Privacy implications of US court ordering handover of YouTube viewers' data to Viacom

There has been a lot of comment on the blogphere today about the US court order requiring Google to hand to Viacom the records of every viewing of You Tube videos

This means ViaCom will get your IP address, your You Tube user name and a list of the videos you viewed from that IP address.

I went to http://www.ipaddresslocation.org/  this morning to check what someone knowing my IP address would be able to tell about me.  In my case the IP address of the computer I am using tells you the name of the company I work for.  Put that together with my video viewing history and my YouTube user name and you know an awful lot about me.

The case is ringing alarm bells.  When I use a web 2 application such as You Tube I assume (perhaps naively!) that the company that operates the application  isn't going to do anything reckless with my data on the basis that they need to keep their users happy in order for the application to stay viable.  But here a competitor of a web 2 application has been granted access to all the personal data of the users of that application.  Viacom would not suffer a jot (indeed could gain) if everyone decided to stop watching You Tube from tomorrow.

Their has been a lot of criticism in the US of the judgement on the grounds that it doesn't take into account the protection given to users of video by the Video Privacy Protection Act (VPPA). The VPPA was passed after a newspaper disclosed the video rental history of Robert Bork, who was a nominee for the Supreme Court.  Even allowing for the possibility that the judge's decision was flawed, it does seem to indicate a significantly reduced protection for personal privacy in the US as compared to Europe.

Under British and European law the third data protection principle prevents the processing of data that is excessive in relation to the purpose for which it was obtained. I am no lawyer, but I think the provision of the viewing history of all users of You Tube is excessive in relation to the purpose of Viacom in identifying breaches of its copyright by people posting its material onto You Tube.

In the UK the HM Revenue and Customs were strongly criticised for breaching that same third data protection principle by the recent Poynter Report.  They had providing the National Audit Office with a complete scan of every person on the child benefits database, when NAO only needed records of children who had started or stopped receiving benefits in the previous year. Of course that breach of the 3rd principle was compounded when the discs containing the data went missing.

The Information Commissioner regards companies like Google as being subject to the UK Data Protection Act in so far as they are collecting personal data within the UK by leaving cookies on UK based PCs.  It will be very interesting to see over the next few days whether the Information Commissioner (and his equivalents around Europe) makes any representations to the US about this case.

James Lappin

Report from the 'EDRM in Practice' Conference

TFPL's Martin Sanderson attended the EDRM in Practice conference at Edinburgh University on the 24th June. The speakers were all practitioners at different stages of designing and implementing EDRM in their organisations. 

The conference highlighted the changing nature of the way organisations are going about implementing EDRM. Here are some of the key points that Martin reported back:

• Adrian Cobb (Chief Operating Officer for Objective, an EDRM supplier) said that the number of Invitations To Tender for corporate EDRM  implementations issued in the UK had fallen dramatically over the past three years:  down from 85 in a year to just 11.

• The demands of a corporate EDRM solution with its resource requirements, complexity and change managment implications make it a non starter for many organisations.

• EDRMS is just one tool amongst many in the battle to better manage an organiastion's information assets. What tools should be used depends on the context of the organisation and the required benefits.  Business improvement and change were more essential than the tool chosen.

• A new model is emerging whereby instead of buying an EDRM for the whole enterprise,  organisations are buying a system (whether EDRM or not) to address a specific business problem in a specific area of the organisation, to acheive specific benefits.  If this proves succesful organisations then seek to extend the implementation elsewhere.  The challenge here lies in designing the initial implementation to avoid creating an information silo, and to leave open the possibility, if required, of scaling up to a corporate wide implementation.

• A panel session in the afternoon explored the 'whys' and the 'why nots' of SharePoint - the expansion of which is taking on epidemic proportions in a changing marketplace

Overall this was a thought provoking day with lots of practical hints and tips for those embarking on an EDRM project

Our man in Seattle: Darron Chapman's trip to the SLA conference

I interviewed TFPL's Darron Chapman on his return from the 2008 SLA (Special Libraries Association) Conference in Seattle:

Who were the best speakers?

