My records being up to date has potentially saved my life.

Posted on 28/01/2017 by Emily Overton

Under the Data Protection Act 1998, organisations are required to keep the information they hold about you, up to date, accurate and relevant and but also not excessively however, at times organisations need your help to do this. An example of this is your General Practitioner (GP)/ Local Surgery. A local surgery is required to retain your records for the life of the registered person plus ten years, which means the records could exist for some time[1].

Some would say that why do I need to keep my records up to date at my GP’s? I’m very rarely ill and whatever medication I need I can get over the counter. So what’s the point in keeping in contact with your GP? What happens if they need to get in contact with you instead? Or why would they need to contact you?

Cervical Cancer Screenings. That’s why. I make no apology to any readers of this blog, because it’s an important subject and if you’re male and think this doesn’t apply to you consider the women in your life that need to be told. I wrote this blog because this week (22nd-28th January 2017) is cervical cancer awareness week but it’s also Data Protection Day today (28th January 2017)

The facts:

  • Every day in the UK 9 women are diagnosed with cervical cancer
  • 3 women lose their lives from the disease every day
  • Cervical cancer is the most common cancer in women aged 35
  • 75% of cervical cancers are prevented by cervical screening (smear tests)
  • However 1 in 4 women do not attend this potentially life-saving test

To be invited for cervical screening in the UK you need to be registered with a GP, who needs to have your current address on file. The NHS ‘call and recall’ system invites all women who are eligible for screening and registered with a GP. This system also keeps track of any follow-up investigations and, if all is well, recalls you for screening at the appropriate time for you – either three or five years depending on your age. It is important that you make sure to update your GP with any changes of circumstance or address.

Across the whole of the UK women are invited for cervical screening between the ages of 25 and 64. Women aged 25–49 are invited every three years and women aged 50–64 are invited every five years. If you are eligible and have not received an invitation to attend cervical screening then you should contact your GP[2].

Just this week I had a pre-cancer cell removal operation done, and as I’ve moved around quite a bit the last year with my career, it makes me very glad that I have updated my records with my GP so they had the chance to tell me that my smear was due because if I hadn’t, then I might have forgotten all about the need to go get checked out and in this instance, it has probably saved my life.

Before it’s too late, keep your records up to date.

For more information on cervical screening, you can go to Jo’s Cervical Cancer Trust Website here: https://www.jostrust.org.uk/

 

 

[1] https://digital.nhs.uk/media/1158/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016/pdf/Records-management-COP-HSC-2016 Accessed 28th January 2017

[2] https://www.jostrust.org.uk/about-cervical-cancer/cervical-screening-smear-test-and-abnormal-cells/cervical-screening-in-the-uk Accessed 28th January 2017

Posted in records management | Tagged , , , , , , , , | Leave a comment

Oh it’s fine…we can just scan it!

Posted on 02/01/2017 by Emily Overton

I’m a scanning enthusiast. I hate paper; paper hates me, demonstrable by my current amount of paper cuts.  However, scanning is not the answer to all your problems.  It’s a short term fix to a long term problem unless it’s thoroughly thought out and planned appropriately.

Top 3 reasons organisations scan as a rash decision:-

  • We need to be paperless
  • We need to rationalise property
  • We have extra money floating around

But rash decisions are not the way to conduct scanning.  Fail to prepare; prepare to fail.  Think it through, scanning is not cheap and you could be chucking your money out the window along with really useful evidence too if you don’t do it correctly.

But how do I do it correctly I hear you ask? 

You need to consider how that paper is being generated.  You can go paperless today, but consider about tomorrow.  You can scan it but that won’t stop paper being created but equally scanning the records doesn’t mean the process is over then and there because scanning paper records does not automatically authorise the destruction of the source documents from which the scanned images have been created. The electronic record can legally take the place of the paper document; which can then be destroyed but you may need to consider whether it should be scanned in line with BS 10008:2014 or not because if it should and you don’t, you may risk records being thrown out as evidence in court.

Like all electronic records; scanned files must be accessible and readable for their full retention period.  This includes finding the file, opening the file, and reading the file regardless of the software used in its creation. Before destroying the records each scanned document image/file must be inspected visually to ensure they are complete (the entire document has been captured), clear and easily read but on the other end of the spectrum, the scanned records must be able to be purged and deleted especially if you are scanning personal data as PDFs you cannot purge will land you in hot water with the 5th Principle of the Data Protection Act or the Storage Limitation Principle of GDPR.

