Welcome to the Inaugural Sagesse Publication!
- Introduction: Canadian RIM, an ARMA Canada Publication (481 KB) by Uta Fox, CRM, ARMA Canada, Director of Canadian Content
- From Records Management to Information Governance: A Look back at the Evolution (992 KB) (EN)by Christine Ardern, CRM, FAI
- De la gestion des documents á la gouvernance de l’information (1.05 MB) (FR)by Christine Ardern, CRM, FAI
- A Content Analysis of Information Impact: Professionalism or Not – A Critical Twenty-Five Year Review(826 KB) by John Bolton, MA, MLS
- Recordkeeping Issues in First Nations Governments by Alexandra Bradley, CRM, FAI (652 KB)by Alexandra Bradley, CRM, FAI
- Some Personal Reflections on the History of RIM in Canada (194 KB)by Jim Coulson, CRM, FAI
- Dispelling Myths about Records Retention in Canada (640 KB)by Stuart Rennie, JD, MLIS, BA (Hons.)
- The History of Records Management in Canada, 1867-1967 (344 KB)by Uta Fox, MA, CRM
- The Failure of the Red Deer Industrial School (7.20 MB)by Uta Fox, MA, CRM
- For more information, please visit the Truth and Reconciliation Commission of Canada
Canadian RIM, an ARMA Canada Publication Spring 2016 Volume I, Issue I
Welcome to the inaugural issue of Canadian RIM*, an ARMA Canada Publication!
ARMA Canada is thrilled to provide Canadian records and information management (RIM) and information governance (IG) practitioners with a resource focusing on Canadian issues in RIM and IG. Searching for recordkeeping information on Canadian laws, regulations, governance, standards, history, privacy, practices and ethics has just become much easier with access to this new publication.
Canadian RIM, an ARMA Canada Publication is a hybrid approach to Canadian RIM and IG that includes the practical, the theoretical and challenging approaches to the RIM-IG status quo. Articles will, for the most part, be by Canadian (but not exclusive to Canadian) practitioners, experts, and scholars addressing Canadian RIM topics from not only pragmatic approaches such as the how-to-do an aspect of RIM-IG, lessons learned and success stories, but also scholarly research-based RIM-IG articles and opinions that may query the status quo.
And while we are most eager to promote Canadian content and it is our primary focus, it will not be exclusively Canadian content as we want this publication to provide an environment for topics in RIM-IG that have wide-range impact or consequences on our industries. We welcome non-Canadians as well as Canadian contributors to forward articles that will further the RIM-IG fields. For further information on contributing articles (all articles will be peer-reviewed) to
Canadian RIM, an ARMA Canada Publication, visit the Canadian RIM webpage on the ARMA Canada website.
This first issue of Canadian RIM, an ARMA Canada Publication features seven articles.
Have you considered the origin of IG? Christine Ardern discusses RIM and IG within the Canadian context in her article “From Records Management to Information Governance: A Look back at the Evolution” which traces the evolution of RIM to IG and the Canadian role within that evolution. This article is also available in French.
One of the focuses in John Bolton’s article, “A Content Analysis of Information Impact: Professionalism or Not – A Critical Twenty-Five Review “ is a question that RIM practitioners have been asking on and off for many years; is records management a profession? He delves more deeply into that question by reviewing ARMA International’s Information Management (previously entitled Information Management Journal, and Records Management Quarterly) articles.
As records managers and practitioners know, implementing a records management program can be overwhelming in most organization. Alexandra (Sandie) Bradley’s article on “Recordkeeping Issues in First Nations Governments” considers the multitude of challenges that First Nations must embrace to establish such a program.
In “Dispelling Myths about Records Retention in Canada” Stuart Rennie discusses some of the prevailing myths surrounding records retention and he then provides the legal background and basis that refutes the myths including the impact of provincial legislation on some record series.
Another of Canadian RIM, an ARMA Canada Publication’s goals is showcasing the history of Canadian records and information management. Three articles address this topic. Jim Coulson’s article, “Some Personal Reflections on the History of RIM in Canada” highlights a number of impressive Canadian accomplishments in this industry.
One of Uta Fox ‘s articles, “The History of Records Management in Canada, 1867-1967” has appeared on the ARMA Canada website (accessible in the Resource section) but now with Canadian RIM, an ARMA Canada Publication, ARMA Canada is consolidating original RIM resources into this publication.
Uta’s other contribution “The Failure of the Red Deer Industrial School,” her master’s thesis, was written in 1993. Due diligence of past recordkeepers ensured that this institution’s correspondence, reports and directives were preserved which made this thesis possible. It is linked to the Truth and Reconciliation Commission of Canada’s website.
We also want to hear from you and invite you to share your thoughts, suggestions and opinions. As we have noted, this is your publication. You have experiences that need to be shared and this publication is your conduit. For further information please contact: [email protected].
Uta Fox, CRM
Director of Canadian Content
*The name “Canadian RIM,” is currently a working title. ARMA Canada will be holding a competition to find another name that best reflects the spirit of this publication.
The contents of material published on the ARMA Canada website are for general information purposes only and are not intended to provide legal advice or opinion of any kind. The contents of this publication should not be relied upon. The contents of this publication should not be seen as a substitute for obtaining competent legal counsel or advice or other professional advice. If legal advice or counsel or other professional advice is required, the services of a competent professional person should be sought.
While ARMA Canada has made reasonable efforts to ensure that the contents of this publication are accurate, ARMA Canada does not warrant or guarantee the accuracy, currency or completeness of the contents of this publication. Opinions of authors of material published on the ARMA Canada website are not an endorsement by ARMA Canada or ARMA International of those opinions and do not necessarily reflect the opinion or policy of ARMA Canada or ARMA International.
ARMA Canada expressly disclaims all representations, warranties, conditions and endorsements. In no event shall ARMA Canada, its directors, agents, consultants or employees be liable for any loss, damages or costs whatsoever, including (without limiting the generality of the foregoing) any direct, indirect, punitive, special, exemplary or consequential damages arising from, or in connection to, any use of any of the contents of this publication.
Material published on the ARMA Canada website may contain links to other websites. These links to other websites not under the control of ARMA Canada and are merely provided solely for the convenience of users. ARMA Canada assumes no responsibility or guarantee for the accuracy or legality of material published on these other websites. ARMA Canada does not endorse these other websites or the material published there.
From Records Management to Information Governance: A Look Back at The Evolution
Christine Ardern, The Information Management Specialists, Feb. 2016
When I started to write this article I had a particular objective in mind, as a result of my own experiences in records and information management from 1975 to 2015. And like our world, that changed. When I consider that I have been involved in Archives and Records Management for 40 years, I decided that my career, through a variety of organizations, had exposed me to all aspects on information governance, albeit under different names. And I have a strong belief that it helps to understand where we have come from, to put some perspective into where we are going.
This is not a comprehensive, all-inclusive study. Rather it is an overview, from a personal perspective, of how we have evolved from records management to information governance and describes some Canadian initiatives which have both influenced and impacted that evolution. It’s fair to say that I was fortunate in working in organizations that varied in their records issues and I participated in everything from strategy development to records centre operations to building an archival facility and playing internal RIM consultant to one of Canada’s largest financial institutions. Needless to say they exposed me to many different learning opportunities and facets of what now falls under the umbrella of information governance.
I have attended a number of ARMA International Conferences over the years (the first one in Toronto in 1975!!) and heard speakers discuss many different topics. One of the presentations that struck me the most was at the 2005 ARMA International Conference, in Chicago, when Daniel Burrus, the keynote speaker, talked about the future being visible in his presentation, Future View, A Look Ahead. One of his key themes is articulated in this statement:
You need to visit a place that I call the visible future™. It is a place you can clearly see, but you have to take the time to look. Most of us never take the time to look. The visible future is the fully predictable future. The more you look and ponder the future that you know is coming, the more you can capitalize on that future.
In 1995, at an ARMA International conference in New Zealand, one of the speakers was demonstrating what would happen to telephones in the future, based on research being done in the field. It looked totally impossible….seeing the people we were talking to??? And where are we today? It was the visible future! Daniel Burrus’ point was that if we pay attention to innovation and research being done in such places as MIT or CERN, these organizations give us a look into what is coming down the road.
If we look back at how we got to where we are today, it is not difficult to see that the evolution of technology created the big data environment we now live. It is hard to imagine a world without email and the world-wide web. But 50 years ago, that was the reality. How did technology change our workplace and lead to the era of information governance? Did it suddenly happen or was it an evolutionary process? Look at these key dates1….innovation that just kept going and it continues today.
- 1930’s – mainframe computer is created.
- 1969 – ARPANET – predecessor of the internet first created.
- 1976 – Apple 1 home computer is created.
- 1979 – first cell phone network created in Japan.
- 1981 – first IBM PC sold to the public.
- 1989 – Tim Berners-Lee and Robert Cailliau build the prototype of the World Wide Web at CERN, the European Organization for Nuclear Research.
- 1994 – American Government releases control of the internet and the World Wide Web is born -just over 20 years ago. And how did that impact the workplace?
What changed and why now? The early 1990s saw the introduction of personal computers in the office, bringing with them the idea that records management would no longer be required. Computers could do it all. At that point, the web was in its infancy and used to transmit emails. Organizations were still sending letters and reports through inter-office mail and via Canada Post. Pre the internet, information generated through computers was managed internally and protected by IT departments. It was some time before information was shared and transmitted electronically between departments, business units in different locations and in different countries. The Internet changed everything.
And Now We Have Big Data
And big data didn’t just happen! People have been writing about the volumes of data being created and stored since the mid 1940’s2.
Think about your organization – how is information received, used, transmitted and where is it stored? It’s the same with your personal life. How many different devices does YOUR home have? How many different ways are there today to create and share information with each other? The following list gives examples of why data volumes are increasing daily. And if it supports your business, then it needs to be managed.
- The internet and wireless transmissions allow us to create and share information through text messages, blogs, Twitter, Instagram, Facebook and a myriad of other social media connections.
- Smart devices communicate with each other. Hydro and gas companies have smart metres; OnStar can provide updates on your car’s maintenance status from data it has captured on the car’s computer system. GPS Locators on your phones, iPad, etc. can tell where you are. All that data is being collected by the organizations that are tracking it.
- Large organizations such as financial institutions and insurance companies capture huge volumes of transactional data daily as customers do their banking online, through bank machines or any other technology that financial institutions have provided to interface with clients.
- In addition to all the structured data in systems we are still faced with the unstructured data generated by employees in their day to business in network directories, emails and system applications that support content management, etc.
In 2007 EMC and IDC3 published their first study on the Digital Universe in an attempt to project the growth of data creation as a result of the World Wide Web. In its 2014 report the projection is that.
By 2020 the digital universe – the data we create and copy annually – will reach 44 zettabytes, or 44 trillion gigabytes4.
And the old adage, storage is cheap, keep everything forever has now come back to bite IT departments who find themselves with terabytes and more of data that is old and even inaccessible. There are costs of managing electronic data over time as software changes and is no longer supported. Disposal, as part of an overall business activity, is a necessity in reducing costs and risks and improving efficiency in any organization. And if you cannot find the right information when the judge asks for it, it can lead to out of court settlements in the millions of dollars in today’s litigious environment.
How Old Is Information Governance?
Information has been around for a long time, whether it was referred to as non-record, transitory, or publications and databases. For years, organizations relied on paper as “records” (and still do) as the major source of evidence of transactions and business decisions. With the advent of technology and the proliferation of trans-border dataflow, issues such as privacy, information/data ownership, and security all started to take on a new meaning with the realisation that electronic information assets are much easier to access.
Information, like records, is stored in so many different places as organizations move to serving clients though social media and the Cloud. It is created every day and still needs to be managed, used, stored and disposed of in accordance with business and regulatory requirements. As more and more records, data and information are stored electronically the practices that were applied to paper are now required in the electronic world and are being built upon to embrace this new workplace.
Many of us are members of North American organizations and articles we read are often presented from that perspective. How long has “information governance” been on the radar? At the 2015 Information Governance Initiative (IGI) conference in Hartford Connecticut, the question was posed to the audience….5 years? 10 years? More than 10 years? The majority of the audience responded to number one – 5 years. From the perspective of what we mean by information governance, the actual answer is “longer than 15 years”, driven initially by the need to ensure privacy of personal information.
Privacy, security, records retention and disposition are needed, regardless of what medium records, information, data are created and stored. Organizations now recognize the need to bring together what have previously been siloed departments and groups as cross-functional teams, to address the issues from an organization-wide perspective, because of technology and information transmission and exchange globally. Policies and procedures for each component cannot be drafted in isolation based on a particular area of interest, such as IT, Privacy, Business, Legal and Risk and Information Management. The requirements overlap and have to be addressed as part of the whole. And an information governance framework is now where the pieces come together. Components of IG have been in place for a long time, albeit in separate departments. So how is it defined today?
Information Governance: Some Perspectives
As information governance has evolved, the definition has varied, depending on the particular source and perspective. There are, however, consistent themes across all the definitions.
The National Health Service in the UK has created an Information Governance Toolkit5 to ensure that the information collected as part of the overall operations of the health system in the United Kingdom is managed in accordance with the Caldicott principals (discussed later in this paper). It states that:
- Information governance is to do with the way organisations ‘process’ or handle information. It covers personal information, i.e. that relating to patients/service users and employees, and corporate information, e.g. financial and accounting records.
- Information governance provides a way for employees to deal consistently with the many different rules about how information is handled…
Founded in 1979, Gartner is well known for its research and reports that are widely referenced in the IT and information management communities. In 2007, Gartner identified information governance as being a “top of mind issue” for its clients describing it as:
- The specification of decision rights and an accountability framework to ensure appropriate behaviour in the valuation, creation, storage, use, archiving6 and deletion of information. It includes the processes, roles, standards and metrics to ensure the effective and efficient use of information in enabling an organization to achieve its goals.
The Sedona Conference7
In the Sedona Conference Journal, Volume 15, Fall, 2014, an article titled The Sedona Conference Commentary on Information Governance proposed the following definition:
- (Information Governance) means an organization’s coordinated, inter-disciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value. As such, information governance encompasses and reconciles the various legal and compliance requirements and risks addressed by different information-focused disciplines, such as records and information management (“RIM”), data privacy, information security, and e-discovery. Understanding the objectives of these disciplines allows functional overlap to be leveraged (if synergistic); coordinated (if operating in parallel); or reconciled (if in conflict)
The Information Governance Initiative (IGI)
The Information Governance Initiative (IGI), established in 2013, is a cross-disciplinary consortium and think tank dedicated to advancing the adoption of information governance practices and technologies through research, publishing, advocacy and peer-to-peer networking. In its 2015-2016 Annual report IGI presented its definition of and set of components for information governance based on its IGI community input:
Information governance is the activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs.
The Components of Information Governance8
In its Annual Report 2015-2016, the IGI presented its findings from a research survey sent out to its IG community members asking them to highlight which of twenty-two activities they felt fit into the domain of information governance. The following graphic reflects the results of the survey:
A number of these components, consolidated, would fall under the information governance Reference Model, as defined in a 2011 whitepaper – How the Information Governance Reference Model (IGRM) Complements ARMA International’s Generally Accepted Recordkeeping Principles (GARP®)9:
- The IGRM supports ARMA International’s GARP® Principles by identifying the cross-functional groups of key information governance stakeholders and by depicting their intersecting objectives for the organization.
The Information Governance Reference Model depicts areas who have interest in the organization’s information assets and which require collaboration in today’s environment, with RIM as one element in the cross-functional approach.
The reality is that depending on where you practice records management, what your responsibilities are or the type of organization in which you work, your exposure to the components of information governance will have varied. Someone working in a school board environment in Canada for the past number of years could have had responsibility for privacy, records management and compliance. In a financial institution you may have been the records manager who had to ensure that security, retention and privacy requirements were built into a system design process.
A Look in the Mirror
The Evolution from Records Management to Information Management: 1960 – 2000
To understand the transition from records management to information governance, it is helpful to look at how each has been and is being defined. In 1969, Bill Benedon10, considered one of records management’s luminaries, published Records Management11, devoted to, as the title implies the component of records management program design and implementation. Benedon writes:
Records Management is a term well chosen for covering information processing activities now and in the future. New innovations, such as magnetic tapes and other forms of miniaturized documentation, while changing the complexion of the record, still present the same problems of retention, storage, forms design, reporting needs, protection and of course, the oldest of all, filing requirements, now referred to in a much more fanciful manner – retrieval.
He goes on to add “it will be quite some time before accounting and auditing people are willing to say that once you have your information in machinable form, you can throw away the source document”.
Close to 50 years later we are now dealing with having seen the source document changing from slowly to paper to digital….and we need to start disposing of the digital format!
1981 saw the publication of the Second Edition of Information and Records Management by Maedke, Robek and Brown, a book which became the basis of many records and information management course curricula. It defined records management as:
- The application of systematic and scientific control to the recorded information that is required in the operation of an organization’s business. Such control is exercised over the creation, distribution, utilization, retention, storage, retrieval, protection, preservation and final disposition of all types of records within an organization.
In 2001, the first International records management standard (ISO 15489) issued through the International organization for Standards (ISO) defined records management as:
- The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records.
The common element in all the definitions was the need for a systematic approach to managing records and recorded information. So what has changed? Did records disappear or were they absorbed into information management as technology began to emerge in the workplace?
Records and Information Co-exist
Information has always been created on many different media and in a variety of formats as have records. In the paper world, we had records and non-records or transitory records (information!). Convenience copies, drafts of reports, reference and research reports were all created in the day to day business of the organization, had different retention periods and were disposed of in accordance with the agreed upon policies. However they were not records because they did not provide evidence of decisions made by the organization.
Before personal computers, the internet and social media, databases stored data and generated printed output from those databases. Financial reports, payroll summaries, inventory listings, etc. were considered records and subject to corporate retention periods. From an IT perspective retention was focused on the period of time for which data was kept on servers or on tapes, rather than on the information content.
As more and more information was created at the desktop by knowledge workers12 and data was stored in systems rather than printed to paper, legislation changed to allow for electronic transactions in place of paper. The internet impacted everyone, less time was spent printing and filing and more information was left in shared files on networks, in legacy systems, on backup tapes, etc. And so began the CIO’s nightmare. Not only was more information being created electronically but what about all those old systems that contained obsolete data and all those old tapes in the data centre that no-one had indexed? How could data be disposed of?
Addressing Data in Systems: The Archivists Started It!
Machine Readable Archives Division: Public Archives of Canada.
I was first introduced to the concept of electronic records as an Archivist at the Toronto Harbour Commission. During a visit to the Public Archives of Canada in the mid-1970’s to learn about records centre operations, records management policy and procedure development and various aspects of archival operations, I met with staff in the Machine Readable Archives Division. Archivists were dealing with challenges of managing and ensuring the long-term preservation of data in systems many years before records managers and IT departments and Canada was among the leaders in dealing with machine readable records. In his article FOCUS: The Machine Readable Archives Division of the Public Archives of Canada (Archivaria, 1978 (176-180)) Harold Naugler reported that:
“As part of the Federal Government’s EDP records management program…the Office of Records Management Services of the Public Archives of Canada undertook in 1976-77 an inventory of machine readable records in some sixty-seven government departments.
Naugler further stated that:
“There are vast amounts of information in machine readable form covering such varied aspects of national life as employment, crime, disease, immigration, emigration, climate, geology, food production and consumption, housing, transportation, communication, and the cost of living.
The methodology used in the inventory process was subsequently developed into a set of guidelines created by the Machine Readable Archives (MRA) Division13 which later became part of the government’s Guide on EDP Administration.
In 1984, recognizing digital preservation as a global issue, Harold Naugler authored The Archival Appraisal of Machine-readable Records: a RAMP study with guidelines published under UNESCO’s General Information Programme and UNISIST. At that time it was viewed as one of the leading publications addressing electronic data management.
Groups such as the Association of Canadian Archivists, the Society of American Archivists and the International Council of Archives were appraising records and data in systems for long term preservation. Did managing data in systems need someone to understand what the systems were and what data was created, apply retention requirements and ensure that the formats and storage media were appropriately preserved? Yes. Did we call it information governance? No. It was a piece of the puzzle.
RM becomes IM becomes IG: Revolution or Evolution?
In 1989 when I joined CIBC as the Manager of Archives and Records Management, I was part of the Corporate Governance Group, the components of which reflected the current view of information governance. The Corporate Governance Group consisted of individuals involved in Records Management and Archives, Legal, Compliance, Privacy, Audit and the Corporate Security teams. The Records Management group collaborated with other members of the department, depending on the specific projects. The issues were cross functional and too big for one group to address. The Records Management Group worked with the IT group to incorporate records retention into the Application Development Lifecycle and software selection included members of the RIM team. The RIM group were internal consultants and participated in decisions about electronic records and transactional data, hardware and software selection.
Many articles and publications which reference the beginning of the concept of information governance point to the National Health Services (NHS) in Great Britain as one of the leaders in establishing an information governance framework. In 1997, as a result of concerns over privacy and the impact of technology on patient data, Dame Fiona Caldicott chaired a panel to look at patient identifiable data and how patient information was handled across the NHS. As a result of that review and subsequent work, seven principles, known as the Caldicott Principles14 were created. Those Principles continue to be used today to assess whether or not information containing patient information is being managed and protected properly. Information governance has now become the mainstay of the NHS and is supported by toolkits, policies and procedures and guidelines.
The level of involvement RIM professionals have had with some or all of the components of information governance has been driven by the type of organization in which they work. Someone working in a small municipality as the City Clerk may find themselves responsible for RIM, Privacy and Legal. In a large financial institution, the RIM professional may be part of a cross-functional team where individuals are responsible for the IG components. As a RIM professional in a law firm, eDiscovery might be the driving factor behind IG for clients. The regulatory environment under which the organization operates may create a stronger need for a focus on different IG elements but in the final analysis a successful IG program is the sum of its parts.
Information Management in the Government of Canada
Information management and records management have coexisted for many years in the Federal Government of Canada. The Government of Canada’s Information Management program grew out of the 1989 issuance of the Management of Government Information Holdings Policy, an initiative of the Treasury Board Secretariat, which “consolidated existing policies on records management, information collection and public opinion research, micrographics, EDP records management and forms management”.
In 199515, Treasury Board Secretariat issued guidelines on Managing Government information and included a model which showed the lifecycle of the information holdings stating that information management programs were responsible for:
- Collection, creation, receipt
- Organization, transmission, use and retrieval
- Storage, protection and retention
- Disposition through transfer or destruction
At that time, a 55-page user manual supported the overall implementation of information management in Federal Government departments. As the workplace has changed, so too has the policy title – 2003 saw the creation of the Policy on the Management of Government Information which was replaced in 2007 by the Policy on Information Management.
To explain the relationship between records management and information management in the Government of Canada would be a study unto itself, requiring a detailed look at the policy development roles and responsibilities of the Public Archives of Canada (later to become the National Archives and now Library and Archives Canada) and the Treasury Board Secretariat. What was previously known as records management within the Federal Government has now become Recordkeeping Practices under the Directive on Recordkeeping, first issued in 2009:
Recordkeeping is a resource management function through which information resources of business value are created, acquired, captured, managed in departmental repositories and used as a strategic asset to support effective decision making and facilitate ongoing operations and the delivery of programs and services.
What has changed? Information resources are created across every organization. Some need to be kept to meet legal and compliance requirements and others can be disposed of. In the case of the Federal Government’s recordkeeping policy, records have now become information resources of business value. Can we project what will be next?
The Government of Alberta Information Management Program
Many records management programs were created as part of a facilities management function, since paper was transferred to a records centre at the end of its active phase in the office. Typically, the perception was that managing records was a physical activity in a storage warehouse. As technology was introduced into the workplace, the perception of records management continued to focus on paper! The fact that computers were now creating and storing data and information, some of which were records, was difficult accept, as records management continued to be viewed as paper-based supported through records centre operations. Organizations began to transition from records management to information management as computers became more and more prevalent.
How was the information to be managed? In the paper world it had been defined as non-record or transitory records. In the electronic world it was all captured and stored together as a set of ones and zeroes. And it was necessary to change the concept of records to address the changing needs of the workplace. It was the content that mattered, not the medium on which it was stored, and the legal environment began to address the electronic workplace through such legislation as Electronic Transactions Acts.
In Canada, one of the leading government information management programs was that of the Government of Alberta whose Information and Technology Strategy was adopted by the Deputy Ministers’ committee in 2001. The main reason for the transition from records to information was that “records” were perceived as paper only and the workplace was moving towards a much broader context of electronically stored information, some of which was identified as a record.
Recognizing the need to manage the Government’s information assets, including its records, the then Director of Information Management, Sue Kessler, working closely with Dr. Mark Vale,16created an Information Management Framework17, which from today’s perspective covers the majority of the pieces as defined in an information governance model.
The Government of Alberta’s Information Management guidance and resources were, and continue to be, used not only by the Government of Alberta’s departments but by both the private sector and other governments, to transition from records management to information management.
As records management has evolved to information management to information governance, the scope has expanded even though the fundamental activities required for program management have not changed. Regardless of what we are managing, we still require:
- Strategies and frameworks
- Policies and procedures
- Standards and guidelines
- Processes and
The medium through with the records and information are transmitted is changing and the volume is increasing daily but the concept of the lifecycle or continuum still exists and the need for organizations to be accountable and compliant has not gone away.
Data Protection and Privacy
Early Drivers towards Privacy Controls: OECD Model Privacy Guidelines18
The need to provide oversight to data in systems has been of concern for some time in international organizations such as the Organization for Economic Cooperation and Development (OECD), an organization which Canada joined in 1984. In 1980, the OECD created its Guidelines on the Protection of Privacy and Trans-border Flows of Personal Data stating that:
The development of automatic data processing, which enables vast quantities of data to be transmitted within seconds across national frontiers, and indeed across continents, has made it necessary to consider privacy protection in relation to personal data.
The OECD was concerned that the amount of personal data being captured through large data processing systems would put privacy at risk and encouraged the member countries to create their own national data protection and privacy legislation, which Canada did in 1983.
With technology, not only was privacy a concern but also data could now be easily transmitted across international borders, raising concerns about country specific legislation in such areas as data ownership. Local laws around data ownership could limit the ability to share information within an organization doing business globally. Industries such as banking and insurance were particularly concerned about restrictions on trans-border data flow created by country-specific laws, given the nature of their international businesses.
The OECD model guidelines were intended to support harmonization of privacy laws while supporting trans-border data flows as technology changed the way data was transmitted and shared. In celebrating the OECD Guidelines 30 year anniversary in 2011, OECD stated that:
The stand-alone technologies of the 1970s have become a ubiquitous, integrated global infrastructure. Occasional global data flows have given way to a “continuous, multipoint global flow,” highlighting the need for privacy enforcement authorities around the world to work together to develop globally effective approaches to protecting privacy. Advances in analytics and the monetisation of our digital footprints raise challenging questions about the concept of personal information and the appropriate scope for the application of privacy protections.
Canada, driven by the need to comply with the OECD guidelines as a result of being a member, created Privacy laws at the national and provincial levels, together with a strong privacy infrastructure in government departments. Recognizing the need for access to information, alongside data protection and privacy, the Federal government enacted two separate laws in 1983: The Access to Information Act and The Privacy Act19. As more and more information was captured in databases and systems across government departments, policy frameworks, as discussed earlier in the paper, incorporated the necessary security and controls to ensure that personal information was appropriately collected and managed.
How did the legislation impact non-government departments? Why would non-government records managers have to be aware of the Access to Information Act? Any organization which was required to send records to the Federal Government, for example, the Salvation Army20, had records in Canadian Government departments and as Access to Information legislation was being enacted the Records Managers in non-government organizations had to be aware of what records were shared with the Government of Canada and the measures in place to control access to and manage the privacy of third party records as part of their overall RM activities.
Being Proactive: Building Privacy into Technology
Privacy by Design21
As more and more information was collected and stored in systems, the need to ensure that privacy was protected to meet the requirements of the various federal and provincial privacy acts resulted in the development of privacy guidance and controls.
Ontario has played a leading role in the privacy domain both in Canada and internationally as a result of the work of Dr. Ann Cavoukian, who served as Information and Privacy Commissioner (IPC) of Ontario from 1997 to 2014. Dr. Cavoukian believed (and still believes strongly) that rather than wait until privacy became a problem in technology, it was necessary to build privacy protection methods into the overall technology development and design and outlined her position in her 1995 paper: Privacy-enhancing Technologies – A Path to Anonymity22, written in conjunction with the Netherlands Data Protection Authority. Committed to ensuring that privacy is an integral part of everyday business practice, Dr. Cavoukian created Privacy by Design which incorporates the following seven principles to be applied to privacy and technology:
- Proactive not reactive; preventive not remedial
- Privacy as the default setting
- Privacy embedded into design
- Full functionality: positive-sum, not zero-sum
- End-to-end security: full lifecycle protection
- Visibility and transparency: keep it open
- Respect for user privacy: keep it user-centric
The Privacy by Design framework was adopted as an international framework for privacy and data protection in 2010.
Dr. Cavoukian’s work on Privacy by Design continues today at Ryerson University in Toronto where she is the Executive Director of the Privacy and Big Data Institute. Her work has led to the creation of a program, in partnership with Deloitte Canada, against which companies and organizations, which have embedded privacy into their day to day operations and comply with the 7 Privacy by Design Principles, can be certified.
Information and Data Security
For many of us who started in records management before the impact of technology, security referred to locked offices, filing cabinets and work spaces. Security classifications were determined by the importance of information to the organization whether on paper or in electronic form. The most common designations included confidential, restricted, internal use and public. Organizations might have additional designations depending on the information, such as top secret and secret in government organizations.
Before the implementation of systems security controls, access and retrieval rights to online information and data were controlled through designated individuals, to ensure that appropriate persons were given access to the right documents, depending on what permissions they had.
Since the majority of the information resources were managed within the organization, the physical security issues were more easily controlled. As organizations have moved to automated systems, the Cloud and the internet, the need for security controls has increased and the ways to implement the security controls have changed.
Today’s Real Threats
We all hear about security breaches. As the Records and Information Manager how involved are we in knowing where those risks to our information assets exist?
The issue of information security is not new. Recognizing it as a key element of access and privacy, in 1986 the Treasury Board Secretariat introduced the Government Security Policy intended to: “ensure that all classified and designated information or assets of the federal government are safeguarded in an appropriate manner”.
As the use of technology has expanded into the internet of things, BYOD, Social Media and the Cloud, information security becomes another element of the information governance framework. International standards, such as ISO 27002: Information Technology — Security Techniques — Code of Practice for Information Security Management Standard23 (just one of a number of standards that support information management and information security, listed in Appendix “A”). Security standards are being created to identify security control measures, practices, which include procedures or mechanisms that may:
- protect against a threat,
- reduce a vulnerability,
- limit the effect of an unwanted incident,
- detect unwanted incidents, and
- facilitate recovery.
Cyber-crime has become the number one issue that governments are now addressing. And whether the targets are governments, companies or individuals, the threat can have far-reaching implications. We hear about these breaches on the news and wonder what the impact is.
Recently TalkTalk, a telephone and broadband supplier in the UK was hacked, with the hackers gaining access to TalkTalk’s client account information. While on vacation in the UK, the day after the breach was reported, we overheard a conversation in the pub telling the bar tender that his bank had called and told him that someone had gone into his bank account and attempted to clear out his money, based on information in his TalkTalk account. What was interesting about this particular case was that the company had had an audit about two years prior to this event, in which the lack of system security was flagged and nothing was done to upgrade it.
On January 3, 2016, this note was on TalkTalk’s website:
Welcome to TalkTalk
We’re currently making security enhancements to our site, which should be back online soon.
While we do this, our customer team are there to help you with details on the packages below or upgrades. Just give them a call.
It is no longer sufficient to assume that information security is the IT department’s responsibility. Information security, privacy and disposition problems are crossing boundaries between departments which have responsibility for identifying and protecting that corporate information. Being able to understand the concepts and information security issues is critical to RIM within today’s workplace.
RM Meets Technology
In my first job as Archivist at the Toronto Harbour Commission, I was responsible for purchasing a Wang word processor and learning how it functioned. That was 1978 – and some time before personal computers were adopted as a standard technology in all organizations. At the AGO in 1984, as the Manager of Administration and Archives, I was involved in the overall technology strategy because of my role in Archives and Records Management.
In 1989, as Manager of Archives and Records Management at CIBC, I worked with RIM staff to select and implement a records management software package designed to support the storage and disposition of about 400,000 boxes in the Toronto Records Centre. In addition to selecting software for our own records management purposes, the team were involved in the selection of an imaging system and worked with IT to build retention requirements into the system development lifecycle. Understanding what was happening with technology was not a nice to do…it was a must do.
For many years, the mantra “storage is cheap” could be heard in many organizations as more and more information was created electronically and IT “retention” was focused on moving live data to tiered storage, not on the value of the data to the organization. Managing data was complicated and therefore something that didn’t happen, until concerns were raised about legacy systems and Y2K. At that point, organizations were still for the most part, managing “records” on paper and data was retained for disaster recovery, back up and security purposes. Given the transition from paper records to data and information in systems and the lack of retention applied to legacy systems and backups, IT organizations suddenly found themselves with terabytes of stored data that could not be disposed of because no-one knew what it was. What was the risk of deleting without any awareness of what was in those systems? How could you justify that in court? On the other hand, all those old tapes sitting in data centres, uncatalogued, not cared for in terms of preservation methods – rewinding, migrating, etc. could be a huge liability to eDiscovery. Being at the table for those discussions was part of the RIM responsibility.