• The first keynote on the first day was Vint Cerf, one of the fathers of the internet, now Google's Chief internet evangelist, being interviewed by Charlie Rose. We are rightly proud in the UK of Tim Berners-Lee, for inventing the world wide web, but without Cerf and his colleagues there would not have been an internet for the web to run on.  They were sat in comfy chairs, they had a lovely rapport, and their conversation ranged over the major questions of our day.  Cerf spoke about our reliance on software to read the information we produce (he was concerned that none of that software will be around in 1,000 years time). He speculated about whether the internet could move from search based on statistics (the Google algorithms) to search based on meaning (the semantic web) There is a good transcript of the interview here

• Seth Godin was inspirational, he told us how he'd given away his library because books were just artefacts now.  He told us to give away information.  He's written lots of books, but the book he made most money out of was a book he gave away for free.  It got his message out there, it got his name known and he got hired on the back of it.  He was talking about the proliferation of information clutter in the world. If you want to distinguish your product or service from the crowd you have to be able to wrap a powerful story around it. J has blogged Seth's talk here

How was it different from a UK conference?

• The size:   There was 5,000 people there.  You walk into the conference hall and see thousands of chairs, and giant screens, like a rock concert.   If it wasn't for the fact that I went with friends like Neil Infield, Penny Leach, Kate Arnold and Rachel Kolsky from SLA Europe I would have been lost.  There was so much going on.  People book half a year in advance, and spend a lot of time beforehand working out what sessions they want to sign up for and which events and parties they want to attend.  The organisation is fantastic: when you sign up for sessions it synchs with your personal diary so you have your own schedule.  But I didn't have time to do any of that: I only booked a week and a half before the conference!

• The friendliness:  It was the friendliest conference I have ever been to. Even though it was so large it felt intimate because the networks were so strong.

• The food: there was food everywhere! I must have put on a stone.  Lunch starts at 11:30 which is earlier than we are used to.  You could be wondering around the exhibition and all of a sudden all these trays of food are wheeled out.  One day they had a lunchbox event to help us network.  I walked into a massive room that was piled ceiling high and wall to wall with lunchboxes.  I opened my box and saw it could feed a family of seven.  After a few days I craved sitting down and eating with a knife and fork rather than my fingers, so a few of us went off to an Italian restaurant and chilled for a couple of hours.

• The intensity:  Workshops started at 7am.  You could go to a party every evening and they went on to 11 or 12 at night.  One evening I went to the Business and Finance chapter Party.  The next evening I went to the Military librarians' chapter party, followed by the IT chapter party which was the wildest night.  Another highlight was attending  the International party at the Sheraton where an award was presented to Dennie Heye (a.k.a. the obnoxious librarian from Hades) for his work in the wider community of information professionals. The award was presented by Clare Hart, President of Dow Jones Enterprise Media Group.  After the conference Neil Infield, Rachel Kolsky and myself took a day off.  We took the ferry over to Bainbridge Island and found an old place that did ribs: we really needed to unwind.

Darron  (left) with Neil Infield on Bainbridge Island

What is the difference between American Librararians and British librarians?

• I realised that to enjoy the conference I had to shed my British reserve.  People at the conference dressed more casually (flip-flops were fine) ate more heartily, clapped more often and danced and partied much harder than we do in Britain.  There was a real zest to work hard, celebrate all the good things about the profession and play hard. Neil has blogged about some of the cool librarians at the conference

Why did you go?

• TFPL were one of a number of companies that sponsored an award to enable some students from the UK and Europe to go over to the Conference for the first time. 

Would you go again?

• You bet!

Darron would also like to thank Janice La Chance, Stacey Bowers, Gill Voisey, Will Hann, John Coll, Liz Blankson Hemans and Sylvia James for making his first SLA conference such a great experience.

Steve Bailey's new book: 'Managing the Crowd, rethinking records management for the web 2.0 world'

Steve Bailey's new book  landed on my desk with an agreeable thud this week. It is a compelling read (I missed most of Spain v Russia to finish it!).

Here is my summary of the key points:

WHY SHOULD RECORDS MANAGERS TAKE NOTICE OF WEB 2.0?

