In a recent training course my company conducted on Information Governance and Data Privacy, I found myself in an interesting position: one of the students was from an organization where the vast majority of their data has its origin in paper forms and tends to be shared and distributed on paper forms and in reports. They had little in the way of “formal” IT systems.
This posed a doozy of a problem when walking the group through the role of the DMBOK disciplines in supporting Data Privacy. How do we relate Data Architecture, Data Quality, or Data Development disciplines to paper-based processes and filing cabinets? Is it simply a question of lumping the ‘paperwork’ into Document and Content Management?
The answer, when we are looking at governing data for data privacy, is that these paper forms and reports should not be lumped into Document and Content Management. PR visionary Marshal McLuhan famously said: “the medium is not the message.” We need to remember that the medium (storage) is not the data, and the planning and design of what I call ‘dead tree data management’ actually draws on exactly the same disciplines we apply to electronic information.
For example, the cross referencing of records held in different filing cabinets or folders, particularly when you need to reduce the replication of personally identifying information, is essentially a data modelling exercise. Filing cabinets become entities, shared identifiers allow “joins” to be made between individual records; it just happens manually.
Likewise, the design of paper forms is a data design and development activity. The requirements of data minimization, and the need under EU data privacy rules to ensure data is adequate, relevant, and not excessive for the purposes for which it is being processed, means the “user interface” of the form needs to be considered.
Data quality in paper records is measured and improved in largely the same way as electronic records. Determine the most critical fields, define your quality metrics, and then extract a representative sample and measure. Nothing different to the processes people like my friend and mentor Dr. Tom Redman have been advising for years. In fact, I would argue that the application of data quality to paper records requires a better understanding of data quality principles as there is no easy software fix, no freemium data profilers, no ‘magic bullet.’ A proper plan, a defined quality strategy, and a measurement plan are key.
During the training course we walked through every segment of the DMBOK wheel and were able to identify how the fundamental principles applied to paper as well as electronics. To do this we stepped back from the technology, focusing on the information and the principles.
The delegate was thrilled—they had labels to put on the things they knew needed to be done and a framework to explain how they were related and interdependent. More importantly it helped the group to understand the technology neutrality of the EU data privacy laws which place equal importance on physical records and electronic records—emphasizing the information rather than technology.
As we have been managing and governing information for over six thousand years on media as diverse as wax tablets, animal hides, clay tablets, paper, and electronically, perhaps we need to remember to keep our heads out of the tech. And perhaps cranky old veterans should remind the whippersnappers who cannot remember an era before the Internet that the medium is not the message.
