from stories to paper to digital transformation · the story a digital transformation journey...
TRANSCRIPT
From Stories to
Paper to Digital
A Digital
Transformation
Journey
Richard Freeman
Twitter: @contextualinfo
Linkedin: richardfreemanincontext
The Story
▪ A Digital Transformation Journey
– Why we should talk about it
– What do we need to consider
– How will it help
▪ Obstacles to overcome
– How we deal with the overall mass of it
– How we can use it
▪ The People
– What this means to people
– Protecting individual identity
▪ Developing the map for our Digital Journey
https://www.cmo.com/
Preserving Rich Heritage
▪ Indigenous people in British Columbia
– ~200,000 people
• First Nations, Inuit and Métis.
– 198 distinct First Nations
• Unique traditions and history.
– 30 different First Nation languages
• ~ 60 dialects are spoken in the province.
Digital Transformation
Information Governance Goals
▪ Trust and Leadership
– maintenance of records and consistent governance
demonstrates trust and leadership.
▪ Strengthening accountability
– for improved service delivery, community growth, business
development, funding initiatives and for the protection of rights
and language.
▪ Process optimization
– to deliver better services to the community and represent the
organization well.
Our Information Problem
Digitization Issues
▪ Historical documents
– Fragility of source material
– Varying degrees of legibility
▪ Language
– Collecting tacit memories
– Audio & Video recordings
▪ Access to information
– Privacy
– Right of access
– Users and methods
▪ Cross border issues
– Protecting privileged information
▪ Security
– Indigenous data sovereignty
– Collaboration & security (DropBox,
Shared Drives, Google, OneDrive)
Research Results
Research Results
Data Needed to see a Blackhole
▪ 5 Petabytes of data
꞊ ½ ton of hard drives
꞊ 5,000 years of MP3 files
꞊ The entire selfie
collection, over a lifetime,
of 40,000 people
Credit: Event Horizon Telescope collaboration et al.
The Mass of Things to Come
Gartner: 21 Billion IoT Devices To Invade By 2020
IBM: Every day, we create 2.5 quintillion bytes of data
IDC: By 2025 worldwide data will grow 61% to 175Zb*
* https://www.seagate.com/files/www-content/our-story/trends/files/idc-seagate-dataage-whitepaper.pdf
Apr 13, 2019 @ 1400 EST
Courtesy: http://www.worldometers.info/ & http://www.internetlivestats.com/
Understanding Your Information
Exercise: Finding the Story
Negotiations are moving forward. We need to find the proof that we
have an ongoing connection and deserve title.
What critical index information would the team need to find the related
documents and media assets? How would the various information
assets be linked?
Assets
− Paper
− Digital documents
− Audio files
− Video files
Information Architecture
IA
HumansContent
Context
People
Meta Data can tell a Story
X
Meta Data (Indexing the Asset)
1. Title
2. Date uploaded/created
3. Description
4. Hierarchical Keywords with Synonyms
5. Language
6. File type
7. Active file/document or Record
8. File size
9. Who created/uploaded the asset
10. Usage rights
11. Physical Asset location
12. Retention
13. Security
14. Unique ID
Security
Security
Data Protection Levels
▪ Physical Level
▪ Network Level
▪ Data Level
Limited or None
Moderate
High
Extreme
Intended for
Public Access
Potential for breach
“Significant Harm”
2018 Ponemon Study
The average global probability of a material breach in the next 24 months is 27.9 percent,
an increase over last year’s 27.7 percent
Impact of cybercrime in Canada
▪ ~$14 billion on cyber security
▪ ~1/5 impacted by a cyber security incident
▪ Few Canadian businesses have a written policy
▪ Most Canadian businesses do not report cyber security
https://www150.statcan.gc.ca/n1/daily-quotidien/181015/dq181015a-eng.htm
Personally Identifiable Information
&
Personal Data
Privacy Law▪ Personal Information Protection and Electronic Documents Act
(PIPEDA)
– Up to $100,000
▪ General Data Protection Regulation (GDPR)
– Up to €20 million, or 4% of the worldwide annual revenue
▪ California Consumer Privacy Act (CCPA)
– California's new data privacy law the toughest in the US
– * If Facebook (~ 24.6 million users in California) were found to have violated the CCPA, it could face a maximum penalty of $61.6 billion for
an unintentional violation affecting each of its users and up to $184.7
billion for an intentional violation.
