It’s the Information, Not the Medium

BLG01xJAN - OBrien - imageIn a recent training course my company conducted on Information Governance and Data Privacy, I found myself in an interesting position: one of the students was from an organization where the vast majority of their data has its origin in paper forms and tends to be shared and distributed on paper forms and in reports. They had little in the way of “formal” IT systems.

This posed a doozy of a problem when walking the group through the role of the DMBOK disciplines in supporting Data Privacy. How do we relate Data Architecture, Data Quality, or Data Development disciplines to paper-based processes and filing cabinets? Is it simply a question of lumping the ‘paperwork’ into Document and Content Management?

The answer, when we are looking at governing data for data privacy, is that these paper forms and reports should not be lumped into Document and Content Management. PR visionary Marshal McLuhan famously said: “the medium is not the message.” We need to remember that the medium (storage) is not the data, and the planning and design of what I call ‘dead tree data management’ actually draws on exactly the same disciplines we apply to electronic information.

For example, the cross referencing of records held in different filing cabinets or folders, particularly when you need to reduce the replication of personally identifying information, is essentially a data modelling exercise. Filing cabinets become entities, shared identifiers allow “joins” to be made between individual records; it just happens manually.

Likewise, the design of paper forms is a data design and development activity. The requirements of data minimization, and the need under EU data privacy rules to ensure data is adequate, relevant, and not excessive for the purposes for which it is being processed, means the “user interface” of the form needs to be considered.

Data quality in paper records is measured and improved in largely the same way as electronic records. Determine the most critical fields, define your quality metrics, and then extract a representative sample and measure. Nothing different to the processes people like my friend and mentor Dr. Tom Redman have been advising for years. In fact, I would argue that the application of data quality to paper records requires a better understanding of data quality principles as there is no easy software fix, no freemium data profilers, no ‘magic bullet.’ A proper plan, a defined quality strategy, and a measurement plan are key.

During the training course we walked through every segment of the DMBOK wheel and were able to identify how the fundamental principles applied to paper as well as electronics. To do this we stepped back from the technology, focusing on the information and the principles.

The delegate was thrilled—they had labels to put on the things they knew needed to be done and a framework to explain how they were related and interdependent. More importantly it helped the group to understand the technology neutrality of the EU data privacy laws which place equal importance on physical records and electronic records—emphasizing the information rather than technology.

As we have been managing and governing information for over six thousand years on media as diverse as wax tablets, animal hides, clay tablets, paper, and electronically, perhaps we need to remember to keep our heads out of the tech. And perhaps cranky old veterans should remind the whippersnappers who cannot remember an era before the Internet that the medium is not the message.


Share this post

Daragh O Brien

Daragh O Brien

Daragh is the Founder and Managing Director of Castlebridge, a leading Information Governance, Privacy, and Strategy consultancy based in Ireland. He has a degree in Business & Legal Studies from University College Dublin, and is a Fellow of the Irish Computer Society. Prior to founding Castlebridge, Daragh worked for over a decade for a leading Irish telecommunications company in roles as diverse as Call Centre operations, Single View of Customer Programme management, and Regulatory Compliance and Governance. He a regular presenter and trainer at conferences in the UK and worldwide. Apart from his consulting and education work, Daragh is also Data Privacy Officer for DAMA International, a faculty member at the Law Society of Ireland, and a contributing research partner to the Adapt Centre in Trinity College Dublin. He lives in Wexford in the South East of Ireland and can be reached at or on twitter: @daraghobrien. In 2016, he was ranked by Onalytica as the 24th most influential person on Twitter in Information Security (including Data Governance and Data Privacy).

scroll to top
We use technologies such as cookies to understand how you use our site and to provide a better user experience. This includes personalizing content, using analytics and improving site operations. We may share your information about your use of our site with third parties in accordance with our Privacy Policy. You can change your cookie settings as described here at any time, but parts of our site may not function correctly without them. By continuing to use our site, you agree that we can save cookies on your device, unless you have disabled cookies.
I Accept