Web 2.0 will have bigger implications for records management than any previous  IT revolution

• when the PC and the office network came upon us in the mid 1990's records management simply transferred its paper practices over into the electronic world: building classification structures and folders into network drives or EDRM systems

• when Web 1.0 came along in the late 1990s records managers could ignore it. Colleagues  passively consumed web sites, but they were still dependent for their own work on systems provided, policed and controlled by their organisations

• Now web 2.0 is here:  colleagues can create, share and store information in any number of web-hosted packages: Google docs, blogs, wikis, , Slideshare, Flickr, YouTube, Facebook etc.  The information is not held on the organisations' servers.  Web 2.0 tilts the balance of power in relation to information away from the organisation towards the individual.

Organisations will not be able to bring web 2.0 entirely in-house.

• Organisations could choose to deploy internally hosted social networking sites, wikis, bloggs, social bookmarking services. But why would colleagues make use of them in preference to the bigger and more exiting originals that exist on the web? Why use your firm's social networking site when half of your colleagues are on Facebook anyway, together with your freinds and family? Why use your firms document management system when you have an individual Google docs account?
  

Organisations will not be able to ignore web 2.0

• There will be pressure for the organisation to use the same web 2.0 sites as its stakeholders use.  A University that posted a video onto its external website were told by their audience that  it would have been more useful to them on You Tube, where they could have commented on it and embedded it in their own blogs and sites. 
  

Organisations will increasingly choose to store information in the web cloud rather than on their servers.

• The cost savings to the organisation of not having to purchase, back up and maintain servers, plus the benefit to the users of being able to access information from any machine,  will push organisations to use web-hosted provision for their e-mail and general information storage

WHAT WILL THESE TRENDS MEAN FOR RECORDS MANAGEMENT THEORY AND PRACTICE?

Centralised control over records is no longer possible 

The idea that an organisation can define a corporate business classification and apply it to all records is no longer tenable for the following reasons:

• It takes too much time and central effort to define and maintain the business classification

• Organisations hold information on a variety of systems and it is impossible to apply the classification across all of them.  For example an electronic or hard copy staff file could be covered by a business classification, but what about information held about that individual  on the HR database?

• Users resent having to use an alien classification scheme: they would rather have the freedom to describe their own world in their own way

• Records managers can never know enough about each function for the classification to describe all areas of the organisation well. Steve cites the example of the generic business classification for the higher education sector. The compilers were able to do justice to the  functions that all organisations do (HR,  Finance etc).  But it proved difficult to get input from lecturers and researchers, so the 'Teaching and Research' area of the classification was much weaker.

Insisting that records should be managed in the same way regardless of format is wishful thinking.

• Records managers aim to  brings together in one place all key documents relating to a particular piece of work regardless of the format those documents were created in.

• This ambition was proving impossible even before the onset web 2.0.  RM policies typically state that colleauges should move important e-mails from their in-box and put them on the electronic or hard copy file for that work: but in practice most people don't follow this advice.

• Web 2.0 will make this worse because the key applications are segmented by format (Google docs holds word processed documents Flickr holds photos, Slideshare holds presentations etc.).

WHAT PRINCIPLES SHOULD RM 2.0 BE BASED ON?

• Steve outlines a set of principles for records management 2.0, which he has posted on his blog here.

WHAT COULD RECORDS MANAGEMENT 2.0 LOOK LIKE?

Records management 2.0 must seek to harness the enthusiasm of users

• The enthusiasm with which people voluntarily tag information on Flickr, Del.icio.us and You Tube is in contrasts with the reluctance with which they add compulsory metadata in an EDRM system

• You can't compel people to use EDRM.  You could close of all network drives but if you are relying on compulsion colleagues won't give the care needed to select, title and classify their records properly.  Steve has a colleague who left a previous employer because he didn't like the EDRM system he was forced to use!

Records management 2.0 will have to give users some choice as to what systems they use

• Organisations could allow their colleagues to use their favourite web 2.0 applications for their work, but put an organisational overlay onto these systems.   

Tagging will be as important as metadata in records management 2.0 

• Tagging allows a user to describe their own world in their own terms.  It is scaleable (the more users that tag a particular document the more accurate the tags are)  It also gives colleagues and organisation itself valuable feedback on what records are useful and to whom.

New methods will be needed for retention and appraisal

• Organisations won't be able to keep everything, despite Moore's law and the ever decreasing cost of storage.  They will need to dispose of personal information because of the (UK and European) data protection requirement that personal data is not kept longer than necessary.  They will need to take account of the sustainability/environmental implications of the power needed to information on banks of servers.