*Source: International Association of Privacy Professionals (IAPP)
PII and PD Defined
▪ Personally Identifiable Information is any data which may lead to
identification of an individual. It describes any information that identifies,
links, or relates to a person. Bear in mind that a single data point may itself
not be PII, but when merged with other data about the same user or visitor it
may become PII.
▪ Personal data encompasses a wider range of information than PII. It
expands the definition of PII to various pieces of information like transaction
history or posts on social media: basically any information relating to an individual or identifiable person, directly or indirectly.
All PII is personal data, but not all personal data is PII.
The GDPR states that even cookies can be considered personal data.
Linked and Linkable Information
▪ Linked Information– Any piece of personal information that can
be used to identify an individual.
• Full, maiden name
• Home, email address
• Social security, passport,
• driver’s license number
• Credit card numbers
• Date of birth
• Telephone number
• Login details
• Asset information (e.g. MAC address)
• Owned properties (e.g. VIN number)
▪ Linkable Information– Information that on its own may
not be able to identify a person,
but when combined with another
piece of information could identify,
trace, or locate a person.
• First or last name (if common)
• Country, province/state, city, postcode
• Gender
• Race
• Non-specific age (e.g. 30-40 instead of 30)
• Job position and workplace
Linked informationPII PD
Name: full name, maiden name, mother’s maiden name or alias
Home address
Email address
Date of birth
Telephone number
Personal identification numbers: social insurance number (SIN), passport number,
driver’s l icense number, taxpayer identification number, etc.
Personal characteristics: photographic images, fingerprints, or handwriting
Biometric data: retina scans, voice signatures, or facial geometry
Information identifying personally owned property: VIN number or title number
Log in details
Linkable InformationPII PD
First or last name (if common)
Country, province, city, postcode
Place of birth
Gender
Race
Religion
Non-specific age (e.g. 30-40 instead of 30)
Employment information
Business telephone number
Business mailing or email address
Non-PIIPII PD
Device IDs
IP addresses
Cookies
Browser type *
Device type *
Plug-in details *
Language preferences *
Time zones *
Screen size, screen color depth, and system fonts
Concept of Significant Harm
▪ Bodily harm
▪ Humiliation
▪ Damage to reputation or
relationships
▪ Loss of employment
▪ Damage to business or
professional opportunities
▪ Financial loss
▪ Identity theft
▪ Negative effects on the
credit record
▪ Damage to or loss of
property
Travelling with Data
The New Border
A Brief History of Flying
There is a Difference
Collection of Traveller Data
▪ Advance Passenger Information/Passenger Name Record Program
(API/PNR)
▪ Scenario Based Targeting (SBT)
▪ Entry/Exit System
▪ Biometrics and facial recognition
Records Management Maturity
Records Maturity
Records Maturity
Conclusion
Understand Your Data Holdings
Find the PII/PCI
What You Should Really Keep
Top 5 Inhibitors to Scaling Dx
▪ Talent
▪ Cyber Risk
▪ Age of current IT assets
▪ Funding
▪ Executive Support
Source: Gartner 2019
Follow the OPC’s Advice
▪ Research conducted by Canada’s privacy commissioner suggests
that only 40% of Canadian organizations have procedures to comply
with the new rules.
▪ To better prepare, organizations should bring all of their content into
one place for tracking, search, and retrieval. In this way, workflow
automation can best serve for managing and reporting on
information.
▪ As your digital landscape continues to evolve, it is best to work with
business partners who understand how to assist with an Information
Governance (IG) Strategy. The best preparation you can have is to
understand your information holdings throughout the enterprise.
Next Steps
Start with…
What are our information assets and where are they?
Is it of business or enduring value?
Who will need to use the information?
How will we make it accessible?