To Protect and Serve: 3 Steps to Becoming a Good Steward of Content
It should no longer surprise anyone that the security of our personal data is unassured.
Headline news about privacy breaches have exposed the very real threat that our personal information can easily end up in unwanted places. As a result, public trust in government entities and private businesses that maintain our personal information is eroding. Rebuilding that trust requires committed change, but those organizations that get it right will reap measurable benefits.
So, for public service organizations that manage sensitive, personal data, the question becomes: What does it take to be a trusted, good steward of the content you manage?
What Is Good Content Stewardship and Why It Matters
First, let’s consider what good stewardship means.
The private information you collect, manage, store, and dispose of for business processes is not yours. You are the steward, not the owner, and with your stewardship comes the responsibility to:
1. Respect privacy
2. Protect the data
3. Be transparent
Maintaining control over an ever-growing volume of content, including personal information such as health, criminal and school records, is becoming a more challenging, but a necessary part of how organizations operate. Doing this ethically, securely, efficiently, and with complete transparency is good content stewardship. It means the difference between public trust and public outcry.
Compliance Is a Start, Not the Endgame
Protecting the public through information privacy begins with regulatory compliance. Public service organizations that manage protected health information (PHI), public safety information and any sensitive personal information are legally bound to protect the public against risk of exposure through laws like the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA) and Patient Protection and Affordable Care Act (PPACA). However, compliance alone shouldn’t be the goal.
The Goal Is Long-term Trust
After meeting compliance mandates, good stewardship means understanding processes and technology that protect personal information and identifying and addressing risk as part of an ongoing, holistic strategy. When working with our clients, we recommend these three steps to establish a framework for good content stewardship.
1. Understand the Content You Have and the Technology You Use
The first challenge for many public entities is getting a handle on what content you have and where it is. Take inventory of sensitive content and determine where and how it’s managed, stored, and disposed of, then objectively evaluate current technologies that are used to interact with and store that information. Compare your processes, systems, and environment to industry best practices, take time to research and become well-versed on what works, and what falls short.
-Where is the private content currently stored?
-How is it used?
-Who has access to it?
-Are the files entirely paper-based or are all or some of them digital?
-Are digital records stored on-premise network or in a secure cloud infrastructure?
As you evaluate your systems and technology, and make improvements and investments, guide decisions by the Golden Rule. For entities entrusted with personal information, the Golden Rule means managing, storing and sharing information in expected and responsible ways. Simply put: treat other people’s personal information the way you’d want your own private information to be treated.
2. Understand the Risk and Safeguard Against It
Good stewardship is not a one-and-done effort. It takes an ongoing understanding and review of the risks to the content you hold. You must ensure the confidentiality, integrity and availability of the data by implementing administrative, technical, and physical safeguards to protect it and minimize the risks of unauthorized or inappropriate access, use and disclosure. A good way to ensure this involves:
- An infrastructure that provides maximum protections and security. This includes a reliable and secure infrastructure for digital data. For example, data stored in an isolated virtual private cloud is far more secure than an on-premise solution. When choosing a document management tool to help you access and manage digital content, look for a solution that provides cloud hosting and single-tenant options.
- Technology with security-rich features. Proper content stewardship requires policies that specify appropriate use and identify clear accountability. Role-based security aligned with organizational functions makes it easy and effective to control access to sensitive content and ensures important data is secure. Further controlling access based on document attributes and detailed activity logging provides added safeguards.
- Security procedures and training. Develop procedures and training for employees that include proper use of technology and guidelines for processes such as content redaction and document sharing. Make your data policies transparent to all stakeholders, including employees and the public. Remember the importance of accountability. Systems are necessary for detection of failure to adhere to security policies, and consequences must be enforced for accountability. Technology solutions that include security features such as secure links for sharing and configurable permission settings help in this area.
- Thorough preparation in case of a breach or disaster. Have a carefully crafted, formal plan in case of a security breach or natural disaster. The plan should consider the unique needs of all business units and stakeholders in your agency. You should also review the plan regularly and make changes as needed, then communicate the updates.
3. Take a Holistic Approach
Establishing a complete framework for good content stewardship requires a holistic approach that is consistent with an overall content management strategy. In addition to security and access considerations, responsible content stewardship includes an overall modernization of business processes and technology solutions.
Moving towards digitization of your content is an important first step. Digitizing documents doesn’t only make processes quicker and more cost-effective, it also makes them more secure because paper is inherently insecure. Paper files stored in file cabinets and file rooms present a particularly high security risk. A printed sheet of data can go anywhere, anytime, with anyone. With a digitized document, you have far more control over who can access your files. A digital, trackable document is always a more secure one.
Mitigating risk through physical security measures for paper documents is costly, and enforcing security best practices for employees is difficult. Once documents are securely stored in the cloud, protecting them is much easier.
Complying with privacy requirements is much easier when you know exactly where and how your records are stored, who has accessed them, and how the document was used. An effective document management tool will provide a reliable, trackable audit trail.
Digital transformation and growing public concern surrounding data privacy means it’s an absolute necessity to make responsible and transparent content stewardship a constant priority for every organization who manages sensitive content – in fact, it is their responsibility.
While the necessity and principles of content stewardship are well established, the work of translating it into practice will continue to evolve while the urgency will only intensify. An experienced partner makes getting it right—long-term—much easier.
If you’re ready to build or strengthen your foundation of good content stewardship by digitizing and securing your content, we’d love to share our processes, advice, technology and results with you.