Defining Software Requirements: The Canadian Influence
Canada and Canadians have played a leading role in designing specifications for records management software as well as creating software products, based on those specifications. Early work in Canada began in 1983 through an initiative of the Department of Communications and the National Archives of Canada: The Office Communications Systems Field Trial Program. Designed to study how 70 users, linked together through a local area network, created, used and disposed of electronic information, it provided important research data for ongoing solution development. Its work resulted in the creation of the Information Management Office Systems Advancement (IMOSA) project, a joint initiative between the National Archives of Canada, the Department of Communications Canadian Workplace Automation Research Centre and Provenance systems24. In 1990 as a result of the IMOSA project work, the National Archives published a set of functional requirements for software to manage electronic information in the Federal Government known as FOREMOST (Formal Records Management for Office Systems Technologies).
At the time the Canadian requirements were developed, the electronic records community within the International Council on Archives was collaborating on software requirements. While it would be difficult to say that Canada was number one in creating the requirements, it would be fair to say that the work undertaken through the IMOSA project was on the leading edge of defining electronic records management software requirements. A number of software requirements initiatives were subsequently developed in Australia, the US and Europe and continue to be enhanced today.
Creating Electronic Records Software Solutions
Canada, again, has played a significant role in electronic records management software development. As a result of his work with the Canadian Federal Government, Bruce Miller established Provenance Systems in 1989, and created FOREMOST, an electronic records management software package which was sold to (EMC) Documentum in 2002 forming an integral part of the Documentum Records Management product. Bruce subsequently created Tarian software as the next generation electronic records solution, the Tarian eRecord Engine, which in 2002, was acquired by IBM to become IBM Records Manager.
Records Managers globally are familiar with OpenText and its LiveLink product suite. Its evolution from its beginnings to where it is today is a great study in Canadian innovation and development. In his Forward to Open Text Corporation: Ten Years of Innovation25, Tom Jenkins, then CEO of Open Text Corporation wrote:
It’s hard to imagine today, but Open Text Corporation started out in 1991 as a small three-person consulting operation, a spin-off of the University of Waterloo.
With the Internet in its infancy OpenText was responsible for creating one of the first search engines for Netscape and Yahoo. So how did they get into records management – evolution or revolution?
Before OpenText made its foray into search engines, the Canadian Federal Government departments were dealing with physical file management challenges and in 1986 a group of Ottawa-based entrepreneurs saw an opportunity to fill the gap creating iRIMS a PSSoftware product. As a result of the changing environment iRIMS expanded its product line to address electronic, physical and image-based records. In 1999 it was purchased by OpenText and its functionality integrated into the suite of products which continue to evolve today.
And where exactly are we today? As technology has evolved, so too has the functionality of these products. Records management functionality has been built into a number of products dealing with an organization’s information assets. Whether the company calls it records management, information management or information governance, at the end of the day, these software tools help manage the lifecycle of the information resources, ensure that information can be found, protected and used as required and disposed of to meet legal and compliance requirements.
The Legal Perspective: Electronic Records and eDiscovery
In any organization, the Legal group has always been critical partner with Records and Information Managers as a result of incorporating legal and regulatory requirements into retention schedule development. In the past 15 to 20 years the interest from Legal departments and law firms in records and information management has increased as a result of electronic records and the role they play in litigation and eDiscovery.
For many Records Managers, a major shift in organizational records management awareness came as a result of changes to the U.S Federal Rules of Civil Procedure in 2006, which introduced “electronically stored information (ESI) a new type of discoverable information, under Rule 34. A major concern in organizations across the US came as a result of the volume of electronically stored legacy data and back up tapes that were subject to discovery, if the organization had not had an effective program in place to dispose of its information in the normal course of business.
With the advent of technology, the challenges of the discovery process were not unique to the US although for many of us, as members of ARMA International, the Sedona Conference and the changes to the Federal Rules were probably our first introductions to the connection between eDiscovery and records management. Ontario and other jurisdictions in Canada were facing the same challenges of discovery, given the proliferation of computers in the workplace.
In 2001 the Attorney General and Chief Justice of the Superior Court of Justice appointed a Discovery Task Force, chaired by Justice Colin Campbell, Superior Court of Justice, Toronto Region, to look at existing practices and propose options for reform. The report, presented in 2003, included two recommendations in its section under the “Discovery of Electronic Documents” expanding the scope of discovery:
- Amend rules 30.01 and 31.01 to include in the definition of document “data created and stored in electronic form.
- Develop best practices with respect to retention of electronic records and the scope, cost and manner of electronic documentary production.
No longer was discovery only about paper and the issues around electronic records and information management were again, brought to the forefront.
The work of The Sedona Conference has been pivotal in addressing issues around eDiscovery, Data Protection and Privacy and Information Governance. Sedona Working Group One (WG1), made up of representatives from the US Legal Community and members of ARMA International among others, focused on the development of electronic document retention and production guidelines, publishing The Sedona Principles; Best Practices Recommendations and Principles Addressing Electronic Document Production, in March 2003. The guidelines provided detailed interpretations and insights on how organizations could apply the Principles in preparing for litigation.
The Sedona Principles became an integral part of eDiscovery guideline development in Ontario as a result of the participation of Susan Wortzman<sup”>26, the first Canadian to attend a Sedona Conference meeting. Susan joined WG1 while a member of the Ontario Discovery Task Force. As a result of her participation on WG1, Ms. Wortzman worked with The Sedona Conference to set up Working Group 7 (WG7), Sedona Canada, which created the Sedona Canada Principles. As stated on The Sedona Conference website, WG7 was formed in 2006 with the mission:
“To create forward-looking principles and best practice recommendations for lawyers, courts, businesses, and others who regularly confront e-discovery issues in Canada.” The first edition of these Sedona Canada Principles27 was released in early 2008 (in both English and French) and was immediately recognized by federal and provincial courts as an authoritative source of guidance for Canadian practitioners. It was explicitly referenced in the Ontario Rules of Civil Procedure and practice directives that went into effect in January 2010.
In November 2015, the 2nd edition of The Sedona Canada Principles was issued and Working Group 7, open to interested Canadian residents, continues its work on eDiscovery and information governance issues in Canada.
The Electronic Discovery Reference Model
Launched in May 2005, the EDRM28 was established to address the lack of standards and guidelines in the e-discovery market. One of the outputs from EDRM was the Electronic Discovery Reference Model, published in 2006, designed to define the steps in an eDiscovery process in which the first step was records management. Putting records management as the first activity in the model showed the importance of ensuring that records were managed and disposed of in accordance with retention schedules and business practices. The premise was that by managing those resources effectively, there was less data/information to be waded through in case of litigation. What is interesting to note in this evolutionary process, is that while the 2014 version of the Electronic Discovery Reference Model (EDRM) shows information governance as the first box in the litigation/eDiscovery process, between 2006 and 2016, the first box changed from records management (2006) to information management (2007) to information governance (2014), showing the change in the workplace and the overall thinking about records, information and technology.
The EDRM website describes information governance as:
“Getting your electronic house in order to mitigate risk & expenses should e-discovery become an issue, from initial creation of ESI (electronically stored information) through its final disposition.”
eDiscovery has driven changes in the way organizations view their information assets as a result of the liabilities and risks associated with not managing information properly. So how does risk management fit into the picture and how do we assess our information risk?
RIM Risk Assessment Supports Business Strategies
Within any organization there are many different types of risks which are assessed to protect the organization’s operations. These may be overall business risks, operational risks, financial risks and on and on. They are usually defined and quantified so that they are measurable. And behind all these risks are records and information that capture details about the business activities of and decisions made by the organization.
Many of us have applied for credit cards, loans and mortgages. We are assessed on our credit history and provided with a yes or no response, based on the risk that lending the money to us poses to the financial institution. There are measurement criteria, assessment models, and methods to weigh the results of the assessments, all of which are quantified as part of a risk management framework. In order to make a decision, people requesting the loan complete forms, staff do analyses and provide reports of their decisions and the documentation, in whatever format it is collected, create a history of the transaction. How important are those risk analysis records to the organization?
In the case of technology installations and implementation, a risk analysis looks at all the aspects of the implementation – what are the potential risk factors that may impact the project, what is the impact if one of those factors occurs and how can you minimize the impact and reduce the risks. The records created document the decisions made and provide a tracking mechanism throughout the project.
For many of us who implemented vital records programs as part of business recovery initiatives, we were involved in undertaking a risk assessment around the value of the records to the organization should some type of emergency arise, such as a natural disaster, physical damage within our facilities such as fires, burst pipes, etc. or a frustrated employee stole data or sabotaged the system. We looked at the potential occurrences and the frequency with which they might occur, analysed the scenarios and determined which of the records created and stored were either high risk, if they were lost, or required as critical to the start-up of the business post disaster.
Because of the large volumes of information created and stored in our current workplace, organizations have begun to take a risk-based approach to managing the records which are captured in Managing Risks for Records29 in which the author, Dr. Victoria Lemieux, presented two approaches to records and information risk assessments:
- Event-based risk assessments such as the ones used to determine risks typically used in vital records programs,
- Records and information requirements based approach.
In the second approach, Dr. Lemieux suggests that rather than events being the basis of the risk assessment, the value of the records to the strategic business direction results in a cross-functional approach to managing information risk. Her recommendation for records and information risk management administration is to integrate it into the overall risk management function and culture, business operations, training and strategic development and budgeting, rather than have it as a separate, standalone activity within a records management program. Her book presents details about the two approaches and provides examples of the consequences of filing to manage records and information risks as highlighted below:
As with the other components we have discussed so far as part of the information governance Framework, managing risk is an integral part of the activities and resources, such as Dr. Lemieux’ book are available to assist in the transition from the traditional view of vital records issues and risks to the business risks of the organization, something that RIM professionals need to understand and be able to discuss as part of the cross-functional team.
Rm to IM to IG: Changing Skill Sets
So how do we know what we need to know to be successful RIM and IG professionals, if the world and our environment are changing around us daily? As the records management profession started to change in the 1990’s, there was an identified need to define what activities fell into the “records management” profession. A review of the Canadian Federal Government’s job classification codes showed that there were no clearly defined categories for records managers because the profession itself was not clearly defined. Skills and competencies existed for professions such as lawyers, doctors and accountants. No such things existed in the records and information management community in North America at the time.
ALARM Competency Model
In 1994 ARMA Canada participated in the Human Resources Development Canada’s (HRDC) Alliance of Libraries, Archives and Records Management30 initiative to examine human resource development challenges facing the Information Resources Sector31. In its Competency Tool Kit32, ALARM was described as:
Unique in the fact that it has brought together the three occupation areas (Libraries, Archives and Records Management) and has begun to demonstrate the promise of collaboration among the three professions in identifying and responding to common human resource needs.
The groups met for about five years and created not only the detailed set of competencies but also supporting toolkits on using the competencies. The ALARM33 competencies comprised seven professional competencies supported by three general sets of skills which defined at a high level, the core activities carried out in managing information resources. Committee members from the three professions agreed that, while managing a variety of information resources, Librarians, Archivists and Records Managers:
- Create and maintain programs and services
- Acquire and dispose of information resources
- Create a framework for access to information resources
- Provide reference, research and advisory services
- Provide electronic services
- Store and protect information resources
- Business/management skills
- Interpersonal skills
- Personal skills
The ALARM competencies were used for hiring, selecting, training and managing the performance of staff in addition to supporting RIM education program development and were, perhaps, ahead of their time from the perspective of collaboration between the individual professions.
Were we alone in developing competency models – definitely not. Were we, again, leaders in the process – yes, we were.
ARMA International Competency Models34
The first set of competency models developed by ARMA International in 2007 focused on Records and Information Management competencies and differed from the ALARM competencies in that they broke the competencies into four levels from entry-level practitioner to executive-level professional and six domains that reflect:
- Business Functions
- RIM Practices
- Risk Management
- Communications and Marketing
- Information Technology
As records management moved to information management, the Canadian General Standards Board (CGSB) issued CGSB-192.2-2009: Competencies of the Federal Government Information Management Community. Its format differed from both ARMA and ALARM and as of the date of this article35, a review had been proposed but did not happen due to a lack of interest. The standard is still available on the CGSB website.
ARMA International began to expand its member offerings to include information governance and created the Information Governance Professional (IGP) certification program in 2012. In describing the role of an Information Governance Professional ARMA International states that:
A Certified Information Governance Professional creates and oversees programs to govern the information assets of the enterprise. The IGP partners with the business to facilitate innovation and competitive advantage, while ensuring strategic and operational alignment of business, legal, compliance, and technology goals and objectives. The IGP oversees a program that supports organizational profitability, productivity, efficiency and protection.
To support the Information Professional designation, ARMA International created a set of competencies, complementary to ARMA International’s RIM competencies, which state that an IGP has the ability to:
- Manage information Risk and Compliance
- Develop an IG Strategic Plan
- Develop the IG Framework
- Establish the IG program
- Establish IG Business Integration and Oversight
- Align Technology with IG Framework
In terms of defining what an IG program will look like the competencies provide an overview of program activities, through the domains and related knowledge and skills. They can also help records and information management professionals determine where there are gaps in their existing skill set and develop a personal career path, identifying opportunities for training and education.
My personal belief is that information governance is a response to a changing workplace, hugely impacted by technology and requires collaboration between several groups to ensure consistency and reduce duplication of effort in managing information resources. Records and information management skills sets are being enhanced and expanded alongside other professions such as legal, privacy, risk and IT, driven by a need to address what are truly enterprise-wide issues.
Looking Ahead: Roles and Responsibilities
Looking at information governance from the 30,000 foot level, it is clear that information assets are the common element and that an information governance framework is required to ensure compliance, etc. However, unlike Records management, which has traditionally been the purview of one designated community, the information governance issues are more complex and require input from a number of different communities based on their needs and concerns. The concerns vary, depending on the specific group:
- The Privacy Officer ensures that personal information is collected, used and disposed of appropriately in accordance with privacy legislation.
- The Legal department or law firm is concerned with ensuring that the internal and external clients are aware of the retention and eDiscovery issues around all records, information and data. The costs of searching through data to support litigation have, in the past few years, resulted in an increased awareness of the benefits of effective information governance as part of ongoing business practices.
- The IT department is looking after all the systems and the data created and stored in them and has to ensure that information is secure, retrievable and accessible for as long as it is required through not only active data management but also through digital continuity and preservation to address changes in software and hardware.
- Records and Information Management provides the RIM guidelines, standards and policies and procedures which ensure that information is managed appropriately from creation to disposition.
- Employees are now far more aware of information assets and the impact of technology, although their expectations are that managing those assets will be transparent so that they get what they get what they need to do their day to day work. Anything which makes managing information onerous for the user will be rejected!
To further the discussion, the IGI created a RACI chart based on responses to their research:
Who is responsible for what will depend on the organization you are in and the focus of your strategic business goals, activity and regulatory environment. My father always used to say “if you know where you are going there is more than one road to take you there”. Such is the situation with information governance. However, any successful program will depend on a champion and a cross-functional team support by the necessary tools and technologies.
Some years ago, a session facilitator at the National Association of Government Archives and Records Administrators (NAGARA) Conference in Sacramento, California suggested that Archivists and Records Managers should change their story from one which was all about doom and gloom and full of jargon, to one which resonated with the creators of the records and information. Certainly the story is changing!
There is no doubt that information governance, under whatever name, will become a critical part of every organization given issues of privacy, eDiscovery, risk and compliance and value proposition of the information assets to the organization’s strategic position.
Records management has changed, not gone away, because there is still a need to manage records as evidence of business decisions and transactions. For records, data, information, knowledge, whatever it is called, to be useful to the organization it needs to be managed throughout its lifecycle. Discussions about what IG is and who is responsible will continue as our work changes. Each organization will design and implement a program based on its strategic direction, resource availability and risk and compliance requirements. The big shift is in the need to create cross-functional teams to address the issues from an enterprise perspective, not a siloed focus.
We have a rich resource of work that has been done in Canada as we have moved through the various challenges posed by technology and evolved from Records management to where we are today. We have a proud heritage of development and leadership in Archives, Records and Information Management. We can learn from it, build on it and look at the present research to see where we are heading in the future so that we are ready for the challenges ahead and embrace them. And our Canadian colleagues will continue to lead in different ways to enhance our understanding.
As I said at the beginning, this is not a comprehensive, all-inclusive study and I have omitted many people and projects, to whom and for which I apologize. There is much more to be added and I encourage you to build on it and prepare an article for the next ARMA Canada publication. The seeds have been planted for the flowers to grow. There is a huge opportunity to add to what has been started so let’s create the visible future!
Appendix A: ISO Standards
ISO/IEC 20000-1:2011 Information technology – Service management – Part 1: Service management system requirements
ISO/IEC 27014:2013 Information technology — Security techniques — Governance of information security
ISO/IEC 38500:2015 Information Technology Governance of IT for the organization
ISO 30301:2011 Information and documentation – Management systems for records – Requirements
ISO 15489-1:2001 Information and documentation – Records management – Part 1: General (under revision
ISO 16175-1:2010 Information and documentation – Principles and functional requirements for records in electronic office environments – Part 1: Overview and statement of principles
ISO/TR 17068:2012 Information and documentation – Trusted third party repository for digital records
ISO/TR 18128:2014 Information and documentation – Risk assessment for records processes and systems
ISO 23081-1:2006 Information and documentation – Records management processes – Metadata for records – Part 1: Principles
ISO/TR 26122:2008/Cor 1:2009 Information and documentation – Records management processes – Metadata for records – Part 1: Principles
URLs checked as of February 15, 2016
1Canadian Atlas online source http://www.canadiangeographic.ca/atlas/themes.aspx?id=connecting&sub=connecting_technology_wireless&lang=En
2See Gil Press: Forbes – http://www.forbes.com/sites/gilpress/2013/05/09/a-very-short-history-of-big-data/2/#170e0de71af0
6Note that Gartner, as do many organizations, uses the term archiving for setting aside inactive records into cheaper storage. For those involved in the archival profession, the use of the term causes confusion when distinguishing between the 5% of records which capture the long-term corporate memory of a private/public sector organization.
7TSC was founded in 1997 by Richard G. Braman, is a nonprofit, 501(c)(3) research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, and intellectual property rights
8Images for Information governance framework
10William Benedon was President of the American Records Management Association and editor of Records Management Quarterly and was awarded the Emmett Leahy Award in 1968 for his outstanding contribution in the field of records management
11Prentice-Hall, Inc. 1969
12A term made popular in the 1980s and 1990s as PCs became more widely used in the workplace
13As in other National Archives programs where the issue of preserving data for historical reference and research was a major concern, in addition to preserving historical records on paper.
14“Information: To Share Or Not To Share? The Information Governance Review”
16Dr. Vale later became the head of the Information Management Branch in the Government of Ontario
19coincides with the principles contained in the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data of the Organization for Economic Co-operation and Development (OECD), to which Canada agreed in 1984
20Including records containing personal information
21The concept was created by Dr. Cavoukian “to capture the notion of embedding privacy into technology https://www.ipc.on.ca/english/Privacy/Introduction-to-PbD/
23Replaced ISO 17799
24Provenance Systems was founded in 1989
25Published in 2001 by Open Text Corporation. The name Open Text has become OpenText since the book was first written. The author has referenced the name as it was at that time.
26Susan Wortzman is the founder of Wortzmans based in Toronto, Ontario. http://www.wortzmans.com
28Since its launch, EDRM has comprised 400 organizations, including 195 service and software providers, 88 corporations, 76 law firms, 24 governmental entities, 12 educational institutions and 5 industry groups involved with e-discovery and information governance.
29Lemieux, Victoria, Managing Risks for Records and Information. Lenexa, KS; ARMA International, 2004
30The committee was made up of ARMA International, CCA, AAQ and ACA and Associations representing different types of libraries across Canada.
31The title was selected in an attempt to create a common terminology that would cross all three areas.
32Published in August 2002, by the Cultural Human Resources Council
De la gestion des documents à la gouvernance de l’information
Christine Ardern. The Information Management Specialists, février 2016
Au moment où j’ai commencé à écrire cet article, j’avais une idée bien précise du sujet que je souhaitais aborder en raison de l’expérience que j’avais acquise en gestion des documents et de l’information durant ma carrière qui s’est échelonnée de 1975 à 2015. Mon idée a toutefois évolué, tout comme le monde qui nous entoure. En pensant aux 40 années que j’ai consacrées à l’archivistique et à la gestion des documents, j’ai réalisé que ma carrière, qui m’a permis de travailler dans une variété d’organisations, m’avait aussi permis d’expérimenter tous les aspects de la gouvernance de l’information, bien que celle-ci ait porté différents noms au fil des ans. Je suis convaincue que le fait de comprendre d’où nous venons nous aide à mettre en perspective ce qui nous attend dans le futur.
Mon intention n’était pas de produire une étude exhaustive sur la transition de la gestion des documents vers la gouvernance de l’information. Mon article visait avant tout à donner un aperçu personnel de la façon dont notre pratique a évolué au cours des dernières décennies. Pour appuyer mes propos, je décris d’ailleurs quelques projets canadiens qui ont influencé cette évolution et qui ont eu des retombées importantes. J’admets que j’ai eu le privilège de travailler au sein d’organisations qui m’ont offert des défis variés en gestion documentaire. J’ai eu la possibilité de participer à un grand nombre de projets, depuis l’élaboration de stratégies jusqu’à l’exploitation de dépôts de documents en passant par la mise sur pied d’installations d’archivage et la réalisation d’un mandat à titre de conseillère en gestion des documents et de l’information au sein de l’une des plus importantes institutions financières du Canada. Nul besoin de vous dire que toutes ces expériences m’ont offert de précieuses possibilités d’apprentissage et m’ont mise en contact avec les nombreuses formes de ce qui est maintenant convenu d’appeler la gouvernance de l’information.
J’ai assisté à plusieurs conférences organisées par l’ARMA International au fil des ans (la première fut celle de Toronto en 1975!) L’un des exposés qui m’a le plus marquée est celui qui a été présenté par Daniel Burrus, le conférencier vedette du congrès organisé par l’ARMA International en 2005, à Chicago.
M. Burrus avait alors abordé le thème du futur visible dans sa présentation intitulée Future View, A Look Ahead. L’un de principaux thèmes qu’il défend est expliqué dans l’énoncé suivant :
« Je vous invite à visiter un lieu que j’appelle le futur visible. C’est un endroit que vous pouvez clairement distinguer, mais pour y parvenir, vous devez prendre le temps de regarder. La plupart d’entre nous ne prennent jamais le temps de regarder. Le futur visible est un futur qui est pleinement prévisible. Plus vous regardez le futur et réfléchissez à la forme sous laquelle vous savez qu’il se manifestera, plus vous pourrez tirer profit de ce futur [traduction]. »
En 1995, lors d’une autre conférence de l’ARMA International qui avait lieu cette fois en Nouvelle- Zélande, l’un des conférenciers nous a montré à quoi ressemblerait le téléphone du futur en se basant sur des recherches réalisées dans ce domaine. Ses prédictions semblaient complètement farfelues. Imaginez! Être capable de voir les personnes avec qui vous discutez! Vingt ans plus tard, force est d’admettre que ce conférencier avait raison. Voilà le futur visible. L’argument principal de Daniel Burrus est le suivant : si nous prêtons attention aux innovations et aux recherches en cours dans des organisations telles que le MIT et le CERN, nous serons en mesure, grâce à ces organisations, d’entrevoir ce que le futur nous réserve.
En examinant le chemin que nous avons parcouru, il est facile de constater que les progrès de la technologie ont façonné l’environnement de mégadonnées dans lequel nous évoluons aujourd’hui. Peut-on imaginer un monde sans courriel et sans pages Web? C’était pourtant le cas il y a 50 ans. Comment la technologie a-t-elle changé notre milieu de travail et nous a-t-elle menés à cette ère de gouvernance de l’information? En est-on arrivé là soudainement ou cette nouvelle réalité découle-t-elle d’un processus évolutionnaire? Comme le démontrent les dates suivantes1, l’innovation ne s’arrête jamais :
- Années 1930 : conception de l’ordinateur central
- 1969 : création d’ARPANET, l’ancêtre direct d’Internet
- 1976 : création de l’ordinateur personnel Apple 1
- 1979 : mise en place du premier réseau de téléphonie cellulaire au Japon
- 1981 : vente des premiers ordinateurs personnels IBM au public
- 1989 : Tim Berners-Lee et Robert Cailliau mettent au point le prototype du World Wide Web, le réseau informatique mondial, au CERN (Organisation Européenne pour la Recherche Nucléaire)
- 1994 : le gouvernement américain abandonne le contrôle qu’il exerce sur Internet et le Web Wide Web naît. Vingt ans à peine nous séparent de ce moment. Comment le Web a-t-il influencé l’environnement de travail?
Qu’est-ce qui a changé et pourquoi ce changement survient-il maintenant? Au début des années 1990, les ordinateurs personnels ont commencé à s’infiltrer dans les bureaux, contribuant à diffuser l’idée que la gestion des documents ne serait désormais plus nécessaire. Les ordinateurs pouvaient se charger de tout. Le Web en était à ses premiers balbutiements et servait surtout à envoyer des courriels. Les organisations utilisaient encore massivement leur service de courrier interne et Postes Canada pour transmettre leurs lettres et leurs rapports. Avant l’arrivée d’Internet, les renseignements produits par les ordinateurs étaient gérés et sécurisés au sein même des organisations par les services responsables des technologies de l’information (TI). Ce n’est qu’un peu plus tard que les données ont été diffusées et transmises par voie électronique entre des services et des unités fonctionnelles situés dans des lieux et des pays différents. Internet a complètement changé le monde de l’information.
L’ère des mégadonnées
Les mégadonnées ne sont pas apparues du jour au lendemain. Déjà, au milieu des années 1940, des auteurs se sont penchés sur les problèmes soulevés par la création et la conservation des quantités de données générées par les ordinateurs2.
Pensez à votre organisation et à la façon dont les informations y sont reçues, utilisées, transmises et conservées. Songez ensuite à quel point il en va de même dans votre vie personnelle. Combien de dispositifs générant des données possédez-vous dans VOTRE habitation? Aujourd’hui, combien existe-t- il de façons différentes de créer et de partager de l’information entre nous? La liste suivante donne un
aperçu des raisons pour lesquelles les volumes de données ne cessent de croître chaque jour. Et si ces données soutiennent vos activités organisationnelles, il est alors essentiel de les gérer adéquatement.
- Les transmissions internet et sans fil nous permettent de produire et de partager des informations au moyen de messages textes, de blogues, de Twitter, d’Instagram, de Facebook et d’une myriade d’autres médias sociaux.
- Les appareils intelligents communiquent entre eux. Les sociétés de services publics (électricité et gaz) installent des compteurs intelligents. Le système OnStar peut vous informer des travaux d’entretien requis par votre voiture à partir des données recueillies par l’ordinateur de bord du véhicule. Les systèmes GPS dont sont dotés vos téléphones et vos tablettes peuvent vous indiquer à quel endroit vous êtes. Toutes ces données sont conservées par les organisations qui en font le suivi.
- Les grandes organisations telles que les institutions financières et les compagnies d’assurance recueillent des quantités phénoménales de données chaque jour en raison des transactions bancaires que les consommateurs réalisent en ligne à leur domicile, au moyen de guichets automatiques ou d’autres modes de prestation de services mis à leur disposition par les institutions.
- En plus des données structurées conservées dans les divers systèmes, il faut aussi tenir compte des données non structurées produites par les employés dans leur travail quotidien au moyen, notamment, des répertoires de réseaux, des courriels et des applications de système qui soutiennent la gestion de contenu.
En 2007, EMC et IDC3 ont publié une première étude sur l’univers numérique dans laquelle ils tentaient de prédire la croissance du volume de données généré par le Web. Les prévisions qu’ils ont publiées en 2014 indiquent que d’ici 2020, l’univers numérique – les données que nous créons et copions chaque année – atteindront 44 zettaoctets ou 44 milliers de milliards de gigaoctets4.
La maxime selon laquelle « le stockage ne coûte pas cher » et qu’on peut se permettre de tout garder revient maintenant hanter les services de TI qui sont confrontés à des masses de données anciennes souvent inaccessibles. Au fil du temps, la gestion des données électroniques devient onéreuse en raison de l’évolution et de la désuétude rapides des logiciels. Toute organisation doit éliminer des éléments dans le cours normal de ses activités afin de réduire ses dépenses et les risques auxquels elle s’expose, et d’améliorer son efficacité. Mais prenez garde de ne pas vous débarrasser de données essentielles. Vous ne savez jamais quand un juge pourrait vous sommer de divulguer des renseignements. Tout manquement de votre part à fournir les données demandées pourrait vous coûter des millions de dollars en cette époque où les poursuites judiciaires abondent.
À quand remonte la gouvernance de l’information?
L’information fait partie de notre quotidien depuis fort longtemps, qu’on l’appelle matériel non documentaire, information transitoire, publication ou base de données. Jusqu’à tout récemment, les organisations conservaient (et conservent toujours) des documents papier comme principale source de preuves à l’appui de leurs transactions et décisions d’affaires. Avec l’avènement des TI et la prolifération des données transfrontières, des enjeux tels que la protection de la vie privée, l’appartenance et la sécurité des données prennent un tout nouveau sens lorsqu’on réalise à quel point il est facile d’accéder aux actifs informationnels électroniques.
L’information et les documents sont conservés dans un nombre sans cesse grandissant de lieux différents. Pendant ce temps, les organisations modifient leurs modes de prestation de façon à pouvoir servir leurs clients au moyen des médias sociaux et de l’infonuagique. Chaque jour, de nouvelles données sont produites et doivent être gérées, utilisées, stockées et supprimées conformément aux exigences opérationnelles et à la réglementation en vigueur. Au fur et à mesure que le volume de documents et de données à stocker électroniquement augmente, les pratiques employées pour gérer la masse de documents papier doivent maintenant être adaptées et améliorées pour répondre aux besoins suscités par la gestion documentaire électronique.
Plusieurs d’entre nous sont membres d’associations nord-américaines et les articles que nous lisons sont souvent rédigés en fonction de cette perspective. Depuis combien de temps parle-t-on de la « gouvernance de l’information » dans notre domaine? Cette question a été posée aux participants qui ont assisté à la conférence que l’Information Governance Initiative (IGI) a organisée en 2015 à Hartford, au Connecticut. Depuis cinq ans? Dix ans? Plus de dix ans? La majorité des participants ont choisi la première réponse : cinq ans. En tenant compte du sens que nous attribuons dans le présent article au concept de « gouvernance de l’information », la véritable réponse est « plus que quinze ans ». La nécessité d’assurer la protection des renseignements personnels est à l’origine du concept de gouvernance de l’information.
Le besoin d’assurer la confidentialité, la sécurité, la conservation et le traitement final des données une constante, quel que soit leur support de stockage ou leur nature. Les organisations reconnaissent maintenant qu’il est avantageux de réunir au sein d’équipes interfonctionnelles les services et les groupes qui travaillaient auparavant de façon compartimentée. En collaborant ainsi, ces équipes peuvent résoudre les problèmes globalement, à l’échelle de l’organisation, suivant ainsi la tendance imposée par les nouvelles technologies et l’élargissement de la portée des transmissions et des échanges. Les politiques et les procédures de chacun des services de l’organisation ne peuvent pas être élaborées indépendamment les unes des autres en fonction d’un centre d’intérêt particulier tel que la gestion des TI, de la protection de la vie privée, des activités commerciales ou juridiques, des risques ou de l’information. Les besoins se chevauchent et doivent être abordés comme les parties d’un tout. C’est là que le concept de gouvernance de l’information trouve son utilité en permettant de jeter des ponts entre ces services. Les différents aspects de la gouvernance de l’information sont en place depuis très longtemps, mais ils étaient sous la responsabilité de services de gestion distincts. Alors, comment définit-on la gouvernance de l’information aujourd’hui?
Perspectives en gouvernance de l’information
Tout comme la gouvernance de l’information a évolué, sa définition s’est aussi modifiée en fonction du milieu dans lequel elle était exercée et de la perspective adoptée. On retrouve toutefois des thèmes communs dans toutes les définitions de la gouvernance de l’information. Au Royaume-Uni, le National Health Service a conçu une trousse d’outils5 pour garantir que les renseignements recueillis dans le cadre de la prestation des services de santé seront traités conformément aux directives Caldicott (qui seront abordées plus loin). Ces directives stipulent que :
- La gouvernance de l’information doit tenir compte de la façon dont les organisations traitent les renseignements. Elle vise les renseignements personnels, c’est-à-dire les renseignements qui concernent les patients, les utilisateurs des services et les employés. Elle cible également les renseignements relatifs aux organisations, c’est-à-dire les documents de nature financière et comptable.
- La gouvernance de l’information fournit aux employés une méthode uniforme pour mettre en pratique les différentes règles régissant la gestion de l’information.
