Webinars      Login/Register      Cart

InfoGovANZ

Information Governance Think Tank

Information Governance

COVID19 – Global Open Data Initiatives

by

The Open Government Partnership (OGP) has created a webpage collating government approaches responding to COVID-19. The open government community is focused on applying the principles of transparency, accountability and participation to the COVID-19 response.   The webpage contains a crowd sourced list from a wide range of countries with a variety of initiatives, including: the release of theoretical models and data underpinning governments’ strategies; digital platforms and apps to keep citizens informed; and efforts tackling misinformation and disinformation online.

The Open Government Partnership (OGP) is a multilateral initiative that aims to secure concrete commitments from national and local governments to promote open government, empower citizens, fight corruption, and harness new technologies to strengthen governance.

Open Governement Partnership logo

Formed in 2011, its members now include governments from across 78 countries and thousands of civil society groups, representing more than 2 billion people worldwide.

Open government strives to provide transparency and accountability to the public, for actions or decisions made by government, and to enable citizen participation in decisions that affect individuals or communities. It’s easy to see the role of high quality data and reliable, accessible information in delivering open government.

There are many ways information governance supports openness. The two most relevant OGP policy areas are:

  • Digital governance
    Government use of evolving technologies, such as artificial intelligence, data-driven algorithms, and social networks; and developing policies to deal with the threats, including disinformation, discrimination, and privacy concerns.
  • Right to information
    Implementing laws that enable fair access to government information and proactive release of high value information; and platforms that enable citizens to use information to shape policies, services and budgets.

As countries face unprecedented challenges from COVID-19, the role of open government, open data and data sharing is critically important.

“It is in moments of disaster response and relief that the values of open government can come under intense pressure, but can also meaningfully contribute to better outcomes.” – OGP

The Australian Government recently released modelling of how COVID-19 could spread through the Australian population under different scenarios. The modelling is based on international data because Australia does not yet have enough cases to provide mathematically reliable figures.

These data models are designed to assess preparedness and assist with planning, not to make predictions. Governance of the underlying data, particularly its provenance and characteristics of the data’s quality, is vital because the data underpin such significant decisions.

Through its open data portal, the NSW Government has published a number of COVID-19 datasets, including cases by location, age range and likely source of infection. Prior to release, the dataset was assessed to measure the risk of identifying an individual. It was then treated to mitigate these risks and information about the type of treatment (suppression and aggregation) is published alongside the dataset.

Making this data and information accessible is in the public interest. It facilitates public debate, analysis of options and participation in decision making processes. This can build community support and conformance with protective measures. It could also lead to innovative responses and better outcomes.

Contextualising the data and providing information about how it has been interpreted is essential, enabling people to understand the analysis and potentially use the data themselves.

Another example is the UK NHS data sharing platform which will provide national organisations coordinating the pandemic response with a single source of reliable information, needed to support decision-making, in a way that protects the privacy of citizens. The NHS is transparent about the ways the data will be used and the governance controls that are being applied, including retention policies and their aim to make the code and data open source wherever possible whilst ensuring the highest standards of confidentiality

The OGP has created a space to share best open government practices in managing the pandemic, such as:

  • Ensuring vulnerable communities have the information they need
  • Transparency over forecasting models and data that are influencing government decisions and strategies
  • Digital platforms or apps to keep citizens informed, enable public participation and/or offer open data; Digital tools to enable public participation.
  • Protecting data rights and privacy as corporations help lead the response in many countries.
  • Tackling misinformation and disinformation online.
  • Publishing proactive information for affected communities, including economic and social support.

As we move further into the digital age, there is increasing public demand for openness and improving the use of information to strengthen corporate governance across all sectors.

Open data experts, Link Digital, have highlighted increased publication of data related to the pandemic, both in the Open Government and Open Research sectors.

They’ve provided a summary of COVID-19 datasets and open data related articles, noting: “There is a rapidly emerging, global recognition that openness and collaboration are needed at this time.”

Author

Sonya Sherman is the Industry Solutions Director (Public Sector) of Objective Corporation and Information Governance ANZ Advisory Board member.

Information and Data Governance Driving Interoperability

by

information and data governance

Achieving interconnected services, sharing and re-using information and data assets requires strategic planning and investment. The Data Interoperability Maturity Model (DIMM) is the latest advice from the National Archives of Australia for building interoperability under the Digital Continuity 2020 Policy. It highlights the importance of information and data governance to drive interoperability initiatives.