Some questions you need to be asking yourself before scanning:

What about the people that create the paper? Who accesses that information? How regularly is it used? Do you need immediate access to it? Is your senior management bought into the paperless idea?   Where are you going to put the scanned images?  Can you search the scanned images once they stored? Are they PDF searchable? What meta data is there?   Is it going into an EDRMS that is fully managed? Do you have an infrastructure than store the images without it toppling over?  How are you scanning them?  Are you scanning them to BS1008:2014 standard?  Do you need to scan them to the standard? How business critical are those records? Do the need to be protected?  Can everyone see them or is there confidential information stored within?  Do you need those records?  Are they out of their retention period? How long do you need to keep them?  Do you need to keep them by law? If they are less than 5 years’ retention, is it worth spending the money on them being scanned? If the retention period is over 10 years, what processes do you have in place for digital preservation and continuity? What value do they hold to your organisation?  Is there a return on investment? Will your local archive want those files?  Who owns those records?   Who owns the risk if something goes wrong?  Can you change the process so that paper is no longer created? Do you need to factor in a budget for day-forward scanning so where paper is created; it too can be scanned, daily?

If you’ve satisfied the above questions, then I’d say you’re pretty ready to scan the records. However, make sure that the answers to the questions are done with some thought and consider the risks that are involved with each and every step. Also consider if the process goes wrong and those records aren’t available any more what will you do? You might have gone paperless, used up the spare money or emptied that property but you can’t put a price on defending yourself when you don’t have the records to hand when you need them.

Emily Overton of RMGirl Consulting is available to discuss any elements in this blog post and how to effectively implement a paperless environment.   You can contact her on emily@rmgirl.co.uk. 

Posted in records management, scanning | Tagged , , , , , , | Leave a comment

Calling all new information professionals!

Posted on 25/11/2016 by Emily Overton

Are you in the first three years of a career in information and records management? Whether you’re a current student or recently qualified, employed or self-employed we want to hear from you… there’s no age limit, and there’s a fantastic prize on offer!

Kindly sponsored by renowned IRM expert Alison North for an eighth year running, the IRMS New Professionals Award recognises the thoughts and observations, insight and expertise of those who have recently joined the profession.

Ours is an increasingly-diverse and rapidly-evolving industry, and it’s easy for those with less experience to feel overawed. This award demonstrates the value the IRMS puts on the fresh perspectives that those who are just starting out in the sector can bring.

And one of the best ways to share and develop that wisdom with like-minded folks is by attending the IRMS Conference – an annual gathering of 400 information professionals in fantastic venues across the country, expertly organised by our partners Revolution Events.

So whatever your line of study or work, and whatever you want to write about – personal experiences, contemporary issues, the state of the profession, or your vision of the future – just submit a written piece of 1500-2000 words to awards@irms.org.ukby 31 December 2016, and you could be the winner of a fully-paid place at #IRMS17 in Glasgow!

Want to book for Conference early? That’s a great idea – discounted Early Bird rates are available via www.irmsconference.org.uk until 31 December – and don’t worry, we offer an alternative prize of equivalent cash to spend on your professional development. Not only that, there are prizes for up to 2 runners-up as well.

So get your thinking cap on… if you need some inspiration, why not check out the previous winners’ articles on the IRMS website? Good luck!

Posted in records management | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Metadata of Porn (NSFW)

Posted on 23/11/2016 by Emily Overton

IMPORTANT NOTE: I published this blog post back in March 2014, and it received such good feedback for being funny but informative, that I thought it deserved republishing. Please note that it is an outlandish subject and it should be taken with the sense of humour it was intended with. It is also perhaps Not Safe For Work so please before reading any further consider where and what you are reading from but otherwise, Enjoy.  Emily.

Metadata of Porn.

I once wrote on Twitter that I had fulfilled my job by teaching my housemate what metadata was.  To clarify; my housemate is a bouncer, (sorry, Door Technician), and has no interest in or knowledge of Records Management (RM) at all.  We’ve been house sharing for 18 months and most things I tend to babble at him go right over his head but I finally got something about RM to sink in.  How did I do it, I hear you ask? I used the example of porn. Yes, Porn.

For those not in the know and are mostly reading this because they saw the porn tag; What is meta data?

metadata

noun

1.a set of data that describes and gives information about other data.

A colleague in IT once said to me that if you could crack the dark art of metadata and search engine optimisation, you could earn bucket loads. I’m geeky but not THAT geeky.

So for those people who currently, or have at some time, held their beds up with 4ft high stacks of porn magazines, this does not apply to you. This is for the 21st century folk, who have sectioned off part of their hard drive and password protected it with some kind of obscure password, preferably something a little more complex than 1234.

Without metadata you will find yourself searching through your hoards of porn for hours trying to find the right video to “do the trick” in your onanistic activity.