Fondée en 1979, la société Gartner est reconnue pour ses travaux de recherche et ses rapports qui font autorité dans les collectivités des gestionnaires des TI et de l’information. En 2007, Gartner a conclu que la gouvernance de l’information est un enjeu prioritaire pour ses clients et l’a défini comme suit :
« L’attribution de droits en matière de prise de décision et l’établissement d’un cadre de responsabilisation pour assurer l’adoption de comportements adéquats lors de l’évaluation, de la création, du stockage, de l’utilisation, de l’archivage6 et de la suppression de l’information. Ce concept englobe les processus, les rôles, les normes et les paramètres qui garantiront une utilisation efficace et efficiente de l’information et qui permettront à une organisation d’atteindre ses objectifs [traduction]. »
The Sedona Conference7
Une définition de la gouvernance de l’information a été proposée dans un article publié à l’automne 2014 dans le volume 15 du Sedona Conference Journal et intitulé « The Sedona Conference Commentary on Information Governance » (commentaire sur la gouvernance de l’information formulé par The Sedona Conference) :
« [La gouvernance de l’information] désigne l’approche coordonnée et interdisciplinaire adoptée par une organisation dans le but, d’une part, de respecter les exigences établies en matière de conformité de l’information et, d’autre part, de gérer les risques liés à l’information, tout en optimisant la valeur de l’information. La gouvernance de l’information englobe et permet de rapprocher les diverses exigences juridiques et de conformité ainsi que les risques qui relèvent de différentes disciplines (gestion des documents et de l’information, confidentialité des données, sécurité de l’information, administration de la preuve électronique). L’examen des objectifs poursuivis par ces disciplines permet de dégager des chevauchements fonctionnels qu’il est possible de rentabiliser (s’ils sont synergiques), de coordonner (s’ils fonctionnent en parallèle) ou de réconcilier (s’ils entrent en conflit) [traduction]. »
L’Information Governance Initiative (IGI)
Formée en 2013, l’Information Governance Initiative (IGI) est à la fois un consortium interdisciplinaire et un centre d’études et de recherches dédié à la diffusion de pratiques et de technologies fondées sur les principes de la gouvernance de l’information. Cette diffusion s’effectue au moyen de recherches, de publications, d’activités de sensibilisation et de réseaux de pairs. Dans son rapport annuel 2015-2016, l’IGI a présenté sa définition de la gouvernance de l’information ainsi qu’un ensemble de composantes, qui ont été établies à partir des commentaires formulés par les membres de l’IGI :
« La gouvernance de l’information désigne les activités et les technologies qu’utilisent les organisations pour maximiser la valeur de l’information qu’elles détiennent, tout en minimisant les risques et les coûts s’y rattachant [traduction]. »
Les composantes de la gouvernance de l’information8
Dans son rapport annuel 2015-2016, l’IGI a publié les conclusions tirées d’une enquête envoyée aux membres de l’IGI afin de leur demander d’indiquer, parmi une liste de 22 activités, lesquelles s’inscrivaient dans le cadre de la gouvernance de l’information. Le graphique suivant illustre les résultats de l’enquête :
Un certain nombre de ces composantes, une fois regroupées, cadreraient avec le modèle de référence de la gouvernance de l’information tel qu’il a été défini en 2011 dans le livre blanc How the Information Governance Reference Model (IGRM) Complements ARMA International’s Generally Accepted Recordkeeping Principles (GARPMD)9 (comment le modèle de référence de la gouvernance de l’information complète les principes de conservation des documents généralement reconnus de l’ARMA International) :
« Le modèle de référence de la gouvernance de l’information soutient les principes de conservation des documents généralement reconnus de l’ARMA International en permettant de déterminer quels sont les groupes interfonctionnels des intervenants clés en matière de gouvernance de l’information et en définissant leurs objectifs communs au sein de l’organisation [traduction]. »
Le modèle de référence de la gouvernance de l’information dresse la liste des secteurs qui ont un intérêt pour les actifs informationnels détenus par l’organisation et qui doivent collaborer compte tenu de l’environnement de travail actuel. La gestion des documents et de l’information est l’une des composantes de cette approche interfonctionnelle.
En réalité, la façon dont vous ferez l’expérience des différentes composantes de la gouvernance de l’information variera en fonction du type d’organisation où vous mettez en pratique les principes de la gestion documentaire ou de vos responsabilités. Une personne qui travaille dans un conseil ou une commission scolaire au Canada depuis quelques années pourrait bien avoir été responsable de la protection de la vie privée, de la gestion des documents et du respect de la conformité. Au sein d’une institution financière, cette même personne pourrait occuper un poste de gestionnaire de documents et être responsable de l’intégration des exigences relatives à la sécurité, à la conservation et à la confidentialité des documents au processus de conception des systèmes.
Retour sur le passé
De 1960 à 2000 : période de transition
Pour comprendre comment s’est effectuée la transition de la gestion des documents à la gouvernance de l’information, il convient d’examiner en quoi consiste chacun de ces deux éléments et leur définition. En 1969, Bill Benedon10, qui était considéré comme l’une des sommités de la gestion des documents, a publié Records Management11, un ouvrage dédié, comme son titre le laisse deviner, à la conception et à la mise en œuvre de programmes en gestion des documents. Bill Benedon écrit :
« La gestion des documents est un terme bien choisi pour englober les activités de traitement de l’information actuelles et futures. Bien que des innovations telles que les bandes magnétiques et d’autres formes de documentation miniaturisée modifient la complexité du document, elles soulèvent les mêmes problèmes au chapitre de la conservation, du stockage, de la conception des formulaires, des besoins de production de rapports, de la protection des données et, bien entendu (le problème le plus ancien), des exigences liées au classement des documents, que nous désignons maintenant sous l’appellation plus recherchée d’extraction ou de recherche documentaire [traduction]. »
L’auteur ajoute : « il s’écoulera beaucoup de temps avant que le personnel des services de comptabilité et d’audit ne soit disposé à dire que nous pouvons supprimer un document source une fois celui reproduit sur un support automatisable [traduction] ».
Près de 50 ans plus tard, après avoir vu le document source papier migrer lentement vers un support numérique, il nous faut maintenant aborder les problèmes soulevés par le traitement final des documents numériques!
En 1981, la deuxième édition de l’ouvrage Information and Records Management écrit par Maedke, Robek et Brown a été publiée. Ce livre est devenu le fondement de nombreux programmes de formation en gestion des documents et de l’information. Dans cet ouvrage, on définit la gestion des documents comme suit :
« L’application d’un contrôle systématique et scientifique sur l’information consignée qui est requis pour assurer l’exécution des activités d’une organisation. Un tel contrôle est exercé sur la création, la distribution, l’utilisation, la conservation, l’extraction, la protection, la préservation et le traitement final de tous les types de documents au sein d’une organisation [traduction]. »
En 2001, la première norme internationale en gestion des documents (ISO 15489) publiée par l’Organisation internationale de normalisation (ISO) a défini le records management ainsi :
« Le champ de l’organisation et de la gestion en charge d’un contrôle efficace et systématique de la création, de la réception, de la conservation, de l’utilisation et du sort final des documents, y compris des méthodes de fixation et de préservation de la preuve et de l’information liées à la forme des documents. »
L’élément commun de toutes ces définitions est le besoin d’avoir recours à une approche systématique pour gérer les documents et l’information consignée. Alors, qu’est-ce qui a changé? Est-ce que les documents ont disparu ou ont-ils été absorbés par la gestion de l’information au moment où la technologie a commencé à émerger dans l’environnement de travail?
Coexistence des documents et de l’information
L’information, tout comme les documents, a toujours été produite et consignée sur plusieurs types de supports et dans une variété de formats. À l’époque où prévalait le support papier, nous disposions de documents, de matériel non documentaire et de documents éphémères (information transitoire). Les copies de commodité, les versions préliminaires de rapports, les rapports de recherche et les comptes rendus étaient tous produits quotidiennement dans le cadre des activités de l’organisation. Ils avaient des délais de conservation différents et étaient supprimés conformément aux politiques en vigueur. Cependant, ils n’étaient pas considérés comme des « documents » parce qu’ils ne constituaient pas une preuve des décisions prises par l’organisation.
Avant l’avènement des ordinateurs personnels, d’Internet et des médias sociaux, les bases de données servaient à stocker des renseignements et à imprimer les résultats des recherches qu’on y effectuait. Les rapports financiers, les résumés des bordereaux de paie, les feuilles d’inventaire, etc. étaient considérés comme des documents et assujettis aux délais de conservation adoptés par l’organisation. Du point de vue des TI, la rétention faisait référence à la période durant laquelle les données étaient conservées sur les serveurs ou sur les bandes magnétiques, plutôt qu’au contenu informationnel.
Alors que de plus en plus d’information était générée au moyen d’ordinateurs de bureau par les travailleurs du savoir12 et que les données étaient conservées dans des systèmes informatiques plutôt que d’être imprimées sur papier, les lois ont été modifiées afin d’autoriser la réalisation de transactions par voie électronique, au lieu des transactions sur papier. Les effets d’Internet ont été ressentis par tout le monde. Désormais, moins de temps était consacré à l’impression et au classement des dossiers et davantage d’information était stockée dans des fichiers communs sur des réseaux, d’anciens systèmes, des bandes de sauvegarde, etc. C’est ainsi qu’a commencé le cauchemar des dirigeants de services informatiques. Non seulement y avait-il de plus en plus d’information produite électroniquement, mais il fallait aussi gérer toutes les données désuètes conservées dans les anciens systèmes ainsi que toutes les vieilles bandes non indexées qui étaient entreposées dans les centres de traitement. Que faire avec toutes ces données?
Les archivistes : les pionniers du traitement des données électroniques
Division des archives ordinolingues : Archives publiques du Canada
Mon premier contact avec le concept de « documents électroniques » remonte à l’époque où j’étais archiviste à la Toronto Harbour Commission. Au cours d’une visite aux Archives publiques du Canada au milieu des années 1970, j’ai rencontré le personnel de la Division des archives ordinolingues afin d’en apprendre davantage sur le fonctionnement d’un centre de documents, l’élaboration de politiques et de procédures en gestion des documents et d’autres aspects du domaine archivistique. Les archivistes ont dû apprendre à gérer et à préserver à long terme les données stockées dans les systèmes informatiques bien avant que les gestionnaires de documents, les services de TI et le Canada ne deviennent des chefs de file dans le traitement des documents lisibles par machine. Dans son article « FOCUS: The Machine Readable Archives Division of the Public Archives of Canada » (Archivaria, 1978, pp. 176-180), Harold Naugler écrit que :
« Dans le cadre du programme de gestion des documents informatisés du gouvernement fédéral… le Bureau des services de gestion des documents d’Archives publiques du Canada a commencé en 1976-1977 à faire l’inventaire des documents lisibles par machine dans environ 67 ministères et organismes gouvernementaux [traduction]. »
M. Naugler ajoute : « qu’il y avait de vastes quantités d’information sur support lisible par machine concernant des aspects aussi variés de la vie au Canada que l’emploi, la criminalité, les maladies, l’immigration et l’émigration, le climat, la géologie, la production et la consommation d’aliments, le logement, le transport, les communications et le coût de la vie [traduction]. »
La méthodologie utilisée durant le processus d’inventaire a ensuite été transformée en un ensemble de lignes directrices par la Division des archives ordinolingues13. Finalement, ces lignes directrices ont été intégrées au Guide d’administration de l’informatique pour les ministères et les organismes du gouvernement du Canada.
En 1984, reconnaissant que la préservation de l’information numérique était un enjeu mondial, Harold Naugler a écrit : Évaluation et tri des documents informatiques en archivistique : une étude RAMP, accompagnée de principes directeurs. L’ouvrage a été publié par le Programme général d’information de l’UNESCO et UNISIST. À cette époque, l’étude était considérée comme une référence en matière de gestion des données électroniques.
Par ailleurs, des groupes tels que l’Association of Canadian Archivists (ACA), la Society of American Archivists (SAA) et le Conseil international des archives (CIC) évaluaient les pratiques de conservation à long terme des documents et des données dans les systèmes informatiques. Pour être en mesure de gérer adéquatement ces données, fallait-il que le responsable comprenne en quoi consistaient les systèmes et quelles étaient les données produites, applique les règles de conservation et veille à ce que les formats et les supports de données soient adéquatement préservés? Oui. Appelait-on cela de la gouvernance d’information? Non. C’était l’une des pièces du casse-tête.
De la gestion des documents à la gouvernance de l’information : révolution ou évolution?
En 1989, lorsque je suis entrée au service de la CIBC à titre de directrice du Service des archives et de la gestion des documents, je faisais partie du comité de gouvernance de l’entreprise dont la composition reflétait la vision que l’on avait de la gouvernance de l’information à ce moment-là. Le comité était formé de personnes issues de différentes équipes au sein de l’entreprise : archives et gestion des documents, services juridiques, conformité, protection de la vie privée, audit et sécurité organisationnelle. Le groupe de la gestion des documents collaborait avec les autres membres du service pour réaliser des projets particuliers. Les problèmes étaient de nature interfonctionnelle et de trop grande envergure pour être réglés par le personnel d’un seul service. Le groupe de la gestion des
documents travaillait avec celui des TI en vue d’intégrer les règles de conservation des documents au cycle de vie de la mise au point des applications. Quant au choix des logiciels, il était fait conjointement avec des membres de l’équipe de la gestion des documents et de l’information. L’équipe de la gestion des documents et de l’information était formée de conseillers internes qui prenaient part aux décisions relatives aux documents électroniques et aux données transactionnelles ainsi qu’au choix du matériel et des logiciels.
Plusieurs articles et publications qui font référence au commencement du concept de gouvernance de l’information soulignent l’apport des National Health Services (NHS) de Grande-Bretagne à titre de chef de file ayant contribué à l’établissement d’un cadre de travail en gouvernance de l’information. En 1997, préoccupée par la protection de la vie privée et les effets des nouvelles technologies sur les renseignements médicaux, madame Fiona Caldicott a présidé un groupe d’experts afin d’examiner le traitement des renseignements médicaux pouvant permettre d’identifier un patient dans l’ensemble des NHS. À la suite de cet examen et d’autres travaux ultérieurs, sept principes, connus sous l’appellation
« principes Caldicott »14, ont été élaborés. Ces principes continuent d’être utilisés aujourd’hui pour évaluer si les renseignements concernant les patients sont adéquatement gérés et protégés. Ils sont devenus l’un des piliers des NHS et sont appuyés par un ensemble de trousses d’outils, de politiques, de procédures et de lignes directrices.
Le niveau d’exposition des professionnels en gestion des documents et de l’information à certaines ou à toutes les composantes de la gouvernance de l’information dépend du type d’organisation dans laquelle ils travaillent. Une personne qui travaille pour une petite municipalité à titre de secrétaire de mairie peut être responsable de la gestion des documents et de l’information, de la protection de la vie privée et des services juridiques. Au sein d’une grande institution financière, un professionnel de la gestion des documents et de l’information peut faire partie d’une équipe interfonctionnelle dont les membres sont responsables des composantes de la gouvernance de l’information. Pour un professionnel de la gestion des documents et de l’information évoluant dans un cabinet d’avocats, l’administration de la preuve électronique peut constituer le facteur déterminant qui sous-tend la façon dont la gouvernance de l’information est appliquée en ce qui a trait aux clients. L’environnement réglementaire régissant les activités de l’organisation peut demander que l’on mette davantage l’accent sur certains aspects de la gouvernance de l’information, mais en fin de compte la réussite d’un programme de gouvernance de l’information repose sur la synergie de l’ensemble de ses parties.
La gestion de l’information au gouvernement du Canada
La gestion de l’information et la gestion des documents coexistent depuis plusieurs années au sein du gouvernement du Canada. Le programme de gestion de l’information du gouvernement canadien résulte de la mise en place, en 1989, de la Politique de gestion des renseignements détenus par le gouvernement. Cette initiative du Secrétariat du Conseil du Trésor visait à « réunir sous le concept de la gestion de l’information les politiques existantes suivantes : Gestion des documents, Collecte de renseignement et recherche sur l’opinion publique, Micrographie, Gestion des documents informatiques et Gestion des imprimés administratifs [traduction] ».
En 199515, le Secrétariat du Conseil du Trésor a publié des lignes directrices sur la gestion de l’information gouvernementale ainsi qu’un modèle illustrant le cycle de vie des fonds de renseignements et stipulant les responsabilités des programmes de gestion de l’information, à savoir :
- La planification
- La collecte, la création et la réception
- L’organisation, la transmission, l’utilisation et l’extraction
- Le stockage, la protection et la conservation
- La disposition finale des documents au moyen de transferts ou de la destruction.
À cette époque, un manuel de l’utilisateur de 55 pages appuyait la mise en œuvre de la gestion de l’information dans l’ensemble des ministères du gouvernement fédéral. Le titre de la politique a changé en même temps que l’environnement de travail. En 2003, on a publié la Politique sur la gestion de l’information gouvernementale qui a été remplacée en 2007 par la Politique sur la gestion de l’information.
Pour expliquer la relation existant entre la gestion des documents et la gestion de l’information au sein du gouvernement du Canada, il faudrait y consacrer une étude entière et examiner en détail l’évolution du rôle et des responsabilités d’Archives publiques du Canada (qui sont plus tard devenues les Archives nationales, puis Bibliothèque et Archives Canada) et du Secrétariat du Conseil du Trésor dans l’élaboration des politiques. Ce qu’on appelait auparavant la gestion des documents au gouvernement fédéral est maintenant devenu les « pratiques en tenue de documents » en vertu de la Directive sur la tenue de documents, qui a été publiée pour la première fois en 2009 :
« La tenue de documents est une fonction de gestion des ressources grâce à laquelle les ressources documentaires ayant une valeur opérationnelle sont créées, acquises, saisies, gérées dans des dépôts ministériels, et utilisées à titre d’actif stratégique essentiel pour appuyer la prise de décisions efficace et faciliter des activités continues, exécuter des programmes et offrir des services. »
Qu’est-ce qui a changé? Toutes les organisations créent des ressources documentaires. Certains de ces documents doivent être conservés pour satisfaire à des prescriptions juridiques et des exigences en matière de conformité, tandis que d’autres peuvent être supprimés. En ce qui concerne la politique sur la tenue de documents du gouvernement fédéral, les documents sont devenus des ressources documentaires ayant une valeur opérationnelle. Pouvons-nous imaginer ce que nous réserve l’avenir?
Le programme de gestion de l’information du gouvernement de l’Alberta
En raison du transfert des dossiers papier dans des centres de documents à la fin de leur vie active, de nombreux programmes de gestion des documents ont été mis sur pied au sein des organisations. Les responsables et le public percevaient généralement la gestion des documents comme une activité physique centrée sur la gestion des documents papier prenant place dans un entrepôt ou un dépôt de documents et, malgré l’arrivée de la technologie dans les bureaux, on a continué à penser ainsi. Les intervenants avaient de la difficulté à accepter le fait que les ordinateurs généraient des données et des renseignements (dont certains avaient une valeur de « documents ») et pouvaient servir de lieu de stockage. Au fur et à mesure que la présence des ordinateurs s’est intensifiée dans les bureaux, les organisations ont commencé à faire la transition de la gestion des documents vers la gestion de l’information.
Comment fallait-il gérer l’information? Dans un environnement centré sur le traitement des documents papier, ce processus avait été défini en termes de documents éphémères et de matériel non documentaire. Dans un monde où l’électronique prévalait, l’information était saisie et conservée sous forme d’une série de zéro et d’un. Il fallait donc changer le concept de « document » afin d’englober les besoins changeants du milieu de travail. L’important, c’était le contenu et non le support sur lequel celui-ci était emmagasiné. Par conséquent, diverses lois portant sur les opérations électroniques et les documents informatiques ont été adoptées pour refléter la nouvelle réalité du monde du travail.
Au Canada, l’un des principaux programmes de gestion de l’information gouvernementaux fut l’Information and Technology Strategy adoptée en 2001 par le Comité des sous-ministres du gouvernement de l’Alberta. La transition du concept de « document » à celui d’« information » a été principalement motivée par le besoin de changer la perception que le terme « document » évoquait, à savoir des données sur support papier, alors que le milieu du travail évoluait dans un environnement où l’information, dont une partie avait une valeur documentaire, était de plus en plus conservée sous une forme électronique.
Reconnaissant qu’il fallait gérer les actifs informationnels des gouvernements, y compris les documents, Sue Kessler, qui était alors directrice de la gestion des documents et qui travaillait étroitement avec le Dr Mark Vale16, a mis au point un Cadre de gestion de l’information17. Ce cadre intégrait la majorité des éléments dont les modèles de gouvernance de l’information actuels tiennent compte.
Les ressources et les principes directeurs établis par le gouvernement de l’Alberta en matière de gestion de l’information ont été, et continuent, d’être utilisés non seulement par les ministères du
gouvernement albertain, mais aussi par le secteur privé et d’autres gouvernements souhaitant faire la transition de la gestion des documents vers la gestion de l’information.
En même temps que la gestion des documents évoluait en gestion, puis en gouvernance de l’information, la portée de ces disciplines s’est étendue même si leurs activités fondamentales de gestion n’ont pas changé. Quelle que soit la forme sous laquelle l’information se présente, nous avons encore besoin :
- De stratégies et de cadres;
- De politiques, de processus et de procédures;
- De normes et de lignes directrices;
- De personnel;
- De technologie.
Bien que les supports au moyen desquels les documents et les renseignements sont diffusés changent et que le volume d’information ne cesse d’augmenter, les concepts de cycle de vie et de continuum n’ont pas disparu, tout comme les exigences de reddition de comptes et de conformité auxquelles les organisations sont encore tenues de se plier.
Protection des données et protection de la vie privée
Facteurs déterminants : les lignes directrices de l’OCDE18
Les organisations internationales telles que l’Organisation de coopération et de développement économique (OCDE), dont le Canada est devenu membre en 1984, se sont penchées sur la nécessité d’assurer la surveillance des données conservées dans les systèmes informatiques. En 1980, l’OCDE a élaboré les Lignes directrices régissant la protection de la vie privée et les flux transfrontières de données de caractère personnel dans lesquelles elle énonce :
« Compte tenu de l’essor pris par le traitement automatique de l’information, qui permet de transmettre de vastes quantités de données en quelques secondes à travers les frontières nationales et même à travers les continents, il a fallu étudier la question de la protection de la vie privée sous l’angle des données de caractère personnel. »
Préoccupée par le fait que la quantité de renseignements personnels conservée dans les grands systèmes de traitement de données pourrait éventuellement mettre en danger leur confidentialité, l’OCDE a invité les pays membres à élaborer et adopter leurs propres lois nationales en matière de protection de la vie privée et des renseignements personnels, ce que le Canada a fait en 1983.
En raison des technologies émergentes, non seulement la protection de la vie privée devenait une source d’inquiétude, mais les données qui pouvaient maintenant être facilement transmises au-delà des frontières nationales soulevaient d’autres préoccupations au chapitre des lois nationales portant notamment sur la propriété des données. En effet, les lois locales régissant les droits de propriété des données pouvaient restreindre la capacité d’une organisation à diffuser de l’information à l’intérieur même de sa structure si elle exerçait ses activités à l’échelle mondiale. Les limitations imposées à la transmission transfrontière des données inquiétaient particulièrement les banques et les compagnies d’assurance en raison de la nature internationale de leurs activités commerciales.
Le modèle fourni par les Lignes directrices de l’OCDE visait à soutenir l’harmonisation des lois sur la protection de la vie privée tout en favorisant la transmission transfrontière des flux de données à mesure que la technologie modifiait les méthodes de diffusion des données. Lors des célébrations entourant le 30e anniversaire des Lignes directrices en 2011, les responsables de l’OCDE ont déclaré que :
« Les systèmes autonomes des années 1970 se sont transformés en une infrastructure intégrée et omniprésente d’envergure mondiale. Les flux de données occasionnels d’autrefois ont fait place à des flux de données multipoints et continus à l’échelle internationale. Tous ces changements soulignent la nécessité pour les organismes de réglementation de la vie privée du monde entier de collaborer en vue d’élaborer des approches globales dans ce domaine. Les progrès réalisés en analytique et la monétisation de notre empreinte numérique soulèvent des questions épineuses concernant le concept de renseignement personnel et la portée appropriée que doit avoir l’application des mesures de protection de la vie privée [traduction]. »
Le Canada, souhaitant se conformer aux Lignes directrices de l’OCDE en raison de son appartenance à cet organisme, a élaboré un ensemble de lois provinciales et nationales sur la protection de la vie privée et mis en place une solide infrastructure pour préserver la confidentialité des données transitant dans les organismes gouvernementaux. Reconnaissant la nécessité de donner accès à l’information tout en assurant la protection des données et la protection de la vie privée, le gouvernement fédéral a promulgué deux lois distinctes en 1983 : la Loi sur l’accès à l’information et la Loi sur la protection des renseignements personnels19. Avec l’augmentation de la quantité d’information conservée dans les bases de données et les systèmes informatiques des organismes gouvernementaux, des mesures de sécurité et de contrôle ont été incorporées aux cadres stratégiques dont nous avons précédemment parlé afin d’assurer une collecte et une gestion appropriées des renseignements personnels.
Quelles ont été les retombées de ces lois sur les organismes non gouvernementaux? Pourquoi les gestionnaires de documents œuvrant dans des secteurs non gouvernementaux devaient-ils connaître la Loi sur l’accès à l’information? Les documents qu’une organisation (p. ex., l’Armée du salut20) est tenue de transmettre au gouvernement fédéral sont conservés dans les bureaux des ministères du gouvernement canadien. Au moment de l’adoption de la Loi sur l’accès à l’information, il fallait donc que les gestionnaires de documents travaillant dans les milieux non gouvernementaux sachent, dans le cadre de leurs activités courantes de gestion des documents, quels documents étaient envoyés au gouvernement du Canada et quelles mesures avaient été mises en place pour contrôler l’accès et assurer la confidentialité des documents des tierces parties.
Renforcer activement la confidentialité des nouvelles technologies
La protection intégrée de la vie privée21
L’augmentation de la quantité d’information recueillie et stockée dans des systèmes informatiques et la nécessité d’assurer la confidentialité des données pour se conformer aux exigences législatives fédérales
et provinciales en matière de protection de la vie privée ont entraîné l’élaboration de directives et de mesures de contrôle.
L’Ontario a joué un rôle prépondérant dans le domaine de la protection de la vie privée tant au Canada que sur la scène internationale grâce aux travaux de Mme Ann Cavoukian, Ph. D., qui a occupé le poste de Commissaire à l’information et à la protection de la vie privée de l’Ontario de 1997 à 2014. Mme Cavoukian estimait (et estime encore) qu’au lieu d’envisager la protection de la vie privée comme un problème découlant de la technologie qui doit être résolu après coup, il fallait plutôt penser à intégrer des normes de respect de la vie privée dès la conception des infrastructures et des systèmes. En collaboration avec le Registratierkamer, l’organisme responsable de la protection de la vie privée des Pays-Bas, Ann Cavoukian a exposé ses idées dans un document paru en 1995 : Privacy-enhancing Technologies – A Path to Anonymity22 (technologies renforçant la protection de la vie privée une voie vers l’anonymat). Déterminée à faire du respect de la vie privée une pratique de gestion courante, Mme Cavoukian a créé le concept de privacy by design (protection intégrée de la vie privée). Cette démarche repose sur les sept principes suivants :
Prendre des mesures proactives et non réactives; des mesures préventives et non correctives;
- Assurer la protection implicite de la vie privée;
- Intégrer la protection de la vie privée dans la conception des systèmes et des pratiques;
- Assurer une fonctionnalité intégrale selon un paradigme à somme positive et non à somme nulle;
- Assurer la sécurité de bout en bout, pendant toute la période de conservation des renseignements;
- Assurer la visibilité et la transparence;
- Respecter la vie privée des utilisateurs.En 2010, le cadre conceptuel de la protection intégrée de la vie privée élaboré par Ann Cavoukian a été adopté comme nouvelle norme mondiale en matière de protection de la vie privée.
De nos jours, Mme Cavoukian poursuit ses travaux à l’Université Ryerson de Toronto où elle occupe le poste de directrice générale du Privacy and Big Data Institute. Ses travaux ont permis de mettre sur pied un programme en collaboration avec Deloitte Canada grâce auquel les organisations peuvent recevoir une accréditation de conformité si elles incorporent la notion de respect de la vie privée dans leurs pratiques quotidiennes et si elles respectent les sept principes de la protection intégrée de la vie privée.
Information et sécurité des données
Pour plusieurs d’entre nous qui avons commencé notre carrière en gestion des documents avant l’avènement des nouvelles technologies, le mot « sécurité » était synonyme de bureaux, de classeurs et d’espaces de travail verrouillés. Les classifications de sécurité étaient établies en fonction de la valeur opérationnelle de l’information au sein de l’organisation, qu’elle soit en format papier ou électronique. Les classifications de sécurité les plus courantes se déclinaient en données « confidentielles », « à diffusion restreinte », « à usage interne » et « non protégées ». Les organisations pouvaient adopter d’autres classifications selon le type de renseignements visés (p. ex., « très secret » et « secret » au sein des organismes gouvernementaux).
Avant la mise en place des contrôles de sécurité informatiques, des personnes spécifiquement désignées contrôlaient l’attribution des droits d’accès et de consultation de l’information disponible en ligne pour garantir que seules les bonnes personnes puissent accéder aux bons documents.
Puisque la majeure partie des ressources documentaires étaient gérées au sein même de l’organisation, il était plus facile de régler les problèmes liés à la sécurité physique. Avec l’arrivée progressive des systèmes automatisés, de l’infonuagique et d’Internet, la nécessité d’avoir recours à des mesures de contrôle a augmenté et les méthodes de mise en œuvre de ces mesures ont changé.
Les menaces actuelles
Nous entendons tous parler d’atteintes à la sécurité. En tant que gestionnaires des documents et de l’information, sommes-nous vraiment bien informés des risques auxquels sont exposés nos actifs informationnels?
La question de la sécurité de l’information n’est pas nouvelle. En 1986, reconnaissant que cette question touchait de près l’accessibilité et la confidentialité, le Secrétariat du Conseil du Trésor a mis en place la Politique sur la sécurité du gouvernement. Cette politique visait à « garantir que tous les renseignements et les biens classifiés et désignés du gouvernement fédéral soient protégés de façon appropriée [traduction] ».
Avec l’arrivée de l’Internet des objets, du mode PAP (prenez vos appareils personnels), des médias sociaux et de l’infonuagique, la sécurité de l’information devient une autre composante du cadre de la gouvernance de l’information. Des normes internationales telles que la norme ISO 27002 : Technologies de l’information Techniques de sécurité Code de bonne pratique pour la sécurité de l’information23 (l’une des normes qui encadrent la gestion et la sécurité de l’information figurant à l’annexe A) et des normes de sécurité sont élaborées dans le but de préciser les mesures, les pratiques, les procédures ou les mécanismes de contrôle de la sécurité qui peuvent :
- Assurer une protection contre les menaces;
- Réduire la vulnérabilité;
- Atténuer l’effet d’un incident indésirable;
- Détecter les incidents indésirables;
- Faciliter la reprise des activités.
La cybercriminalité est devenue le problème numéro un que les gouvernements tentent de résoudre. Quelle que soit la cible des cybercriminels, à savoir les gouvernements, les entreprises ou les individus, cette menace peut avoir de graves conséquences. Nous entendons parler de violations informatiques aux bulletins de nouvelles et nous nous demandons quels effets elles pourraient avoir.
Récemment TalkTalk, un fournisseur de services de téléphonie et d’accès Internet du Royaume-Uni, a été la cible de pirates informatiques qui ont réussi à accéder aux données des comptes clients. Pendant que nous étions en vacances au Royaume-Uni, nous avons entendu la conversation suivante dans un pub le jour suivant l’intrusion informatique : le tenancier du bar venait justement d’être informé que sa banque avait téléphoné pour l’aviser que des pirates avaient réussi à s’introduire dans son compte bancaire et avaient tenté de soutirer son argent à l’aide de renseignements personnels obtenus lors de l’intrusion dans les comptes de TalkTalk. Ce qui était intéressant à propos de ce cas particulier était que TalkTalk avait fait l’objet d’une vérification environ deux ans auparavant. Les enquêteurs avaient averti TalkTalk que ses systèmes n’étaient pas bien protégés, mais en dépit de cet avertissement, rien n’avait été fait pour augmenter le niveau de sécurité des systèmes de l’entreprise.
Le 3 janvier 2016, on pouvait lire ce qui suit sur le site Web de TalkTalk :
« Bienvenue chez TalkTalk
Nous renforçons en ce moment la sécurité de notre site Web. Il sera prochainement remis en ligne. Pendant les travaux, notre équipe de service à la clientèle est à votre disposition pour vous aider si vous avez besoin de renseignements concernant les forfaits suivants ou si vous souhaitez vous procurer un nouveau forfait. N’hésitez pas à communiquer avec eux [traduction]. »
Il ne faut plus prendre pour acquis que la sécurité des données relève du service des TI. La sécurité, la confidentialité et le traitement final de l’information sont des problèmes qui doivent être réglés par l’ensemble des services qui sont responsables de l’identification et de la protection de l’information organisationnelle. Il est aujourd’hui vital que le gestionnaire des documents et de l’information soit en mesure de comprendre les concepts et les enjeux en matière de sécurité de l’information.
La gestion des documents face à la technologie
Durant mon premier emploi à titre d’archiviste à la Toronto Harbour Commission, on m’a confié la responsabilité d’acheter un système de traitement de texte Wang et de découvrir comment il fonctionnait. C’était en 1978, c’est-à-dire quelque temps avant l’arrivée et l’adoption des ordinateurs personnels comme technologie standard dans le monde du travail. En 1984, j’ai été appelée à participer à l’élaboration d’une stratégie globale sur les technologies au sein de l’AGO en raison du poste de directrice de l’Administration et des archives que j’y occupais.
En 1989, dans le cadre de mes fonctions à titre de directrice de la Gestion des archives et des documents à la CIBC, j’ai collaboré avec le personnel affecté à la gestion des documents et de l’information pour choisir et installer un logiciel permettant de gérer l’entreposage et la disposition finale d’environ 400 000 boîtes au Centre de documents de Toronto. En plus de sélectionner un logiciel adapté aux besoins de notre service en gestion des documents, l’équipe a participé au choix d’un système d’imagerie pour l’entreprise et travaillé avec l’équipe des TI pour intégrer des règles de conservation lors de la mise au point des systèmes. Comprendre les tenants et aboutissants des nouvelles technologies et de leurs retombées n’était pas l’un des à-côtés agréables que me procurait mon poste, c’était une obligation.