• Manually appraising records to determine whether or not to retain them is no longer possible because of the increased volumes of information in the electronic world

• Macro -appraisal is viable:  this is where you look at a whole function or process to determine how long to retain all records arising from it, rather than appraising particular files or file types arising from that function.  The weakness for Steve of  macro appraisal is that it does not harness the viewpoints of individuals on the retention value of the information they create and use.

• Web 2.0 techniques such as tagging and rating could be used to capture some individual feedback on information to be used as one input into the appraisal process

James Lappin

The revised Records Management Code of Practice

The UK National Archives (TNA) has this month issued a revised Records Management Code of Practice, as a consultation paper. Part 1 of the revised records management code now constitutes the best introduction to records management I've read.  It is thorough, easy to read and illustrated with useful examples.

The revision of the Code is the latest episode in the records management profession's search for its holy grail: a compelling statement of best practice (with claws) that convinces organisations to take RM seriously and do it properly.

ISO 15489
The first document to take on that challenge was the International Records Management Standard, ISO 15489, published in October 2001.  ISO 15489 has given the profession some much needed gravitas, and a coherent theoretical grounding. But its use as an education and influencing tool has limits because it:

• is expensive: it has to be purchased from the British Standards Institute (BSI are currently charging £114 for the standard).
• is generic: it is bereft of illustrative examples because of the need to be applicable within the different legal and cultural environments existing across the world
• lacks an enforcement body or regime
• is not feasible: ISO 15489 describes perfection: one records system. with a perfect classification, perfect metadata and controls, out of which come perfect records: authentic, reliable and robust. In the messy reality of ever changing technology and working practices such perfection is impossible to achieve.

The Records Management Code 2002
In November 2002 the Lord Chancellor's Code of Practice on the Management of Records was published. It was issued under section 46 of the Freedom of Information Act 2000 (FOIA), and is commonly referred to as the Records Management Code.

This Code had several advantages over ISO 15489. It was

• UK specific (or rather specific to England, Wales and Northern Ireland. Scotland has its own Code)
• Free
• Enforceable: although the Code is not mandatory on public authorities, the Information Commissioner can produce a reputation-damaging 'Notice to improve practice' against any public authority failing to meet the provisions of the Code.
• Realistic: it is seeking to establish the level of records management necessary to enable authorities to meet their FOIA obligations. It is not seeking to mandate a records management nirvana.

The greatest strength of the Records Management Code, its legislative mandate, is also its biggest weakness. Section 46 of FOIA specifies that the Code must provide two  different sets of advice to two distinct but overlapping groups of organisations:

• guidance to all public authorities on how to manage records so as to meet their obligations under FOIA (Part 1 of the Code)
• guidance for those organisations subject to the Public Record Acts on how to select and transfer records of historical value to the National Archives or its Northern Ireland equivalent. (Part 2 of the code).

The problem is that the Freedom of Information Act applies to the wider public sector, including for example local government and universities.  The Public Record Acts apply mainly to Central Government. So most of the organisations reading the Code don't need the provisions of part 2. Records managers from non-public records bodies have reported that their colleagues had been confused by part 2 and failed to realise that it was not applicable to their organisations.

Other weaknesses of the 2002 Code were that:

• It followed ISO 15489 in speaking of a records system (singular) as though assuming the existence of an enterprise wide EDRM

• It lacked illustrative examples. For example it said that records should be appropriately organised, indexed and described without giving advice on how that should be achieved

• it split out advice on electronic records from advice on paper records rather than tackling issues thematically across all formats.

The Records Management Code 2008 (Consultation draft)
The revised Code has several advantages over the 2002 version:

• It more clearly seperates part 1 of the code from part 2: the first clause of part 2 states that it only applies to public record bodies
• It bridges the gap between generic best practice and the more messy reality by providing illustrative examples for the points that it makes.
• It gives more detailed advice on issues such as digital preservation and business continuity (though still at the level of what should be done rather than how it should be done.)
• It takes a neutral stance on EDRM. It talks about records systems in the plural rather than in the singular, so it has removed the subliminal bias in favour of an enterprise wide EDRMS, and recognises that most organisations (whether they have EDRMS or not) will have their records spread across a number of systems.

