As a public administrator or manager, you face an
increasingly sophisticated list of threats to the public records under your control. What
do you believe is the most likely disaster to damage or destroy the vital records of a
government agency? Is it Fire? Flood? What about Earthquake? Would it be a power surge,
shortage, or outage? Which one?
It is none of the above. The most likely event to ruin the
content and continuity of your records and information is human sabotage. Incidents most
likely to occur are arson fires, alteration of written and computer information, tampering
with technical systems and equipment. The perpetrator will most likely be someone known to
you and/or your agency. Often it will be a current or former agency employee.
Incidents in which records and information are defaced,
deleted, damaged or destroyed by persons in an upset state of mind are becoming common. It
may occur for reasons of mischief, malfeasance, madness, or momentary malicious mood. It
might happen to cover tracks, trails, tears, or torment. You must remember that
human-caused disaster is most likely to cripple, disable, or completely eliminate access
to the information in government records. There are two common varieties of this disaster,
the intentional and the accidental.
Take a moment to consider one of the risks that your agency
faces and suffers from each day. The "simple" misfiled document or file.
Consider the cost of locating or recreating a single
misplaced record can now range between $70.00 and $80.00. In any office, the average
misfile rate is between one and five percent. Make a quick count of file drawers, shelves,
and storage boxes in your agency, and do a bit of multiplication. Each year simple of this
type add up to thousands of dollars in lost productivity, and additional supply and
equipment costs.
The new age of electronic information technology systems has
taken a heavy toll on traditional ways of documenting and preserving records of government
activity. In electronic information systems, the data content is always changing. The
media used is fragile. Highly specialized and often costly equipment is necessary to read
and access the information. An increasing number of Government records worthy of
preservation for historical purposes exist only in electronic formats. These new
information systems present you with new management risks.(1)
The speed with which information technology develops and
evoles will cause you to confront one of these new risk management concerns--accessing
information maintained in obsolete technology formats. For instance, what if you were to
inherit your Uncle Bob's music collection? It consists of 300 8-track tape cartridges. How
would you play them?
The same concern occurs with the technology utilized to
record and retrieve government information. The technical means currently employed to
access information you need may already have or is in the process of becoming non-existent
and unusable. It is therefore critical that your agency upgrade technology and data at the
same time. Unless, that is, like the Smithsonian, you have budgeted for the maintenance of
a multitude of old information systems.
Planning for new systems must always include analysis of
record re-formatting needs. Could you download and read data tomorrow from a 5.25 inch
floppy back up disk made ten or more years ago? Do your office computers still have 5.25
inch drives? Is the data intact on your old 5.25 inch backup disks? Will the software you
are currently using read the old data format? No? Have you maintained the original
software programs? What are you going to do?
Safeguarding essential data, records, and information systems
against natural crises and disasters is no less important than preparing for the
human-caused variety. Rivers and streams do overflow their banks, hurricanes and tornados
have damaged government buildings, winter freezing and thawing does cause pipes to burst
and roofs to leak all at the most inopportune moments. The leak will be over file cabinets
and desks, and its source will be traced to an out of the way place. This is not a
revelation to you. You have witnessed little and big events like these throughout your
life. Must your agency have to suffer from them throughout its existence?
The use of dark, quiet, and out of the way places for records
storage seems to remain popular. They appeal to some agencies as much as they do to
spiders and snakes, to bats and rats. If variations of natural conditions in your climate
zone and in its flora and fauna can cause you and your records problems, they will.
Those are some of the more routine contingencies you face on
this part of the planet. If you could not take them, obviously you would have left them by
now and moved away. The assumption is, by the fact that you are reading this Guide, that
you have decided to stay in Georgia and deal with these particular facts and risks of your
records management life.
Unfortunately for you and the public, another assumption has
to be made here. Based on national trends, you and your agency are dealing with these
disastrous facts of your records management life just like the three managers, "hear
no evil, see no evil, and (most certainly) do no evil." In fact, they often seem
to have been made the sub-committee assigned to study hazards, and to prepare and maintain
your government's information and records contingency plans.
Although most municipalities, counties, and states have well
tested disaster, mutual response, and hazard mitigation plans in place, 98% of these do
not include thorough information and records management contingency planning. Most that do
mention it, leave the responsibility for implementation with the agency heads. No follow
up or check is made to insure these duties are carried out. Making the assignment is
usually the end of this planning.