Pendant plusieurs années, le refrain « le stockage ne coûte pas cher » a été entendu dans nombre d’organisations tandis que le flot d’information généré par les systèmes informatiques augmentait et que les efforts des services de TI se concentraient sur le déplacement des données réelles vers le stockage hiérarchisé plutôt que sur la détermination de la valeur opérationnelle de ces données. Gérer toutes ces données était compliqué. On ne s’en est donc pas soucié jusqu’à ce que la menace du passage à l’an 2000 se profile à l’horizon et que l’on commence à s’inquiéter du sort réservé aux anciens systèmes. À cette époque, la plupart des organisations se concentraient encore sur la gestion des documents papier. Les données informatiques étaient conservées à des fins de sauvegarde et de sécurité, ou pour assurer la reprise des activités dans l’éventualité d’une catastrophe. En raison de la transition des documents papier vers les données informatiques et du manque de politiques de conservation applicables aux anciens systèmes et à la sauvegarde des données, les services de TI se sont soudainement retrouvés avec des téraoctets de données stockées dont ils ne pouvaient pas disposer parce que personne ne savait ce qu’elles contenaient. Quel aurait été le risque encouru si ces données avaient été supprimées sans en connaître le contenu? Comment aurait-on pu justifier un tel geste devant un tribunal? D’un autre côté, toutes ces vieilles bandes magnétiques qui ramassaient la poussière dans des centres de données sans avoir subi de catalogage ou de traitement de conservation (rembobinage, transfert, etc.) entravaient considérablement l’administration de la preuve électronique. Il fallait que les responsables de la gestion des documents et de l’information prennent part à ce débat.
Définition d’exigences en matière de logiciels : l’apport des Canadiens
Le Canada et les Canadiens ont été des chefs de file dans l’élaboration de spécifications en matière de logiciels de gestion des documents. Ils ont aussi contribué à la mise au point de produits logiciels respectant ces spécifications. Les premiers travaux dans ce domaine ont commencé au Canada en 1983 dans le cadre du programme d’essais pratiques des systèmes de bureautique entrepris par le ministère des Communications et les Archives nationales du Canada. Ce programme, conçu pour étudier comment 70 utilisateurs reliés entre eux au moyen d’un réseau local créaient de l’information électronique, l’utilisaient puis en disposaient, a fourni d’importantes données de recherche qui ont permis de concevoir des solutions. De ces travaux découle la mise en place du Logiciel d’avancement de la gestion de l’information et des systèmes de bureautique (IMOSA), une initiative conjointe des Archives nationales du Canada, du Centre canadien de recherche sur l’informatisation du travail, du ministère des Communications et de Provenance Systems24. En 1990, à la suite des travaux réalisés dans le cadre du projet IMOSA, les Archives nationales du Canada ont publié un ensemble d’exigences fonctionnelles applicable aux logiciels de gestion de l’information électronique à l’échelle du gouvernement fédéral et connu sous le nom de FOREMOST (Gestion traditionnelle des documents pour les systèmes de bureautique).
Au moment où les spécifications canadiennes ont été préparées, les membres de la collectivité des documents électroniques au sein du Conseil international des archives travaillaient aussi à l’élaboration de telles spécifications. Bien qu’il soit difficile de dire si le Canada a été le principal artisan de la définition des exigences applicables aux logiciels de gestion électronique des documents, il est juste d’affirmer que les travaux entrepris dans le cadre du projet IMOSA étaient à l’avant-garde dans ce
domaine. D’autres projets d’élaboration de spécifications logicielles ont été entrepris ultérieurement en Australie, aux États-Unis et en Europe et continuent d’être améliorés de nos jours.
Solutions logicielles de gestion électronique des documents
Une fois de plus, le Canada a joué un rôle de premier plan dans la mise au point de logiciels de gestion électronique des documents. À la suite des travaux menés par le gouvernement fédéral canadien, Bruce Miller a fondé Provenance Systems en 1989 et conçu FOREMOST, un logiciel de gestion électronique des documents. En 2002, FOREMOST a été vendu à la firme Documentum (EMC) qui l’a intégré à son produit de gestion des documents. Par la suite, Bruce Miller a mis sur pied la firme Tarian Software et conçu le logiciel Tarian eRecord Engine, une solution de gestion électronique des documents de deuxième génération qui a été acquise en 2002 par IBM qui l’a intégrée à son produit Records Manager.
Partout dans le monde, les gestionnaires de documents connaissent OpenText et sa suite logicielle LiveLink. L’étude de l’évolution de ces produits, depuis leur conception jusqu’à nos jours, démontre tous les efforts d’innovation et de conception déployés par le Canada dans le domaine de la gestion électronique des documents. Dans la préface qu’il a rédigée pour l’ouvrage Open Text Corporation: Ten Years of Innovation25, Tom Jenkins, qui était alors le chef de la direction d’Open Text Corporation, déclare :
« Il est difficile de l’imaginer aujourd’hui, mais Open Text Corporation a commencé ses activités en 1991 sous la forme d’une petite firme de trois consultants issue des travaux menés à l’Université de Waterloo [traduction]. »
Alors qu’Internet n’en était qu’à ses premiers balbutiements, OpenText a conçu l’un des premiers moteurs de recherche pour Netscape et Yahoo. Comment la firme a-t-elle été amenée à œuvrer dans le domaine de la gestion des documents? Évolution ou révolution?
Avant l’incursion d’OpenText dans le domaine des moteurs de recherche, les ministères du gouvernement fédéral canadien faisaient face à des défis en ce qui a trait à la gestion de leurs dossiers physiques. Afin de combler les lacunes observées, un groupe d’entrepreneurs d’Ottawa a eu l’idée, en 1986, de mettre au point iRIMS, un produit de PS Software. En raison de l’environnement en mutation, iRIMS a élargi sa gamme de produits pour permettre le traitement des documents électroniques et physiques, et des images. En 1999, iRIMS a été acheté par OpenText et ses fonctionnalités intégrées dans la suite de produits logiciels dont l’évolution se poursuit encore aujourd’hui.
Où en sommes-nous aujourd’hui? Les technologies ayant évolué, les fonctionnalités de ces produits ont fait de même. Les fonctionnalités de gestion des documents ont été incorporées à un certain nombre de produits logiciels axés sur les actifs informationnels des organisations. Que l’entreprise appelle cette fonctionnalité « gestion des documents », « gestion de l’information » ou « gouvernance de l’information », en fin de compte, ces logiciels nous aident à gérer le cycle de vie des ressources documentaires, et à faire en sorte que les documents puissent être retrouvés, protégés, utilisés au moment voulu et supprimés conformément à la réglementation en vigueur.
L’administration de la preuve électronique
Dans toute organisation, les services juridiques ont toujours été des partenaires précieux pour les gestionnaires responsables des documents et de l’information, car ils facilitent l’intégration des nombreuses exigences juridiques et réglementaires au calendrier de conservation. Au cours des 15 à 20 dernières années, l’intérêt que les services juridiques et les cabinets d’avocats portent au domaine de la gestion des documents et de l’information n’a cessé de croître avec l’arrivée des documents électroniques et du rôle de ces documents en matière de litiges et d’administration des éléments de preuve sur support électronique.
En 2006, des modifications apportées aux règles fédérales de procédure civile des États-Unis ont introduit le concept d’electronically stored information (information stockée électroniquement). Il s’agit d’un nouveau type d’information pouvant être assujettie à l’administration de la preuve électronique en vertu de la règle no 34. Nombreux sont les gestionnaires de documents qui ont été sensibilisés aux retombées majeures découlant de ce nouveau concept. Aux États-Unis, les organisations ont commencé à se préoccuper du sort des données conservées dans les anciens systèmes informatiques et des bandes magnétiques de sauvegarde parce que ces données étaient assujetties à l’administration de la preuve électronique et qu’il arrivait que les organisations qui en étaient responsables n’eussent pas mis en place de programmes efficaces de conservation et de traitement final des documents dans le cours normal de leurs activités.
Avec l’avènement des nouvelles technologies, les défis liés à l’administration de la preuve électronique n’ont pas été limités aux États-Unis, bien que pour plusieurs d’entre nous, à titre de membres de l’ARMA International, les événements entourant The Sedona Conference et la modification des règles fédérales de procédure civile aient probablement été les premiers signes qui nous ont fait prendre conscience des liens existant entre l’administration de la preuve électronique et la gestion des documents. L’Ontario et d’autres administrations au Canada ont dû faire face à des défis similaires au chapitre de l’administration de la preuve électronique en raison de la prolifération des ordinateurs dans les milieux de travail.
En 2001, le procureur général et le juge en chef de la Cour supérieure de justice ont formé un groupe de travail sur l’administration de la preuve électronique. Ce groupe, qui était dirigé par le juge Colin Campbell de la Cour supérieure de justice de la région de Toronto, avait pour mandat d’examiner les pratiques existantes et de proposer des réformes. Le rapport du groupe de travail, qui a été publié en 2003, incluait deux recommandations qui ont contribué à étendre la portée de l’administration de la preuve électronique :
- Modifier les règles 30.01 et 31.01 afin d’inclure la définition de « données créées et enregistrées sur support électronique »;
- Élaborer des pratiques exemplaires au chapitre de la conservation des documents électroniques et de la portée, du coût et des méthodes d’administration de la preuve électronique.
L’administration de la preuve ne se limitait désormais plus aux documents papier. Par conséquent, on s’est une fois de plus penché sur les enjeux liés à la gestion électronique des documents et de l’information.
Les travaux de The Sedona Conference ont été déterminants dans les progrès réalisés au chapitre de l’administration de la preuve électronique, de la protection des données, de la protection de la vie privée, et de la gouvernance de l’information. Le Groupe de travail no1 de The Sedona Conference (GT1), où siégeaient notamment des représentants de la collectivité juridique des États-Unis et des membres de l’ARMA International, a concentré ses travaux sur l’élaboration de lignes directrices portant sur la conservation et la communication des documents électroniques et publié, en mars 2003, le document intitulé : The Sedona Principles; Best Practices Recommendations and Principles Addressing Electronic Document Production (les principes de The Sedona Conference : pratiques exemplaires, recommandations et principes relatifs à l’administration de la preuve électronique). Ces lignes directrices visaient à fournir des interprétations précises de la manière dont les organisations peuvent mettre en pratique les principes de The Sedona Conference lors de la préparation des litiges.
Susan Wortzman26, la première Canadienne à avoir assisté à une réunion de The Sedona Conference, a pris part aux travaux d’élaboration des lignes directrices relatives à l’administration de la preuve électronique en Ontario, ce qui a entraîné l’intégration des principes énoncés par ce centre d’études et de recherche aux lignes directrices ontariennes. En raison de sa participation aux travaux du GT1, Mme Wortsman a aussi été amenée à collaborer avec The Sedona Conference pour former le Groupe de travail no 7 (GT7 ou Sedona Canada), qui a élaboré les principes de Sedona Canada. Comme le mentionne le site Web de The Sedona Conference, le GT7 a été formé en 2006 et sa mission consistait à :
« Établir des principes prospectifs et des recommandations de pratiques exemplaires à l’intention des avocats, des tribunaux, des entreprises et des autres intervenants qui sont régulièrement confrontés aux problèmes liés à l’administration de la preuve électronique au Canada [traduction]. »
La première édition des Principes de Sedona Canada concernant l’administration de la preuve électronique27a été publiée au début de 2008 en anglais et en français. Cette publication a été immédiatement reconnue par les tribunaux fédéraux et provinciaux comme un guide faisant autorité pour les praticiens canadiens. Les règles de procédure civile de l’Ontario et les directives de pratiques qui sont entrées en vigueur en janvier 2010 y faisaient clairement référence.
En novembre 2015, la deuxième édition de The Sedona Canada Principles a été publiée et le Groupe de travail no 7, auquel peuvent participer les résidents canadiens intéressés, continue ses travaux sur l’administration de la preuve électronique et les enjeux en matière de gouvernance de l’information au Canada.
Le modèle de référence de la preuve électronique (EDRM)
Fondé en mai 2005, l’organisme EDRM28 a pour objectif de remédier au manque de normes et de lignes directives dans le domaine de l’administration de la preuve électronique. Les travaux menés par EDRM ont abouti à la publication, en 2006, de l’Electronic Discovery Reference Model (modèle de référence de la preuve électronique). Ce modèle sert à définir les étapes du processus de communication des éléments de preuve sur support électronique. La première étape de ce processus était la gestion des documents. En plaçant la gestion des documents en tête du modèle de référence, les auteurs ont souligné l’importance de gérer les documents conformément aux calendriers de conservation et aux pratiques opérationnelles en vigueur. Le postulat sous-jacent était le suivant : en gérant efficacement les ressources documentaires, il y aura moins de données à analyser intégralement en cas de litige. Ce processus évolutif comporte un aspect intéressant. Bien que la version de 2014 du modèle de référence place la gouvernance de l’information dans la première case du processus de communication de la preuve électronique, entre 2006 et 2016, le contenu de la première case a été progressivement modifié. Ainsi, on a remplacé la gestion des documents (version de 2006) par la gestion de l’information (version de 2007), puis par la gouvernance de l’information (version de 2014). Ces changements successifs illustrent l’évolution du milieu de travail et de la perception générale qu’ont les intervenants des documents, de l’information et de la technologie.
Le site Web de l’organisme EDRM décrit la gouvernance de l’information ainsi :
« Elle consiste à mettre de l’ordre dans vos ressources électroniques, depuis la création initiale des informations stockées électroniquement jusqu’à leur traitement final, en vue d’atténuer les risques et les coûts découlant de problèmes liés à l’administration de la preuve électronique [traduction]. »
L’administration de la preuve électronique ainsi que les responsabilités et les risques associés à une gestion inadéquate de l’information sont à l’origine des changements de perception adoptés par les organisations envers leurs actifs informationnels. Alors, comment la gestion des risques s’inscrit-elle dans ce processus et comment pouvons-nous évaluer nos risques informationnels?
Évaluation des risques et stratégies opérationnelles
En vue de protéger adéquatement leurs activités, les organisations analysent plusieurs types de risques différents. Il peut s’agir notamment de risques de nature générale, de risques opérationnels ou de risques financiers. Il est habituellement possible de les définir et de les quantifier pour en faciliter l’évaluation. Derrière ces risques, on retrouve des documents et des données qui relatent en détail les activités et les décisions de l’organisation.
Nous avons tous, à un moment quelconque, soumis une demande de carte de crédit, de prêt personnel ou de prêt hypothécaire. Les institutions financières examinent soigneusement nos antécédents en matière de crédit avant d’accepter ou de refuser notre demande. Elles évaluent le risque financier que nous représentons pour elles. Ces décisions sont fondées sur des ensembles de critères, des modèles d’évaluation et diverses méthodes de pondération des résultats. Tous ces éléments sont quantifiés et font partie du cadre de gestion des risques de l’institution financière. Pour prendre une décision, le personnel de l’institution financière nous fait remplir une demande de prêt qui est ensuite analysée et transmise dans un rapport qui documente la décision prise. Cette documentation, quel que soit son format, constitue l’historique de la transaction. Jusqu’à quel point les documents relatant l’analyse du risque sont-ils importants pour l’organisation?
Lorsqu’il s’agit de nouvelles technologies, l’analyse du risque porte sur tous les aspects de leur mise en œuvre : quels sont les facteurs de risque pouvant avoir une incidence sur le projet? Quelles seront les conséquences si l’un de ces facteurs de risque se concrétise? Comment peut-on minimiser les conséquences et réduire les risques? Les documents produits durant l’analyse du risque appuient les décisions prises et fournissent un mécanisme de suivi pendant le projet.
Ceux d’entre nous qui ont mis en place des programmes de protection des documents essentiels dans le cadre de plans de continuité des activités ont eu l’occasion d’évaluer la valeur des documents de
l’organisation et de soupeser les risques auxquels ils sont exposés (p. ex., un désastre naturel, des dommages matériels à la suite d’un incendie ou d’une fuite d’eau, des dommages découlant d’un vol de données ou d’un sabotage du système). Nous avons eu la possibilité d’étudier les incidents pouvant survenir et leur fréquence, d’analyser divers scénarios et de déterminer les types de documents enregistrés qui représentaient un risque élevé pour l’organisation en cas de perte ou qui étaient considérés comme essentiels en cas d’une reprise des activités après une catastrophe.
En raison des grandes quantités de données créées et enregistrées dans les lieux de travail, les organisations adoptent progressivement une approche de gestion des documents axée sur les risques.
Cette approche est décrite par Victoria Lemieux, Ph. D., dans Managing Risks for Records29. Elle y présente deux approches d’évaluation des risques applicables à la gestion des documents et de
- La première approche est fondée sur les événements, comme celle utilisée habituellement pour recenser les risques dans les programmes de protection des documents essentiels;
- La deuxième approche est fondée sur les exigences propres aux documents et à l’information.
Dans la deuxième approche, Mme Lemieux suggère de fonder l’évaluation du risque sur la valeur que les documents représentent pour l’orientation stratégique globale de l’organisation plutôt que sur les événements. Il en résulte une approche interfonctionnelle, multidisciplinaire de la gestion des risques informationnels. Elle suggère d’intégrer l’administration des risques liés à la gestion des documents et de l’information à la fonction globale de gestion des risques, c’est-à-dire à tous les aspects de
l’organisation, que ce soit au niveau des activités, de la formation, du développement stratégique ou de la préparation du budget, plutôt que d’en faire une activité distincte et autonome du programme de gestion des documents. Le livre de Mme Lemieux expose en détail les deux approches et fournit des exemples des conséquences que peut entraîner une gestion inadéquate des risques liés aux documents et à l’information. Le tableau suivant énumère certaines de ces conséquences :
À l’instar des autres composantes du cadre de la gouvernance de l’information que nous avons abordées jusqu’ici, la gestion des risques fait partie intégrante des activités et des ressources (telles que l’ouvrage de Victoria Lemieux) qui sont disponibles pour faciliter la transition d’une vision traditionnelle centrée sur les documents essentiels et leurs risques à une approche axée sur les risques globaux de l’organisation. Les professionnels de la gestion des documents et de l’information doivent comprendre ce concept afin d’être capables de prendre part aux échanges au sein d’une équipe interfonctionnelle.
L’évolution des compétences
Alors, comment pouvons-nous déterminer les connaissances dont nous avons besoin pour réussir en tant que professionnels en gestion des documents et de l’information, ainsi qu’en gouvernance de l’information, si notre environnement change constamment? Lorsque la profession de gestionnaire de documents a commencé à changer dans les années 1990, on a distinctement ressenti le besoin de préciser les activités associées à cette profession. L’étude des codes de classification des professions du gouvernement fédéral démontre qu’il n’existait pas de catégorie distincte pour les gestionnaires de documents parce que la profession elle-même n’était pas vraiment bien définie. Les avocats, les médecins et les dentistes possédaient des ensembles de compétences et d’aptitudes bien définis, mais rien de tel n’existait à cette époque pour les gestionnaires des documents et de l’information en Amérique du Nord.
Modèle de compétences de l’AABDG
En 1994, l’ARMA Canada a participé à un projet mis de l’avant par Développement des ressources humaines Canada (DRHC). Intitulé l’Alliance des archives, des bibliothèques et de la gestion des documents (AABGD)30, ce projet regroupait des représentants issus de trois domaines professionnels et avait pour but d’examiner les défis vécus par le secteur des ressources documentaires31 en matière de développement des ressources humaines. Dans la Trousse de travail des spécialistes en gestion de ressources d’information dans les domaines des archives, de la bibliothéconomie et de la gestion documentaire32, l’AABDG est décrite comme étant :
« unique parce qu’elle regroupe trois domaines professionnels (bibliothéconomie, archives et gestion des documents). De plus, elle a commencé à démontrer les avantages qu’apporte la collaboration entre ces trois professions en cernant leurs besoins communs en ressources humaines et en y répondant [traduction]. »
Les groupes se sont réunis pendant environ cinq ans et ont créé non seulement un ensemble de compétences détaillées, mais aussi des trousses de travail pour appuyer l’utilisation de ces compétences. L’ensemble de compétences défini par l’AABGD33 comprenait sept compétences professionnelles soutenues par trois ensembles généraux d’habiletés et il définissait les activités clés de la gestion des ressources documentaires. Les membres des comités représentant les trois professions ont convenu que les bibliothécaires, les archivistes et les gestionnaires de documents:
- Conçoivent et maintiennent des programmes et des services;
- Acquièrent des ressources documentaires et en disposent;
- Élaborent un cadre d’accès aux ressources documentaires;
- Fournissent des services de référence et de recherche ainsi que des conseils;
- Fournissent des services par voie électronique;
Conservent et protègent les ressources documentaires. Ces professionnels doivent aussi posséder :
- Des habiletés en administration et en gestion;
- Des habiletés en relations interpersonnelles;
- Des habiletés personnelles.
L’ensemble de compétences de l’AABDG était utilisé pour recruter, sélectionner, former et évaluer le personnel en plus de soutenir l’élaboration des programmes de formation en gestion des documents et de l’information. Ces compétences étaient sans doute en avance sur leur époque en raison de la collaboration existant entre ces trois groupes professionnels.
Étions-nous les seuls à élaborer des modèles de définition des compétences? Sûrement pas. Étions-nous des chefs de file dans l’application de ce processus? Oui, nous l’étions.
Modèles de compétences de l’ARMA International34
Le premier ensemble de modèles de compétences élaboré par l’ARMA International en 2007 se concentrait sur les compétences en gestion des documents et de l’information. Il différait des
compétences définies par l’AABDG du fait qu’il divisait les compétences en quatre niveaux, depuis le praticien débutant jusqu’au cadre supérieur, et en six domaines correspondant :
- Aux fonctions de gestion;
- Aux pratiques en gestion des documents et de l’information;
- À la gestion des risques;
- Aux communications et au marketing
- Aux technologies de l’information;
- Au leadership.
Pendant la période marquant la transition de la gestion des documents à la gestion de l’information,
l’Office des normes générales du Canada (ONGC) a publié la norme CGSB-192.2-2009 : Compétences des membres de la collectivité de la gestion de l’information d gouvernement fédéral, dont le format diffère de ceux de l’ARMA et de l’AABDG. Au moment de la rédaction du présent article35, une révision de la norme avait été proposée, mais n’a pas été entreprise par manque d’intérêt. Cette norme peut encore être consultée sur le site Web de l’ONGC.
L’ARMA International a entrepris d’élargir son offre de services à ses membres et d’y inclure la
gouvernance de l’information. L’organisme a conçu le programme d’agrément Information Governance Professional (IGP professionnel en gouvernance de l’information) en 2012. L’ARMA International
décrit le rôle d’un professionnel en gouvernance de l’information comme suit :
« Un professionnel agréé de la gouvernance de l’information (IGP) conçoit et supervise des programmes destinés à régir les actifs informationnels de l’entreprise. Il établit un partenariat avec l’entreprise pour favoriser l’innovation et lui donner un avantage concurrentiel, tout en assurant l’harmonisation stratégique et opérationnelle des divers objectifs de l’entreprise (activités, affaires juridiques, conformité et technologies). Il supervise un programme qui
soutient la rentabilité, la productivité et l’efficacité de l’organisation et qui la protège [traduction] »
À l’appui du titre professionnel IGP, l’ARMA International a élaboré un ensemble de compétences qui complète sa liste initiale de compétences en gestion des documents et de l’information et qui énonce les habiletés que doit posséder le titulaire de ce titre, à savoir la capacité à:
- Gérer les risques liés à l’information et la conformité;
- Élaborer un plan stratégique de gouvernance de l’information;
- Élaborer un cadre de gouvernance de l’information;
- Établir un programme de gouvernance de l’information;
- Réaliser l’intégration opérationnelle de la gouvernance de l’information et à la superviser;
- Harmoniser la technologie au cadre de la gouvernance de l’information.
En ce qui concerne la définition du contenu d’un éventuel programme en gouvernance de l’information, cette liste de compétences offre un aperçu des activités qu’aurait un tel programme en énumérant les domaines abordés ainsi que les connaissances et les habiletés requises. Ces compétences peuvent aussi aider les professionnels en gestion des documents et de l’information à déterminer leurs besoins en perfectionnement professionnel, à élaborer un cheminement de carrière et à découvrir des possibilités de formation.
Je crois personnellement que la gouvernance de l’information constitue une réponse à un environnement de travail en évolution, qui a été fortement transformé par les technologies et qui exige une collaboration entre plusieurs groupes pour assurer la cohérence de la gestion documentaire et réduire la duplication des efforts. Les ensembles de compétences des professionnels en gestion des documents et de l’information se sont enrichis et étendus, tout comme ceux d’autres spécialistes dans
les domaines du droit, de la protection de la vie prive, de la gestion des risques et des technologies. Tous doivent collaborer pour apporter des solutions à l’échelle de l’organisation parce que les enjeux actuels dépassent largement le cadre des responsabilités de chacun des services de gestion.
Regard vers l’avenir : rôles et responsabilités
En examinant la gouvernance de l’information dans sa globalité, il est clair que les actifs informationnels en sont l’élément commun et qu’il faut un cadre de gouvernance de l’information pour garantir, entre autres, le respect de la conformité. Toutefois, contrairement à la gestion des documents qui a traditionnellement été la chasse gardée d’un groupe de personnes désignées, les enjeux liés à la gouvernance de l’information sont plus complexes et exigent l’apport de différents groupes, apport qui variera selon les besoins et les préoccupations exprimés :
- Le responsable de la protection de la vie privée s’assure que les renseignements personnels sont recueillis, utilisés et éliminés conformément à la législation en vigueur.
- Les services juridiques ou le cabinet d’avocats vérifient que les clients internes et externes sont informés des enjeux liés à la conservation et à l’administration de la preuve électronique. Au cours des dernières années, l’augmentation des coûts associés aux recherches de données nécessaires pour soutenir les recours en justice a contribué à sensibiliser davantage lesintervenants aux avantages qu’offre la mise en place d’une gouvernance de l’information efficace dans le cours normal des activités de l’organisation.
- Le service des TI surveille tous les systèmes ainsi que les données qu’ils produisent et qui y sont conservées. Il assure leur sécurité et leur accessibilité tant et aussi longtemps qu’il le faut au moyen de la gestion active des données et de méthodes de conservation et de préservation numériques qui tiennent compte des changements en matière de logiciels et de matériel.
- Les responsables de la gestion des documents et de l’information fournissent des lignes directrices, des normes, des politiques et des procédures, et veillent à ce que l’information soit gérée adéquatement depuis sa création jusqu’à son traitement final.
- Les employés sont maintenant beaucoup mieux informés du rôle des actifs informationnels et des répercussions de la technologie. Ils s’attendent toutefois à ce que la gestion de ces actifs soit transparente afin qu’ils puissent obtenir ce dont ils ont besoin pour effectuer leurs tâches quotidiennes. Toute mesure qui fait de la gestion de l’information un fardeau pour l’utilisateur sera rejetée.
Dans le même ordre d’idée, voici une matrice RACI (responsabilité des exécutants, autorité du dirigeant, consultation avec les conseillers et information des parties dépendantes) qui a été préparée par l’Information Governance Initiative à partir des commentaires que l’organisme a reçus durant son enquête :
Les responsabilités d’une personne au sein d’une organisation dépendent du type d’organisation où elle travaille ainsi que des objectifs opérationnels stratégiques, des activités et de l’environnement réglementaire de l’organisme. Comme mon père le disait souvent : « si vous savez où vous allez, il y a plus d’un chemin qui vous y mènera ». C’est la même chose en gouvernance de l’information. Cependant, la réussite d’un programme dépend aussi des efforts déployés par ses champions et l’équipe interfonctionnelle qui en est responsable, et ces personnes doivent être soutenues par des outils et des technologies appropriées.
Il y a quelques années, lors d’une conférence de la National Association of Government Archives and Records Administrators (NAGARA) tenue à Sacramento, en Californie, l’animateur d’une séance d’information a suggéré aux archivistes et aux gestionnaires de documents de modifier leur discours afin que les auteurs des documents cessent d’entrevoir leur secteur d’activité comme un milieu parsemé d’embûches et de jargon et le perçoivent plutôt comme un secteur attirant auquel ils pourront s’identifier. Nous sommes sûrement sur la bonne voie!
Il n’y a aucun doute que la gouvernance de l’information, quel que soit le nom qu’on lui donne, sera appelée à jouer un rôle essentiel dans l’élaboration de la position stratégique de l’organisation en raison de l’importance des enjeux liés aux actifs informationnels de l’organisation, c’est-à-dire la protection de la vie privée, l’administration de la preuve électronique, la gestion des risques liés à l’information, le respect de la conformité et la valeur opérationnelle de l’information.
La gestion des documents n’est pas un phénomène du passé. Elle a simplement changé. Les organisations ont encore besoin de gérer leurs documents puisqu’ils constituent et justifient leurs activités et leurs transactions. Pour que les documents (ou les données, l’information, le savoir, etc.) soient utiles à l’organisation, ils doivent être gérés tout au long de leur cycle de vie. Le débat pour définir ce qu’est la gouvernance de l’information et qui en est responsable va se poursuivre tandis que nos fonctions continueront d’évoluer. Chaque organisation concevra et mettra en œuvre des programmes fondés sur son orientation stratégique, ses ressources et ses exigences individuelles en matière de gestion des risques et de conformité. Le principal changement à effectuer consiste à former des équipes interfonctionnelles en vue de résoudre les problèmes au moyen d’une approche globale, à l’échelle de l’organisation, au lieu d’une approche compartimentée, au niveau de chaque service.
Nous disposons aujourd’hui d’un riche ensemble de travaux qui ont été réalisés au Canada par des professionnels de la gestion des documents qui ont réussi à surmonter progressivement les défis posés par les nouvelles technologies. Nous avons acquis une solide tradition comme chefs de file en gestion des archives, des documents et de l’information. Nous devons tirer des leçons de cette tradition et les utiliser à notre avantage. Nous devons également prêter attention aux recherches en cours pour déterminer nos orientations futures et nous préparer aux défis à venir. Nos collègues canadiens continueront de tracer la voie de différentes façons et nous aideront à parfaire nos connaissances professionnelles.
Comme je l’ai mentionné au début de cet article, il ne s’agit pas d’une étude exhaustive sur ce sujet et j’ai sûrement oublié d’aborder certains thèmes ou de présenter certaines personnes. Je m’en excuse. Il reste beaucoup de matière à couvrir. Je vous invite donc à préparer un article qui pourra être publié prochainement par l’ARMA Canada. J’espère que vous serez nombreux à prendre la relève et que vous contribuerez, vous aussi, à rendre le futur visible!
Annexe A : normes ISO
Technologie de l’information
ISO/IEC 20000-1:2011 Technologie de l’information – Gestion des services – Partie 1 : Exigences du système de management des services
ISO/IEC 27014:2013 Technologie de l’information – Techniques de sécurité – Gouvernance de la sécurité de l’information [en anglais seulement]
ISO/IEC 38500:2015 Technologies de l’information – Gouvernance des technologies de l’information pour l’entreprise [en anglais seulement]
Gestion de l’information
ISO 30301:2011 Information et documentation – Systèmes de gestion des documents d’activité – Exigences
ISO 15489-1:2001 Information et documentation – « Records management » – Partie 1 : Principes directeurs [en révision]
ISO 16175-1:2010 Information et documentation – Principes et exigences fonctionnelles pour les enregistrements dans les environnements électroniques de bureau – Partie 1 : Aperçu et déclaration de principes [en anglais seulement]
ISO/TR 17068:2010 Information et documentation – Référentiel tiers de confiance pour les enregistrements électroniques [en anglais seulement]
ISO/TR 18128:2014 Information et documentation – Évaluation du risque pour les processus et systèmes d’enregistrement
ISO 23081-1:2006 Information et documentation – Processus de gestion des enregistrements – Métadonnées pour les enregistrements – Partie 1 : Principes
ISO/TR 26122:2008/Cor 1:2009 Information et documentation – Analyse des processus pour le management de l’information et des documents [en anglais seulement]
Notes en fin de texte
Les adresses URL suivantes ont été vérifiées le 15 février 2016.
1L’Atlas canadien en ligne http://www.canadiangeographic.ca/atlas/themes.aspx?id=connecting&sub=connecting_technology_wireless&lang=Fr
2Voir Gil Press: Forbes – http://www.forbes.com/sites/gilpress/2013/05/09/a-very-short-history-of-big- data/#3ad2a6f555da
6Prendre note que la société Gartner, comme beaucoup d’autres organisations, utilise le terme « archivage » pour désigner le transfert des documents inactifs dans des lieux ou sur des supports moins dispendieux. Pour les personnes travaillant dans ce domaine, l’utilisation de ce terme porte à confusion lorsqu’il s’agit de déterminer quelle est l’infime partie (5 %) de l’ensemble des documents d’une organisation du secteur privé ou public qu’il faut conserver à long terme pour constituer sa mémoire institutionnelle.
7TSC a été fondé en 1997 par Richard G. Braman. Il s’agit d’un organisme sans but lucratif, constitué en vertu de l’article 501(c)(3), qui se consacre à la recherche, à l’enseignement et à l’étude avancée du droit et des politiques dans les domaines de la législation antitrust, des lois complexes et des droits de propriété intellectuelle.
8Images illustrant le cadre de la gouvernance de l’information
10William Benedon a été président de l’American Records Management Association et le rédacteur en chef du Records Management Quarterly. Il a reçu le prix Emmett Leahy en 1968 pour sa contribution exceptionnelle en gestion des documents.
11Prentice-Hall, Inc. 1969
12Un terme popularisé dans les années 1980 et 1990 lorsque les ordinateurs personnels se sont répandus dans les milieux de travail.
13Comme dans d’autres programmes des Archives nationales où les questions entourant la préservation des données à des fins de référence historique et de recherche constituaient une préoccupation majeure, en plus de la préservation des documents historiques sur papier.
14“Information: To Share Or Not To Share? The Information Governance Review”
16Le Dr Vale est plus tard devenu le chef de la Direction de la gestion de l’information du gouvernement de l’Ontario.
19Correspond aux principes énoncés dans le document Lignes directrices régissant la protection de la vie privée et les flux transfrontières de données de caractère personnel qui a été publié par l’Organisation de coopération et de développement économique (OCDE) et qui a été entériné par le Canada en 1984.