The Director-General of the National Archives of Australia, David Fricker stated,  ‘it is often said the data is the ‘oil’ of the 21st century, because in the future data will be the principal resource that drives our economy and our way of life.   Just like oil, data has to be properly managed.  It must discoverable, and of sufficient quality – pure, authentic and reliable – to drive the processes that rely on it.  Unified information and data governance empowers an organisation to align its interoperability objectives while balancing associated risks.’

The DIMM’s downloadable assessment tool helps your organisation assess its current state of interoperability and plan to build the level of maturity they need.

DIMM follows an Interoperability Learning Resource that was released in early 2019, where you can learn about interoperability development phases and some typical scenarios to resolve common interoperability hurdles.

If you would like to discuss this work further please email the National Archives’ Agency Service Centre.

Automated Speech Recognition

by

While Automated Speech Recognition (ASR) technology has been present in various forms for decades, advances in statistical modelling, artificial intelligence (AI) and automation connectively have resulted in a new frontier for speech-based interaction between humans and computer systems. In this article Dr Peter Chapman, Director in the KPMG Forensic Technology team and InfoGovANZ advisory board member, details some of the current applications of ASR technology and offers guidance on a number of emerging governance issues associated with these technologies.

As a concept, computerised Automated Speech Recognition (ASR) has been around almost as long as the computer itself. However, only in the last decade have the capabilities of ASR technology reached the point where wide-scale commercial adoption is viable1. Natural human speech contains slang terms, dialect peculiarities, abbreviations and other “non-standardised” content. While humans are very adept at managing these issues, the enormous variability of human speech makes ASR a very complex and difficult task for a computer. Being able to accurately identify and interpret natural human speech requires a combination of complex statistical methodologies, such as hidden Markov models which divide detected speech content into small sections for analysis, and artificial intelligence/machine learning techniques, such as neural networks which are processing environments that simulate human learning by comparing newly observed data with known examples2.

In particular, advancement in AI capabilities have allowed ASR technologies to rapidly improve the speed of speech analysis and also reduce the word error rate (WER) of transcription – being the ratio of word errors to total words processed. Despite these advances, many difficult to control external variables exist which generally reduce ASR quality in real world environments to lower levels of accuracy when compared with human transcription3. Factors such as speaker age, background noise, accent, volume, pitch and tempo as well as variance in language structures can cause higher than acceptable false positive and false negative errors, can all affect the viability of ASR applications.

It is also worth noting that the advent of ASR technologies means that we are now entering a new era of heightened surveillance, sometimes by our own choice. While there may a certain level of acceptance regarding certain kinds of surveillance in public spaces and the workplace, it is an entirely different thing for individuals to install Internet-connected “listening devices” in their homes. While some may have actively weighed up the convenience and functionality provided by the devices over their privacy or security concerns, many others may have little appreciation of the potential risks involved.

ASR technology is also likely to have a significant impact on privacy outside of the home. While the capacity to record conversations in workplaces, retail spaces and other public places has existed for many years now, we now have the means to quickly and accurately transcribe the content of recorded conversations, and then apply advanced analytics and identification technologies to that transcribed content. To safeguard privacy and minimise ethical abuses of these technologies, it will be vital for governments to implement carefully considered legislation and appropriate industry bodies to provide sound ethical guidance.

Leveraging AI and Automation

While many of the earliest implementations of ASR technology were simple transcription applications, modern ASR applications often focus on using voice as the method for direct interface with an application or system. Such functionality still effectively requires the same processing and conversion of speech to text; however, it is the automation aspects and capacity for two-way voice interaction with technology that has enabled modern applications of ASR technology to leap forward.

Probably the most widely known example of device-voice interaction is Siri, the virtual assistant application associated with Apple devices. Initially developed as a third party application in 2010, Siri was purchased and integrated as a core iOS feature to assist users activate and interface with various phone functions and search the Internet4. An early leader in the “virtual assistant” field, Siri was joined over time by a range of competing consumer applications such as Amazon’s Alexa, Google Assistant, Microsoft Cortana, Samsung Bixby as well as a raft of lesser well known virtual assistants.

While the core interface functionality offered by virtual assistants is undoubtedly useful, a further fascinating aspect of these assistants is the voice feedback provided to the user following the initial, establishing an interactive conversation between human and machine. The capacity to interact with a machine through such a natural communication method (as opposed to pressing keys) creates a scenario with potentially significant psychological, cultural and ethical impacts. These issues have attracted interest in both academic5 and social culture – one of the more notable fictional explorations being the interactions between Dr David Bowman and the AI HAL-9000 in the science fiction movie “2001:A Space Odyssey”.