You need not travel to the Yerkes Primate Center in Atlanta,
to know that it would have been unfair a moment ago to use the old analogy of the
three monkeys. This is because chimpanzees respond well to perceived threats. Anyone
who has watched more than a few public television specials has seen that, when chimps feel
something bad confronting them, they vocalize with alarm calls, they shake the brush,
stamp their feet, they assemble a group, and they react by taking some sort of action.
Sometimes they move a distance away to a safer location. In
other circumstances they will drive off the threat and stay put. They appear to have
learned from experience that, when it comes to safety, even a retreat or regrouping can be
a positive action. Now, if they could only train The Three Managers!
But why contingency planning for information and records?
Because, with inaction, the bad stuff that hurts it, will hurt it again. History
includes plenty of examples of every type of disaster that can, and has, seriously damaged
some agency's Georgia government records.
It only takes two tools to begin to diminish the risks and
reduce the likely damage from potential threats; a pencil and a note pad. They are all you
need to get going. Aside from knowing the Georgia Two-Step that is!
Choreography for the Georgia Two-Step is very
simple. The first step is hazard assessment. You must identify the risks that
threaten your records and information. This includes threats both to and from the
buildings, equipment, and systems that house and permit access to them. You do this by
making an evaluation walk-through. DO NOT attempt to make this walk-through from memory.
If you do, you will certainly trip yourself up!
As you walk through each work space and storage area, open
doors, look high and low,under and behind. Do not forget to carefully inspect the utility
and supply rooms. This is the stage in your records management career when you will learn
the difference between a "nook" and a "cranny." This knowledge
separates the veterans from the rookies! It is vitally necessary that you visually
determine the true and current status of things.
After completing that step, you will have learned, on a good
day, what physical hazards are threatening your information and access to it. You will
also begin to see how they will hurt you on a bad day--the day the next disaster strikes.
Now face your co-workers and continue the dance!
The second of the two steps is hazard mitigation.
You must reduce the risks you identified earlier. This consists of taking the follow-up
actions that address and mitigate the hazards. You need to prioritized the hazards
according to the level of threat, and begin to initiate remedial measures.
You will enter into partnership with other resources inside,
and perhaps outside of your organization. The help of facility managers, general services
personnel, and other specialists will be needed to reduce a hazard's potential to damage
your agency's information systems and its data resources.
Given the power of natural forces, it is probably impossible
for any agency to eliminate all levels of risk. However, you must do your very best to lessen
them. If you do not, sooner or later one of them will ruin your day, week, month, or
possibly even your public service career.
Hans Christian Anderson's children's story, The Emperor's
New Clothes, humorously exposes the unfortunate human tendency to overlook the
obvious. If your government either does not have a disaster plan, or has a disaster plan
which does not adequately cover contingency plans for access to, and security of,
government information and records in an emergency, then you and your other agency
officials, like the Emperor, are wearing new clothes!
In this case though, they are clothes of your own making. If
your emergency planners are to prepare adequate plans, they must be told of the records,
information, and systems which are essential to the reestablishment of your agency
operations in the aftermath of a disaster. These are your vital records.
Neglecting this makes you, like the Emperor, overlook the obvious.
By creating new plans, and training staff you can ensure an
early response and recovery of agency information, data security, and records maintenance
in the event of a disaster.
So do the Georgia Two-Step. Do it now. If not now,
when? Practice it as often as possible. The pay me now or pay me later rule
applies to contingency planning and the lack thereof--with devastating effect. The heavy
hand of procrastination strikes with embarrassingly strong force.
Now is also the time to prepare for the realities of
information and records disaster triage and recovery. This requires training personnel,
stocking up and pre-staging recovery supplies and equipment, and establishing mutual aid
and response plans with other agencies in your region. You must make special preparations
for handling events and conditions unassisted during the first 72-hours following an
emergency. This is the period when professional emergency service providers may not be
able to reach you or to offer help. Once again, the responsibility comes down to you, and
so does the risk.
The Guide has already pointed out that negligent or nefarious
human activity is the greatest threat to your government operations right where it
hurts--in the records. Automated information systems and particularly the electronic
records they generate and transmit should be near the very top of the your risk manager's
list of most valuable assets.
Computerized information systems are revolutionizing the way
Georgia government works. They create almost unimaginable opportunities for improved
service. They also create a series of complex new administrative and public policy
problems. Some of these you have already read about.