My response to the consultation on the 2008 Code
The revised Code is issued as a consultation, and comments have been asked for. These are the three areas in which I think the Code could improve:

• Allow people to print off part 1 without printing part 2: give part 1 and part 2 a distinct identity as documents so that organisations not covered by part 2 don't have to concern themselves with it. This could be done by presenting the Code as three separate PDFs:  a foreward, part 1, and part 2.
• Define business classifications (fileplans). This is a divisive issue. Enterprise wide business classifications, based on function and activity rather than organisational structure, are one of the hardest things for users to get used to when EDRM systems are implemented. Business classification (the act of mapping out the things an organisation  does, for use in organising records) forms the intellectual basis of ISO 15489. The TNA's 2002 specification of requirements for EDRM systems was built around business classifications, ensuring that systems are able to hold them, and to link retention and access rules to them. The 2002 Code didn't make any mention of them. The 2008 Code mentions business classifications/ fileplans as one way of enabling people to understand the context of a record and its relationship to other records. It lists a couple of benefits of business classifications/fileplans but stops short of recommending or mandating them. I would like the Code to define business classification, and to state that business classifications can be completed at any scale: you can classify a whole organisation or any part(s) of it.
• State the importance of change management. However well designed a records system is, it won't bring any business or compliance benefits if the users don't give the time, effort and thought needed to keep a good record of their work. Change management activities are vital for the success of any records system. I define change management as those activities that provide colleagues with the opportunity to influence the design of the records system for their area, and which aim to improve their confidence and motivation in using the system.

Connect – The Future of Work – Technology

The world of work continues to evolve.  The increasing capability of information and communication technology, demographics that present a new profile of the ‘workforce’, and social developments that influence people’s ambitions, expectations and attitudes – all present challenges to established ideas about the work environment and experience and the people who deliver organisational success.

TFPL Connect continued its consideration of the future of work on 10 June at the RSA in London by discussing technological development and the potential implications of new technology for the future of knowledge and information management in organisations.
Jo Causon, Director of Marketing and Corporate Affairs provided an excellent summary of recent research carried out by The Chartered Management Institute: Management Futures - The World in 2018.

This study looks ahead to 2018 and predicts what the world of work and management will look like and examines how organisations can prepare for it.
Andrew Woolfson of BDO Stoy Hayward described some of the recent ideas and initiatives that BDO have undertaken to prepare for the future working environment including the launch of BDO’s own island on SecondLife.

Phil Pavitt, CIO of Transport for London then provided a summary of some of the many improvements that TfL are introducing in support of their technology strategy.

The final part of the day focused on discussions around four themes:

• Technology as an agent for communication
• Will technology shape the task environment?
• Technology and its effect on the physical workplace
• Measuring work

The outputs of these discussions and copies of the speakers’ presentations will be made available on the TFPL Connect website.

Melanie Goody

How to protect your identity and data online

from left to right:  the panelists Robert Schifreen, Clive Room, Dave Evans, Stephen Trewick.  To the right is Bobbie Johnson of the Guardian

I went to the Dana Centre last night, for Stolen Identity: a discussion of how to protect yourself from thefts of data and identity online.

Four experts briefly gave their perspective on the topic.  Then the audience was split into four groups.  The speakers rotated around the groups, spending 15 minutes with each.  This enabled us to discuss issues with them in reasonable depth.  Here are the key points I noted from the discussions

Dave Evans, Senior Data Protection Practice Manager, Information Commissioner's Office

Dave and his colleagues have recently published advice for people using social networking sites.

• I am using an Act written before most people had ever even received an e-mail (the Data Protection Act 1998) to deal with the complex issues thrown up by social networking sites such as Facebook and Bebo.  If people voluntarily declare information about themselves on a site like FaceBook are they ceding their right to privacy in relation to that data?

• Any organisation collecting personal data using equipment based in the UK is subject to the Data Protection Act.  Facebook, e-bay and similar sites use cookies based on your computer to collect personal information about you.  The Information Commissioner views this as constituting using UK based equipment because your computer is UK based.  None of these sites has challenged this assumption and the Information Commissioner does handle complaints received against these organisations.