20Cela comprend les documents contenant des renseignements personnels.
21Le concept a été élaboré par Ann Cavoukian, Ph. D. afin « d’intégrer la notion de protection de la vie privée au cœur même des technologies [traduction] ». https://www.ipc.on.ca/french/privacy/introduction-to-pbd/default.aspx
23Remplace la norme ISO 17799
24Provenance Systems a été fondée en 1989.
25Publié en 2001 par Open Text Corporation. Le nom Open Text est devenu OpenText (un seul mot) depuis que ce livre a été publié. L’auteure a utilisé le nom qui était en usage à ce moment-là.
26Susan Wortzman est la fondatrice de Wortzmans, une société qui est établie à Toronto, en Ontario. http://www.wortzmans.com
28EDRM regroupe 400 organisations, dont 195 fournisseurs de services et de logiciels, 88 sociétés, 76 cabinets d’avocats, 24 organismes gouvernementaux, 12 établissements d’enseignement et 5 groupes industriels, qui sont concernées par les questions de gouvernance de l’information et d’administration de la preuve électronique.
29Lemieux, Victoria. Managing Risks for Records and Information, Lenexa, KS; ARMA International, 2004
30Le comité était formé de membres de l’ARMA International, du CCA, de l’AAQ, de l’ACA et d’autres associations représentants différents types de bibliothèques de l’ensemble du Canada.
31Le titre « secteur des ressources documentaires » a été choisi dans le but de refléter les éléments communs de ces trois domaines professionnels (bibliothèques, archives et gestion des documents).
32Publié en août 2002 par le Conseil des ressources humaines du secteur culturel
A CONTENT ANALYSIS OF INFORMATION IMPACT: PROFESSIONALISM or NOT – A CRITICAL TWENTY-FIVE YEAR REVIEW
By: John Bolton, MA, MLS
During the late 1980’s and into the early 1990’s, the field of activity known as Records Management, later to become Records and Information Management or RIM, experienced a debate concerning whether or not RIM was, or could be at some later time a “profession,” similar to that of groups such as doctors, engineers or lawyers. This debate manifested itself in the literature of the time by asking and responding to some question along the lines of: “Is RIM a Profession?” That literature defined the term “professional,” outlined what fundamental requirements were necessary to qualify a field of study as professional, and did as well try to identify where records management was, at that point in history, along the road to achieving the status of being a true profession (see Pemberton and Pendergraft, 1990). Moreover, from that literature a reader could be lead to believe that RIM, if not exactly a profession at that point in time, was at least close to reaching that goal. Plus, while no firm timeline for the goal was stated, that literature talked vaguely in terms of years or a few decades for the goal to be achieved.
An example of how significant the term “professional” had become by the late 1980’s period can be seen by examining the January, 1988 issue of the Records Management Quarterly published by the Association of Records Managers and Administrators (ARMA International or ARMA). That particular volume issue contained the “Cumulative Index to the Records Management Quarterly 1967-1987,”
which included a listing of all their published articles by subject matter. On examination, while there was no specific subject heading for the term “Professionalism,” the index did reference thirty articles under
the term “Professional Organizations,” as well as, forty-one articles under the “see also” subject term
“Information Professions.” At first glance these numbers may not seem significant however, to counter them the very important records management subject terms of “Disposition” referenced only nine articles, while the term “Vital Records Management” referenced only twenty-four articles.
This example is not offered as overwhelming proof that the records management world at that time was deeply embroiled in some identity struggle, but rather as just a simple mechanism to point at where some of the “thinking” was during that period. Pemberton (1993) said that a discipline was a field of study and a profession was something elevated by society. So, given a duration of over twenty-five years has passed since the late 1980’s, the question is, “Did it happen?” Did RIM move forward? Did records management or RIM, reach the lofty goal of a true “profession?” One that is equal in public recognition, with that of an engineer or physician. This paper offers an attempt at addressing these questions through an in depth examination of information content published by ARMA.
During that late 1980’s the author both joined the ARMA International organization, and became interested in the topic of whether or not RIM could reach the goal of a true profession. At that time, the author worked for a civil engineering company as their Librarian/Records Manager. While in that position the company bid on a large and complex engineering opportunity. That opportunity was to require adherence to the ISO 2000 Quality Control standards which were very specific concerning documentation, its capture, control and maintenance. In bidding for that work, the company applied for some insurance, and added the author’s name and qualifications (a Master’s degree in Library and Information Studies, plus partial completion of the CRM designation requirements), along with various kinds of engineers, as the professionals who would carry out all the work related duties during the project. While all the engineers and the company accountant were accepted under the terms of the insurance underwriter, it was to the embarrassment and chagrin of the author that he was refused insurance because his education and CRM credentials did not quality in what the insurance people considered to be a “professional.” This factor was not the reason why the company did not win the project but it did cause the company to view their Librarian/Records Manager as “office” staff, rather than part of the organization’s “professionals.”
This bit of personal history is told to help “set the stage” so to speak. The author would believe that over his career he was a professional. That he conducted himself as a professional, and produced professional level work. Further, having achieved the CRM designation, and managed to have some of his work published, the author, like many of his RIM colleagues, had a deep interest in seeing his chosen field of endeavor attain that lofty goal of a true profession. The experience became a personal driver to try and help the RIM profession reach its goal. Thus, this personal experience forms some of the background to why this work was undertaken.
Beyond that personal story, there were four other drivers behind this paper. Or, said differently, there were four questions that the author felt were unanswered, and shouldn’t be. These four questions are as follows.
Question 1: Why would people working in RIM feel that the field of study should have a “peer- reviewed journal” for the publishing of scholarly works; but, that they would gain no particular benefit from the availability of such a professional journal?
This question gains its origin from an ARMA International Education Foundation research survey (see Force and Shaffer, 2013). That survey asked ARMA members for their opinions concerning whether or not RIM would should have a peer reviewed journal. While the survey found data to support the idea that a peer-reviewed journal should exist, it also found the disturbing news that those surveyed also felt that they would personally gain nothing from the existence of such a professional journal. These two findings appear to be at opposite ends of the pole, and pose more questions around why. This work is an attempt, to a degree, to take a kick at addressing the AIEF findings.
Question 2: Why did a RIM audience seem shocked at the use of content analysis as an approach to analyzing published RIM materials? Or, stated differently, had the RIM audience ever been exposed to this level of professional media analysis, and if not, why?
In April 2014, the author gave a presentation to a RIM (ARMA Vancouver Chapter) audience in
Vancouver, British Columbia. That presentation was developed to speak to the topic of the “Information Landscape.” As part of the presentation a graphic was offered which the audience found interesting and to a certain extent shocking. The graphic identified some characteristics of shifting content type found in ARMA RIM publications. While the specific graphic does not bear on this work, the approach used in developing the graphic does. That approach was “content analysis,” a mechanism used in analyzing media. Since the Vancouver audience seemed taken aback by the graphic produced via content analysis, the author was left wondering why.
Question 3: What has happened to RIM? Or, what was/is the status of RIM in its march towards reaching the goal of a profession?
The third question concerns “time and status.” As stated above during the 1980’s and 1990’s, RIM experienced a discussion on the topic of whether or not the goal of “profession” was or could be achieved. Given that a period of a quarter of a century had passed one was left to wonder, what happened? If RIM achieved the goal, had there been some sort of announcement? And if we hadn’t made it; why not? Since the author believed he had been paying attention, no announcement came to mind. Thus, while the word “professional” was certainly being used in the RIM industry and literature, the author wondered if that community had been under some sort of false impression. This idea of a false impression was prickly to accept, so the outstanding question(s) needed to be answered.
Question 4: Given what the author understood and had experienced over twenty-five years, he was unsure about RIM’s status as a profession, and in fact, was of the impression that the boat not only hadn’t sailed, it had never really left the dock. So, was the author right or wrong in this impression?
Also as background to this work a need exists for an explanation about what the nature of a profession is, and how one gets that status. According to Greenwood (1966), certain elements are necessary to distinguish professionalization. These include: the development, presence and research for new Systematic Theory; a sense of Autonomy, i.e. only a doctor is trained to perform surgery; Community Sanction, i.e. doctors are recognized everywhere as being highly educated and dedicated to their Hippocratic Oath to provide healing to the sick; that a Code of Ethics exist which members adhere to, and which some “professional body” oversees, monitors and deals out penalties where breach of code is found; and last a Culture needs to exist, i.e. the body should have a language which it uses commonly, an approach to how it works, plus an attitude to how it operates and presents itself. Millerson (1964) felt that a profession could also be described by saying it was a non-manual occupation, had a recognized occupational status, had a well defined area of study or concern, provided a definite service, and came, to individuals, after advanced training and education. Here, for this work and for RIM people in general, this idea of an advanced training and education are key factors. Here is why.
Greenwood (1966) also suggested that, “because understanding of theory is so important to professional skill, preparation for a profession must be an intellectual as well as practical experience.” And he went on to say, “orientation in theory can be achieved best through formal education in an academic setting.” So from this we are led to understand that education to a higher degree level is basically a prerequisite for becoming a professional. But where is this “higher degree level” of education in our RIM world?
Frankly, it basically does not exist. Clearly, undergraduate and graduate (Masters and in some cases Doctoral) level degrees do exist, but they are not in RIM. Rather those degrees are in Library Science (sometimes called Library and Information Science), Archival Studies, and degrees in Information Technology or Computer Sciences.
Berenika Webster (1999), wrote in the ARMA Information Management Journal that, “Records Management is undergoing the process of professionalization by acquiring some of the (needed) characteristics, i.e. formal education to a degree level, existence and strengthening of professional organizations, foundation and development of professional literature, increased research activity supplying the discipline with new theoretical frameworks, and new knowledge to deal with issues of technological development.” While Webster’s words made for good positive oriented reading and which could have lead a reader at the time to believe that movement towards professionalization was being made, things were happening and the goal of becoming a profession was within reach, the examples in support of her argument were actually weak. The existence and availability of formal advanced degree programs she mentioned did not really exist beyond a couple of remote examples (i.e. UK and Australia). Further, while she offered the existence of ARMA, as well as some other RIM oriented organizations those bodies weren’t in fact “strengthening.” For example, ARMA’s membership has not really increased over the last twenty-five years, and the Records Management Association of Australia (RMAA) joined with a smaller Southeast Asian group to help remain operational. There is no question that the body of RIM literature has increased, but where, regardless of the AIEF and its work, is the body of research activity supplying the discipline with its own distinct new theoretical frameworks that were mentioned? Plus, while it is agreed that new knowledge has come along to deal with issues of technological development, RIM was likely not the primary supplier of that knowledge. Therefore, where was this advancement, this process towards professionalization that Webster spoke of?
When Webster wrote her 1999 article she credited Dr. J. Michael Pemberton (with Lee O. Pendergraft, 1990) for his early work published by ARMA where he described what it took to be a profession as well as describing what RIM would need to accomplish to reach such a goal. But, in 1990, some nine years before Webster’s article was published, Pemberton spoke at the ARMA conference in San Francisco. At that time he, “criticized RIM practitioners dislike of matters theoretical, and claimed that without theoretical foundations, there could be no meaningful research effort, and without research we have only hearsay, conjecture, anecdote, and possibly propaganda.”
These questions, along with the author’s personal experiences and interests, formulated the background leading to the research outlined in this work. Ultimately, the reporting of the findings and conclusions from the research was conducted via a PowerPoint presentation by the author at the ARMA Canada conference, held in Calgary, Alberta, Tuesday, May 26, 2015, Session T-24 (see Bolton, 2015). That presentation to a group of ARMA Canada members raised an interest by some of those people in taking
some action that would bring about change. Specifically, their interest was aimed at improving the level of Canadian authorship and content through some mechanism. The mechanism subsequently formulated was to be a website, (to be) hosted by ARMA Canada, providing a place where future scholarly RIM oriented materials could be posited, cited and referenced by future users.
The methodology applied in conducting the research discussed in this work had four components. These included a background search of relevant RIM literature, gathering data to support an investigation of the outstanding questions, analysis of the gathered data, and finally the identification and formulation of observations, findings and conclusions resulting from that analysis. The original reporting of those observations, findings and conclusions was, as mentioned above, conducted via a conference PowerPoint presentation leading eventually to this paper (see Bolton, 2015).
In reference to the author’s conduct of the literature search it is important for the author to acknowledge that the review of literature was not exhaustive. And, for the purpose of the original 2015 Calgary conference presentation, the author conducted only sufficient literature search to provide evidence and credence to support the theme of his presentation. At the time, an exhaustive literature search was unwarranted since the work was not undertaken to be exhaustive and or scholarly in the sense of post graduate effort. Nevertheless, the author did use the Internet to conduct a search of any posted work, and searched the ARMA publications for anything of a relevant or similar nature. To that end, not much of a similar nature was found. Which, to a certain extent addresses one of the outstanding questions concerning why a Vancouver RIM audience seemed a bit shocked with the approach presented. The literature search seemed to support their being shocked because they were so unfamiliar with the idea and/or application of content analysis in their RIM world. Certainly it was not because that Vancouver audience was uneducated and/or unsophisticated. It appeared to be just something new to them. It probably seemed weird and highly unusual to them, although, their eyes did seem to get bigger as the findings were discussed.
(NOTE: During the literature search the author did discover a research paper by Nelson Edewor , which was a content analysis of a Nigerian Library and Information Science Journal. An interesting and somewhat similar type of research work, although of a reduced level of complexity.)
As for the data gathering and analysis approach performed, the author relied on the use of “content analysis” which is a form of bibliometrics. According to Krippendorff (1989), Content Analysis is, “a research technique for making replicable and valid inferences from data to their content.” While Elo and Kyngas (2008), considered content analysis to be, “an approach to distil words and communications into fewer content related categories or units.” Basically the concept is that the content of a larger work or works can be understood by first identifying its make-up or components, and then recording details about those components. In a library situation this is somewhat like separating various works by subject matter, sciences from history, or fiction from reference materials. In this way the Librarian can conduct counts, recognize storage requirements, understand usage from circulation data, and possibly recognize
gaps in a particular collection. In this case, content analysis is used to dive deeper into understanding the nature of the ARMA publication offerings via examination of its published content.
The information content that was reviewed, captured and later analyzed came from the three RIM oriented publications that basic paid membership in the ARMA organization provides. These are: The Records Management Quarterly (1988-1998), The Information Management Journal (1999-2008), and the Information Management Magazine (2009-2012). While ARMA has published other RIM oriented materials including such things as standards, books, guidelines, notes and seminars, these three specific publications are, the author would submit, recognized as the main RIM offerings to its membership.
Certainly, by their publication they have been the most regular offerings to the membership by the ARMA International organization.
Further, a twenty-five year span, of these publications was selected as a sample set of a size it was hoped would be reasonably sufficient to offer a glimpse into the content published. A smaller sample size was rejected because it was felt, by the author, to be insufficient to reveal any trends that might exist or have taken place over the years. A span longer than twenty-five years might have also been better at revealing any such trends; however, as it will be explained later, due to editorial changes, i.e., changes to the use of electronic issues and of not printing citations/references, extra burdens appeared that hampered exploring beyond the twenty-five year mark. Thus, the sample set for exploration started in 1988 and ended with the full 2012 publication volume issues.
As stated above, the questions under consideration in this work concerned the professionalization of RIM. To explore this idea using the content of the ARMA publications, it might have been possible to count every single appearance of the word professional, and/or similar derivations of that word, found in those publications. However, this approach would, without the use of a computer and electronic versions of all the publications, have been very onerous.
Even if all the occurrences of the word professional had been counted, it could only have been ranked against other RIM words if they had also been counted. This approach might have revealed information through their rankings and comparisons, and might have been very interesting. Such an endeavor could be of interest to a graduate student working on a doctoral thesis, but for this work it was much too involved. Nevertheless, some approach was required. Since the idea of this work was to explore whether or not the goal of professionalism had arrived in the field of RIM, it was considered that answers might be found in three other publication content areas. These areas included characteristics about the authors, the RIM subject content, and the advertising content. So to help in the gathering of content data a form (see Fig. 1) was created.
The first area of interest was gaining some understanding of the authors who were being published by ARMA. Who were these authors? Where did they come from? What credentials did they have? What work did they do, and who employed them in that work? Plus, how often were they being published? In gaining an understanding of the authors it was felt some knowledge might be gathered to show trends in the spread of RIM knowledge, the advancement of RIM education, the international nature of the ARMA membership and influence, as well as some indicator(s) of professionalization.
The next area of content consideration concerned what were those authors writing about which ARMA felt was worthy of publication. In exploring this content, data was gathered concerning specific RIM content subject areas of interest. In other words, what were those matters of RIM operations, procedures, policies, technology, management and scholarly interest that ARMA felt were important and of value to its membership? Here, without any analysis, it was felt, that the content should show a generally wide spread offering of subject matter with some short term trends due possibly from issues and/or changes significant at a particular time in history. Moreover, it was also hoped that the subject content would indicate some movement or direction that gave indication of professionalization. Here the idea wasn’t whether or not content had been prepared by the authors in a professional manner, or whether it appeared professionally published, i.e. it looked polished. The idea was, did the content show any indication that could be seen to clearly state, “this is work produced and published by a true profession.” Something that was very different from the tabloid offerings found at the supermarket checkout counter.
The last of the three areas concerned what else was ARMA publishing for its readers. This last area was considered to be advertising. Here the desire was to collect information to reveal not only what products and services were being advertized, but by who and what if any trends or inferences might be seen from that information. From the outset it was considered that products and services offered by various vendors and utilized by people working in the RIM field should stand out above any other content. This idea seemed reasonable because such products and services, i.e. filing/labeling equipment, storage equipment (i.e., boxes and shelving), technology hardware and software, shredding, off-site storage, disaster recovery and consulting services, were all pretty much every day factors in the life of any person working in RIM. Thus, it was felt these things should really show significance from examination of the data. It was also thought that through these things some evidence might appear in support of a movement towards professionalization; although, it wasn’t clear if or how this evidence might appear.
Ultimately, as the methodology for this work evolved a number of approach rules for data gathering were clarified. These were:
- Authors included ARMA Editors.
- Articles included: Editor’s comments and notices, letters to the Editor, research, case studies, reviews of books and other media, notices, awards, postings, RIM related comments, opinions and/or discussions.
- Publication information such as publisher name and address, subscription fees, instructions to authors and advertising are not articles.
- Advertising for laws/statutes/regulations were considered – LEGAL.
- Standards also included guidelines, technical papers and best practices.
- Only citations, not bibliography references were counted.
- If an author cited a work more than once in the same paper, it was only counted as one citation source.
- Notifications of events, training, conferences and/or seminars are counted as advertising.
- Advertising that promoted ARMA were considered as EVENTS.
Authors by Gender: The RIM world is, by pure observation at any conference, composed mostly of women. The author has no hard facts on how this observation would be supported by a percentage; however, again by pure observation coming from over twenty-five years working in the field, the estimate would be at least a 75/25 split between females and males participating in RIM. The female side might even be higher than the 75 percent. So, given this observation, it is revealing that the content data found the percentage of male authors to be 63 percent over that of 37 percent for female authors (see Fig. 2). While striking, this finding is almost a complete reversal of the percentage of actual RIM participants. The finding doesn’t necessarily pose any concern, except that it does seem interesting. One can only surmise that the males of RIM industry are possibly more vocal in expressing their views.
Historically, RIM has been a business of women file clerks and assistants. Managers were typically, or at least often male. Some of those males were prolific authors who worked very hard at describing the world of RIM and teaching people about it. A few of those males, such as Ira A. Penn, were strong voices in our business who spoke often and with conviction. Their words and writings helped foster interest in RIM and build the body of literature. Now, history, as we know in the early 2000’s has changed somewhat. The field has many more female managers, teachers, consultants and experts. Given this, it might have been expected that the data show some trend of growing strength in female authorship building up through the years of the survey. But, no such trend appeared. The data shows an improvement in the female authorship from about 2002, but no definitive shift between the number of males and females. So, does this reveal that RIM is dependent on gaining its insight mostly from males?
It would appear, from the content data that some “balance of power” between the males and females developed within the RIM world. This may seem to be a grandiose statement; nevertheless, the numbers over the twenty-five year time span are pretty consistent, thus showing a balance of a kind. The females of the industry may not be happy with this finding, but there it is. Maybe real gender change in the RIM field has yet to take place? Maybe it will only take place at some later date? Maybe it won’t change at all? Only time, and/or effort extended by the female participants in RIM will tell. As for the males, considering they form a small segment of the population, they seem to be doing quite well.
Authors by Country: It is not surprising that the content data shows that 88 percent (see Fig. 3) of the authors came from the United States of America (USA). ARMA does have members from around the world, but its main membership has always been from the USA. Canada has been considered a “region” of the larger ARMA organization, and “ARMA Canada” has acted to a certain degree as an autonomous group within ARMA, running its own Canadian national conference on an annual basis. Canadian membership in ARMA has been recognized as being approximately one tenth of the whole. (NOTE: A membership figure of 1650 was provided by ARMA Canada, September 15, 2015.) So, if ARMA’s total membership was about ten thousand, and Canadians made up a tenth or one thousand of those members, we could reasonably expect that our authorship percentage should fall at or near the ten percent mark. The data however showed that this is not the case, as Canadian authorship was barely 6 percent, only slightly beating out that of the United Kingdom/Europe at 4 percent. (At a Canadian membership level of 1650, the expected mark should be about 16%, and not the dismal 6%. Regardless, as the numbers show, the overwhelming voice of America has and continues to be staggering.)
In Canada, while the bulk of the population lives fairly close to the border with the USA, there is a general belief that life is different, and that the way things are done is different. Given recognition of this general feeling, it might have been thought the percentage of Canadian authorship would be somewhat higher, as those Canadian authors outlined a “Canadian approach” or discussed a “Canadian issue” of interest and benefit to the Canadian ARMA members. Given that the data shows such a low participation by Canadian authors, possibly no such Canadian approach or issues were present. Or, was it that Canadians weren’t authors of anything worthy of publication by ARMA, or that they just were too busy to bother with offering their advice, opinions and efforts. Again, some strong words, but if Canadians do not want to be dominated by their USA cousins, then it would appear they need to be doing something more.
CRMs and PhDs (Professionalism Factor): In 1993, Ira Penn wrote that, “Less than five percent of all the practitioners in the field have chosen to become CRMs. Of those who are CRMs, a considerable number have complained about having to keep up-to-date to remain certified. Although the CRM program has been in effect for some 17 years, a significant percentage of those who have purported to be leaders of the profession during that time have neither pursued the credential nor encouraged others to seek it.” One might imagine that such a statement coming from one of the unquestioned leaders in the RIM field would surely have raised alarms, and caused a stir, especially if RIM was experiencing a movement towards professionalization.
Thus, one of the interests of this work concerns whether or not the presence of advanced education had increased over the twenty-five year period as Webster’s work suggested that it should. Further, there was also an interest in finding some proof that RIM had experienced a movement toward professionalization through its membership gaining that advanced education in the form of doctoral degrees and at least the Certified Records Manager (CRM) designation. At the outset of this work it was felt that surely if RIM had moved along the road of professionalization that movement might be verified through the credentials claimed by the authors being published. It was felt the data should show some upward trend in these two credentials being stated by the authors. Clearly, such a trend if present could have been evidence that more and more RIM workers had made the effort to gain those credentials probably for several factors such as a desire to gain a higher education, a desire to be professional, as a mechanism to gain recognition, or even because those higher credentials were required to obtain employment. Unfortunately, no movement was evident in the data. In fact, (see Fig. 4) the percentage of doctoral degrees held by authors was only 18 percent, and the CRM designation was only at 32 percent.
It should be noted here that of the recorded 1257 authors, many were repeats. So, while any particular survey year might have four authors with PhDs, in fact they could have been the same author (Pemberton for example). Each published presence of a particular person’s name as an author, was recorded for this work. Those recordings totaled to 1257. The percentages of 18% PhDs and 32% CRMs are derived from the 1257 total. If this work had actually eliminated all the duplication amongst the authors, the final percentages would be much lower. (For example, the adjusted number for CRMs would be approximately 10%.)
With such findings as these no movement toward professionalization could be found in the data. Webster was not correct in her implications for the future. For the most part the level of authors holding CRMs and/or PhDs over the twenty-five year span was steady. What information can be determined from this is unknown without other research activity. However, one might consider that the wider body of RIM workers did not see the need for such advanced education. It would also seem that the credentials did not become a requirement for employment, nor for publication, at least in the ARMA offerings. Further, the low level of PhDs suggests that there was also a low level of research work being done leading to the development of new theoretical advancements.
(NOTE: To truly understand why advanced degree programs in RIM are basically not available one must read the literature of the 1980’s and early 1990’s coming from the Library and Archival schools.
Fundamentally, the educators at those graduate schools argued that records management work was just an extension of archival work. That if a student received a foundation in RIM knowledge, via a single general introductory course; they could gain all the other skills and knowledge of records and information management through a graduate program of either Library Science or Archival Studies.
Thus, while this may have been protectionism of the existing programs, such thinking pretty much killed the development of full advanced degree curriculum in RIM. For further reading on this, see for example: Eugenia K. Brumm (1992) and Tyler O. Walters (1995).)
Authors by Type of Work: When an author has their work published it is typical that a small biography about that author is usually also published. In approximately fifty words those biographies usually list for example, the author’s credentials, their RIM background, the positions they’ve held within ARMA, the number of years of ARMA membership and they self identify what their daily work is. At the outset of this work it was felt that the collection of this employment information, of a non-privacy impact nature, should offer a glimpse at which sectors of the RIM world were most active in authorship. It was not surprising when the data found that 31 percent of authors came from the Consulting sector of RIM (see Fig. 5). Consultants have long been an active force in the RIM world and the numbers give support to the fact that those consultants have much to say from their years of effort within the industry. It was also good to see that 26 percent of the authors claimed employment as every day RIM managers, administrators, technicians and analysts. Although, it was thought that that number was somewhat low.
While Teachers (university/college professors/lecturers) made up 12 percent of the authors, the surprise came in the size of the authorship from the employment group identified as Editors and Lawyers. That
group made up a shocking 24 percent of the authorship. (NOTE: At the outset of this work data concerning authors who were lawyers was counted separately. However, while John Montana, a lawyer, was a frequent author, few others self identified from that profession. So, lawyers were grouped with Editors, and as such do influence slightly this particular sector of the authors.)
When the content analysis began it was recognized that Ira Penn, who was the Editor of the Records Management Quarterly (RMQ), offered an editorial comment at the front of every volume issue. At first these comments were not counted as “articles.” However, after reviewing several volumes it became apparent that Penn, who at the time was employed in the RIM sector, was also employed by ARMA as Editor of the RMQ (even if that employment was done on a voluntary basis). While speaking as the ARMA Editor, he was acting on behalf of the larger organization and addressing himself to the RIM community on a different level (or playing field) than he would have been as purely a RIM sector worker. Certainly people would have sat up and listened to Penn no matter who his employer was since he was a strong and well known voice and expert in the records management field. Nevertheless, once recognized that Penn had two employers, since he was often published by ARMA on his own merits, the editorial comments he made had to be considered to be separate articles and counted along with the others. In making this content recognition a startling observation was seen.
After Ira Penn, J. Michael Pemberton took on the mantel of ARMA Editor in October 1998. At that time Pemberton stated that the ARMA publication, i.e. at the time the RMQ, was “a member benefit… and
the field’s primary professional journal.” He went on to explain that while a “magazine format permits a focus on new information, a journal’s chief concern is knowledge transfer.” In the next year, Pemberton, and ARMA, changed the name of the RMQ to the Information Management Journal (IMJ). Pemberton wanted ARMA, and RIM, to have a professional journal, where analytical and theoretical research could be published, as one mechanism to help move RIM towards professionalization. This idea however did not materialize for Pemberton because the “journal” name only lasted for ten years before once again ARMA made an editorial change and switched it to the Information Management (IM) magazine.
Actually, while the IMJ name lasted ten years it was really only a couple of years before ARMA had actually shifted its editorial focus. This happened in 2002 when it began publishing a new section called “Up Front” in each volume issue. The purpose of the new section was “awareness.” Clearly, as Pemberton suggested, this was a step away from “knowledge transfer,” and towards a “focus on new
In the RMQ years each one of Penn’s editorial comments could have touched on a single key issue of the day, or contained several RIM oriented comments. Penn’s editorial comments, usually covering a single printed page, were each counted as a single article. In contrast, the Up Front sections contained many very different items of news to RIM readers. The Up Front section replaced the “editorial comment” section, and many of the news and/or interest items published in that section were captured from the Internet, from vendors, or for example from government web sites that offered information about new laws, regulations, legal matters under consideration by the courts, as well as changing RIM retention schedules. Any of these items might cover one or more pages of print, but often two or three different items were offered on one page. Regardless of their printed arrangement or size, as with Penn’s single comment counting as one article, here each and every different item had to be counted as a separate
article offered under the name of the ARMA Editor. Because of this, when the Up Front section began (in 2002) a dramatic shift took place (see Fig. 5) as the number of RIM sector authors dropped, and the number of offerings from the ARMA Editors rose significantly. It should be noted that these ARMA Editors were not of a RIM background, practical experience or advanced education, but rather of the world of publishing and writing. The 2002 change was significant also in that rather than one page of
Penn’s comments, there were now as many ten or more pages given to this news type content.
Other findings from this employer data revealed that 1 percent of the authors stated they worked as Vendors, 4 percent said they worked as Information Technology people and 2 percent said they worked as Archivists. These findings seemed quite reasonable and they did not appear in any way to offer any trend either up or down. Nothing really could be discerned from these findings other than what they were.
Employment by Employer Type: As in the analysis section above, biography data was collected concerning who employed the authors (see Fig. 6). While understanding what work the authors claimed they did on a regular basis, it was felt that gaining an understanding of who employed them in their work might be interesting. It was felt that such data might reveal one or more sectors of RIM that were drivers in the industry. At the outset the feeling was that the RIM, and possibly the Consulting sectors should show the greatest involvement. What the data did show provided some validation of this feeling, plus something more.
Figure 6 shows the RIM sector had a total of 26 percent of the activity (12 percent from the Public sector side and 14 percent from the Private sector side). While this 26 percent was thought to be a bit low, when combined with the 32 percent from the Consulting sector the total of 58 percent of authors being actively working in RIM was felt to be a good. It was also felt that a showing of 16 percent of authors being employed by universities/colleges, along with fairly steady activity over the twenty-five year period, showed at least a consistent interest in RIM and that RIM education was at least not waning; although, the last seven years of the data did show a slight downward trend in that interest.
The most interesting finding can be seen in the data concerning ARMA as an employer. Prior to 2002, as discussed above, ARMA had but a single Editor. From 2002 forward that number rose, as the data clearly shows (see Fig. 6). This finding is a reflection of the finding in the previous section concerning the type of work authors stated they did.
Authors by Rank: It was mentioned above that some authors were published more than once. As the data gathering progressed, and several names were appearing repeatedly, it was decided that data specific to the number of occurrences of any author would be recorded. When these occurrences were tabulated a ranking of the most prolific authors published was developed (see Fig. 7). The ranking shows the top twelve published authors, with each having more than seven articles published over the twenty-five year period. While there were several authors who had more than one article published,
and up to as many as five, a gap appeared between the level of five and seven, so seven articles became the lowest cutoff point for this ranking, and it revealed a dozen different authors. Of that dozen, there were no Canadians. All were from the USA, except for one author from the United Kingdom, i.e. Ann Morddel from London, England. (NOTE: Several Canadians, including this author, have had more than one article published by ARMA. For example, Carolyn Minton from Vancouver had several reviews published, and Monique Attinger from Toronto had five articles published. However, no Canadian within the reviewed time span made the leap into the top ranked authors.)
The highest ranking author was Dr. J. Michael Pemberton with 59 articles to his credit. Ira Penn and John Phillips came in a close second with 51 articles, down to Julie Gable in the twelfth rank position with 7 articles. All of the names appearing on this ranking are well known and highly respected names in the RIM industry; all except for one person that of Nicki Swartz. Nicki Swartz was/is an ARMA employed editor, and not an actual expert in the RIM field. Although, twelve RIM oriented articles she wrote were published.
When Nicki Swartz’s name appeared on the list it raised a question. The question concerned what would happen to the rankings if all of the items coming from the 2002 editorial change or Up Front postings were added up under her name? As data concerning this question was reviewed a second name, that of Amy Lanter (also an ARMA employed Editor and a freelance writer) appeared. So, after recalculating the data and counting all the items published by these two persons, including those from the Up Front sections, an adjusted ranking of the authors was produced (see Fig. 8). In this adjusted situation, while Pemberton manages to remain in the top spot, Nicki Swartz bumps Ira Penn and John Phillips from the number two position, and Julie Gable is bumped off the list and replaced by Amy Lanter as the tenth ranked author.
Nicki Swartz’s and that of Amy Lanter’s rankings on these lists came as a result of their editorial and writing work, and not because of their years of experience doing RIM work in any day-to-day real world records management situation. This finding was seen as shocking, especially when linked with the fact that the general size of the volume publication issues had reduced by almost half from an average size of 73.4 pages per issue in the RMQ years, to an average of 48.5 pages per issue in the IM magazine years. These writers with their offerings were taking up a dramatic portion of each publication. Was this a sign that workers in RIM were losing interest in publishing and therefore not doing any work to submit any articles? Or, was something else happening?
Article Content: Content analysis is an approach for breaking-down, or synthesizing, something into smaller buckets or areas. In the case of the published content of the articles five such buckets areas were considered as reasonably fundamental or characteristic of RIM. These five areas were: articles concerning Information Technology, RIM Programs, Professional Development, Legal and Standards. Each is addressed separately below, but overall the data showed that 84 percent of the articles contained information of a professional development nature (see Fig. 9). In and of itself this finding might give some support to Pemberton’s desire that ARMA be educating its membership.