When you have so much porn, the titles of each video will blur into a mix of names doing a location.  Without metadata, you might just miss your opportunity.

I am not responsible for any external web links that you choose to investigate from this blog post however, should you choose to mosey on to a porn site and confirm you are indeed over 18 (age not maturity), you get the opportunity to use the search box. Each of the videos you are confronted with has metadata attached, so that when you use that search function, it can retrieve videos back for your entertainment.

So when you search; MILF, GILF, secretary, maid, babysitter, gay, bisexual, threesome, gang bang, outdoor, indoor, office, pool, spa, transsexual, pan sexual, transgender, swingers, vanilla, BDSM, kinky, and so on and so forth, it brings back a selection of videos that are associated with those words i.e. metadata.

(Please note, should some of the above keywords not work, it’s because there is no video file with that piece of metadata attached. I haven’t personally tried them all out…)

Now if you tried to implement this search in the same way on your computer storage like ‘my documents’ or an external hard drive, it’s unlikely you will be able to specify a similar amount of metadata to search on as default Windows or Mac file information is far too basic for you to be able to do so.

The best data you will get is automatically generated metadata such as the below:

Name:  Two Girls One Cup.

Kind: protected MPEG-4 movie (.m4v)

Size: 312.5 MB

Created: 14th February 2014

Modified: 15th February 2014

Last Opened: 14th March 2014

Dimensions: 640 x 480

Duration: 0:01

Porn sites are obviously not the only websites with search boxes. Any and every piece of content or record you want to be searchable whether it be on the internet or on your own private device, will need to add some metadata manually. So, if you want Google to find your internet blog, you need to be applying a type of metadata known as tags to your blog that describes what it’s about because Google Spiders crawl the internet on a regular basis looking for metadata to update their search results. The more accurate and specific metadata you have the more likely it will return on page 1 of the search results. If you don’t add meta data you may as well dump your document/blog/item in a large black bin.

Even Twitter has jumped on the metadata bandwagon by having the hashtag. It’s a searchable field that describes what ‘something else’ i.e. your tweet subject. Like anything, people mess up metadata and create very odd tags that reduces the chance of the content being seen by anyone but their followers. So whilst hashtags can be funny, metadata standards are better.

Now, seeing as you cannot use default file information to provide the sort of helpful details you need to search for, what would be the next best thing?  Now I don’t advocate taking your porn into work to use in your sparkly EDRMS… that might just get you the sack…but if you worked for one of the porn hosting companies, …you’d be likely to find that the information you want to add is already defined according to an agreed set of classifications. In the Open Text environment (not a double entendre!) this information is generally known as “attributes”..

The problem you have with metadata is that nobody finds the time to fill them out, unless you force them and make the fields mandatory.

The more fields you make mandatory the longer it will take you to save your videos, the more unpopular EDRMS becomes and equally the more stress you put on your network when searching. If you have too many mandatory fields you will also find yourself typing letters in the fields just to get past the mandatory stage of filling out, so this function needs to be reviewed on regular basis to maintain its integrity, authenticity and reliability.

However, the more fields you have filled out manually, the easier it will be to find your porn right down to being able to search on the producer, the director, the actress’, the actors’, the length of the video, the type, the language, the year of production, and so on and so forth.  You could even create your own fields that holds bra size if you so desired! Obviously you cannot make the bra size a mandatory field because what happens if there are no brassieres in the porn video that you have?

Finding that balancing art between ‘easier to find’ versus ‘time to fill out’ is a very hard one to decide on. In any organisation this decision is one best made by consulting the senior management for buy in because at the end of the day its them that have to promote it and if they wouldn’t spend the time filling the fields out, why would anyone else? Just don’t forget to sell the idea to your front-line staff. Use the carrot not the stick!

So yes, don’t really ask your Senior Management how much metadata you should put on your porn in their reaaaaally expensive EDRMS system; not only will that cause many strange looks, the system has auditing capability of knowing when you put it in; how much you’ve put in; how often you looked at it; how long you were looking at it; what times you’ve looked at it; what security permissions you have on it and many many other reporting methods; not to mention all that metadata you’ve attached to it… So whilst you keep your porn well away from work perhaps you might consider how important metadata is and how much it makes your life easier in the long run. When you have meta data, the world is your oyster.

#tagthatporn

The views, opinions and advice within this blog post are not on behalf of any organisation but that of her own persona and business as RMGirl. Emily can be contacted on emily@rmgirl.co.uk or via twitter on @rmgirluk

Posted in records management | Tagged , , , , , , | Leave a comment

Records Management and Compliance: The bigger picture & the risk mitigation.

