![Sample our Museum and Heritage Studies journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5945/TOC-Subject-Sample-2021-Museum-Heritage-Studies.jpg"})
Abstract
Ensuring the proper protection of records presents numerous challenges. The archival community has adequately addressed how to recognise, and deal with, threats to the conservation and preservation care of records, but security risks in the workplace are often not given appropriate attention. The identification of potential sources of risk, at all stages of a record's existence, and the discovery of solutions to prevent or mitigate these risks is crucial to guaranteeing the ongoing care and complete protection of records of all types.
Notes
1. ARMA International, ‘Generally Accepted Recordkeeping Principles ® (GARP®) 2009’, available at <http://www.arma.org/garp/garp.pdf>, accessed 10 September 2011. ARMA International (<www.arma.org>) is a not-for-profit professional association and the authority on managing records and information. Formed in 1955, ARMA International is the oldest and largest association for the information management profession, with a current international membership of more than 10,000. It provides education, publications and information on the efficient maintenance, retrieval and preservation of vital information, created in public and private organisations in all sectors of the economy. It also publishes Information Management magazine and the ‘Generally Accepted Recordkeeping Principles ® (GARP®)’. More information about GARP® can be found at <www.arma.org/garp>.
2. ibid., p. 2.
3. ibid., p. 4.
4. Richard J Cox, ‘Seven Paths to Developing or Sustaining RIM Programs’, The Information Management Journal, vol. 40, no. 2, March/April 2006, pp. 48–57.
5. ARMA International, p. 1.
6. ibid., p. 2.
7. Randall C Jimerson, ‘Archives for All: Professional Responsibility and Social Justice’, The American Archivist, vol. 70, no. 2, Fall/Winter 2007, pp. 252–81 (258).
8. Common excuses given by the advisors for such actions included the desire to maximise leveraging power and assisting clients with responding to unexpected margin calls in a timely manner.
9. John C Montaňa, ‘Apples and Oranges: Recordkeeping Principles for Transforming Business Practices’, Information Management Journal, vol. 43, no. 3, May/June 2009, pp. 26–32 (28). Also, see Aaron Knapp’s series of 2009 articles in Legalisms, titled ‘The SEC Fiddled While Rome Burned’, for a more in-depth explanation of the Madoff disaster. Part 1 of 3 available at <http://legalisms.wordpress.com/2009/02/20/the-sec-fiddled-while-rome-burned-part-1-of-3/>; Part 2 available at <http://legalisms.wordpress.com/2009/02/22/the-sec-fiddled-while-rome-burned-part-2-of-3/>; Part 3 available at <http://legalisms.wordpress.com/2009/03/08/the-sec-fiddled-while-rome-burned-part-3-of-3/>, accessed 23 November 2011.
10. William C Martucci and Jennifer K Oldvader, ‘Workplace Privacy and Data Security’, Employment Relations Today, vol. 37, no. 2, Summer 2010, pp. 59–66 (60).
11. ibid., p. 59. For a concise explanation of the WikiLeaks incident, see Christian Stöcker, ‘A Dispatch Disaster in Six Acts’, Spiegel Online International, 1 September 2011, available at <http://www.spiegel.de/international/world/0,1518,783778,00.html>, accessed 16 September 2011. For more on the RSA security breach, see Ben Grubb, ‘Hacked Security Firm Leaves Aussies Vulnerable’, The Sydney Morning Herald, 21 March 2011, available at <http://www.smh.com.au/it-pro/security-it/hacked-security-firm-leaves-aussies-vulnerable-20111216-1oxzx.html>, accessed 25 June 2012. For a brief overview of the Sony PlayStation breach, read ‘PlayStation Privacy Breach: 77 Million Customer Accounts Exposed’, The Sydney Morning Herald, 27 April 2011, available at <http://www.smh.com.au/digital-life/games/playstation-privacy-breach-77-million-customer-accounts-exposed-20110427-1dvhf.html>, accessed 25 June 2012.
12. Lia Timson, ‘One Data Breach a Week: Australia’, The Sydney Morning Herald, 30 April 2012, available at <http://www.smh.com.au/it-pro/security-it/one-data-breach-a-week-australia-20120430-1xulv.html>, accessed 25 June 2012. Timson claims that the ‘Office of the Australian Information Commissioner was notified of 56 data breaches’ and ‘opened a further 59 investigations into other breaches, taking the number of investigations to 115’.
13. Daniel Proussalidis, ‘Canadians Naïve About Corporate Espionage: Ex-CSIS Agent’, Toronto Sun, 29 November 2011, available at <http://www.torontosun.com/2011/11/29/canadians-naive-about-corporate-espionage-ex-csis-agent>, accessed 4 December 2011. Not only records managers, but also archivists need to be aware of the sources of their holdings, as not only corporate records, but also employees’ private papers are at risk for corporate espionage.