For an article to be counted as falling under the Information Technology (IT) area, its content must have been about the installation, configuration, or customization of a software or hardware for implementation use within the RIM industry. It needed to be technical. An article that spoke about comparing software functionality for its purchase selection, or about the best use of a piece of software for certain situations, organizations, or records/information was considered to be an article geared towards educating readers and therefore of a professional development nature. For an article to be IT, it truly had to be about the computer science of that technology. While many articles had titles or short introductions that suggested their content was of an IT nature, in fact, on closer examination of the article content the data revealed that only 4 percent of all the articles fell into the IT area. At first glance this finding appeared low; however, since the focus of the ARMA publication has been RIM and not computer science, the finding is felt to be not unreasonable.
Article content of a RIM Program nature had to be about actually operating some component of RIM in a day-to-day sense. Such an article might speak about operating an offsite storage facility. Not the establishment of that offsite facility, but its operation. An article concerning the establishment of such a site would fall under educating readers and therefore professional development. The line between the two may seem thin, however, the idea here was to gain an understanding of the underlying purpose of any article and/or its real focus, regardless of what its title and short intro blurb might suggest. Thus, in this area of RIM Program, 5 percent of the articles were counted.
Some 6 percent of the articles were considered to be within the Legal area. Here, an article must have been specifically about a new law or regulation, and not about the implications of that law in the RIM world. Again, the line here is thin, however, where an author wrote about how best to apply a law, or how to gain RIM program recognition because of the presence of a particular law, those articles were educating readers and fell under the area of Professional Development. So, in reality, a finding of 6 percent might be actually high, given the focus of the ARMA offerings is not a legal review or debate.
For an article to fall within the Standards area it had to be solely about a standard, and not about how a standard could be used to audit a RIM operation/program. The narrow line presents itself again, but if an article spoke about how a standard was developed or used to the benefit of an organization, it was teaching, and thus fell under the Professional Development area. Since ARMA as an organization has long stated its belief that Standards are important and valuable tools to the RIM industry, and because ARMA has a “standards development” committee, in one form or another, and has actively pursued, commented on and developed standards and technical papers dealing with RIM related subjects, the
author felt that investigating this particular area of the published content might be interesting. For many years the author was an active participant on that ARMA standards development committee, and has been published by ARMA on the subject, (i.e. Bolton, 2011). So, at the outset the feeling was the data should show a clear level of representation for this particular area. However, the data showed no such interest. Article content about standards only represented 1 percent of the total.
Thus, as mentioned above, the data showed that a whopping 84 percent of the article content was focused towards Professional Development. Given that the nature of a membership organization such as ARMA includes some element in developing its members and in educating them, this finding might not
be unusual. Here it should be mentioned that bias, by the author in reading article content and in determining an area for that content could have influenced the overall numbers somewhat. This factor could be a topic of future research, as could another more refined research approach. Nevertheless, for the purpose of this work, the finding is what it is.
Advertising Content: To look at the published content concerning advertizing two different views of the content data were gathered. The first of these was data characteristic of subject, i.e. Equipment (i.e., file folders, shelving, shredders, and storage boxes); Micrographics (i.e., film, cameras, and readers); IT (i.e., RIM software and hardware); Services (i.e., storage, auditing, shredding, and disaster recovery); Events/Awards (i.e., conferences, postings and acknowledgements); Books/Training; Standards; Job Ads; and Other (see Fig. 10). At the beginning of the research a subject area for Legal was also considered; however, no data was found to support this particular content area. The second view concerned data about who was behind or sponsoring and paying for the advertizing content. To understand this content view better, seven possible groups were developed; i.e. ARMA, Vendors, AIIM (Association of Information and Image Management), Consultants, Schools (universities/colleges), ICRM, and that of Other (see Fig. 11). It was necessary to consider ARMA as a sponsor for some of the content because it advertised its own conferences, printed materials for purchase, training, and at least during the RMQ years ARMA often published announcements concerning organization Board of Directors membership, awards, and other member recognition news.
Analysis of the data (see Fig. 11) found that 71 percent of the advertising content was sponsored by Vendors. This was certainly not a shocking discovery. The author had no expectations concerning this finding, but generally believed at the outset that the data would show something close to this figure, if not higher. Consultants sponsored 4 percent of the advertising, which seemed a bit low, but considering that most consultants probably operated at the local level, paying to advertise in an international level publication was probably not within practical viability. One interesting finding was that ARMA showed that it paid for 21 percent of the content. As well, the data showed that ARMA’s sponsorship of advertising was trending upwards in the last years of the investigation. Given that the size of the ARMA publication offering was decreasing in its average number of pages per issue, this increase in advertising by ARMA could be evidence of the general state of the North American economy (i.e. fewer Vendors purchasing advertising), or it could be that sponsors were finding other ways to distribute their advertising (i.e., Internet) and that ARMA was left to fill its own publication pages. Regardless, these two findings appear to point to a convergence, and do not bode well for the future. This is one particular observation that should be watched.
A somewhat disturbing finding is the low level of advertising sponsorship by the ICRM, that of a meager 1.5 percent. Since a purpose of this work was to examine for evidence of professionalization, it was thought at the outset that, as Webster suggested, availability and interest in advanced RIM education was going to trend upwards. Acquiring the CRM designation from the ICRM was one of the key possible avenues for gaining this advanced education. So, if RIM had been moving towards professionalization, certainly more and more RIM workers would have obtained their CRM, and the data should have shown
a strong sponsorship from the ICRM because its members were growing, interest in the CRM designation was growing and more money would have been available to advertise the benefits of obtaining the professional designation. However, the data shows many years with no ICRM advertising at all and overall a remarkably weak level of sponsorship. This finding probably would not have made Ira Penn very happy. (NOTE: RIM is currently experiencing a push in the area of “information governance.” That push includes training and certification somewhat similar to that of the CRM. An examination conducted in the future might be interesting to see how this push fairs. This author will venture the
opinion that, in the long run, it will fair no better than the CRM. Only time and someone else’s efforts will prove that the author was wrong.)
Data concerning the breakdown of advertising content by subject areas showed various levels of activity; but nothing was seen as remarkable (see Fig. 10). The largest subject area found was that of IT at 36 percent. But this was certainly not remarkable given the huge explosion of RIM related software available in the marketplace, not to mention the impact of managing “e-records.” Service oriented advertising showed 17 percent, and RIM Equipment showed 14 percent. One particular observation is in the area of advertising for books and Training. Overall this area showed a 15 percent finding. Through, most of the investigation years, such advertising was for books with some limited advertising for educational seminars/sessions. However, a significant jump in the volume of advertising appears in the later years. That advertising mostly sponsored by ARMA, concerned training in the topic of governance. While no clear conclusion can be made from this observation, it was interesting, and is one that could be watched closely to see what happens in the future. In other words, will training in governance replace the CRM, will such training actually make the difference in moving RIM towards professionalization, or will interest in governance fade over time to be replaced by something else?
Citations and Information Impact: According to Hoang, Kaur and Menczer (2010), “data from citation analysis can be used to determine the popularity and impact of specific articles, as well as gauge the
importance of an author’s work.” When an author quotes the words of another, or uses that person’s thoughts to explain and/or argue their own point or position, that author must cite the original source otherwise they commit plagiarism. Depending on the situation and rules of that situation, at a minimum the citing of another’s work should include reference to that person’s name, maybe the year in which they made their original comment, and typically where that comment was found, i.e. where it was
published. In making such a reference to the other’s work, an author gives some measure of weight to that other person. This does not necessarily mean that the one author has to agree with the other author, only that they recognize that the other person did some work in a particular area of study/research, and that good, bad or indifferent, that work is a worthy of recognition at for its existence. The more times a particular person’s words are cited, the greater that person’s recognition, if not to the whole world in general, at least within some community of interest such as RIM. When a particular publication, a journal or newspaper is cited often, it too gains in recognition. To measure and rank publications by their citations, an “information impact factor” for those publications can be calculated. Thus, for any year, the higher the number of citations that refer to a particular publication,
the Journal of Medicine, the higher it is felt the information impact of that publication is. In other
words, a publication with a high information impact is viewed as having greater significance, and its content is viewed as being read more and having greater weight and influence.
It should be noted that there is an organization, i.e., Thomson Reuters (Social Science Citation Index), that conducts the work of gathering citation data from publications and counting that data to derive information impact factors for those publications and for publishing their findings. Not all journals, magazines and published materials are examined by the Thomson Reuters organization. While the ARMA publication offerings are not identified amongst those publications that are measured, of curious interest though is the fact that from Nigeria, the “African Journal of Library Archives and Information Science” is indexed by Thomson Reuters.
To gain an understanding of the information impact of the ARMA publication offering, i.e. the three publications under review, all the citations identified in the published articles were counted. This counting however met a problem when in 2009 ARMA made an editorial decision to stop printing the citations in the publication issues, and rather only offered them in an electronic version of the articles. Each electronic article had to be called up individually which added greatly to the time necessary to gather the data. In examining a few of these electronic articles the number of citations being offered did not appear to raise or lower in any way different from citations printed on paper. So, given the extra time and effort involved to gather the electronic data, and because no apparent difference was observable, the author stopped gathering citation data at the end of the 2008 volume year.
In gathering the citation information the data was separated into different source type buckets (see Fig. 12). These buckets were; i.e., Journals, Books, Conference Proceedings, Vendor white papers and etc., Government publications, Standards, and offerings found on the Internet websites/pages and blogs. (See Also: Nelson Edewor, 2013). From this data it was not surprising to find that 52 percent of the citations came from Journals, while 23 percent came from Books, and another 10 percent came from Government materials. This spread of citation sources seemed to be a reasonable offering. The author also did not find it too unreasonable that 4 percent came from Conferences, 3 percent from Vendors, 3 percent from Standards, and 5 percent from the Internet. Although, use of the Internet as a source does raise other issues such as the demise of printed materials, information validity, and growing reliance on software and hardware to display, locate and retrieve information.
Now we come to the final finding of this work. The data revealed that the ARMA publication offerings had an overall information impact of 9.39 percent. This was calculated in the following manner:
Total number of citations = 2075
Total number of citations identifying an ARMA publication as its source = 195
Citation Information Impact Factor (195 / 2075 x 100) = 9.39 %
While this information impact factor might not seem low, it is. It marks and gives some evidence to what readers are really feeling about the content they are offered in their membership publication. Certainly, since the ARMA publication is provided to every member of the organization, and on the surface one
could view it as something of worth within that community, would it be unreasonable to think that the people in that organization would quote from it, often? Remember, Pemberton told us that the focus of the ARMA publications was professional and to offer education. So, if the ARMA Editors have viewed its articles as worthy of the audience they are working for, is that audience not to view those articles as worthy? Clearly, since in twenty-one years of published articles only 195 out of 2075 citations came from an ARMA source (i.e., the three publications), that audience does not appear to view the information materials as being very worthy, or else wouldn’t they would have quoted them more often? This observation may in fact support the finding of the AIEF survey which reported that those surveyed did not believe that the articles published in a reviewed journal would be of value to them personally.
Was this feeling due to the fact that they were already viewing their ARMA publication as not having much value to them? Did the members receiving the publications view the contents as mediocre and/or “dumbed down” to the point of being useless? These are somewhat harsh and yet very interesting questions and they are questions which this author hopes are looked at and addressed through other future efforts.
Within the RIM community, at least in the United States and Canada, a belief appeared to exist, at least to some extent that a state of professionalism existed for the field of RIM. Not that that state had been verified in any manner, or formally named by any group or person. Rather, its existence manifested itself via common use of the word “professional.” Possibly its existence was due because there was no challenge to its existence. Possibly it was even due to a general desire by the RIM community to hold the belief. The research outlined in this paper took the position that, if such a state of professionalism existed, some verifiable proof should be available to openly discover and state.
In this work some basic findings were revealed. These included:
- Authorship was shown to be 88% American, with Canadian authorship at 6%. This mark barely beating out that of the UK and Europe at 4%.
- Authorship was 63% male. (Given an ARMA membership that is probably in reality closer to a split of 75/25 favoring the female side, this fact clearly identifies how weak the female voice seems to be.)
- Consultants made up 31% of the authors.
- At 24%, authors who are/were ARMA Editors (with the addition of a few lawyers) almost outstripped actual RIM workers at 26% of the authors.
- The average size of the ARMA publication shrank over time from:
- Records Management Quarterly = 73.4 pages per issue
- Information Management Journal = 70.4 pages per issue
- Information Management Magazine = 48.5 pages per issue
- The credentials information offered by authors revealed no growth in CRMs or PhDs.
- Data showed no trend in the level of advanced analytical research activity. And,
- A “freelance writer” was among the top ranked authors.
So, in response to the outstanding questions mentioned above, did RIM achieve the rank of a true profession? Was our unspoken belief in reality a fact? Let’s review the evidence. When it comes to the development, understanding and use of “systematic theory” RIM has the life-cycle concept, but beyond this little if anything else exists. One theory does not provide much weight to the goal of gaining true professionalization.
When it comes to the idea of “community sanction,” ask yourself if your CEO could describe the difference between the work of a RIM person and that of an IT person, Librarian or Archivist. Are there community boundaries on the field of RIM that are definable and which allow for a demarcation between US and THEM? It would be, except in the unusual case, probably unlikely that such a CEO could adequately make such a differentiation or in describing any line of demarcation between the roles. Is this so important? Possibly not, except that RIM workers often carry a heavy load of responsibility in their respective organizations and would like, probably, to be recognized, and adequately compensated for that load. Even potentially to the extent of being covered by professional insurance if the need arose. Therefore, since RIM work and workers are not viewed clearly as different from that of others, of being distinct, the answer is no! RIM does not command any level of community sanction sufficient to be considered as a true profession.
Within the CRM community a Code of Ethics exists to be adhered to by its certified members. However, no such code of ethics exists for the wider RIM community through ARMA or any other RIM organization. This lack, plus the absence of any mechanism, policies and procedures to really monitor actions and penalize for inappropriate code violations means there is no backbone to the RIM body. A lawyer being disbarred loses not only his career, but his livelihood, good name and reputation. What happens to a RIM consultant (or any RIM person) that takes the wrong path? The response is nothing, or very little of consequence. Oh, if caught they might lose their job, or get a reprimand, but in the sense of real hard consequences, little ability for impact exists. Thus, RIM does not really meet this requirement for being a true profession.
What about a “culture?” Does RIM have a recognizable culture? Again, the answer is no, or at best it is weak. A language that RIM workers recognize and use on a daily basis and in their literature does exist; however, that language isn’t truly RIM’s alone. In fact it is shared with several other groups, particularly that of IT as RIM wanders farther down the “e-record” road. As for RIM having a different and definable approach and an attitude all its own, the answer is again no, or at least to be fair, if they do exist, let someone identify and prove that existence through a separate effort of research.
Ultimately, has this work found that RIM gained professionalization, or as Pemberton mentioned has it found us for far too many years simply regurgitating and churning on hearsay, conjecture, anecdote and propaganda? The content articles examined appear to lean on practical expertise and observation and not on verifiable proof; which doesn’t make them wrong it only tends to reveal them, in their repeated nature, as weak. Beyond the life-cycle theory little new theoretical work appears to have been accomplished, or at least published in the ARMA offering; an offering that has experienced a shift in its
authorship from those that actually do RIM work, to those who simply talk about RIM work. And, with the low level of citation given to the work presented in that ARMA offering, the impact of that information on its readers appears remarkably weak. Which finding seems to coincide with that of the AIEF survey that found responders felt a reviewed journal would offer them little of value. Was that feeling of nothing due in fact because people were just tired of the rhetoric? Who knows? Therefore, no evidence was found via this work to verify any initiative, or even effort, to really move RIM towards any goal of becoming a true profession. One can only assume that regardless of those in our past that stated we had a chance to reach the goal of becoming a true profession, they were either wrong, or that somewhere along the line interest in the whole idea was lost or abandoned. Maybe, rather than lost, it was realized to be a myth, a dream, and therefore, not given any credence. It may have been easier to believe in the myth, than to fight for the reality.
As for the ARMA organization and its role, well nothing really can be said. The data supports no evidence, trend or conclusion either plus or minus. Economics have clearly played a part as is obvious in publication issue size, style and publication mechanism changes, i.e., printed to electronic. There were also editorial shifts. When Pemberton took the reins as Editor, there was an attempt to shift the publication towards a journal with the aim of moving the content to something more scholarly and analytical. However, within three years that dream was dismissed. Did ARMA feel that its readers and membership weren’t worthy of a journal? Did they realize that the contents of a journal would be too high level and possibly beyond the reading and comprehension of its average reader? Again, who knows? There was no discernible change that could be identified as the point where ARMA was making an effort to grasp the brass ring of professionalization or in killing any existing efforts for truly reaching professionalization.
Ira Penn (1993) wrote that RIM was lacking in leadership and needed some major philosophical changes. He recognized that the low number of CRMs in the field as being pathetic and he went on to say that the fault shouldn’t be blamed on others as, “the downtrodden must take some responsibility for their own plight.” So, in the end, what is left to say? Well, to borrow an old expression, “the future is what you make of it.” Therefore, if RIM wants to be a true profession it has a lot of work to accomplish to get there. Or, at a minimum, there could at least be work done to help us RIM folks better understand why we can’t reach the goal, and how we can better prepare and conduct ourselves in the world we have to survive in. Such work could be undertaken at the PhD thesis level or purely as research work conducted by RIM person’s with an interest in discovery. Clearly, more could be heard both from the female and Canadian voices. Through the effort and publication of suck work RIM’s literature base increases, our recognition increases, our community is better defined, and our RIM world is better positioned for us today and for the future.
- Pemberton, J. Michael and Pendergraft, Lee O. “Toward c Code of Ethics: Social Relevance and the Professionalism of Records Managers.” Records Management Quarterly 24(2), (1990): 3-11, 15.
- Pemberton, J. Michael. “A Profession Without Professional Literature.” Records Management Quarterly 27(3), (1993): 52-55.
- Force, Donald C. and Shaffer, Elizabeth. “Records Management and Peer-Reviewed Journals: An Assessment.” ARMA International Education Fund. 2013.
- Pennix, Gail B and Fischer, Marti. “Cumulative Index to the RMQ 1967-1987.” Records Management Quarterly 22 (1), (1988): 27-122.
- Greenwood, Ernest. (1966) “The Elements of Professionalization” in Vollmer, H.M. and Mills, D.L. (Eds), Professionalization, Prentice-Hall, Englewood Cliffs, N.J.
- Millerson, G. (1964) “The Qualifying Associations. A Study in Professionalization. London, Routledge and Kegan Paul.
- Webster, Berenika M. “Records Management: From Profession to Scholarly Discipline.” The Information Management Journal 33(4), (1999): 20-30.
- Pemberton, J. Michael. “Records Management: Planet in an Information Solar System.” (paper presented at the ARMA International 35th Annual Conference, San Francisco, November, 1990).
- Bolton, John. “A 25 Year Content Analysis of RIM Information Impact.” (paper presented at the ARMA Canada Conference, Calgary, May 25-27, 2015).
- Edewor, Nelson. “An Analysis of a Nigerian Library and Information Science Journal: A Bibliometric Analysis.” (2013) Library Philosophy and Practice (e-journal). University of Nebraska, Lincoln. October, Paper 1004. http://digitalcommons.unl.edu/libphilprac/1004.
- Krippendorff, Klaus. “Content Analysis.” (1989) http://repository.upenn.edu/asc_papers/226
- Elo, Satu and Kyngas, Helvi. “The Qualitative Content Analysis Process.” Journal of Advanced Nursing 62(1), (2008): 107-115.
- Penn, Ira A. “Records Management: Still Hazy After All These Years.” Records Management Quarterly 27(1), (1993): 3-8, 20.
- Brumm, Eugenia K. “Graduate Education in Records Management: The University of Texas at Austin Model.” Journal of Education for Library and Information Science 33(4), (1992): 333-337.
- Walters, Tyler O. “Rediscovering the Theoretical Base of Records Management and Its Implications for Graduate Education: Searching for the New School of Information Studies.” Journal of Education for Library and Information Science 36(2), (1995): 139-154.
- Pemberton, J. Michael. “From the Editor: RMQ: The Next Generation.” Records Management Quarterly 32(4), (1998): 2.
- Bolton, John M. “RIM Fundamentals: Standards: Providing a Framework for RIM.” Information Management Magazine 45(3), (2011) 30-35, 51.
- Hoang, D; Kaur, J. and Menczer, F. “Crowdsourcing Scholarly Data.” (paper presented at the Websci. 10: Extending the Frontiers of Society On Line. Raleigh, NC. April 26-27, 2010).
FIGURE 1: Data Gathering Form (Blank)
FIGURE 2: Authors by Gender
FIGURE 3: Authors by Country
FIGURE 4: Authors with CRMs and PhDs
FIGURE 5: Authors by Their Type of Work
FIGURE 6: Authors by Employer Type
FIGURE 7: Authors by Rank
FIGURE 8: Authors by Rank – Adjusted Ranking
FIGURE 9: Article Content
FIGURE 10: Advertising Content
FIGURE 11: Advertising by Sponsor Type
FIGURE 12: Citation Data and Information Impact
Records and Information Management Issues in First Nations Governments
February 26, 2016
Abstract: This paper focusses on the challenges to establishing effective records and information management programs in First Nations government bodies, primarily within Indian Band or independent First Nations government bodies. While they share similarities with organizations of all types, First Nations government bodies also face some unique barriers because of the span of responsibilities they oversee, the diverse ways in which they are funded, and the chronic shortage of manpower or capacity within their organizations to perform their work. Records and information management professionals have an opportunity to train and provide leadership for these developing government bodies.
At a recent symposium on First Nations Records and Information Management1, Grand Chief Ed John (Akile Ch’oh) underlined the importance of records management for First Nations governments. He described the key role that a staff review of archived documents played in supporting the host, the Musqueam First Nation, to establish their right to claim market rent for land that had been leased on their behalf at a disadvantageously low rate by the Government of Canada. 2 This public statement of support was followed the next day by his salutary remarks at the meeting of the First Nations Summit, addressing the chiefs and officials, and congratulating the successful symposium for contributing value to the capacity of First Nations governments. Grand Chief John’s example and his recognition of the value of records emphasize the importance that the senior management levels in First Nations governments are placing on an effective records management program.
However, these government bodies also face unique challenges to implementing effective records and information management programs. At a Joint Gathering in October, 2015, in a session on information management, several senior managers in the audience confessed that their biggest problems in their offices were caused by lost information, and the daily frustrations faced by staff in the constant hunt for records.
Types of First Nations Governments
In order to review the records issues, it is important to understand the different types of First Nations governments that exist in Canada.
The term “First Nation” is now used commonly to replace “Indian Band”, and is the term that will be used in this paper to describe the various types of aboriginal government groups that are present in Canada. Currently, there are 617 First Nation communities, which represent more than 50 nations or cultural groups and 50 Aboriginal languages.3
Across Canada, as First Nations governments establish their independence from direct federal government management, or pursue pathways to strengthen their claims, these government bodies have a unique opportunity to build records and information management systems based on information governance principles, policies and best practices that the records and information management profession has established. In many cases, particularly in the western part of the country, the First Nations are establishing a new order of government, and can build systems from inception that incorporate the necessary elements. However, these organizations also face unique records and information management challenges as they move forward to establish their governance models.
Given the variety and complexity of First Nations government organizations today, one can easily confuse the subtleties and differences among these various groups. They are not all the same in their composition and governance.
An Indian Band is
“a body of Indians for whose collective use and benefit lands have been set apart or money is held by the Crown, or declared to be a band for the purposes of the Indian Act. Each band has its own governing band council, usually consisting of one chief and several councillors. Community members choose the chief and councillors by election, or sometimes through custom. The members of a band generally share common values, traditions and practices rooted in their ancestral heritage. Today, many bands prefer to be known as First Nations.”4
The First Nations, in this category are closely tied to the federal government for their core operational funding, although they may also have own source revenue.
Self-governing First Nations are
“governments designed, established and administered by Aboriginal peoples under the Canadian Constitution through a process of negotiation with Canada and, where applicable, the provincial government”5.
The First Nations in this category have negotiated a settlement for their own territory and rights. This includes obtaining payment for their land, and developing their own revenue sources. Depending on their settlement, they have some or complete independence from the federal government for their funding. In addition, they have their own governance models, election processes, membership admission and management, and pass their own laws, such as Freedom of Information and Protection of Privacy Laws.
Tribal councils are regional affiliations of First Nations, frequently united by language or adjacent land areas. Within these collectives, they may agree to manage resources or undertake activities jointly rather than as separate entities. As an example, the Naut’sa mawt Tribal Council (NmTC) is
“a non-profit society that provides advisory services to its eleven member First Nations in five core delivery areas: economic development, financial management, community planning, technical services, and governance.”6
Understanding the distinctions between these groups helps to understand how they are funded, and consequently, why they face the records management issues and challenges that are identified in this paper.
How First Nations Governments are Funded
In 1867, under the terms of the British North America Act, Indians and lands reserved for Indians became the responsibility of the Federal Government under the terms of the Indian Act. Most programs and services that non-native citizens receive from a variety of other governments and service providers are provided to the First Nations from Federal Government programs. The support to operate First Nations government services and programs is a combination of annual contribution agreements as well as the communities’ own funds, or “own source revenue”.7 Contribution agreements do not cover programs such as records and information management.
The adequacy of the funding has been the subject of much debate and is not the point of this paper. However, the consequence of this blend of funding means that in addition to the annual contribution, most First Nations are also seeking funding from other sources, including making arrangements for specific funds or a memoranda of understanding with external organizations in order to provide government services to their communities. This search for funding takes staff time away from daily operations and creates uncertainty about continuity of programs.
A search for “program funding guidelines 2015-2016” on the Indigenous and Northern Affairs Canada (INAC) website8 finds 33 search results, covering a wide number of programs including “community opportunity readiness program”, “basic organizational capacity contribution program fund”, “elementary/secondary school fund”, “skills/jobs training program” and others. This search did not cover other federal agencies such as Health Canada to review what funding programs might be offered for First nations.
Among the possible funding sources from INAC, the Professional and Institutional Development Program (P&ID) is currently the program where First Nations Communities are applying for funding to support records and information management programs. The program objective is to
“To develop the capacity of First Nations and Inuit communities to perform core functions of government, by funding governance-related projects at the community and institutional levels.”9
There are ten core functions of government listed as eligible for support in the P&ID program, including information management/technology. Consequently, First Nations communities can apply for funding for support of projects, activities and expenditures, such as professional/consulting services, training, and professional development or travel to courses. Currently, this fund is being accessed for records management program development, information management policy development and a variety of consulting services for records and information activities in communities. If successful, recipient agencies must submit a report on activities and expenditures. Language in the funding agreement permits INAC to share the results of these activities with other First Nations.
However, organizations are cautioned that the P&ID program is “project funding only” and does not provide core operational funding to the community. How does the community fund records and information management on an ongoing basis? Hopefully it is provided from the contribution agreement for core funding and sustained long term. More typically, the records and information management programs become projects, and operate in bursts of activity only so long as the project funding is available.
Government program responsibilities
When comparing the functions of a First Nation government to another type of government body, a functional analysis reveals that the First Nation has a very wide span of responsibilities, as contrasted with a city or town, a province, or even a federal government ministry. Typically the First Nation government manages the following programs and services:
- land administration and regulation, including specific claims for land, referrals for other organizations for use of land, land use planning and comprehensive community planning;
- housing (including financing, construction and development, maintenance, tenants and rent)
- community and social development, including child development, welfare, social services, elder care and support;
- education and lifelong learning, including day care, early childhood development and support, school development and funding, or relationships with local school authorities, financial support for students in post-secondary education;
- engineering, public works and infrastructure, includes streets, roads, water supply and maintenance, sewerage and waste management, environmental management;
- fisheries and wildlife management, including licensing, catch management and sales, fisheries fleet management, aquaculture, hunting permits, mushroom licensing, range management;
- forestry, including logging, silviculture and tree farm management, wood sales;
- health care services including clinics, patient transportation and support, liaison with other health agencies, specialized health programs, preventive programs, addiction programs;
- protective services including law enforcement, fire protection, emergency services;
- culture and history, including archaeology, language support, specific cultural programs including collecting oral histories;
- economic development, including establishing corporations for such activities as aboriginal tourism, store operation, development of business partnerships for resource development, etc.10
There are also the common administrative functions that are typical to all organizations. However within these functional areas, such as within the legal matters, there may be specific land claims, a treaty negotiation or litigation. They may also operate their own membership or Indian registry functions. In addition, there may be partnerships with the tribal councils for joint activities on resource use, environmental matters or economic development.
In other types of governments, these functions are performed by separate agencies, such as a municipality, a health authority, a school district, a social services branch of a provincial government, housing agency and separate police, fire or emergency services organization. Moreover, each of these agencies have the services of records and information managers, information technology staff, archivists and museum staff, and appropriate facilities to store and manage the records accrued.
The diverse government functions generate volumes of records. These records relate to current business, but may also include historic documents, maps, language records, oral history records, cultural property and materials that belong in a cultural or historic centre and archives or museum. The program records are often linked to externally imposed record keeping requirements. How can a First Nation support records and information management in view of these broad and often conflicting functions that must be supported? Often, in light of the competing interests from these portfolios, it is difficult to have a program without specific funding. However, the funding may be limited to project rather than program funding.
Records Management Issues and Challenges
“The usual suspects”
Like other types of organizations, First Nations governments experience some typical challenges in establishing records and information management programs. These include:
- The need for leadership and senior management support, without which the programs get no financial or organization support and buy in. In most organizations, records managers must establish the value proposition in order for the program to obtain a mandate, funding and support;
- The growth of organization functions and the competition for funding of programs. Growth of organizations often means that funding must be directed to the programs directly associated with the key business operations. This competition, especially when there may be uncertainty about the value of records management, may lead to the view that the program is seen as not core to the organization, or “administrative”, consequently underfunded, or funded with what remains, often little or none;
- The diverse mix of materials to manage. Personnel use a blend of technologies to create information, and place equal importance on the historic and cultural records as well as on the current, frequently digital formats. Consequently, the records managers are required to assert control and manage a diverse array of information
At the Records and Information Management Symposium cited earlier, participants were asked identify their records management problems. Of the choices provided, the greatest number of respondents (30 of 65) answered that “all of the above” were their problems:
- no funding,
- no political will,
- no buy in from management and staff,
- not sure where records are stored, and
- no designated Records Manager to assign
These types of problems can be present in any type of organization, and are familiar to records managers in many settings.
Issues unique to First Nations bodies
In addition to the problems cited, the First Nations governments also experience some unique challenges with records and information management programs.
Record Keeping Terms within Agreements
Frequently there are terms and conditions within agreements for services with which First Nation must comply to maintain the relationship.
Most often, within many of the programs that First Nations provide, there is a provision for submitting reports and maintaining records for audit purposes. Beyond reporting, there are often much more specific requirements.
The provision of health services is an example with defined record keeping requirements. As previously described, the health portfolio is a key area present in most First Nations. In 2013, the First Nations Health Authority in British Columbia assumed the responsibilities and programs formerly provided to British Columbia First Nations through Health Canada. Interim and year-end reports are required for each of the programs for which the community receives contribution funding.11
Data management is also one of the key components of BC First Nations health governance.
“One of the action items in the Transformative Change Accord: Tripartite First Nations Health Plan is to improve the collection, use and sharing of First Nations health data in order to:
- Increase First Nations involvement in decision-making concerning their data and services and develop the capacity of First Nations in the area of health information
- Facilitate access to accurate, timely, reliable health information for First Nations to inform decision-making and use health data to improve the quality and effectiveness of health programming
- Facilitate and support principles of First Nations health information governance. “First Nations Health Information Governance” is a component of First Nations Health Governance and refers to a structure, process and protocols by which First Nations in BC have access to First Nations data and are influentially involved in decision-making regarding the culturally appropriate and respectful collection, use, disclosure and stewardship of that information in recognition of the principle that such information is integral to First Nations policy, funding and health outcomes. “12
Regional meetings throughout the province from February onward will provide further training on such data governance subjects as research and data anonymity.
The Indian Register is another function that is managed in many First Nations government offices, although it may also be managed in a regional office of Indigenous and Northern Affairs Canada. The Register
“is the official record identifying all Registered Indians in Canada. Registered Indians are people who are registered with the federal government as Indians, according to the terms of the Indian Act. Registered Indians are also known as Status Indians. Status Indians have certain rights and benefits that are not available to Non-Status Indians or Métis people. These may include on- reserve housing benefits, education and exemption from federal, provincial and territorial taxes in specific situations.
The Indian Register contains the names of all Status Indians. It also has information such as dates of birth, death, marriage and divorce, as well as records of persons transferring from one band (or First Nation community) to another.”13
A staff member who is trained to manage the Indian Register must follow the protocols that are included in the agreement for the individual community to manage the register. These protocols will include establishing processes to maintain the privacy and security of the records and information that are required. The types of information listed above include the most sensitive personal information, and custody and use of such information requires an understanding of the permitted uses and disclosure of such information.
For self- governing First Nations, the equivalent function is expanded to include their Membership Registry, which is the list of members of their nation, and their processes for admitting members into their community. The essential nature of this information requires that the staff members secure and protect the records against all possible disasters. This function is the equivalent of a Vital Statistics unit at the provincial level.
A third example of service provision by agreement in many communities is the Child and Family Services portfolio, by which the First Nation operates child welfare services, including child protection and child custody. The service is administered through, and provided by, the relevant provincial ministry, and the First Nations social workers and other staff will operate the program according to the standards established by the ministry. Particular requirements include the templates for documentation required, and the reports and audit information to be submitted. In addition, there are compliance requirements for privacy provisions necessary to protect the child and family identity. The information is maintained according to the provisions of the provincial protection of privacy legislation.