Commercial Applications

In addition to virtual assistants, smart home devices and automation hubs link ASR technology with various electronically controlled home and workplace systems. Some of the more common systems linked to home and workplace automation hubs include lighting, audio-visual equipment, heating, air conditioning, cameras and security systems. As mentioned above, society is still in the process of weighing the efficiency benefits and privacy impacts of this technology, however there are a number of other novel applications of ASR technology that demonstrate both the benefits and risks of voice interaction with systems and devices.

Conversational AI for Customer Service

For some time now, organisations have applied ASR technology to assist with service call direction and providing basic information to customers over the phone. Organisations have also been able to deploy AI agents to provide interactive service conversations when potential customers visit their webpage. The combination of these two technologies will allow customers to interact with “smart” AI agents who will be able to manage increasingly complex service and assistance conversations over the phone or an audio conference call.

AI agents are invariably cheaper, more consistent and constantly available, although there is still a certain stigma associated with relying on automated systems rather than human service agents. Conversational AI still has a long way to go if the Turing test (being able to hold a conversation that is indistinguishable from one with a human) is the standard that must be reached. However, as ASR and AI technology improves, customers may find interacting with an AI service agent quicker and easier than a human one regardless of whether the customer can determine whether they are dealing with an AI agent or a human one.

Conversation analytics and monitoring,

We have now reached the point where processing power and AI optimisation mean that recorded conversation content can be transcribed and analysed at almost real-time speeds. This provides the opportunity for service agents to have a live feedback loop on the conversation with the AI analysing conversation content to providing insights on how best to assist the customer as well as guidance on customer tone and mood6.

Real-time conversation analytics are also very useful in a monitoring and compliance capacity. “Red flag” and atypical words and phrases are analysed automatically by the AI, raising the alert with the organisation’s compliance function when necessary. The compliance capacity of ASR and AI technology is of particular interest in the regulatory technology (“RegTech”) space, with ASIC and other regulators strongly backing the increased use of real-time ASR and AI driven technologies for monitoring trading room conversations as well as other relevant financial advice/transaction conversations7.

A further innovative use of “real-time” ASR and AI technology is live translation between different languages. Similar to the “universal translator device” popular in science fiction series such as Star Trek, real time translation applications theoretically provide the capacity to speak in one language and, within seconds, have this speech converted and played back in one or more different languages8. While this technology still has a way to go before it becomes flexible and accurate enough to replace human translators, the potential social and commercial benefits of this application of ASR technology are boundless.

Medical and expert system applications

ASR technology used for speech to text translation is already in common use in the medical field due to the advantages of being able to convert voice to text on the fly while the practitioner’s hands are otherwise occupied. In recent years, more specific applications of ASR technology has in more advanced applications of ASR technology are being explored including in speech pathology treatments where patients are able to utilise a tablet computer as a supplementary treatment in speech rehabilitation programs. Early studies examining the use of this technology have found significant positive patient outcomes9.

While AI technology has not yet reached the point where it can reliably outperform human experts in most tasks, it has become powerful enough to assist human experts carry out certain tasks more efficiently. Much like home automation systems taking care of domestic tasks, a combination of ASR and AI technology can assist a pilot in charge of a complex aircraft by managing less critical functions through the use of voice commands and automation10.

Biometric identification & security applications

Voice print biometrics, also referred to as specific speaker recognition, is a related but distinct process to ASR. Rather than focusing on converting speech content to text form, voice print biometrics seek to identify and/or verify the identity of a particular speaker. This is achieved by braking the recording voice into segments, also referred to as formants, which undergo tonal analysis in order to generate a unique voice print11.

Voice print biometrics lend themselves to security applications in a similar way to fingerprint or iris biometrics.  Voice pattern recognition is becoming increasingly common for access control, both in commercial and residential applications, although the technology implementation has not been without difficulties.

ASR and voice print biometric technology can also assist in criminal investigations. Much like fingerprint patterns, voice print patterns can be used on a comparative basis to identify persons suspected to be involved in criminal activity. A notable example of this approach is the voice print identification database Interpol deployed for use in 2018 to assist with the tracking of criminals12.

Risks when Adopting ASR Technology

While these applications provide the potential to improve process efficiencies, compliance, oversight, and functional performance in general, there are also increased risks and possible downsides associated with the implementation of these new technologies.

Even when operating normally, ASR home automation and virtual assistants collect enormous amount of personal data about their users13. This fact, considered alongside reports of somewhat “cavalier” attitudes towards the usage of collected data by “big tech”14 and the numerous reported incidents of personal privacy and data security breaches associated with the use of ASR virtual personal assistants15, the potential privacy and security consequences of having an Internet-connected listening device within the home cannot be understated.