14. ibid., paragraph 8.
15. ibid., paragraph 7.
16. ibid., paragraph 1.
17. ibid., paragraph 2.
18. See Jessica Gresko, ‘Amateur Sleuth Helps Stop National Archives Thefts’, Associated Press, 4 May 2012, available at <http://news.yahoo.com/amateur-sleuth-helps-stop-national-archives-thefts-081112038.html>, accessed 5 June 2012; Ruben Castaneda and Lisa Rein, ‘Former Employee Admits Stealing Recordings from National Archives’, Washington Post, 4 October 2011, available at <http://www.washingtonpost.com/local/former-employee-admits-stealing-recordings-from-national-archives/2011/10/04/gIQAB1kzLL_story.html>, accessed 4 October 2011.
19. Larger companies may outsource employee screening and background checks to reputable experts, such as BackCheck in Canada. Companies with financial constraints or non-profit organisations may require candidates to pay screening costs, although this will not be appropriate in all cases. Others may choose the ‘do it yourself’ method, using ‘how-to’ resources, such as Linda L Graff’s Beyond Police Checks: The Definitive Volunteer and Employee Screening Guidebook, Linda Graff and Associates, Dundas, 1999, or Edward C Andler and Dara Herbst’s The Complete Reference Checking Handbook: The Proven (and Legal) Way to Prevent Hiring Mistakes, American Management Association, New York, 2003, to navigate the delicacies of the procedure. Look for local resources to ensure that you comply with the legal intricacies of your particular jurisdiction.
20. Rita Jackson, ‘Security in the Workplace: Protecting Employees while Open to the Public 24 Hours a Day, 7 Days a Week’, Health Care Food and Nutrition Focus, vol. 20, no. 4, April 2003, pp. 1, 3–7.
21. ibid., pp. 4–5. Also, see Peter Piazza, ‘Security Trumps Privacy Concerns’, Security Management, vol. 46, no. 8, Aug 2002, p. 37. One of the side-effects of the terrorist attacks of 9-11 in the US was an increase in employee acceptance of being monitored by their employers in the workplace and, in many cases, support for more stringent security measures, including ‘more thorough pre-employment background investigations’ and the development and communication of a policy, regarding ‘privacy and security issues at the workplace’ (Piazza, p. 37).
22. Jackson, pp. 1, 3. According to Rita Jackson, contributing author to the Health Care Food and Nutrition Focus journal, ‘Very often, a person is either intoxicated or high at the time of an incident’ involving violence in the workplace (p. 3).
23. ibid., p. 1.
24. ibid., p. 3.
25. ibid.
26. ibid. Note that this statistic is for the United States, but it is likely to be applicable in other nations.
27. ibid., p. 4.
28. Records should identify which keys and passes each employee (including janitors and security guards) has been issued, and an inventory should be conducted regularly, in order to ensure that none are missing or still in the hands of an employee that should no longer have such access.
29. See Jackson, p. 5.
30. Martucci and Oldvader, p. 65.
31. Martucci and Oldvader, p. 59.
32. Brett Winterford, ‘Australia’s eHealth Record a Security “Disaster”’, iTnews, 28 November 2011, available at <http://www.itnews.com.au/News/281216,australias-ehealth-record-a-security-disaster.aspx>, accessed 25 June 2012.
33. ARMA International, p. 5.
34. ibid.
35. ibid.
36. ibid.
37. See National Institute of Standards and Technology, Guidelines for Media Sanitization: Recommendations of the National Institute of Standards and Technology: Computer Security, National Institute of Standards and Technology: Computer Security Division, Gaithersburg, 2006.
38. Martucci and Oldvader, p. 62.
39. ARMA International, p. 7.
40. TechTarget and the Cloud Security Alliance provide an excellent free online resource centre for learning about security and protection in the Cloud (including topics such as identifying if cloud computing fits your needs, evaluating Cloud Service Providers, risk assessment, encryption and handling leaks), available at <searchcloudsecurity.com>.
41. See Robert Zigweid, ‘Lesson #1 Collision Course: PCI Data and the Cloud’, 2012, available at <http://searchcloudsecurity.techtarget.com/tutorial/Cloud-computing-and-data-protection-Cloud-computing-encryption-tutorial>, accessed 26 June 2012.
42. ARMA International, p. 5.
43. Timson asserts that in the wake of so many major security crises (115 in the last fiscal year), ‘pressure is mounting’ on the Australian government to introduce legislation regarding the disclosure of data breaches (Timson, paragraphs 2, 5). See the Office of the Australian Information Commissioner, 'Data Breach Notification', April 2012, available at <http://www.oaic.gov.au/publications/guidelines/privacy_guidance/data_breach_notification_guide_april2012.html>, accessed 5 July 2012.
44. Martucci and Oldvader, p. 61.