Personnel who administer the terms of these individual agreements are imbued with a sense of responsibility for the terms of agreement. This sense of individual responsibility often leads to siloes of activity, with staff in the portfolios unable to share their information with their peers in other departments within the First Nations government office.
The term “capacity” is used to describe the capability of the organization, usually in terms of staff numbers and skill sets. Despite the wide range of functions for which they are responsible, the typical First Nation office does not have many employees. Of the 617 communities, 60 percent have fewer than 500 members.
As an example, a very small First Nation, with 86 members, has 10 staff in its office. With this small number, staff members assume responsibility for several portfolios, in order to provide the range of services that the membership is entitled to receive. In addition, this First Nation employs several staff on contract to perform core functions of information technology management, housing management and policy development. The person performing the policy development role is supervising a contract for records management services. Information technology support is provided by an external service provider, who is responsible for the network, applications, hardware and software, as well as help support.
In a great number of communities, working for the First Nation government is the key source of employment, and governments see it as their responsibility to ensure as many members as possible have work. Whether employees have the necessary skills can be an issue. Hence, in most communities, there is training on the job, or attendance at courses, as a way to develop employees’ skills to perform their jobs.
In British Columbia, as communities established their own treaties, the issue of building capacity for their government bodies was addressed by the chiefs. The First Nations Public Service Secretariat (FNPSS) was established in 2008, specifically to address the development of skilled staff in the areas of financial administration, human resources development, policy development and information management. As part of the FNPSS information management capacity initiatives, consultants and partners developed the Information Management Toolkit, and provided training through nineteen 2-day Information Management Boot Camps hosted by individual First Nations and tribal councils.
Until their funding was removed in 2014 by the former Federal government administration, the FNPSS built partnerships with agencies and organizations that provided training for their membership. One of the key partnerships created by the FHNPSS was with ARMA Canada and the ARMA Vancouver Chapter.
The ARMA region and chapter were signatories to a Memorandum of Understanding14 with the FNPSS and the First Nations Summit in 2010 to provide training and capacity building opportunities for First Nations and First Nations organizations in British Columbia. The specific areas of work included provision of training to First Nations record keeping staff, professional development opportunities, research and development and mentorship for individuals. Since the signing, ARMA Canada has offered First Nations Information Management Boot camps as preconference sessions at the annual conference, has introduced topics of specific interest or held a complete track of topics relevant to First Nations organizations. The ARMA Vancouver Chapter was a co-host to the 2016 FN Records and Information Management symposium, and is providing financial support to an upcoming one-day symposium in Whitehorse. Attendance at the Vancouver symposium was expected to be 75 delegates, but the final number of registrants was 98, with a total attendance of 134, when speakers and sponsors were included.
Who is the records and information manager?
With consideration of the factors described, from the extensive number of portfolios to manage, the uncertain and varied sources of funding, and the limited number of staff, who is performing records and information management duties in First Nations government bodies?
A survey of First Nations governments in British Columbia and the Yukon, conducted by the First Nations Summit and ARMA Vancouver Chapter in November, 2015, 15 determined that only 16% of the agencies surveyed had one person managing records, as contrasted with 80% where each department or individual managed their own records (4% didn’t know). From 101 responses, only 8 indicated that there is an individual with “records” (manager or clerk) in their job title, and only 3 indicated that there is a records and information, or records and archives, department.
Who else manages the records? The survey further revealed that if there was one person assigned, the most typical person is the administrative assistant to chief and council, followed by the membership clerk or receptionist.
The survey confirms that most of the time, each department or each individual is left to manage the records on their own. The staff member may be organized and maintain a system, particularly if they are following rules established through a service agreement. However, usually, the records are maintained according to the individual’s own method and most are not inclined to manage records.
Most current records are now born digital, and most communities are able to use electronic communication. In the same survey, respondents indicated that there were electronic document/records management systems in place in 16 organizations.
Despite the use of computers and digital formats, staff members have difficulty locating the past records. Even in small organizations, when a person leaves their position, the successor staff member cannot find the records or make sense of them. Often the past files will be in various locations, with no uniform descriptions or finding aids to assist current staff to locate and use them.
So, we are left with the situation described by the leaders – the Grand Chief seeing the vision and practical value of records, and the leadership in communities hampered by not finding information.
The Future of Records and Information Management for First Nations
Information governance principles indicate that for programs to be fully developed, there has to be accountability, transparency, integrity, protection, compliance, availability, retention and disposition in place. Few First Nations government programs currently in place meet the requirements of the Principles®.
Grand Chief John’s comments indicate that records and information are valued assets in First Nations governments. He was discussing a specific legal case, which foreshadowed the current situation with litigation, e-discovery and the need for governments to have reliable and authentic records to support the variety of legal cases going forward.
The support from leadership will help lead the way forward to fully developed programs in all governments. However, from the words of the leadership to the operation of a fully developed program, there is a long pathway to be built. The support must be followed by specific funding and staffing to enable the program to develop, along with the other nine elements of government capacity16. Given the wide focus of their mandate, and the diverse body of information that a typical First Nation government is managing, a department consisting of trained records, information and archival professionals is required.
As new government bodies are established through treaty, the First Nations have a unique opportunity to build systems based on the principles, practices and procedures that have been developed by the Records and Information Management profession. A comparison with other types of government bodies in Canada should be made as funding is negotiated, to ensure that there is adequate support for their information assets.
Canadian records and information management professionals have been reaching out to the local First Nations communities to provide services and support. That support, as represented by the working relationship in British Columbia through the Memorandum of Understanding, has started a process to provide education and training initiatives. That support has also helped to raise the awareness of what is possible. We also have a unique opportunity to be advocates and leaders, assisting the First Nations staff to make the case and develop the strategic opportunities for records and information management programs.
12016 First Nations Records and Information Management Symposium, February 2, 2016. Musqueam Community Recreation Centre, Vancouver, B.C. Jointly sponsored by the First Nations Summit Society, Musqueam First Nation, ARMA Vancouver Chaper, Naut’sa mawt Tribal Council, and Collabware.
2The referenced case “R. vs. Guerin”, 1984, was the decision by the Supreme Court of Canada that established the Government of Canada’s fiduciary duty, a trust like relationship, to manage the financial affairs of the band. The details of this case involved an agreement to lease band lands for a golf course that was 10 percent of the original amount agreed by the Musqueam. Details of the changed terms were revealed to the Musqueam 12 years after the lease was signed. This case is also described as setting a precedent for aboriginal rights in Canada.
3Indigenous and Northern Affairs Canada. https://www.aadnc-aandc.gc.ca/eng/aboriginalpeoples/firstnations/
4Terminology. Indigenous and Northern Affairs Canada. Aboriginal Peoples and Communities. http://www.aadnc-aandc.gc/ca/eng.
6Naut’sa Mawt Tribal Council. http://www.nautsamawt.org/. There are 11 member First Nations on both sides of the Georgia Strait between the British Columbia mainland and Vancouver Island.5 Ibid.
7Schwartz, Daniel “How does native funding work?” CBC News, February 06, 2013. http://www.cbc.ca/news/canada/how-does-native-funding-work/
8https://www.aadnc-aandc.gc.ca/eng. Accessed February 12, 2016
10Based on the functions in the First Nations Information Management Toolkit, published by the First Nations Public Service Secretariat, Vancouver BC, 2011, and available for download at www.fns.bc.ca/fnps.
11Funding Arrangements. http://www.fnha.ca/what-we-do/funding-arrangements. Accessed February 12, 2016
12Data Management. http://www.fnha.ca/what-we-do/data-management. Accessed February 12, 2016
13Indigenous and Northern Affairs Canada. https://www.aadnc-aandc.gc.ca/eng/indianstatus/theindianregister
14Memorandum of Understanding between ARMA Canada Region, and ARMA Vancouver Chapter, and the First Nations Summit Society, and the British Columbia First Nations Public Service Secretariat (BCRNPSS), effective October 15, 2010.11
15Survey conducted by the First Nations Summit and ARMA Vancouver Chapter, November 2015, to obtain guidance on topics to present at the First Nations Records and Information Management Symposium, February 2, 2016.
16The Professional and Institutional Development program lists leadership, membership, law-making, community involvement, external relations, planning and risk management, financial management, human resources management, information management/information technology and basic administration as the ten core elements of governance.
2016 First Nations Records and Information Management Symposium. February 2, 2016. First Nations Summit Society, Musqueam First Nation, ARMA Vancouver Chapter, Naut’sa mawt Tribal Council and Collabware, sponsors.
First Nations Public Service. Information Management Toolkit for First Nations. 2011.
Indigenous and Northern Affairs Canada. Aboriginal Peoples and Communities. http://www.aadnc- aandc.gc/ca/eng.
Saloman, Tamisha and Erin Hanson. R. vs. Guerin, 1984. Vancouver, BC. http://indigenousfoundations.arts.ubc.ca/home/land-rights/guerin. Accessed January 31, 2016
Schwartz, Daniel “How does native funding work?” CBC News, February 06, 2013. http://www.cbc.ca/news/canada/how-does-native-funding-work/
Some Personal Reflections on the History of RIM in Canada
by Jim Coulson, CRM, FAI
Many Records and Information Management (RIM) professionals know of the pioneering work of Emmett Leahy1, an American icon in the development of the life cycle approach to managing records and information. However, little has been published about the major contributions of Canadians to the field and profession of Records and Information Management.
The Public Archives of Canada2 pioneered records management concepts in the federal government going back to the 1930’s. However, the growth of modern records management in businesses in Canada began in the mid 1960’s. The Acme Seeley Company of Waterloo, ON invented and received a Canadian patent for associating colours and numbers – colour-coding of file folders with lateral filing was born! Meanwhile, new concepts for global organizations advanced as Canadian, Harold Moulds, was drafted to develop the first records management program for the United Nations in New York. The first Canadian chapter of ARMA was chartered in Montreal on December 16, 1968 and, a few days later, ARMA Toronto was chartered.
My personal story with RIM began in May 1970 in Canada. A summer job in a record center in Toronto turned into a full time position in the Records Management department at Canada Permanent Trust. My boss, Major George Mowat had brought his years of army quartermaster experience to this bastion of Bay Street and set about developing and implementing records retention schedules in all locations of the company. About the same time, programs like this and one led by Dick Parmenter of Inco, were emerging in major corporations across Canada.
By this time, the value of RIM was being acknowledged in the US, but many of the advances were happening in Canada. Colour-coding and lateral filing were significantly refined by Don Barber and Tom Scrymgeour of Datafile, Toronto, expediting its acceptance throughout Canada and the US. During the 1970’s and early 1980’s, virtually every North American insurance company, hospital, mortgage company, insurance agent, doctor and dentist office adopted the productivity and space savings of the Canadian invention of colour-coding with lateral filing.
Then, as the fledgling personal computer industry began to impact offices globally, Canada became a hotbed of innovation in automated records management software. Much of the credit for this advance in Canada was due to vendors being able to develop software that met standardized needs of the federal government. The “Block Numeric System” was adopted as a uniform file classification system for federal employees and spread to most Provinces. This spawned innovation like automated file tracking at Alberta Energy, Forestry, Lands and Wildlife under Records Manager, Norma Dalton; records management software advances led by Bruce Miller of Ottawa (Provenance and Tarian – which was later sold to IBM); and leading document and records management software companies in Canada like Hummingbird, PSS and OpenText.
ARMA International was not standing still during this period and some of its most significant advances were pursued by Canadians and occurred in Canada. It was in Toronto in 1975 that Don Barber and a group of Canadian and American records managers got together and negotiated the merger of what was known then as, the American Records Management Association (ARMA), with the Association of Records Executives and Administrators (AREA), into a new entity called the Association of Records Managers and Administrators – the predecessor of today’s ARMA International. That same year, Don Barber played a major role in bringing about the creation of the Institute of Certified Records Managers (ICRM).
In 1980, a landmark conference on Records Management in Canada was held at the Banff Springs Hotel. Bob Morin of Saskatoon, was a passionate RIM pioneer who brought records management professionals together from across the country to put on the first Canadian Records and Information Management conference. Two years later, the conference was held in Montreal, with presentations and proceedings in both official languages. The ARMA Canada conference has since become a highly respected annual event.
Another phenomenon in Canadian records management occurred in 1980 with the creation of a Special Committee on Records Retention (SCORR), chaired by Ted Hnatiuk, with Carl Weise and myself, all members of the ARMA Toronto chapter. Supported by ARMA chapters across the country, SCORR was successful in petitioning the federal government to produce a definitive list of federal regulatory requirements affecting records retention. The first “red book” of federal records retention regulatory requirements in Canada was published in November 1980.
The following year, the membership of the Toronto Chapter of ARMA doubled to almost 300 members as the legal community began to understand the inherent value of records retention and management. The SCORR initiative evolved into a national Canadian Legislative and Regulatory Affairs (CLARA) group in 1982. Their mandate was to broaden the conversation and pursue Privacy and Freedom of Information, Trans Border Dataflow and Admissibility of Evidence – all harbingers of what was to come. These Canadian successes were the forerunners of the popular Canadian, Washington and Global Policy Briefs published today by ARMA.
Whether it is the ARMA International presidencies of Christine Ardern, John Smith, Jim Spokes and Rick Weinholdt, the impact of Don Barber on colour-coding world-wide, the Australian mentorship of Pat Acton, the global reach of the InterPARES projects of Luciana Duranti, the national leadership of Judi Harvey, Sandi Bradley, Caroline Werle and Ted Ferrier, (without whom there would be no goosing ceremonies) or the National Archives outreach of John McDonald, Canadians have been at the forefront of innovation and leadership in records and information management. It is not surprising that there have been four Canadian Fellows of ARMA International3 and seven who have received the highest global award in the records and information management profession, the Emmett Leahy Award4.
Canadians should be very proud of the people, ideas and products that have been made, and continue to be made that have such a global impact on Records and Information Management.
1Further information on Emmett Leahy can be found at http://www.emmettleahyaward.org/leahy-bio.html.
2Dominion Archives was founded in 1872, became the Public Archives of Canada in 1912 and renamed the National Archives of Canada in 1987, then in 2004, a combined entity, named Library and Archives Canada (LAC).
3No. 7 Judi Harvey, No. 15 James Coulson, No.26 Christine Ardern, No. 47 Sandi Bradley
4Anneliese Arenburg 1989, Patricia Acton 1992, James Coulson 1997, John McDonald 1999, Christine Ardern 2002, Bruce Miller 2003, and Luciana Duranti 2006
DISPELLING MYTHS ABOUT RECORDS RETENTION IN CANADA
By Stuart Rennie, JD, MLIS, BA (Hons.)
I have spent over 20 years of my practice advising organizations about their information governance. As a lawyer and records management consultant, I have learned that there are many myths about records retention law within the records and information management (RIM) profession in Canada. These myths hamper a proper understanding of records retention and increase the risk that records managers are applying the wrong law or no law at all in their work and thus exposing their organizations to risk of legal liability. These myths persist even with a wealth of information in the RIM profession to prove them as patently false. I will consider 6 of these myths in this article. I will demonstrate how they are myths and why they should not be followed by Canadian records managers and information governance professionals.
The 6 myths are:
- Myth 1: All Records Have A Legal Retention Period;
- Myth 2: Business Records In Canada Have A 7-Year Legal Retention Period;
- Myth 3: Legal Retention Periods In The United States Apply In Canada;
- Myth 4: All Employee Pay Records Must Be Retained Indefinitely;
- Myth 5: Since Emails are Transitory, Emails are Not Records and Not Part of A Records Retention Schedule; and
- Myth 6: There Are No Legal Consequences For Destroying Records, With Or Without A Records Retention Schedule.
MYTH 1: ALL RECORDS HAVE A LEGAL RETENTION PERIOD
Some Canadian records managers mistakenly believe that all records have a legal retention period. A legal retention period is the period of time specified by law for how long an organization must ‘legally’ keep records. These retention periods are usually expressed in the law as the organization keeping records for a minimum period of years. These legal retention periods are commonly found after proper legal research in applicable statutes and regulations.
However, the majority of the statute law and regulatory requirements do not set out a legal retention period. Canadian law is replete with legislative requirements for organizations to create and maintain classes of records but provides no stated legal retention requirement.
But without a specified legal retention period, what is an organization to do?
We know from practice that the vast majority or records created are not permanently preserved. So, how long does an organization need to keep records to be legally compliant when there is no guidance in the law? Proper legal research is required to determine which records have or do not have legal retention requirements.
This legal research needs to find out where the law is. While most legal retention periods are found in statutes and regulations, retention periods can also be found in other sources of law. Canadian courts are a source. From the Supreme Court of Canada, the top court in Canada, down through to the provincial Courts of Appeal and Superior Courts, and even the Provincial Courts, these courts are a source of guidance for organizations to learn how to interpret the law that affects their records.
Another source are boards and tribunals. These include the federal, provincial and territorial Information and Privacy Commissioners and a wide range of administrative tribunals across Canada: human rights, labour relations, regulators of professions, property assessment, environment, workers compensation, to mention a few.
Yet another source of law are contracts, collective agreements, bylaws and policies.
Legal research needs to be conducted to show if that law even applies to the organization. Is the law in force? Has the law been changed? Repealed?
Organizations should conduct proper legal research annually since laws often change. An organization that relies on out-dated or repealed law is at risk of penalties for non- compliance.
Organizations need to conduct their own legal research or retain a qualified lawyer with experience in records management and records retention law. Providing a competent legal review for a records management and information governance system is a daunting task for the individual who is non-legally trained. Often even in-house legal counsel will defer this to other outside legal counsel who specialize in legal reviews of records retention schedules, because it is not their area of specialty and is very time consuming.
MYTH 2: BUSINESS RECORDS IN CANADA HAVE A 7-YEAR LEGAL RETENTION PERIOD
It is a common myth in Canada, that all business records have a 7-year retention period. This myth is operative even outside of the records management profession. For example, in 1995 in the debate in the British Columbia Legislative Assembly to impose a 7-year legal retention on payroll records, a Member of the Legislative Assembly referred to retaining records for 7 years as “the infamous seven-year rule”.1
Infamous or not, there is no blanket 7-year retention rule in Canada. The exact origin of the “7 year rule” for business records is not known. It appears the Canadian Income Tax Act is the source. Section of the 230(4)(b) of the Income Tax Act, requires specified tax records to be kept for a minimum of six years from the end of the last tax year to which these records relate.2 For individuals, the tax year is the calendar year; for corporations the tax year is the fiscal period chosen by the corporation.
The Income Tax Act legal retention periods only apply to income tax records for Canada. There are an enormous number of records that do not come under the Income Tax Act legal retention periods. The Income Tax Act legal retention periods do not apply to business records like: payroll records, contracts, memoranda, minutes, articles of incorporation, business licenses, client records, sales and marketing records and workers compensation records.
MYTH 3: LEGAL RETENTION PERIODS IN THE UNITED STATES APPLY IN CANADA
Due to the common use of free Internet search engines in our workplaces today, there is a myth that legal retention periods in the United States apply in Canada.
An example disproves the myth. Let’s imagine a records manager working for a non- profit organization in Ontario. The Ontario non-profit is also a registered charity with the Canada Revenue Agency (CRA) and actively seeks donations from the public as an integral part of its budget.
The Ontario non-profit records manager is not legally trained. Her manager asks her to create a records retention schedule. An ARMA International member, she attends her local Chapter meeting and asks about creating a records retention schedule. She is referred to ARMA International’s recent 2015 standard: Retention Management for Records and Information (ARMA International TR 27-2015).3 She purchases it and finds it very helpful with loads of new information.
TR 27-2015 defines “legal value” as the “usefulness of a record in complying with statutes and regulations, as evidence in legal proceedings, as legal proof of business transactions, or to protect an individual’s or organization’s rights and interests.”4 She finds further reference to how to determine legal value in TR-27-2015 by reviewing statutes and regulation, whether federal, state or local.
She, like many records managers is time and cash strapped, so she looks to the Google search engine for legal research to determine the legal value of her non-profit’s records to recommend the specific legal retention periods. She does a Google search using the search term “Records Retention And Disposition Guidelines”. That online search produces, on the first page of Google search results, a hit to the Smithsonian Institution Archives, “Records Retention And Disposition Guidelines” 2008.5
The Smithsonian seems a credible organization to her. The Smithsonian in Washington D.C. was established in 1846 on the National Mall, in Washington, D.C. It has become the world’s largest museum and research complex. It has grown to be world famous and a popular tourist destination.
On page 1 of these Guidelines, the Smithsonian says that these Guidelines may be “freely used and modified by any non-profit organization”. “Free is always good”, she says. The Guidelines appear to apply to a Canadian non-profit organization.
The Guidelines refer to a long list of American (USA) federal and state laws containing recordkeeping requirements. That would appear to meet the TR27-2015 requirements. The Guidelines are reasonably current she thinks, only about 8 years old.
In the section “How Long to Keep Records” is a long list of minimum records retention periods. These records start from accident reports and end at workers compensation.
For instance, donations are retained for 7 years.6 So far, so good. Compliance for the legal value of her organization’s records seems to be met.
She decides to use these legal retention periods for her organization’s retention schedules. Mischief managed, end of story, “what’s next on my To-Do list?” she wonders.
But there are four legal liabilities lurking in the background. First, the Guidelines are over 8 years old. Laws change; all of the time! Some laws change weekly; with different aspects being put into force and other aspects being repealed. Thus annual reviews of your records management programs are vital.
The Canadian Parliament and the provincial Legislative Assemblies usually meet at least once a year to debate, enact, amend and repeal laws. The volume of law can be very large. For example, in British Columbia in 2015 alone, the BC Legislature enacted 42 bills, from administrative law to workers compensation.7 Along the way, the BC government in 2015 also created, amended or repealed over 400 regulations; it put into legal force over 40 statutes, those statutes encompassing hundreds and hundreds of sections of statute law.8 While not all of that law affected records, that volume of law to review for what does apply to records is intimidating even to the seasoned legal researcher.
In an 8-year time span, likely laws affecting the Ontario non-profit have changed. As the law changes, that means the laws affecting the Ontario non-profit have changed too.
This then requires a review of the records retention schedule. For an organization to rely on law that has been repealed and not in force means the organization is not following the law. TR27-2015 recommends periodic review of the retention schedule to ensure it is current and complies with laws in force. Many organizations complete an annual review of the law that applies to their records to ensure they are not liable for not complying with the law.
The second problem is the engagement of the principle of state sovereignty. State sovereignty says that countries have the exclusive right to make laws within their own boundaries. Recently, in 2014, the Supreme Court of Canada explained that:
Sovereignty guarantees a state’s ability to exercise authority over persons and events within its territory without undue external interference. Equality, in international law, is the recognition that no one state is above another in the international order.9
An integral part of Canada’s state sovereignty, is that Canada has federal, provincial, territorial and municipal governments. Each government has its own exclusive jurisdiction as defined in the Constitution Act, 1867.10 The federal or Canadian government has responsibility for laws of national and international concern, like a national currency, defence, foreign trade, criminal law and citizenship. The provinces are responsible for local concerns like education, health, property and civil rights and municipal government.
Historically, jurisdictions across Canada have developed and revised their own records retention laws. These jurisdictions include the government of Canada, 10 provinces, 3 territories, First Nations and the thousands of local governments – big and small-across the country. These laws vary greatly. It is useful to understand to briefly review some of the laws that each of these jurisdictions can enact in order to understand how state sovereignty works. As well, we can see how these laws differ greatly, in both number and complexity.
Here is an example of time-specified retentions by the Canadian government for Health Canada. Health Canada has a mandate under the Food and Drugs Act to help Canadians maintain and improve their health. Requiring legal records retention periods ensures relevant records are retained and available for inspection and testing and that this government mandate is met. Specifically, the Blood Regulations under the Food and Drugs Act are intended to “promote the protection of the safety of Canadian blood donors and recipients in connection with the safety of blood for transfusion or for further manufacture into a drug for human use”.11 Sections 119 to 122 of the Blood Regulations set out, for different types of blood products, a complex matrix of required retention periods that vary from between 1 year to 50 years.12
Here is an example of a Canadian province, which has a records retention law for archival purposes. In Ontario, Part III of the Archives and Recordkeeping Act, 2006 requires every public body to prepare a records schedule for each class of public records they create or receive, the records retention period and then the disposition of the records at the end of their retention period.13 Then, each records schedule must be approved by the Archivist of Ontario. Unlike Canada’s Blood Regulations, Ontario’s Archives and Recordkeeping Act, 2006 does not set out specific retention periods for specific government records. Instead the Archives and Recordkeeping Act, 2006 is focused, not on the records management requirements, but on the archival value of government records to ensure their long-term preservation.
Here is an example of a Canadian territory specifying specific records that must be retained. Nunavut’s Wildlife Act has not as complex a records retention requirement as the Canada’s Blood Regulations, nor an archival approach like Ontario’s Archives and Recordkeeping Act, 2006. Instead, the Nunavut government has taken a broad approach to records retention for wildlife matters in the territory. Section 187(4) provides that any record or document required to be kept under the Wildlife Act must be retained for a period of at least 2 years.14 These records are not just government records, but all records that come under the purview of the Wildlife Act.
Here is an example of a First Nations Self-Government in the developmental stages of records management development. The Kwanlin Dün First Nation is located in Whitehorse, Yukon. The Kwanlin Dün First Nation has recently signed the Kwanlin Dün Final Agreement between it, the government of Canada and the Yukon Territory.15 The Final Agreement is comprehensive with provisions defining types of records as “Documentary Heritage Resources” and requiring specific classes of records like enrolment records to be maintained. The Final Agreement is silent on records retention but the Kwanlin Dün First Nation’s Corporate Services Department is responsible for effective records management of Kwanlin Dün First Nation’s records, including retention and disposition.16 As First Nations like Kwanlin Dün develop their legislative mandates, it is expected that they will enact records retention laws in the future.
Here is an example of a city creating a bylaw to address records management. The city of Surrey in British Columbia is the second largest municipality after Vancouver. Under the provincial Community Charter, the City Clerk is responsible for the preparation, maintenance, access and safe preservation of all City records.17 As well, the Freedom of Information and Protection of Privacy Act requires that the City must make every reasonable effort to assist applicants and to protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal.18 To meet these legal requirements under two different provincial statutes, the City of Surrey has enacted a records management bylaw.19 This bylaw authorizes the Surrey City Clerk to manage the records management system for the City. A policies and procedures manual is required. This manual must include specified provisions, including those for records retention.
Let’s review the implications regarding the Ontario non-profits records retention plan. The significance of this discussion is that Canadian law does not apply inside the United States and United States law does not apply inside Canada.
Applied to our example, the Smithsonian “Records Retention And Disposition Guidelines” applies only to US non-profits, not to Canadian non-profits. State sovereignty holds that Canadian or Ontario courts would not be bound in law to follow the American law upon which these the Smithsonian records retention periods are made. That means the Ontario non-profit is not able to prove it complied with applicable Canadian or Ontario law.
That leads us to our third and most concerning liability. Since the Ontario non-profit is using out-dated law, that is the wrong law from a foreign jurisdiction, its risk is great that it is liable to suffer penalties as a result. For example, the Smithsonian Guidelines provide a 7-year retention for donations after which it can be destroyed by the Ontario non-profit.
But the Income Tax Act of Canada requires that if the donor of property to the Ontario non-profit directs this donation is to be held by the Ontario non-profit for 10 years or more, then the legal retention period must be 2 years after the Ontario non-profit winds up its operations and/or its charitable status is revoked by the CRA.20 Wind-up and revocation might not occur for decades, if at all. If the Ontario non-profit destroys records evidencing this 10+ year donation, let’s say 7 years after it receives it following the American Guidelines, the Ontario non-profit is violating the Income Tax Act because the Ontario non-profit needs to retain these donation records for 2 years after the non- profit ceases operation and has its charitable status revoked. Since its charitable status has not been revoked, the Ontario non-profit wrongfully destroyed these donations records.
The penalties in the Income Tax Act of Canada that can be applied to the Ontario non- profit for this wrongful destruction are serious and multiple.
First, at any time, the CRA can inspect and audit all of the Ontario non-profit’s records, not just the donation records.21 An audit like this could alert the CRA to the Ontario non- profit’s destruction of the 10+ year donation records. An audit could alert CRA to other irregularities, increasing the Ontario non-profit’s legal liability.
Second, if the CRA finds out that the Ontario non-profit has improperly destroyed these records, the CRA can specify how and when the Ontario non-profit keeps its records.
CRA can further require the Ontario non-profit to make an agreement with the CRA. CRA then can conduct follow-up visits to the offices of the Ontario non-profit to ensure the Ontario non-profit is complying with the agreement.22 Time and money spent by the Ontario non-profit with the CRA complying with the illegal records destruction event is time not spent doing the good works and charity for which the Ontario non-profit was created.
Third, if the CRA finds out that the Ontario non-profit has lawlessly destroyed these records, it can also fine the Ontario non-profit. The fine is a minimum of $1,000 to a maximum of $25,000.23 CRA can go further and impose both the fine and a maximum 1- year in prison for the person at the Ontario non-profit who was guilty of destroying the records.24
Fourth, if the CRA deems the ill-advised records destruction as tax evasion, the CRA can launch a tax evasion prosecution. The penalties for tax evasion are a maximum fine of 200% of the tax owed and/or 2 years in prison.25 Tax evasion penalties are in addition to the penalties for records destruction.
Fifth, the CRA has the power to seek a compliance order from a Federal Court of Canada requiring the Ontario non-profit to abide by any agreements CRA requires. Failure of the Ontario non-profit to comply with a Federal Court order can result in contempt of court fines and even prison against the Ontario non-profit.
If faced with CRA’s three-pronged enforcement actions of audit, investigation and prosecution, the Ontario non-profit will likely obtain legal advice to represent itself. That legal advice comes with a hefty price tag, not to mention the time the Ontario non- profit needs to spend to inform and instruct its legal counsel, marshal its evidence and prepare to defend itself against the CRA in Federal Court.
These are just the legal liabilities. The Ontario non-profit will also have to face the wrath of the donor and the donor’s family, the public and the media. This single unauthorized records destruction event could cost the Ontario non-profit future donations that would seriously hamper its operations.
MYTH 4: ALL EMPLOYEE PAY RECORDS MUST BE RETAINED INDEFINITELY
There is no legal requirement in Canada for organizations to retain all employee records indefinitely. This applies to other business records as well. Canadian courts have held that such a requirement is unreasonable.26
Also, indefinite retention, without disposition, violates the life cycle of records. In the final cycle, records creators need to determine records disposition. They have to review the records and decide to: either retain the records permanently in an archive or destroy the records.
In a perfect world, at the moment of record creation, the record creator should consider the disposition of the record and appraise the record: either to be disposed after legal and operational requirements are completed (with a defined retention period) or preserved permanently as authentic evidence and heritage of the organization’s activities.
There are principles that records managers in Canada can use to effective apply records retention. For example, ARMA International has the Generally Accepted Recordkeeping Principles® (the Principles).27 The Principles set out “the critical hallmarks of information governance and provide both a standard of conduct for governing information and metrics by which to judge that conduct.”28
There are eight Principles: Principle of Accountability, Principle of Integrity, Principle of Protection, Principle of Compliance, Principle of Availability, Principle of Retention, Principle of Disposition and the Principle of Transparency.
For the Principle of Retention:
[A]n organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements.29
The Principle of Retention is silent on what are the specific legal, regulatory, fiscal, operational, and historical requirements. These requirements can cover a vast range: in what legal jurisdiction(s) is the organization is doing business and the complexity of the recordkeeping system employed by the organization. Complete legal research is required to ensure that the organization has the current relevant records retention law at hand.
ARMA International’s Principle of Retention is closely allied to the Principle of Disposition.
The Principle of Disposition provides that:
[A]n organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organization’s policies.30
For employee pay records, they typically are: employee personal information like name and address, hours worked, wage rate and calculation of wages and any overtime paid, deductions and allowances.
Statutes typically contain the legal retention periods for these records series. Statutes differ jurisdiction to jurisdiction across Canada. For example some jurisdictions require these records to include payroll information but information about leaves (like compassionate leave, reservist leave, maternity and parental leave) and vacations.
Let’s examine how the 10 provinces from coast to coast in Canada treat records retention for employee pay records.
British Columbia requires employers to retain employee pay records for 2 years after employment terminates.31 British Columbia does not require employers to retain records of leaves.
Alberta is different from British Columbia. Alberta requires employers to retain employment record for at least 3 years from the date each record is made.32 The employment record includes leaves and vacations.
Saskatchewan requires employers to retain employee pay records for the most recent 5 years of the employee’s employment and for 2 years after employment ends.33 Vacation records are included in the pay records requirement, but not records of leaves.
Manitoba is the same as Alberta, 3 years.34 Both Alberta and Manitoba require retention of payroll information and records of leaves and vacations.
Ontario has the most complex legal retention requirements for employee pay records in Canada.35 Ontario requires either the employer to retain the following records or to pay for someone else to retain these records.
Records of the employee’s name and address and date employment must be retained for 3 years after employment terminates.
Records of the employee’s date of birth, if the employee is a student and under 18 years of age, must be retained the earlier of 3 years after the employee’s 18th birthday or 3 years after employment terminates.
Records of the number of hours the employee worked in each day and each week and overtime must be retained for 3 years after the day or week to which the information relates.
Records of employee wage statements, wages due on employment termination and vacation must be retained 3 years after the information was given to the employee.
Like Alberta and Manitoba, Ontario requires that records of leaves and vacation must be retained for 3 years.
Quebec requires employers to retain payroll information for a given year for a 3-year period.36 Records of vacation, but not leaves, are included in payroll records.
New Brunswick, like Ontario, permits employers or someone retained by the employer to keep payroll records. Payroll records must be retained for at least 3 years after work is performed.37 Records of leaves and vacation are included in payroll records.
