In his 100 Day Press Conference this week, President Obama eluded to the challenges of managing content and access to that content securely and in a controlled manner as to balance the right of the public to know and the need to protect State Secrets. As reported by CBS News, President Obama is quoted as saying "But searching for ways to redact -- to carve out certain cases -- to see what can be done so that a judge in chambers can review information without it being in open court, you know, there should be some additional tools so that it's not such a blunt instrument," The use of the term redact, or to block out certain bits of information, is a clear indication of the challenges faced by this Administration and our Government but also by each and every business owner and stakeholder.
If you operate under the premise that information and content created and used in an organization belongs to that organization, you should also accept that it is the responsibility of the organization to protect it from unwanted and unauthorized access. This includes the act of providing information to those individuals who have a need to know but the question now becomes one of how much information do they have a right to see and we must provide? Is it OK to make public the details of our secret formulas and software code upon inquiry, even in times of litigation, or must we “carve out” certain elements of the information to protect its integrity and our business or Government? The latter scenario prevails but how to did it is the real question.
In the paper world, we would make a copy, redact the copy and provide the redacted copy to the requestor. In the electronic world this too is the proper process but the tools we have allow us to be more effective, efficient and responsive. Today’s ECM and ERM technologies provide the functionality we need to redact information with the additional ability of capturing the activity in an audit log to identify when it was done and by whom.
Redaction and information security is or should be a vital part of your operational processes and policies. It is also a key part of the discussions we have in our training programs. www.aiim.org/training
I am curious how you address this issue today. What say you? look forward to hearing from you.
Bob Larrivee - AIIM
Information security is definitely an increasing concern for organizations. At Accellion we focus on helping organizations address security concerns related to data transfer. Securing the transfer of data is an important step in protecting information from unwanted or unauthorized access, and having an auditable log of who sent what to whom is necessary for demonstrating compliance with industry and federal regulations. Integration of secure file transfer with content analysis and filtering provides additional layers of control for data leak prevention. The organizations we work with understand that responsiblity lies with the organization to put in place controls to safeguard employees from exposing information they shouldn't.
P. Skokowski, Accellion
Posted by: Paula Skokowski | May 06, 2009 at 04:42 PM