• Social networking sites have a legal responsibility to keep your data secure.  They also have a responsibility to make sure that their services are set up in ways that don't endanger people and their data

Detective Sergeant Stephen Truick, Metropolitan Police Fraud alert/ e-response unit

Half of Stephen's job is concerned with working with companies to trying to design out existing frauds.  The other half involves helping victims of internet fraud.

Stephen was the scariest of the four speakers, he spends his time looking at the dark side of the internet and this showed through in his answers to our questions:

• Internet fraud is definitely on the increase, I get 600 e-mails a day of people from people reporting new frauds to me, despite never having publicised the e-mail address.  The volume of e-mails reporting frauds has doubled over the past two years.

• In my previous job I dealt with with sex offenders.  The techniques internet fraudsters use are similar to those used by sex offenders.

• The early hackers were testosterone fueled geeks hacking into computers to show they could do it and to impress their girlfriends.  Nowadays computer fraud is big business. cybercriminals recruit brains from universities and pay them a fortune.

• I would close the internet down tomorrow if I had the chance. I've seen people lose their life savings from internet fraud, and driven to suicide.  When I retire I am going to live in France and I won't have a computer or an internet connection.

• Why would you want to put any data about yourself on facebook?  I have set up three false identites on Facebook.  One was of an 18 year old girl, using a picture of an attractive  girl I obtained from the internet.   I received 400 requests to be my friend. Some of the stuff those people send to that fake girl is frightening.

• It is easy to spoof someone's e-mail.  I could send you all e-mails that looked as if you had sent them to yourself.

Robert Schifreen, IT security Consultant

Robert was the first person in the world to face a jury trial for computer hacking, in the late 1980s.  At the time there was no law in the 1980's to say that you could not hack into someone else's computer. He was charged under forgery legislation and the case went to the  House of Lords at the cost of £2million.  They  ruled that forgery law did not cover computer hacking. As a direct result of the case the Computer Misuse Act 1990 was introduced. 

• There is no magic recipe for keeping yourself and your data secure online.  I can't say to you all 'do these three things and you will be OK'.  It  depends on you and your situation.    There is no software you can buy to give you piece of mind.

• Shops will sell you powerful equipment for your home like wireless routers.  They won't tell you that unless you set up a password on the router any passer by could park outside your house and hack into the administration of your router.  They could block you out of your own network.  Worse still they could download illegal pornography from the internet and it would appear to have been downloaded by you.

• Encryption and back up are the solution to most data security problems.    You can encrypt your data on a standards Microsoft Windows environment on your PC, using EFS.  The problem is that if you back up the data and then try to restore it in a different computer it won't restore unless you have remembered to back up the encryption keys

• You should tick the box on your Facebook profile that restricts access to view your site to people you have accepted as a friend.

Clive Room, Marketing expert, Portcullis

Portcullis are the company who built an application that enabled a BBC documentary to show how easy it was to hack FaceBook and harvest people's personal data. 

• Don't give your real birthday to social network sites.  Give a false one. The only reason to give facebook your birthday is to get e-birthday cards from your friends.  If you really want that then give the same day but change the year.  I am twenty five years old on FaceBook.
  

• Marketeers want your data so that they can reach you.  A friend split up with his girlfriend recently and altered his status on Facebook to single.  Straight away an advert was displayed on his site from a dating agency for people in their mid-thirties.  If you buy a pregnancy test in a supermarket then nine-months later you will be sent adverts for nappies.

• I attended a recent conference on information security recently where an IT manager proudly announced that his organisation had banned the use of FaceBook, Bebo and My Space.  But later speakers described how they had saved a fortune by recruiting people through Facebook, and by using Facebook as a marketing tool.

• Depending on your line of business, a professional not using services like LinkedIn and FaceBook may miss out on networking and career opportunities. You need to balance your professional use of the tool with your personal privacy.  Think about what you want to reveal about yourself and what you don't want to reveal.

Must EDRM always be enterprise wide?

Gartner surveyed organisations for their May 2008 Marketscope report on electronic records management.  They found that:

• 67% had implemented some form of electronic records management system, (EDRMS)....

• ...but only 20% of that number have implemented it enterprise wide.