Posted on 23/11/2016 by Emily Overton

Following the ICO Records Management for Public Sector webinar, RMGirl has offered to provide some additional information that may assist the Public Sector in complying with information rights law.

Records Management (RM) is not just about compliance with the law and making sure that a filing cabinet isn’t left in a building that’s been emptied, or about reporting yourself to the ICO for a breach; it’s about knowing what you’ve got, why you’ve got it and how long you need to keep it. RM is also about maintaining the corporate memory of an organisation for historical purposes but also for litigation and financial investigations. RM covers the management of your records from creation through to destruction and everything in between. Poor knowledge of the information you hold leads to Information Governance failures which leads to ICO action.

To avoid a sticky mess ending in self-reporting an incident or worse, finding out about your incident from someone else, there are several things you can do to reduce the risk of A) ending up with an incident or B) not being able to learn from it because you have no record of what happened. RMGirl’s top 10 tips of things you can do include:

1. Get Senior Management buy-in

  • Engage with your SIRO or your Caldicott Guardian. After all, they are accountable for managing RM risks.
  • If you are finding it difficult to demonstrate what and where the risks are; it’s worth considering asking the ICO for help through a voluntary audit.

2. Risk escalation

  • Find out where RM strategy and tasks sit within your organisation
  • Get RM on your risk register with action plans and action owners

3. Hire a Records Manager

  • RM is easier to propel when you have someone who knows how.

4. Make friends with your IT team

  • Find out how your EPR / ECM / EDRM / all systems work and where your information is stored.

5. Nominate RM co-ordinators or champions

  • In a large organisation 1 Records Manager cannot manage every single service, they will need the help of people who know their service inside out.
  • Highlight the people in your organisation who want to make a change
  • Invite the Heads of Service to assist

6. Write an Information and Records Management Policy

  • Organisations need policies, to make it clear what is expected of people and to provide a way to hold them to account
  • Policies should be written in plain English and be as easy as possible to understand and follow
  • You need a foundation to build your RM empire on, you can’t build awesome turrets if there is a huge puddle in your basement.

7. Write an up-to-date retention schedule

  • NHS Code of Practice has had an overhaul – check your guidance is up to date. If you’re not in the NHS, use the corporate retention periods as a starting point.
  • Join professional networking groups, make contacts with other Records Managers who have already forged ahead with retention schedules.
  • Bear in mind the IICSA enquiry by Alexis Jay before destruction and review your records before you destroy them. Personal data which falls under the IICSA enquiry has a moratorium on destruction and therefore doesn’t not put you in breach of the DPA until that moratorium is lifted.

8. Offsite Storage / Properties with Lofts and Basements

  • Find out what’s in storage! How many boxes of records do you actually have? What valuable information is sitting in those boxes that could be put to use? Or is putting you at risk of breaching the 5th Data Protection principle?
  • Find out how many properties you own and when their lease dates are up for renewal along with whether they have any non-standard storage.

9. Training

  • Everyone needs training, even for the basics – it never hurts to have a reminder.
  • Utilise your intranet. Populate it with quick guides on specific subjects or with FAQs.
  • Get in on your induction programme
  • Find out where volunteers or bank/temporary staff enter the organisation so they aren’t missed.
  • Put a business case forward for end of year money to back train all staff who’ve been in the organisation for years such as using a staff handbook and delivering it to staff with their payslips (been there, done it, super effective!)
  • Become a member of professional body (e.g. www.irms.org.uk) – they offer discounts with training providers, some of which don’t need the staff to leave their desk.

10. Change Management

  • Bring staff with you. Lead them into change.
  • Train the managers with their secretaries or teams, so they all hear the same message
  • Relate the training content back to risks that they are familiar with in their daily environment (e.g. Clinical risk)
  • Implement new stuff into the organisation with their involvement – give them a chance to contribute.
  • Make their life easier. If it’s quicker and easier to do than what they were doing before, it will have a bigger success rate.

Other than the resource to fulfil the above tips or such as hiring a Records Manager, the above is FREE. That’s not something you hear very often! Yes! FREE and every single one of those top tips can help reduce the risk of non-compliance with DPA and FOI but also assist you in the bigger picture of maintaining and managing your organisations corporate memory and having defensible disposition.

Emily Overton (RMGirl) is currently an Information and Records Manager for Central Government and Director for the Information and Records Management Society with a decade experience in the field, however, the views, opinions and advice are not on behalf of either organisation but that of her own persona and business as RMGirl. Emily can be contacted on emily@rmgirl.co.uk or via twitter on @rmgirluk

Posted in compliance | Tagged , , , , , , , , , | Leave a comment