As the uptake of ASR technologies in the workplace increases, questions of how to secure recorded voice data and the inherent privacy issues associated with the process are also of increasing relevance to organisations. Data collected by ASR technologies especially during customer interactions, has a high chance of containing personally identifiable information (PII) or other confidential information that requires protection. Data breaches caused by accidental user activation, automation following incorrect ASR translation, software glitches, the device being compromised by a malicious actor, or even a simple case of the product/application transmitting confidential data back to the manufacturer as part of an inbuilt “product enhancement” function may result in a notifiable breach of international or national regulations16.

While the stated purpose of workplace monitoring is generally to prevent unethical or illegal behaviour, the actual result of implementing a monitoring solution may have the opposite effect. Implementing ASR-based surveillance applications in the workplace, particularly if it is not expressly required by regulation, may indicate that the organisation distrusts their employees. This in turn may provoke negative reactions and result in reduced morale. Employees may become disengaged or find “work-arounds” to avoid the surveillance, introducing additional ethical and risk issues. Constant surveillance in the workplace may also lead to a compliance-focused culture, restricting innovation and flexibility in the workplace17.

Finally, when ASR results are just used for transcription purposes, the worst-case scenario is a set of unusable text. Conversely, when poor ASR results are used to automate systems the consequences can range from trivial (e.g. a misdirected phone call or inaccurate Internet search) to critical (e.g. an inaccurate voice pattern analysis on a biometric security control allowing access to a non-cleared person or poor quality ASR in law enforcement identifying an innocent conversation as containing red flags for terrorist activity). It follows that appropriate quality control and verification procedures are applied to any critical processes that rely upon ASR data.

Takeaways for Information Governance Professionals

  1. Be alert to proposed or actual implementations of ASR technology in your organisation. Ensure that a comprehensive due diligence assessment of the technology, including capabilities, benefits and risks is undertaken prior to implementation. Where ASR technology may be used (either directly or indirectly) as part of workplace surveillance it is highly recommended that organisations obtain and act on employee feedback as part of this due diligence process.
  2. Once implemented, ensure there is clear knowledge of what ASR data is being collected, stored, processed and disseminated by your organisation. As with other forms of data owned by the organisation, ASR data needs to be classified and secured with appropriate controls. There should also be a clear data lifecycle for this information that identifies when and how the ASR data is destroyed. This is particularly important if there is the possibility for personally identifiable information (PII) to be collected and transcribed during customer calls or other ASR capture activities.
  3. Organisations should ensure that any surveillance and/or recording of employee activity complies with necessary state, federal and international regulations and requirements (e.g. the Workplace Surveillance Act in New South Wales). Additionally, organisations should ensure that both employees and customers are aware of any ASR recording that takes place and provided with avenues to seek further information and provide feedback.
  4. In all cases, Australian organisations should be encouraged to assess their use of ASR technologies with reference to the Australian Privacy Principles to ensure that the organisation approaches the use of ASR data with a conscious focus on the security and ethical issues that may arise from the adoption of this technology.

 

Dr Peter Chapman is a Director in the KPMG Forensic Technology team and advisory board member of Information Governance ANZ.

 

Footnotes

  1. https://en.wikipedia.org/wiki/Speech_recognition – viewed 27 Jan 2020
  2. https://www.rev.com/blog/artificial-intelligence-machine-learning-speech-recognition – viewed 27 Jan 2020
  3. https://towardsdatascience.com/speech-recognition-is-hard-part-1-258e813b6eb7 – viewed 4 Feb 2020
  4. https://en.wikipedia.org/wiki/Siri – viewed 4 Feb 2020
  5. Computers that care: investigating the effects of orientation of emotion exhibited by an embodied computer agent, Brave et al 2005, International Journal of Human-Computer Studies.
  6. https://www.nice.com/engage/real-time-technology/real-time-speech-analytics/ – viewed 3 Feb 2020
  7. https://asic.gov.au/about-asic/news-centre/speeches/asic-regtech-voice-analytics-symposium/ – viewed 4 Feb 2020
  8. https://medium.com/syncedreview/google-ai-translatotron-can-make-anyone-a-real-time-polyglot-e7b6d616f5d2 – viewed 5 Feb 2020
  9. Feasibility of Automatic Speech Recognition for Providing Feedback During Tablet-Based Treatment for Apraxia of Speech Plus Aphasia, Ballard et al. 2019, American Journal of Speech Language Pathology
  10. https://aerospaceamerica.aiaa.org/departments/fly-by-voice/ – viewed 5 February 2020
  11. https://www.globalsecurity.org/security/systems/biometrics-voice.htm – viewed 27 January 2020
  12. https://theintercept.com/2018/06/25/interpol-voice-identification-database/ -viewed 29 January 2020
  13. https://www.theguardian.com/technology/2019/oct/09/alexa-are-you-invading-my-privacy-the-dark-side-of-our-voice-assistants – viewed 3 February 2020
  14. https://www.washingtonpost.com/technology/2019/05/06/alexa-has-been-eavesdropping-you-this-whole-time/ – viewed 3 February 2020
  15. https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio – viewed 3 February 2020
  16. https://www.oaic.gov.au/privacy/notifiable-data-breaches/when-to-report-a-data-breach/ – viewed 4 February 2020
  17. https://behavioralscientist.org/the-paradox-of-employee-surveillance/ – viewed 4 February 2020