Another is the identification and preservation of government
documentation having long-term value. If society is to preserve historical documentation
contained in electronic formats, and to make it accessible in the future, new
administrative strategies must be employed at every level. Fortunately, these same new
technologies that create difficulties can also assist your agency in dealing with other
risks to public information resources.(2)
The information monster that some perceive as their greatest
enemy can be dispatched. A proverb says that the surest way to get rid of your enemies is
to make them your friends. Electronic information systems can be used to help harness the
data beast they spawn.
After exploring some of the privacy and access issues related
to these topics of automation and electronic record-keeping, you may rightly perceive that
the latest weapons used in the battle to process and transmit growing amounts of
information, may indeed be two-edged.
Each new, and existing information system must be reviewed
for its potential impacts on existing access policies and programs. Early in the
technology selection and implementation process, you must consider potential procedural
adjustments necessary to comply with privacy and access laws. This will help you to avoid
major legal and administrative problems.
Another type of evolving electronic wizardry may have an
effect on access to your records. This is particularly true if your agency issues,
transmits, or receives, certificates and documents of identification, status, property
rights, and legal authority. This new wonder is called imaging technology. Of
special interest to you should be, in addition to optical scanners and digitizers, color
laser photocopiers and other systems used in image duplication and transfer.
This system raises risk management issues and concerns
relating to document authenticity. Birth certificates, passports, drivers licenses,
marriage certificates, deeds, titles, stock certificates, immunization records, even Katie's
dog license, can all be easily duplicated and falsified with these new copiers. The value
of a forged blank official government certificate, is frequently worth fistfuls of US
currency--which could also be forged.
The design change of the one hundred dollar bill was made in
an attempt to thwart those who use the technology for counterfeiting. Note that
counterfeit documents can come into your records system just as easily as bogus bills
enter your cash box. Creating new false records is not the least of these imaging risks.
The alteration of existing documents is yet another.
Because of the numerous legal implications, it is important
that you understand the difference between the "enhancement" of a document and
the "alteration" of one. An example would be a hand- or type-written letter "i"
on an official document recorded on electronic imaging equipment in your control.
Suppose that the "i" is missing its dot.
Using your viewer and copier equipment, you may adjust the darkness of the image to be
produced to enhance the legibility of the copy. However, if you use the
equipment's capacity to copy a dot from some other "i" and fill in the
missing one, you would have altered the record. This shows the important
difference between electronic enhancement and electronic alteration of a record. A
relatively technical and small difference perhaps, but a very important legal one.
The Georgia Records Act states that,
"Except as otherwise providedby law, ordinance, or policy adopted by
the office or officer responsible for maintaining the records, all records shall be open
to the public or the state or any agency thereof." [O.C.G.A. § 50-18-99(g)]
As a government records manager you realize that unless "otherwise
provided by law..." records are considered to be open. Given the nature of a
democracy this is of course rightly so. Information technology has lead to the
reconsideration of access standards and guidelines. Changes in both the level and degree
of legal privacy and access requirements are being made regularly. Rely on your knowledge
of this fact, and not your past knowledge of the finer points of information law, and you
will reduce the risk of decision making errors. Turn to your organization's legal advisors
for assistance. It takes a specialist to keep up with this area of the law.
The risks faced with computer hackers continues to receive a
good deal of press coverage. Be mindful however, that there is a widely-held belief in the
computer industry that most of the cyber-crime that occurs in the United States
goes unreported, and frequently even undetected. This is due to possible embarrassment and
fear of public reaction. How will you react to it in the public sector? How open and
corruptible is your data?
Consider the following passage. It contrasts the traditional
view of a democratic nation, with the type of country that some believe may be evolving.
This is a nation constructed entirely of electromagnetic
pulses, of computer languages, and TV screens. This nation is not real, not tangible. As
with any newly opened territory, the property lines between public and private are in a
state of flux. The outlaws prowl the telephone lines, hacking their way into private
computer networks and bulletin boards. As one hacker sums it up, `You have the right to
access any information that can be accessed...If they're not smart enough to stop us, we
have the right to keep doing anything.' These are the gunslingers of the Western
frontier--half spirit of freedom, half criminal.(3)<<>>
End Notes
National Association of Government
Archives and Records Administrators, A New Age: Electronic Information Systems, State
Governments, and the Preservation of the Archival Record (Lexington, Kentucky: Council
of State Governments, [1991]), 5-8.
