads and directors of units. The final drafts are then submitted to the University Records Management Committee that approves the schedules which then become binding.Destruction of paper records should be done by shredding carefully and in timely manner. If the record contains personal information greater care must be taken and cross-cut shredding is recommended.Digital media such as disks and hard drives need specialist equipment and care. Don’t forget that digital technologies leave “data shadows”, and the hard drive of computers must be scrubbed before they are handed on.
13 PRESERVING INFORMATION Paper – the deluge and the arkDigital dilemma - technology changes, how to keep the recordsWhat is “born digital” and why is it important?PRESERVING INFORMATIONThe accumulation of paper records can so easily become a deluge, and only 3 – 5 % of record is actually of archival value.The decision as to what is to be preserved in an archives requires some professional expertise. Archival appraisal is the method whereby the value of a record is set. These values may include one or more of the following: evidential, informational, historical.The Archives is NOT just a storage unit. A record that crosses the threshold of an archives becomes the legal property of the archives, and archival practice requires that it is never returned, or lent out sine this compromises the guarantee of authenticity of the historical record. In archives we are in a position of trust, responsible for preserving the record for posterity, keeping our practice at arm’s length. We do NOT allow history to be changed!!There is one dilemma that currently plagues most archives, that is the digital dilemma occurring with technology dependence and short shelf-life of digital media, and the frequency of technology changes. E.g. floppy discs are unreadable without the right hardware and software to use them.However, there is hope on the horizon, with new methods and new technological standards being put into place as we speak. Records that are created as digital documents, that is “born digital”, can be transferred to archives using PDF/A standard file formats. Ask an archivist for details of this new practice.
14 Due diligence Smart practices Mobile technologies Faxes Encryption SECURITY ISSUESDue diligenceSmart practicesMobile technologiesFaxesEncryptionSECURITY ISSUESQueen’s university has its own information security expert. Mr. George Farrah should be consulted regarding issues of security.Some areas of concern are related to the ubiquitous mobile technologies:- Laptop- Memory stick- Cell phone- BlackberryThe greatest dangers are in having it stolen, losing it, or having its contents compromised in any way. These concerns are vastly increased when the devices contain any personal or otherwise sensitive materials.Even the use of these devices should be undertaken with care. It could be something as simple as ensuring that the person one is speaking to on the telephone is the person who needs to receive the sensitive information; ask the caller for a proof of identity if in doubt.Information in paper form can be made secure with physical safeguards such as good locks on filing cabinets and doors; and good practices based on access only on a need to know basis.Digital information can be secure with good passwords, and encryption.There is increasing interest in using Web 2.0 technologies including blogs, social networking, and cloud computing. As the understanding dawns on the way these new phenomena are being and will be used there emerges fresh fears founded on the inherent threats to our rights and impediments to our responsibilities where information and records are concerned. When the desktop holds a simple screen connected to a distant server owned by a large corporation in California in which is stored all the information that you or the University holds dear, there may be cause for great concern.
15 PRIVACY – RIGHTS AND RESPONSIBILITIES Collective Agreement – Article 23Academic FreedomSurveillance in the workplaceQU Access & Privacy OfficePRIVACY RIGHTS & RESPONSIBILITIES.Aside from the protections offered in the provincial legislation, for members of the Queen’s University Faculty Association there are also safeguards in certain relevant articles in the Collective Agreement between QUFA and the University. These rights often involve aspects of the use of and care for information, in particular as this as relates to intellectual property, academic freedom and limits to surveillance in the workplace.Queen’s University also has an Access & Privacy Coordinator, who oversees all aspects of compliance to the legislation, as well as the management of the process of responding to requests under the Act.
16 SOME TYPES OF RECORDS Information excluded from FIPPA Research records excluded from the ActTeaching materials excluded from the ActEmployment related records excluded from the ActYour own personal information in records held by the UniversitySOME TYPES OF RECORDSInformation excluded from FIPPA:- Information or data respecting or associated with research conducted or proposed by an employee of Queen’s University.- Material collected prepared or maintained for teaching purposes by an employee of Queen’s University.Most employment related and labour relations records.Research records excluded in the Act:documents relating to methodologyreference materialcalculationsresearch notesformulassurveysinterviewscompositionsartworkliterary worksresearch applicationsresearch proposalsdocumentation supporting submissions for grantsresearch ethics applicationsresearch held by industrial liaison office for copyright or patent protection, technology transfer or commercializationTeaching materials excluded from the Act:Materials created and maintained in order to produce and deliver a courseLesson plansLecture notesReading listsAssignment topicsOverhead slidesCase studiesExercises, tests, quizzes, exams[The exclusion does not include written assignments and examination answers, grades and evaluations.]Employment related records excluded from the Act:HR filesJob applications/competitionsAppointment and promotion recordsGrievancesDisciplinary proceedingsExit interviews[The exclusion does not exclude labour relations or employment related agreements, not employee expense accounts.]Access to your personal information held by the UniversityIndividuals have a right of access to their own personal information held by the University subject to certain limited exceptions:- If the disclosure would be unjustifiable invasion of the privacy of another person- If the information is supplied with a strong expectation of being given in confidence and is evaluative material (e.g. for assessing teaching, for making an award etc.)
17 BIBLIOGRAPHY BIBLIOGRAPHY JISC INFONet The UK's leading advisory service for managers in the post-secondary education sector promoting the effective strategic planning, implementation and management of information and learning technology.Ontario Information and Privacy CommissionerThe IPC acts independently of government to uphold and promote open government and the protection of personal privacy in Ontario. In this website, you will find numerous resources to assist in protecting your privacy and accessing information. If you have any questions, you can contact the IPC atThe Ontario Privacy Legislation:Office of the Privacy Commissioner of CanadaThe Privacy Commissioner of Canada is an Officer of Parliament who reports directly to the House of Commons and the Senate. The Commissioner is assisted by an Assistant Privacy Commissioner responsible for the Privacy Act and by an Assistant Privacy Commissioner responsible for PIPEDA. The OPC has also established an External Advisory Committee which includes a broad spectrum of privacy interests from across Canada, drawing from a diversity of disciplines, practices and backgrounds to provide input and guidance to the Office on strategic directions and priorities.The Commissioner is an advocate for the privacy rights of Canadians and her powers include:- Investigating complaints, conducting audits and pursuing court action under two federal laws;- Publicly reporting on the personal information-handling practices of public and private sector organizations;- Supporting, undertaking and publishing research into privacy issues; and- Promoting public awareness and understanding of privacy issues.Office of Consumer Affairs, Industry CanadaFair Information PracticesQueen’s University Records Management ProgramFollowing the Queen's University Records Management Policy, approved by the Principal in 2003, a university-wide Records Management Program has been established by Records Management staff from the University Archives. The program provides systematic and standardized controls for the management of all university records throughout their lifecycle, as well as offers substantial cost efficiencies. The program facilitates compliance with Ontario Freedom of Information, Protection of Privacy (FIPPA) legislation, and also affords other risk management advantages. Queen’s University Access and Privacy OfficeSince June 10, 2006, the Access & Privacy Coordinator has been responsible for the administration of the Freedom of Information and Protection of Privacy Act at Queen's University. The Coordinator also acts as a resource for members of the University community who encounter privacy issues in the course of their work or study at the University.On this website you will find guidance on how to request access to records held by the University, how to request corrections to personal information, and how to address privacy concerns. This website also provides guidance for students, staff, and faculty who collect, maintain, use, or disclose personal information in the course of their study or work at Queen’s University.Queen’s University Faculty AssociationCollective agreement. Article 23 on Privacy/Surveillance