 

 

 

Information Governance 2020

by

The Information Governance 2020 Roundtable took place on Monday, 18 November at the Governance Institute of Australia. The event covered highlights from the recent InfoGovANZ Survey Report, privacy developments and trends globally, the new ISO working group developing an Information Governance standard, and the new records management cloud-based system utilising machine learning at the Australian Human Rights Commission. There was a great turn out of members, sponsors and interested parties for a fantastic session covering a broad range of IG topics.

Information Governance 2020-1.jpg

Executive Director, Susan Bennett started the ball rolling with a summary of valuable insights from the most recent InfoGovANZ IG Survey Report, noting the trend towards improved Information Governance awareness and leadership recognition since our 2017 survey.  Just over half of the organisations surveyed have an formal IG framework with clearly articulated policies and procedures. 90% of respondents expressed agreement with the definition of ‘information governance’ – although some had commented on the definition and whether governance extended to activities traditionally associated with ‘management’ of data and information. The survey results also indicated a growing trend of privacy concerns and regulatory changes driving IG projects.

Susan explained the meaning of the InfoGovANZ logo, highlighting the complexity, breadth and interconnectivity between each of the Information Governance domains. She spoke about the essential role data and information plays in the overall health of the modern enterprise. Likening high quality, fit-for-purpose data and information to the ‘lifeblood’ of the organisation, she described each element of the Information Governance landscape and explained the logic and relationships between the IG domains illustrated and explained in the recent publication available here.

Information Governance 2020-2.jpg

Building from the strong foundations of clear policies and procedures to the development of robust IG processes which enable value creation and risk minimisation to foster data-enabled innovation and the ability to respond to the constant changes in markets and environments. Susan also called out the essential role IG professionals play in creating the right strategic data and information direction for organisations. She emphasised how none of benefits of new technologies can be fully realised without the right people with the right capabilities being engaged in developing an organisation’s IG approach. From Susan’s presentation the audience, which was drawn from across the broad spectrum of IG practice domains, gained valuable insight into the essential function of each different IG domain area in the IGANZ logo to build on, or enable, the next group of activities to form the complete enterprise-focussed Information Governance strategy required by modern organisations.

Stephen Bollinger, Country Leader for IAPP, Chief Privacy Officer of Cochlear and soon to be General Manager, Privacy & Ethics at NAB, provided the audience with some key takeaways from the recent IAPP Summit including some of the trends in global regulatory approaches and collaboration. Stephen noted the important contribution made by New Zealand’s Privacy Commissioner, John Edwards in his keynote highlighting the growing concerns over the power asymmetry between big tech companies, their customers and the regulators tasked to oversee them.

Stephen also detailed his views on the direction privacy regulation is heading, providing great real-world examples of how different national and international regulations are providing guidance ranging from general privacy principles through to strict mandatory requirements. He noted the increasing collaboration between regulators across jurisdictions to design more consistent and interoperable privacy regimes. For example, the ISO Standard 27701 for privacy which was ratified in August, will include a mapping of various requirements such as the Australian Privacy Principles, GDPR and others.  You can access the keynotes of the ANZ Privacy Commissioners from the recent IAPPANZ summit here.

Information Governance 2020-3.jpg

Some wonderful insights into the development of ISO standards were provided by May Robertson from Sydney University. After explaining the true origin of the term ISO (hint – it isn’t an acronym), May explained to the audience how the working group for the new ISO Information Governance Standard TC46 WG13 is using global collaboration to inform the content of the emerging Standard as well as a brief summary of the intended content of the Standard. She noted it will not be a ‘management standard’, which will enable quicker delivery. The project started in July with an 18month timeline for completion. The new standard will be informed by the ISO 9000 series of standards on quality management, the ISO 27000 security series, ISO 15489 and ISO 30301 standards for records management. It will provide a formal definition for Information Governance, key terms and concepts. May couldn’t go into detail as it is still ‘early days’ yet but we will be watching this space with great interest as this significant Information Governance resource takes shape!

