Join us at CHARM

Metataxis will be attending the next CHARM (Charities Archives and Records Managers Group) meeting along with Caroline Sampson from The National Archives to talk about the new recordkeeping guidelines developed for the charities and voluntary sector. Focussing particularly on full lifecycle management, the Management Framework for Retention and Transfer has been developed specifically for the charities sector.

Metataxis has been pleased to work in collaboration with The National Archive to develop the Framework in close consultation with professionals from the charities and voluntary sector. The project to develop the Framework gave us numerous opportunities to have lively and informative discussions about retention, transfer and general information management practice with many working in the charity sector. So, we are very much looking forward to attending the next CHARM meeting on the 10th of October. If you wish to attend visit the CHARM website to contact the organisers.

 

Kondo your ROT

Too much stuff!

We live in an age of excess where our desires for stuff and simplicity are at constant war with each other. We both consume, and produce in excess. We can’t seem to stop ourselves, whether it’s binge-watching streamed television, fast fashion, or hashtags.

Love it or hate it, much column space has been given to discussion of Kondo’s Netflix show “The Life Changing Magic of Tidying Up”.  From angry flame out wars over the immorality of destroying books, to the Millennial blaming accusations of curatorial-consumerism, Marie Kondo is the home organisation consultant everyone is talking about.

Like the best-selling book of the same title “The Life Changing Magic of Tidying Up” is basically about teaching people how to get rid of all their stuff. To do this, all contents are gathered together and reviewed by type: clothes, books, papers, miscellaneous and sentimental. All objects of the same type are gathered in a giant pile.

Look at all my socks
Oh so many many socks
I can’t even believe it
Can you imagine having so many socks?
I can’t even begin to count them all
Let alone even think about wearing them

– King Missile  1994

Once confronted with the enormity of stuff by type, most participants decide that the madness must end and a purge is necessary. Then each object is interrogated – supposedly by hugging – to ascertain whether they “spark joy”. If they do not, they are respectfully thanked for serving their purpose and cast aside.

Whether it’s information or socks, it’s the same idea with systems and file shares. Admittedly you might not feel joy from communing intimately with the items within your system. But the general idea that you need to discard things that have long since served their purpose to begin organising things still applies.

Redundant. Obsolete. Trivial.

Dogs and cats living together – mass hysteria.
– Ghostbusters, 1984

If you are working with a messy, bloated system where categories are blurred, a ROT analysis can help to sort through what needs to be kept and how things should be organised. So what is ROT?

Redundant

Redundant information often involves duplication. Duplication of documents and folders is common when folder structures have not been centrally managed. There may also be multiple versions of documents with minor variations that are no longer needed.

Obsolete

Some information you hold will inevitable be out of date, whether this is because it relates to a business activity you  no longer undertake, because it has been superseded or is incomplete. Obsolete data may include technical guides for products and services no longer offered, past procedure manuals or old contacts lists that have not been kept up to date.

Trivial

Trivial material will be of very low level value to the organisation. While this data might be valuable to one individual for a very short period of time, they do not provide much in terms of business insight or compliance evidence. Examples of records of trivial value are meeting room bookings or personal daily to do lists.

From watching “The Life Changing Magic of Tidying Up” you get the sense the Kondo method is labour intensive. This is true also of a ROT analysis. There are tools that can help you along the way, but ultimately you will not be able to escape having to make decisions about what to keep and where. And if you want to  prevent ROT from building up again, it is best to have a plan for how to manage information going forward.

More Information Governance; less Kondo

Everything. In its right place.
-Radiohead, 2000

An Information Governance approach to your information is the best way to  keep it well organised. This means more than just a good file plan, classification and retention schedule. Technological tools can aid you in keeping things tidy, but ultimately you are relying on people to do the right thing. Change management, training and support coupled with regular monitoring and reporting will help keep things on track.

If you want to  know more about how to conduct a ROT analysis, what tools can be used to conduct a ROT analysis, or how to set up an Information Governance programme, get in touch with us.

Metataxis has years of experience as information organisation consultants, pragmatic about coming up with scalable solutions that suit your requirements, and we won’t make you ‘hug’ your information – unless that’s what you want.

shutterstock_99177344

Deal or No Deal: GDPR after Brexit

UK Inadequacy?

Late last week the government issued a formal statement about the position of the UK in relation to GDPR in a no deal scenario. As expected conditions for the flow of data between the UK and the EEA are a primary concern in this situation. Transfers of data outside the EEA must be safeguarded. Of all the safeguards available, the ideal for the UK is to gain adequacy status.

Regardless of Brexit, it can take some time for the EC to review whether adequacy status may be granted. Earlier this year the Information Commissioner Elizabeth Denham spoke in Select Committee about the need to seek a ruling about adequacy sooner rather than later to ensure a smooth transition. and also expressed doubts about whether the UK may attain adequacy.

There are some impediments to UK adequacy, namely the so-called Snooper Charter which has been challenged by the European Court of Justice (ECJ). The ECJ has ruled that the “general and indiscriminate” retention of electronic communications allowed under the Charter to be illegal.

Also, once the UK leaves the EU, it will no longer be covered by the EU-US Privacy Shield provision for transfer to the United States. There is concern that any data sharing agreement between the US and UK will not be robust enough to satisfy European requirements.

To be fair, this was always going to happen. With Brexit, the UK was always going to have to come up with a strategy for data sharing across the EEA. But a no deal outcome may accelerate the process, meaning this must be dealt with sooner rather than later.

Without the certainty of an adequacy ruling any time soon, government advice is to begin preparing  for the use of Model Clauses and Binding Corporate Rules (BCR) to manage data transfers to the UK. Each of these may involve quite a lead in time for organisations to set up, so the time to act is now.

Uncertainty and Risk

What does that mean for organisations in the UK that rely on GDPR to support free flow of information within the EEA? It’s a risk, and one you should be ready for. While there is uncertainty about the future of data transfer arrangements between the EEA and the UK, it is worth beginning to prepare for the worst.

How do you prepare? The first step is a risk assessment. Organisations that have already worked to comply with GDPR will have a head start, as they will understand their data flows and have a strategy to employ safeguards to transfer. In effect, those who have records of processing and GDPR action plans will have already completed much of the analysis they need to pinpoint areas that need to be addressed.

If you haven’t done this already, and you do share personal data with the EU, understanding where your personal data is, where it comes from and where it is sent is now urgent.

With the future so uncertain, and such a high noise to signal ratio on the topic of Brexit in the media it is so tempting to switch off and pretend it is not happening. But for UK businesses sleepwalking into a no-deal/no data situation is not an option. If not already started, risk assessment, mitigation and safeguard arrangements need to start now.