I am not convinced that enterprise wide is always the right scale to pitch EDRM. Organisations come in different shapes and sizes:

• some organisations have 300 people working in them, others have 3,000, or 30,000.

• some organisations are cohesive bodies of people with a clearly defined focus. Others are collections of diverse functions, spread over diverse locations with diverse cultures.

The feasibility of implementing EDRM on an enterprise-wide basis reduces as the size and diversity of the organisation increases.

My rule of thumb is that:

• In organisations of around 300 people with a coherent and focused business an enterprise wide implementation of EDRM tends to work very nicely: the implementation timescales don't get too stretched, the business classification (fileplan) is usable.

• For an organisation of 3,000 people the timescales for an enerterprise wide EDRM  project are considerably extended. There is a need to ensure that when each team goes live on the system their work is fully represented in the corporate business classification and that they have all the folders they need for work currently in progress. This means spending significant amounts of time with each department. Two years might elapse between the first team going live and the last.  There have been numerous succesful implementations at this scale,  but many others have been abandoned before completion. Business classifications for organisations this size are often large and unwieldy.  Read the reports of Neil Lang and Stuart Orr on their (succesful) implementations to get an idea of what EDRM projects on this scale are like

• When an organisation contains 30,000 staff implementing EDRM enterprise wide is a hugely complex project. Even highly regulated organisations like investment banks and large pharmaceutical companies have not been able to seriously contemplate implementing EDRM at this scale, despite having excellent records management teams with good resourcing.

With a decade's worth of experience of EDRM under their belt the records management profession is getting better at identifying those situations where enterprise wide EDRM is likely to work, and those in which due to resource, time or cultural considerations the chances of success are less than 50%.

I am hopeful that the next few years will see new ways of enabling organisations to adjust the scale of EDRM implemetations, and to move away from the monolithic fileplan and project plan approach we saw in the early days of EDRM.  The prime mover will be the need to reduce the risk in embarking on  large  projects that may be scuppered by user resistance; by project and technical complexity; or by cost overruns.

Two approaches currently being looked and talked about are:

• Federated approaches, where different functions within an organisation have their own distinct electronic records system and fileplan, with an umberella federated search running across all of them to restore a level of corporate cohesion

• Collaborative approaches: allowing teams to work in collaborative spaces (such as SharePoint sites) with an EDRM operating in the background to provide a way of corporately managing and understanding the information produced in collaborative spaces

Using Twitter to find great records management resources

by James Lappin

Robert Scoble blogged recently that he finds sites with lots of noise more useful than sites with lots of news.

He spends more time on places like Twitter and Del.icio.us (where people are posting the things they are doing, thinking and reading) than he does on places like Digg, Google News and TechMeme (which present polished news stories).

In scanning Twitter and Del.icio.us he has to wade through lots of dross but is getting early warning of trends and breaking news.

I took Scoble's advice, and typed 'records management' into Summize (a search engine for Twitter).  Straight away I got a gem:  a tweet from wrrobinson gives a link to Gartner's Marketscope report on records management (issued 20 May 2008).  The report gives Gartner's asessment of the market for electronic document and records management systems, and of eleven specific EDRMS suppliers.

And today a tweet from  rcdl  giving a link to a smashing records management e-learning package.  It is designed for UK museum professionals but provides an ideal model for an e-learning tool to spread awareness of RM for your organisation.

BIALL Conference 'Planning for the Next Information Generation'

by Tracey South

The 39th Annual conference of the British and Irish Association of Law Librarians (BIALL) will take place next week (12th - 14th June 2008) in Dublin.

The conference - Beyond the Pale: Planning for the Next Information Generation- will examine where likely trends will take legal information managers and researchers over the next 5 to 10 years.  In particular it will look at the questions:

• Has the current generation of legal information professionals a different perspective on their work than earlier generations?
  

• What are the implications of future growth in the use of electronic resources and the digitisation of data?
  

TFPL will be at stand 36 in the exhibition. Tracey South, Contract Recruitment and Philippa Anderson, Permanent Recruitment will be attending.  Any clients and candidates visiting the exhibition are welcome to come and visit to discuss all things legal! We will be holding a raffle and the lucky winner will receive a magnum of champagne.