Ryan McConville, who recently lead the implementation of the Australian Human Rights Commission’s (AHRC) new O365 cloud-based information management platform ‘RADICAL’, finished up the session with a very engaging hands-on presentation about the implementation journey for RADICAL. Ryan provided some great context, contrasting the before and after pictures of AHRC information management, and describing some of the challenges his team faced to modernise AHRC’s information and records management approach.

Ryan followed up with a fascinating mini-tutorial on machine learning, auto classification and how it has been applied to great effect in RADICAL to minimise the business user intervention required for effective records management. RADICAL is using AI-enabled auto-classification of documents to augment information management activities, speed up business processes and automate retention and disposal classification to realise greater information value from the Commission’s documents and data. Ryan emphasised the level of effort and significant input required from an organisation’s records managers to develop and train these tools, in order to provide this light touch or ‘transparent’ records management, which is largely invisible to the business user.

This is session will be available as a webinar – if you were unable to attend and would like to be notified when it is available please email info@infogovanz.com and/or join to become a member (it is free) at https://www.infogovanz.com/join .

Article by Dr Peter Chapman, Carol Feuerriegel, Sonya Sherman

Information Governance 2020-4.jpg
Information Governance 2020-5.jpg
Information Governance 2020-6.jpg
Information Governance 2020-7.jpg
Information Governance 2020-8.jpg
Information Governance 2020-9.jpg
Information Governance 2020-10.jpg
Information Governance 2020-11.jpg
Information Governance 2020-12.jpg
Information Governance 2020-13.jpg

Information Governance: optimising the lifeblood of organisations

by

Figure: The Elements of Information Governance diagram

Figure: The Elements of Information Governance diagram

Data and information are increasingly becoming the lifeblood of organisations.  However the exponential amounts of data being collected by companies and government alike, together with the risks and costs of holding and securing this information, have created a new set of issues for those responsible for organisational governance.

A healthy circulatory system increases overall health and improves our ability to function. Likewise, the optimal use of data and information will improve the effectiveness of an organisation.  This article explains why identifying and co-ordinating the areas, people and technologies responsible for keeping the lifeblood of your organisation in good health is key to effective information governance (IG).

IG provides a unified strategic framework for the control, security, optimisation and effective use of information.  It is an essential part of good corporate governance, assisting organisations to maximise the value of information while minimising risks and costs by providing a mechanism to align policies and processes, people and technologies across an organisation.

The IG diagram below shows different areas and activities within an organisation responsible for the security, control, optimisation and risk management of data and information.  There may be more or fewer areas according to the type and size of the organisation.  The key to implementing an effective information governance framework is to first identify all the areas and professionals responsible to ensure the areas are aligned and can collaborate to deliver on organisational objectives.  With this in place, policies and processes also need to be aligned across the organisation in accordance with overarching organisational strategic goals.

With a strong IG framework in place, IG projects can then be prioritised within the purview of the senior executive with overall responsibility for information governance and/or the IG steering committee with the involvement of appropriate cross-function professionals.  Projects involving data and technology are planned and executed addressing the needs of business users, technology and cybersecurity, legal/privacy regulatory compliance, lifecycle management, records compliance and long-term preservation.

The InfoGovANZ Elements of Information Governance diagram depicts the alignment and coordination required between different IG areas and activities. This visualisation, which can be adjusted as necessary to align with the areas within your organisation, provides a clearer understanding of how an overarching IG Framework enables alignment of policies, procedures, people and technologies.

Each area of IG is like an organ in the body of the organisation – each with its own purpose, and together they combine to form the life-supporting systems which carry out the organisation’s vital functions.  Just like the body, the functions of these essential systems overlap, interact and rely on each other to support life. Understanding the interrelationships and dependencies of the system as a whole:

·      Provides a useful framework for implementing a cohesive and comprehensive IG framework;

·      Helps to prioritise and guide projects that link to information governance;

·      Makes it easy to recognise and adapt to technology trends and best practice IG;

·      Ensures organisations have a strong IG framework that protects them, their employees and the customers they serve.

Often organisations focus on only a few elements or areas of the information quagmire.  Enhancing the value of data being optimised through the use of technology and data analytics to deliver value and returns directly to the bottom line is a common driver due to the financial benefits.  Investment in enhanced cybersecurity to prevent cyberattacks and data breaches has also increased over recent years due to mandatory notification regulatory requirements and more visible cyber-threats.

However, more than a third of data breaches are caused by human error rather than a technology-based exploit. When phishing attacks are included, about half of data breaches can be attributed to human error.  These breaches are entirely preventable but remain a significant risk to organisations.   Privacy-by-design, security-by-design and privacy impact assessments (PIAs) are core to the best practice of managing personal information.  Effective IG can assist organisations to ensure that personal information breach risks, which can be life threatening to an organisation, as a hemorrhage is to us, are identified and resolved.