Nova Scotia requires employers to retain payroll information and records of leave and vacation for at least 3 years after the work was performed.38
Prince Edward Island
Prince Edward Island requires employers to retain payroll records for 3 years after the work was performed.39 Vacation records are included, but not leave records.
Newfoundland and Labrador
Newfoundland and Labrador requires employers to retain employee payroll and vacation information for 4 years from the date of the last entry in the record respecting the employee.40
The triggering event to start the retention period running depends on the province. There is no harmonized triggering event across Canada.
For British Columbia, the triggering event is the employment termination date; for Alberta and Manitoba it is when the record was made; for Ontario and Saskatchewan it is either termination date or when the record was made depending on the type of record; for New Brunswick, Nova Scotia and Prince Edward Island it is neither termination date, nor when the record was made but when the work was performed; for Newfoundland and Labrador it is from the date of the last entry in the record respecting the employee. For Quebec, it is the given year.
Records managers need to be mindful that the language of the statute determines the event that triggers the running of the retention period.
All of the provinces do not mandate maximum retention periods. Neither do the provinces require destruction of employee pay records after the legal retention period has expired. The minimum legal retention periods range from 2 to 5 years depending on the province. The law is flexible in this regard. Records managers can take advantage of this flexibility if it benefits their organizations to retain these records longer if it legal risk to do so is reasonable and the organizations need these records for business purposes.
MYTH 5: SINCE EMAILS ARE TRANSITORY, EMAILS ARE NOT RECORDS AND NOT PART OF A RECORDS RETENTION SCHEDULE
This myth has several elements: emails are transitory, emails are not records and thus emails do not form part of a records retention schedule. All these elements are myths.
An instructive case to prove this myth false is a recent one arising out of a report from Elizabeth Denham, British Columbia’s Information and Privacy Commissioner (the “Commissioner”). The Commissioner provides independent oversight and enforcement of B.C.’s access and privacy laws, including the Freedom of Information and Protection of Privacy Act.
In October 2015, the Commissioner released a report: Access Denied: Record Retention And Disposal Practices Of The Government Of British Columbia.41
The facts of the case are unique.
In 2014, a former employee of the Ministry of Transportation and Infrastructure complained to the Commissioner that government emails were improperly destroyed responsive to an information access request about government meetings regarding the provincial Highway 16/the Highway of Tears. The Highway of Tears is a 700 kilometre portion of Highway 16, located between Prince George and Prince Rupert, in northern British Columbia. On the Highway of Tears a number of women have tragically disappeared.
The Commissioner’s office investigated. After initial investigation, her office then expanded the investigation to also include the Ministry of Advanced Education and the Office of the Premier.
In her report, the Commissioner found that government employees had improperly destroyed emails, lied under oath and that the Premier’s Office managed requests for records without documentation and these requests were not processed in a timely manner. As a result, the Commissioner found that the government had violated its legal duty to assist an information access request under the Freedom of Information and Protection of Privacy Act.
The Commissioner observed that:
I am deeply disappointed by the practices our investigation uncovered. I would have expected that staff in ministers’ offices and in the Office of the Premier would have a better understanding of records management and their obligation to file, retain and provide relevant records when an access request is received.42
The Commissioner’s observation show how deep this myth is, the myth that email is not a record. British Columbia has had the Freedom of Information and Protection of Privacy Act in force since 1993. To have over 20 years elapse and still those in government have little understanding about records retention is both disappointing and surprising.
But this false belief does not reside only in British Columbia. In my experience, belief in this myth is common across Canada.
The Commissioner recommended the BC government take corrective action, including: mandatory training in records management, including training on what is a transitory record and what is not, to ensure that employees follow correct processes when responding to access to information requests.43
After the Commissioner released her report, the BC government retained its own expert to provide recommendations on how to implement the Commissioner’s report. This expert was David Loukidelis, QC, the former BC Information and Privacy Commissioner.
In December 2015, the government’s expert released his report (“Loukidelis Report”). 44
The Loukidelis Report frames the issue of emails and their relationship to RIM: The records management and archival implications of modern electronic communications media are indeed daunting. It is difficult to understate the challenges such phenomena present for records and information management, and archives, in the electronic age.
The situation in British Columbia illustrates this. The provincial government’s Office of the Chief Information Officer (OCIO) has advised that some 284,000,000 emails are received by the provincial public service each year, with approximately 86,000,000 being sent each year. The storage space for received emails alone amounts to some 43 terabytes of data annually, with roughly 13 terabytes being required to store sent emails. This is apart from the doubtless staggering volume of other electronic information and records created each year. This matters, obviously, because, if records cannot be found because they have not been properly managed and retained in electronic form, important public interest objectives will be harmed. So will the public’s rights of access to records. [footnotes omitted]45
Many of the recommendations in the Loukidelis Report agree with those in the Commissioner’s report. The BC government has stated it will implement all of the recommendations in the Loukidelis Report.46
Reading both reports from these two privacy experts—one a sitting Privacy Commissioner, trained as an archivist and the other a former Privacy Commissioner, trained as a lawyer—affords insights to answers to the question “what is a transitory record?”
If we pause and look outside the British Columbia Commissioner’s report and the Loukidelis Report, for a definition, we don’t have to go far.
In the American Society of Archivists’ A Glossary of Archival and Records Terminology, “transitory record” is “a record that has little or no documentary or evidential value and that need not be set aside for future use.”47
In the Canadian General Standards Board, Electronic Records as Documentary Evidence standard, a “transitory record” is a “record that is required only for a limited time to ensure the completion of a routine action or the preparation of a subsequent record.”48
In Newfoundland and Labrador’s Management of Information Act, a “transitory record” “means a government record of temporary usefulness in any format or medium having no ongoing value beyond an immediate and minor transaction or the preparation of a subsequent record. ”49
The common element in these definitions is that transitory records are only of temporary value. These definitions focus on the content of the transitory record; only the Management of Information Act mentions form.
Examples of common transitory records include: copies, drafts, notices, informational materials, advertisements like “junk mail” and unsolicited records.
In the RIM profession, transitory records are routinely destroyed to reduce record volume and the cost and time associated with managing records with temporary and limited value.
Back to the British Columbia Commissioner’s report and the Loukidelis Report, on the issue of email and transitory records, in her report, the Commissioner found that:
In conducting this investigation, it has become clear that many employees falsely assume that emails are impermanent and transitory, and therefore of little value. What this investigation makes clear is that it is a record’s content and context that determines whether a record is transitory, rather than its form.50
But, as a general proposition, is all email transitory? In both the Commissioner’s report and the Loukidelis Report, the conclusion is that all email is not transitory because it depends on the content and context of the email whether the email is transitory or not.
The definition of “record” in the Freedom of Information and Protection of Privacy Act supports this emphasis on the content and context of email, not email’s format: “record” includes books, documents, maps, drawings, photographs, letters, vouchers, papers and any other thing on which information is recorded or stored by graphic, electronic, mechanical or other means, but does not include a computer program or any other mechanism that produces records;51
As the Loukidelis Report observes, consistent with the Commissioner’s conclusions, that: [T]his non-exhaustive definition requires that information be “recorded or stored” by some “means”. It is beyond debate that electronic records, including emails existing only in electronic form, are records. Information in an email or an email string is electronically recorded or stored and is thus a record.52
Beyond debate outside the privacy world, and beyond debate extended to the justice system in general. For example, all of the Evidence Act statutes in Canada, be they federal, provincial and territorial, employ similar non-exhaustive definitions of a “record”. In doing so, these statutes permit email to be a record on its own to be
admitted in evidence in legal proceedings across the country. They also permit email to stand on its own, in place of paper records.
As a result, email in Canada can be a record, and like paper records, email has a proper home in a records retention schedule.
Myth 6: There Are No Legal Consequences For Destroying Records, With Or Without A Records Retention Schedule
A final myth is that there are no legal consequences for destroying records with or without a records retention schedule. The basis of this myth, in my experience, is the bogus belief that records are “just filing”. Records are not seen as an organization’s key information assets, which they are. Records are not considered evidence of an organization’s legal and business transactions, which they are.
In truth, there are serious legal consequences for destroying records, with or without a records retention schedule.
The term lawyers and judges use for illegal destruction of records is “spoliation”. The current statement of the spoliation in Canadian law is found in the 2008 Alberta Court of Appeal case, McDougall v. Black & Decker Canada Inc. 53
In that case, the litigation between the parties focused on a house fire in the home owned by the McDougall family. The fire department determined that the fire was caused by either carelessly disposed smoking materials or a malfunctioning cordless electric drill manufactured and distributed by Black & Decker. The McDougalls sued Black & Decker for the loss of their home. When litigation was started, the McDougall’s house was replaced by a new home. Parts of the McDougall’s drill in possession of the McDougall’s insurance company’s investigator went missing and were never found.
Black & Decker applied to have the lawsuit dismissed because of spoliation. It claimed it was unable to defend itself in court to show how the fire really began. It could not investigate the fire scene because it was now a new home. It could not investigate the drill because it was missing. The Alberta Court of Appeal found there was insufficient evidence to prove spoliation but directed a new trial. At the new trial, it gave Black & Decker the right to examine the insurance company’s investigator who had examined the drill before the evidence went missing.
In coming to its decision, the Alberta Court of Appeal reviewed the law of spoliation in Canada. The Alberta Court of Appeal found that spoliation “occurs where a party has intentionally destroyed evidence relevant to ongoing or contemplated litigation in circumstances where a reasonable inference can be drawn that the evidence was destroyed to affect the litigation”.54 It also found that, if spoliation occurs, the principal remedy is to presume as fact that spoliation is not to assist the spoliator and the courts, in their Rules of Court, have a variety of remedies to use to not assist the spoliator.55
The Rules of Court across Canada give the courts broad discretion to apply a number of remedies to deny the spoliator the fruits of his or her evidence destruction.
Courts may refuse to admit documents into evidence. In addition, courts have the power to detain, take custody or preserve evidence. Courts may draw an adverse inference against a party guilty of spoliation to find as facts certain evidence against a party who spoliates. Courts may refuse to hear witnesses or permit a spoliator to examine or cross-examine witnesses. Courts may impose costs against a party who engages in spoliation. Courts may also levy contempt of proceedings orders against spoliators. In addition to these court sanctions, organizations may face further court proceedings for fraud or other criminal conduct arising out of the spoliation. Most rules of court permit a default judgment, without a trial, to be entered against a defendant who destroys evidence. Similarly, most rules of court permit the dismissal of a legal action when a plaintiff commits spoliation.
In addition to these serious legal consequences, an organization may also suffer losses from bad publicity, loss of business or loss of reputation if it is found guilty of spoliation. As well, there is the time and money an organization must expend in order to defend court actions for claims it spoliated. This is time and money not spent on furthering the organization’s mission or purposes.
Given the wide range of sanctions, as noted above, there are serious legal consequences for destroying records, with or without a records retention schedule. Compliance with records retention law is a “shall”, not an option.
After you read this article, I hope you are convinced that these myths, if they live in your organization, need to be dispelled. I hope my article gets you to ask yourself questions about the efficiency and effectiveness of your RIM program. Questions like:
- Who in my organization should I give this article to read?
- Is my organization’s retention schedule legally compliant?
- How do I conduct legal research so I know what legislation has changed that affects my organization’s records?
- Do I need to conduct a legal review of my retention schedule? How do I do that?
- When was the last annual review of my retention schedule completed?
- Does my retention schedule include email?
- Does my organization need a RIM bylaw? How do I make a bylaw?
- Does my organization need RIM policies and procedures? How do I write them?
- Does my organization need more RIM training? On records retention? On transitory records?
- Is my organization retaining too many records?
- Is my organization doing disposition? Doing disposition properly?
- Is my organization at real risk of audit, investigation or prosecution and fines or prison for noncompliance with the law?
- Where do I get a RIM lawyer?
Once you ask yourself these questions and think through your answers, I hope you start a conversation within your organization about RIM so you can help your organization get on track to using your records more as information assets with improved legal compliance, risk control and greater peace of mind.
1Page 15611, Hansard (June 15, 1995)(Volume 21, Number 5)(https://www.leg.bc.ca/documents- data/debate-transcripts/35th-parliament/4th-session/h0615pm2#15624).
3See Bookstore at http://arma.org/.
5See http://siarchives.si.edu/cerp/RECORDS_RETENTION_SCHEDULE_rev3.pdf.4 Page 4.
9Kazemi Estate v. Islamic Republic of Iran,  3 SCR 176, 2014 SCC 62 (CanLII) at para. 35 per LeBel J. (http://canlii.ca/t/gdwht).
11Ministry of Health, Guidance Document: Blood Regulations (Effective date October 23, 2014)( http://www.hc-sc.gc.ca/dhp-mps/alt_formats/pdf/brgtherap/applic-demande/guides/blood-reg-sang/blood- guid-sang-ligne-2014-10-23-eng.pdf).
12See Blood Regulations (SOR/2013-178)(http://laws.justice.gc.ca/eng/regulations/SOR-2013-178/).
13See sections 11 to 16 (http://canlii.ca/t/l33t).
16See page 4 of the Kwanlin Dün First Nation Annual Report 2014-2015 (http://www.kwanlindun.com/uploads/KDFN_Annual_Report_2014_15_WEB.FNL_.pdf)
17See section 148 (http://www.bclaws.ca/civix/document/id/complete/statreg/03026_00)
18See sections 6(1) and 30 (http://www.bclaws.ca/civix/document/id/complete/statreg/96165_00)
19See Surrey Corporate Records By-law, 2010, No. 17002 (www.surrey.ca/bylawsandcouncillibrary/BYL- 17002-1D94.pdf)
20See section 5800(1)(d) of the Income Tax Regulations and Canada Revenue Agency, Books and Records Retention/Destruction (IC78-10R5)(June 2010)(http://www.cra-arc.gc.ca/E/pub/tp/ic78- 10r5/README.html).
22Section 230(3) and IC78-10R5)(June 2010) at page 4.
26See Moutsios c. Bank of Nova Scotia, 2011 QCCS 496 (CanLII)(http://canlii.ca/t/2fpvn).
28Page 2 in ARMA International’s Information Governance Maturity Model (http://arma.org/docs/bookstore/theprinciplesmaturitymodel.pdf?sfvrsn=2)
31Section 28(2) of the Employment Standards Act, R.S.B.C. 1996, c. 113 (http://www.bclaws.ca/civix/document/id/complete/statreg/96113_01)
32Section 15 of the Employment Standards Code, R.S.A. 2000, c. E-9 (http://canlii.ca/t/52bwr). 33 Section 2-38 of the Saskatchewan Employment Act, SS 2013, c S-15.1(http://canlii.ca/t/52kp9). 34 Section 135(3) of the Employment Standards Code, C.C.S.M. c. E110 (http://canlii.ca/t/52ktp).
35Sections 15, 15.1 and 16 of the Employment Standards Act, 2000, S.O. 2000, c. 41 (http://canlii.ca/t/52k2z)
36Section 2 of the Regulation respecting a registration system or the keeping of a register, C.Q.L.R. c. N- 1.1, r. 6 (http://canlii.ca/t/hnx0).
37Section 60 of the Employment Standards Act, S.N.B. 1982, c. E-7.2 (http://canlii.ca/t/52cnh).
38Section 15 of the Labour Standards Code, R.S.N.S. 1989, c. 246 (http://canlii.ca/t/524c4).
39Section 5.6 of the Employment Standards Act, R.S.P.E.I. 1988, c. E-6.2 (http://canlii.ca/t/52k23).
40Section 63 of the Labour Standards Act, R.S.N.L. 1990, c L-2 (http://canlii.ca/t/526fq)
41 Investigation Report F15-03(October 22, 2015)(https://www.oipc.bc.ca/investigation-reports/1874)
42Supra at page 3.
43Supra at page 57.
44David Loukidelis, QC, Implementing Investigation Report F15-03 Recommendations To The Government Of British Columbia (December 2015)(www.cio.gov.bc.ca/local/cio/d_loukidelis_report.pdf).
45Supra at pages 6 and 7.
46Office of the Premier, “Premier’s statement on freedom of information and records management improvements”(December 16, 2015)(http://bit.ly/1RDU1gv).
48CAN/CGSB-72.34, page 13 (http://www.techstreet.com).
49Section 2(h) in S.N.L. 2005, c. M-1.01(http://canlii.ca/t/k03h)
50Supra at page 49.
52Loukidelis Report at page 10.
532008 ABCA 353 (CanLII)(http://canlii.ca/t/21bl9).
54Supra, at para. 18.
55Supra, at para. 29.
The History of Records Management in Canada, 1867 – 1967
By Uta Fox
This paper surveys the development of records management in Canada. It focuses primarily on the federal government as well as a number of provinces. In implementing records management into the Canadian government a unique approach was developed. Ian Wilson, Librarian and Archivist of Canada1, commented that government (federal, provincial, and municipal) archives “… preserve not just the official administrative records but also acquire private materials in all documentary media bearing on history … and combine the traditional role of a record office with that of an active cultural agency…” (p.16). In other words, Canadian governments have adopted an integrated archival records management approach to the management of government archives and records.
According to Mark Langemo, records management originated in the US Federal government during the late 1940s, evolving from the U.S. archival profession. The US National Archives was established in 1934 to handle the past accumulation of federal documentation and the increasing volumes of records generated by the US federal government. In response to this growth President Harry S. Truman established the Commission on the Organization of the Executive Branch of the Government, which became known as the Hoover Commission in the late 1940s. A Task Force on Paperwork Management was established and Emmett J. Leachy was selected as chairman. The Hoover Commission defined the term “records management” in the late 1940s (Langemo, p.2-3). It is important to note that this is the first time this term was used, prior to this what we know to be records management, was referred to as “paperwork.”
In Canada the federal government’s records management programmes also derived from archives. To understand the origins and development of records management requires an understanding of the development of the Canadian archival tradition. And in Canada the responsibility for collecting its historical records, both public and private, fell to the government. (Wilson, p.15) In other words, collecting Canadian history and the records that documented that history was viewed as a public responsibility.
The first efforts to acquire historical or archival records originated from the Literary and Historical Society of Quebec, established in 1824. Following Confederation a more formal arrangement for Canadian historical records was desired and Cabinet, in 1872, created an “Archives Branch” in the Department of Agriculture, which was the department responsible for arts and statistics (Wilson, p.22). Journalist Douglas Brymner was appointed the first archivist and given a budget of $4000, three empty rooms, and very vague instructions (Atherton, p.86). Emphasizing collecting and copying2 Brymner focused on acquired pre- Confederation records . He was not concerned with the preservation of current government records (Millar, p.108).
According to Jay Atherton, the Post Office, in 1889, became the first department to experience a “records management” problem. The Postmaster General requested from Cabinet a standard five-year retention period for routine financial records. Looking to Britain for advice for “the weeding of public documents”
resulted in the Post Office’s schedule being amended so that more valuable documents were retained longer than those with less value. As well, Cabinet authorized the destruction of records mentioned in the amended schedule after their specified retention was achieved. As Atherton notes, Cabinet had approved the first records schedule in the Canadian government (Atherton, p.87). And while other departments destroyed records irregularly after consulting with the Treasury Board, the practice was neither consistent nor systematic.
Interestingly, as the Archives Branch was created by Cabinet, the Department of the Secretary of State, which was responsible for “keeping all State records and papers not specially transferred to other Departments,” created the Records Branch of the Department of Secretary of State. The Records Branch was concerned with the government’s administrative records and “The safe keeping and classification of the archives” (Wilson, p.22). Henry J. Morgan became Keeper of the Public Records which resulted in two agencies responsible for collecting historical public records. Yet, little effort was expended on the current government records. Government departments showed little enthusiasm in transferring records either to the Keeper or the Archives Branch and the majority of government records still lay in attics or basements of government buildings on and around Parliament Hill (Atherton p.87).
It fell to Joseph Pope, former secretary to Sir John A. Macdonald and Under Secretary of State in the Laurier government to bring attention to the duplication, confusion and expense of two rival agencies as well as the predicament of the historical public records. He proposed to consolidate the Archives and Records branches into a public record office (Wilson, p.23). Ironically, a short time later, a fire in the West Block in 1897 destroyed an entire floor and its contents, emphasizing Pope’s concerns which lead Cabinet to appoint a Commission to study the “periodical destruction of such papers and vouchers as may be deemed useless and which are merely encumbering the vaults…” (Atherton, p.88).
Following an inspection of the records in all the departments the Commission made a number of recommendations, one of which was the amalgamation of the Archives and Records Branches. Additionally, it suggested that:
- The government build a fire-proof building known as the Records Office which would function as a repository for the archives
- A standard ten year retention period be adopted for routine financial documents
- The departments review filing systems to determine records of no value which the Commission felt was the majority of the documentation
- The departments should be allowed space in the Records Office to keep their “more recent records” and retrieve them when
Clearly we are beginning to see an awareness of some of the components of a records management programme. As Atherton notes, had the government implemented the Commission’s recommendations the government would have established “rudimentary form of central control over records disposition” as well as a single Public Record office for storage of both current and historical records (Atherton, p.91). However, even though the Commission’s findings were not enacted upon, it did articulate and identify components of a records management programme and provide a reference document for future Commissions’ perusal.
While the pace towards a records management programme was slow developments continued. An Order in Council, in 1903, amalgamated the positions of Dominion Archivist and Keeper of the Record, an Archives building was promised, all historical files (except the Privy Council Office) designated by the commission were ordered transferred to the Archives “…for greater safety in their preservation…” and Arthur G. Doughty was appointed Dominion Archivist and Keeper of the Public Records (Wilson, p.24). As Jay Atherton notes, the government approved the transfer of department records to the Archives to be preserved, arranged and made accessible for historians, thus in effect recognizing the historical and research value of these records.
For the government departments though, transferring records to the Archives was voluntary. Furthermore, other records management principles not addressed were – a mechanism for the immediate destruction and disposal of useless documents, a standard retention period for routine financial records, a review of filing systems in department and a fixed age for transfer of records to the Archives. Records continued to accumulate at the Archives but it was through the Archives’ collection policies, not the transfer of government records, that the holdings grew.
In 1912, the Public Archives Act created the Archives as separate department under the Secretary of State and Douglas Doughty became the Dominion Archivist. Cabinet was now authorized to remove public records and historical material from the custody of the various government departments to the Archives building that was completed in 1906. However, in terms of records management criteria, the act “did not explicitly ensure the preservation of public records in offices of origin, nor did it provide for their orderly disposal under the supervision of Archives staff” (Atherton, p.92)
While the Archives continued collecting both public and private records, a policy for transferring records from the various government departments to the Archives did not exist. Nor was there a system to manage the current government records. At Doughty’s urging, another Royal Commission was establishment in 1912 to study and explore the “state of the department records” and while it too recommended establishing a public records office comparable to a records centre as part of the Archives, the First World War deferred this development (Wilson, p.32). An active Public Records programme eluded Doughty throughout his tenure as Dominion Archivist.
Records volumes increased dramatically during and following the Second World War. Additionally, huge growth in records activity coupled with the ability to create records more rapidly through such technologies as the typewriter and microfilm greatly expanded the governments’ holdings. The Royal commission on the National Development in the Arts, Letters and Sciences, 1949-1951, known as Massey Commission, had, according to Laura Millar, a “strongly nationalistic imperative” in that it wanted to change Canada’s cultural environmental (p.114).
The Commission also addressed the state of federal records. It did applaud the government’s establishing a Public Records Committee in 1945. This committee, under the auspices of the Secretary of State, had the Dominion archivist as Vice Chairman. The purpose of the committee was to reduce the “vast paper burden” within government, where “decades of old files were “moldering in damp cellars” and identify and transfer those government records having historical value to the Archives (Cook, p. 206).
But, in addressing the Public Archives, the Commission discussed the Public Records problems at length. Referring to past Royal Commissions (1897, 1912) that studied the Public Records the Commission noted that these past Commissions “labored almost if not altogether in vain” (Massey, p. 113) since the majority of their recommendations were not enacted upon by the government. It criticized the government, the civil service, and the Archives for the fact that the government records were “in a state of chaos” as records were scattered around Ottawa in inactive or dead files (Cook, p.207). Furthermore, the Commission addressed the lack of economy in recordkeeping, pointing to the cost of $175,000 spent annually to store records which “can probably be classified as dead, in that they have no further administrative or historical usefulness” (Massey, p.114).
Some of the Commission’s recommendations included a review and clarification of the current regulations governing the disposal of public documents; implementing provisions for systematic and continuous transfer of inactive records to the Archives; delegating records destruction authorization to the Public Records Committee; and hiring and training properly qualified records officers.
Fortunately, at this same time W. Kaye Lamb became the fourth Dominion archivist of Canada (1948-1969). Under his tutelage records management became firmly entrenched in his efforts to modernize the Public Archives. He firmly favoured the American practice of a records centre “as a half-way house, or cooling-off place” for those records between active use in departments and their final disposition of destruction or archival transfer. In 1956 the Public Archives Records Centre (PARC) opened at Tunney’s Pasture, crown-owned land two miles west of Parliament Hill and adjacent to the Ottawa River. Departments began to transfer their records and an efficient system established for accessioning, listing and storing inactive records, accurate statistics were kept and a reference service established which prided itself “… on delivering any file to the department requesting it within three hours of the receipt of the request” (Ormsby, p.40) However, the years of records neglect proved to be challenging. Some of the documents were in such bad shape that they literally were handled with shovels, while others were infested with silverfish (Cook, p.210). PARC soon had rooms for receiving, cleaning and sorting records, a fumigation chamber, offices, reference rooms and a research room (Ormsby, p.40).
In addition to providing valuable records storage, the PARC was a control mechanism that ensured only scheduled records were transferred and it functioned to identify those records whose value had ceased as well as those with historically value. The Glassco Commission, or the Royal Commission on Government Organization, 1960-63, also endorsed the Records Centre concept urging it to be the focus of any records management programme. It suggested establishing regional Records Centres in areas where it was cost effective. Both Toronto and Montreal soon had federal Records Centres.
Soon after PARC opened the Central Microfilm Unit was moved to the Public Archives; a Records Management Survey Committee conducted a survey of records management in the federal departments; in 1961 the first month-long records management course was held and in 1966, the Public Records Order abolished the Public Records Committee and gave the Dominion Archivist sole authority over disposal of federal public records and the responsibility for coordinating the government records management programme (Atherton, p.105).
Lamb saw to it that microfilm, with its many advantages, became part of the archival records management programme. Regional government offices opened across the country and microfilm provided efficient access to duplicate copies of government records. Security was another feature particularly in the 1950s with the threat of nuclear war. In fact, in 1959, the Public Archives was “assigned core responsibility to operate a new “essential records” program across the entire government” (Cook, p212). Once processed, microfilm was stored in secret sites but available if “a major disaster, either natural or nuclear occurred” (Cook, p. 212) and a Vital Records programme was in effect.
On the provincial scene, the development of records management in Ontario’s provincial government paralleled the federal government in that the records management impetus came from the Archives. Following World War II, the provincial records situation was uncoordinated, decentralized, and unmanaged.
With individual provincial departments controlling their recordkeeping, increasing volumes in inactive and dead records adversely effecting retrieval, and a microfilm programme lacking cohesion, the Ontario government failed to view record and recordkeeping as an important element in government operations .
Threatened with closure shortly after the Second World War, the Ontario Archives, under the direction of George Spragge, Archivist of Ontario (1950-1963), embarked on an “archival records management” strategy (Craig, p.10). However, Spragge drafted retention schedules, lobbied for uniform procedures for systematic records disposal, and suggested the concept of a Public Records Centre but it was not until 1965, with the publication of the Moore Report that an archival records management programme was established in that province.
While requests for records disposal were subject to the Archives Act, the Archives themselves wielded little authority. One of the problems in Ontario was the lack of influence of the Archives. While the Archives Act of 1923 gave the Archivist of Ontario status as a deputy head of department, the Archives themselves were viewed “…peripheral to government, an antiquarian organization dealing with the past as a service to small groups of scholars (Craig, p.4-5). Indeed the Treasury Board’s Secretariat was pivotal to the government’s administration.
The Moore Report of 1965recommended that “Records Management must be “treated as an integral and essential part of efficient administration and not as an end in itself” (Craig, p.17). It reiterated previous records management requests one of which was the Records Centre. But in fulfilling that service the government had to resort to outsourcing. Lacking qualified staff an agreement was made with Harold Moulds of H.M. Record Services who, in addition to providing the Records Centre and Records Centre services, also assisted in developing classifications for department records, trained staff, and developed standard procedures and retention scheduling. The first records retention schedule was developed in 1965 and departments began shipping inactive records to the Records Centre (Craig, p.20). Ontario had embraced the archival records management concept.
The movement towards records management in New Brunswick took a different course. As Marion Beyea notes, while “… [records management] was born … during the buoyant Sixties, [it was] late enough to benefit from the experience of the federal government and several provinces…” and it was not hampered by the archival perspective because at that time, New Brunswick did not have a provincial archives (p.61). New Brunswick’s Public Records Act of 1929 defined records and gave the province responsibility for their preservation but not in terms of a records management programme. In 1963 the province passed the Public Documents Disposal Act which established a Documents Committee. It was this Committee that requested a Provincial Archives and a records management programme.
Interestingly, Harold Moulds (of H.M Records Services Ltd) was called on to assist with the development of a records management programme and he recommended the immediate hiring of a director of records. Fernando LeBlanc was hired to identify active and inactive records, transfer inactive records to a records centre, and destroy records not required (Beyea, p.63). Dominion Archivist W. Kaye Lamb was also consulted and he suggested a moratorium on records destruction until such time as these records were appraised by a professional archivist. Lamb made additional recommendations and Beyea credits these as laying the foundation for a Provincial Archives and a records management programme. For example, Lamb suggested that archives and records management should be “ …jointly developed, that records are handled economically, and that items of long-term value are identified, segregated and preserved” (Beyea, p. 66). He also advised the integration of archives and records management programmes which occurred in 1967 (Beyea, p.68).
However, the government did not adopt Lamb’s recommendation of building a Records Centre near the Bonar Law-Bennett building. Instead it kept the Records Centre in the Department of Public Works’ Records building and the Douglas warehouse which it quickly outgrew. When moved to temporary quarters on McLeod Avenue while the supplementary storage space in Douglas was moved to another warehouse, the Neil building in downtown Fredericton in 1971. Neither location promoted confidence with staff to use the Records Centre. Lacking space, fire safety, and the floods in 1972 and 1973, hampered the development of the records programme (Beyea, p.71). Eventually, in the late 1970s, a Records Centre was provided just outside of Fredericton which encouraged the “quality and quantity of the records programme” to expand (Beyea, p.72).
By 1967 the federal government had made considerable advances to its records management programme. In 1966 a new Public Records Order assigned control over records destruction to include all media; scheduling was made mandatory; departments required the Dominion Archivist’s authorization to destroy or remove records and the Dominion Archivist’s advice was required for any microfilming projects. Archives had complete authority over scheduling and records disposal.1966 also saw the Public Archives Records Centre (PARC) become the Records Management Branch responsible for the following areas: accessioning and reference services for inactive records; managing the regional Records Centres, and providing advisory services including scheduling and disposal, vital records, inventorying, training and publications.
Jay Atherton, “The Origins of the Public Archives Records Centre, 1897-1956,” Archivaria
Marian Beyea, “Records Management: The New Brunswick Case,” Archivaria
Terry Cook, “An Archival Revolution: W. Kaye Lamb and the Transformation of the Archival Profession” Archivaria
Barbara Craig, “Records Management and the Ontario Archives, 1950-1976,” Archivaria,
Dr. Mark Langemo, Winning Strategies for Successful Records Management Programmes (Information Requirements Clearinghouse: Denver, 2002) .
Laura Millar, “Discharging our Debt: The Evolution of the Total Archives Concept in English Canada,” Archivaria
Ian E. Wilson, ““The Noble Dream”: The Origins of the Public Archives of Canada,” Archivaria,
http://collectionscanada.gc.ca/massey/h5-417-e.html accessed on May 3, 2008
1Ian E. Wilson, Librarian and Archivist of Canada, was, in March 2008, elected as the President of the International Council of Archives, a position he will assume in July 2008.
2Laura Millar notes that the decision to copy records emerged from concern for the preservation of those records central to Canada’s history of exploration and settlement, records not necessarily found in Canada (p.106) and copying records from Britain, France, the former colonies, etc., in no way diminished their value as a copied record was equal to that of an original record
2016 Introduction to
The Failure of the Red Deer Industrial School
By Uta H. Fox, MA, CRM
While attending ARMA Canada’s 29th Conference in Saskatoon, SK, in 2013, I was privileged to listen to a session entitled “The Cost and Complexity of Digitizing Records for the Truth and Reconciliation Commission.” It was delivered by Martin McGarry, PMP and Terry Reilly who provided an excellent presentation on the challenges of gathering, preserving and making accessible the stories and experiences of those who had been impacted by the residential schools in Canada.
Following ARMA Canada’s conference in Saskatoon, I went to Red Deer, AB. I had been invited to attend the Truth and Reconciliation Commission of Canada’s Public Sharings, June 6th to 8th, hosted by the Remembering the Children Society. This society was formed by Red Deer’s Sunnybrook United Church, First Nations and Métis peoples in 2005 after some church members discovered the Red Deer Industrial School’s cemetery existed, but was not cared for. The society’s mission was and continues to be to work to protect the Red Deer Industrial School’s cemetery as a gesture of healing and reconciliation with Métis and First Nations peoples.
Not only was I invited to attend the hearings, I was to be inducted by the Remembering Children Society’s as a Honourary Witness for my master’s thesis entitled “The Failure of the Red Deer Industrial School” completed in 1993 as a requirement for my Master of Arts degree from the University of Calgary.
This thesis provided society members with information that they used to gather the descendants of former students of the Red Deer Industrial School who shared the history and legacy of this institution and inspired support in preserving the cemetery. Many of the Métis and First Nations peoples had been unaware of this institution and its impact on their history.