Getting to Know the Information Governance Elements

The Elements of Information Governance diagram is a tool for organisations to use when establishing information governance for the first time or to ensure all aspects of information governance have been included in an existing information governance framework.

Information Governance (IG) is front and center and is represented by a digital pine cone, ‘the third-eye’.[i]  In IG, the pine cone analogy is fitting as it represents the center or navigation starting point of all activities. It demonstrates how a robust IG framework provides the structure and mechanism to enable insights and effective guidance and control.

Six Icons surround the IG centre – here’s what they represent in relation to information governance:

The People icon highlights effective IG is impossible without the involvement of the right people. It is situated in the upper left position of the IG centre next to elements that demonstrate the important role people play in an organisation, both internally and externally. Internally, the people icon represents the collaboration across organisational silos and the effective innovation with security by design and privacy by design, and importantly the protection and security of information by employees.  Externally, people in an organisation must protect consumers’ and citizens’ privacy by ensuring compliance with privacy regulations, act socially responsible and adhere to the ethical use of data.

The Lightbulb icon is located above the IG centre just under the top line connection of elements. It denotes new, innovative and impactful activities and technologies.

The Dollar Sign icon is in the upper right position from the IG centre, parallel to the people icon. It is close to those elements that identify the value from data optimisation (i.e., data analytics), as well as controlling and minimising costs by reducing risks.

The Cog/Gear icon is at the lower right of the IG centre near those elements that are largely procedural functions. This icon represents the internal workings and processes of the organisation, meaning the data and information being used across the organisation and the need for collaboration and alignment with strategic organisational goals.

The House icon is directly under the IG centre and atop the bottom line connection of elements. The house icon serves as a reminder that robust IG requires a top-down strategic approach built on a strong foundation of clear policies and procedures.

The Lock icon is in the lower left position of the IG centre, parallel to the cog/gear icon. Its protective function symbolises the importance of security of data and information.

The Elements link to the icons and the IG centre in a continuous chain. All of the elements must combine and connect to provide an effective information governance system. This requires the interaction and collaboration of relevant professionals in order for an organisation to have a complete information governance framework.

The elements on the top and middle rows to the left reflect people-focused activities, while those to the right are data-focused activities. The elements on the bottom row are information-focused and reflect foundation services.

Top Row:

Cybersecurity & Info Security – cybersecurity focuses on the perimeter, while information security secures the information within the system

AI & Ethics – implementing artificial intelligence through an ethical-based process based on a data impact assessment

Data Analytics & Infonomics – deriving the value of information from data analytics

Business Intelligence – the hardware, software, staffing and strategy used to glean intelligence from data

Middle Row:

Legal & eDiscovery – the identification and retrieval of documents for litigation and ensuring such documents can be readily identified and produced to reduce costs; incorporating the use of AI in eDiscovery

Privacy & Data Protection – privacy by design and robust privacy policies as part of the overall governance framework

Data Governancecontrolling data at the data level and ensuring integrity through appropriate systems and processes

Risk & Compliance – a coordinated strategy for managing the organisation’s risk and corporate compliance with regard to regulatory requirements

Bottom Row:

Content Services – preserving and protecting content; information access, sharing and collaboration

Information & Records Management – how information is being managed and the activities to systematically control the creation, distribution, use, maintenance and disposition of information

Information Lifecycle Management – best practices for managing data and information throughout its lifecycle

Archiving & Long-term Digital Preservation – storing information in ways that can be readily retrieved many years into the future

Taken together, all the icons and elements represent the different interlocking areas and activities that deal with data and information in organisations.

A systematic approach to information governance begins with an Information Governance Framework that encompasses policies, procedures, people and technology. This includes:

·      Identifying all the areas and technologies within your organisation – that is, the IG Elements in your organisation;

·      Putting strategic objectives and priorities in place for managing, controlling and securing the data and information your organisation collects, uses and stores;

·      Implementing measures to protect the organisation’s intellectual property;

·      Complying with regulatory and legal obligations including record keeping obligations and, in particular changing privacy regulations;

·      Optimising the value of information to support the organisation’s objectives while managing risks and costs, such as those associated with a data breach and eDiscovery.

The key to ensuring the effectiveness of information governance is top-down board and senior executive leadership that supports robust policies and procedures that are aligned across the organisation and with overarching organisational goals, which deliver value to the organisation.  Top-down board leadership setting the overall IG framework is the ‘brain’, leading a data driven organisation with an ethical and privacy culture.

The senior executive with overall responsibility for information governance and/or the IG steering committee are the organisational ‘third-eye’.  They set IG project priorities, provide guidance and encourage cross-functional collaboration, oversee implementation and review outcomes.   Policies, processes, technologies and people all work together to enable efficient data flow including optimisation, regulatory compliance and appropriate data and information disposal.  When information is effectively governed with data optimised and associated risks and costs minimised, then the overall performance of the business will increase – delivering the benefits of a healthy data and information circulatory system.

Susan Bennett, Executive Director, Information Governance ANZ

Principal, Sibenco Legal & Advisory

[i]          Throughout history, the pine cone has been a sacred symbol of human enlightenment, viewed as an eye of higher consciousness – the ancient symbol for the third eye – and non-dualistic thinking. Many believe the third eye is at the geometric center of the brain and a symbolic representation of navigation.

Information Governance as a Key Enabler of Successful System Design

by

 

This is the first in a series of articles explaining how design information governance (IG) adds to the ontological and structural language that creates the ‘sensemaking’ framework for complex adaptive systems. In doing so, IG provides a foundational enterprise capability which enables adaptive behaviour and organizational resilience in the face of changes in the internal and external environment.

Modern society is enabled by systems, some of them technology-centric like our road and rail networks, some human-centric like our system of parliamentary democracy, and some a more balanced mix like our health system. Successful systems are those that are effective in meeting the needs that they were designed (or emerged) to meet and are sustainable in the face of change.

A key enabler of successful systems is appropriate design information. For example, the number and boundaries of electorates in our parliamentary democracy are periodically adjusted to ensure that the (design) principle of equal representation continues to be applied as our population distribution and demography changes over time. Another example is public infrastructure such as road and rail networks which evolve and are sustained via investment driven by changes in demand, changes in technology, and changes in societal expectation on matters such as safety and reliability. And, of course, the ever-changing health system is informed by changes in the human condition and advances in medical technology.

Typically, the focus of IG is controlling data and information within an organisation; however, IG also applies to the very significant amounts of complex and changing information used to inform design decision-making across our society. At a higher level, IG means maximising the value of information by facilitating use in better informing decision-making for major systems interacting with each other to improve how our complex society works and particularly to avoid catastrophes such as the cascading failures of energy networks leading to widespread transport and health system failures. IG, therefore, is an essential component and foundation of controlled change in any enterprise (using the broad definition of enterprise here as being any deliberate or consciously coordinated socio-technical entity with a relatively identifiable boundary whose constituent parts work together towards a set of defined goals).

What does this mean in practice? The Information Governance Initiative defines IG as the activities and technologies that organisations employ to maximise the value of information while minimising associated risks and costs. Therefore, IG in the design context (‘design IG’) covers concepts such as information provenance (do I know where this design information comes from and can I trust it?) and Information Assurance (confidentiality, availability, integrity, authenticity and nonrepudiation).

From a technologies perspective, design IG covers governance of the vast investment in information systems used to store and process design information. These information systems have revolutionised design across all sectors of industry and society in recent decades with the ability to rapidly gather, analyse and draw meaningful conclusions from vast amounts of often dissimilar and unstructured data allowing much more informed design decision-making:

·         In public policy, the ability to better understand the lives and opinions of citizens enables more rapid and nuanced public policy design … but also with the associated risk of manipulation per the Cambridge Analytica scandal associated with the most recent US Presidential Election and, locally, targeted ‘robo-calling’ and similar techniques.

·         In public infrastructure, the ability to combine demographic, social trend, geospatial and engineering information allows the creation of ‘digital twins’ of current and planned infrastructure. These ‘digital twins’ facilitate much better understanding of overall system behaviours, the effect of design changes and associated costs, and potential points of failure. At an operational level, ‘digital twins’ allow better understanding of current performance and how to deal with system failures such as broken-down trains and external events such as extreme weather. And concepts such as Asset Management (AM) are being implemented in information-intensive Asset Management Systems (AMS) that draw upon the ‘digital twins’ developed during systems design leading to end-to-end IG across the whole lifecycle

·         In human health, vast troves of statistical data combined with detailed understanding of the human genome and disease processes are enabling ever more sophisticated and targeted treatments (immunotherapy, for example, which ‘trains’ the immune system to attack cancerous cells). In this way, medical science is moving towards the ‘digital twin’ concepts currently being popularised in infrastructure and engineering more broadly.

Ongoing advances in Artificial Intelligence, Machine Learning, ‘Big Data’ analytics and similar technologies, as well as our fast-evolving societies, will only accelerate these changes.

Shaun Wilson, InfoGovANZ Advisory Board Member
Founder and Head of Business Development, Shoal Group Pty Ltd