Episode 12

FILED Season 1, what did we learn? Our favorite moments from the year

Anthony and Kris take turns sharing their favorite discussions from FILED S1. From discussions of ransomware to AI, they share the surprising moments and interesting conversations they enjoyed in the first season.  

Topics discussed:

  • Ugly freight and the similarities between shipping physical items and governing data. (Full episode)
  • Why reducing third-party risk matters. (Full episode)
  • Why are companies still adopting a “wait and see what happens” approach to data privacy? (Full episode)
  • When it comes to hacks, prevention is better than the cure. (Full episode)
  • How records and information governance can help cybersecurity professionals to overcome threats. (Full episode)
  • How records and information managers are poised to be central to AI efforts. (Full episode)
  • The impact of AI on society and the growth of misinformation. (Full episode)
  • How are major institutions governing AI? (Full episode)
  • The societal importance of records. (Full episode)
  • Are there models for bringing records under control of the user, not the institution? (Full episode)

Transcript

Anthony Woodward

Welcome to FILED, a monthly conversation with those at the convergence of data privacy, data security, data regulation, records, and governance. I'm Anthony Woodward, CEO of RecordPoint and today with me is my cohost, Kris Brown, VP of product management. How are you, Kris?  

Kris Brown

I am good, mate. It is the silly season. I'm really looking forward to this episode. It should be a lot of fun.  

Anthony Woodward

Yeah, look, it's been a fantastic year of FILED. In today's episode, I think we have a little bit of a different approach. We really want to go through what have been the key discoveries, the key elements of the season and do a bit of a recap. There are so many highlights to show, the themes of what we've been talking about and some really interesting personal discoveries for myself through the year. Look, I think I'll go first, Kris, in terms of the first episode that I think really had a big impact on the delivery of FILED for me and the conversations we've been having, it was with a friend of mine, Cate Hull.

Anthony Woodward

Cate's the CEO of Freight Exchange, which simplifies and automates the processes of shipping. In fact, they call it ugly shipping, the sort of type of material that's really difficult to ship normally. The space I think Cate has, most people would think is not linked to what we do in terms of being that intersection of data privacy and data governance.

Anthony Woodward

But in fact, the entirety of the business is driven by how data is governed. What are the rules around that governing? And when you talk about things like ugly freight, and I know you love that term, Kris, it's a really complex area.

Kris Brown

Yeah, look, absolutely hilarious. I think at the time, it was something new for me to learn that ugly freight's that difficult to ship hard in terms of weight or size, requiring other requirements. So, uh, this was a really great clip for me, a great conversation and again, just showcasing that different organizations have different challenges but they all still lean back into that data sphere.  

Anthony Woodward

Yeah, absolutely. So in this clip that we're about to pick out and certainly one of my favorites of the conversation, you know, Cate's going to talk about how very manual and exposed to human error and theft and fraud the business of freighting material around is and really, drawing those parallels between what happens in that real physical world of moving things around and the growing data, there is a real need to manage risk managed by exception. But why don't I let Cate tell you in the clip right now?

Cate Hull

It is all about managing by exception. The whole industry is managing by exception. It's somewhat miraculous that it works as well as it does, given the level of digitization and automation that's in the industry. It's certainly quite far behind a lot of other industries. It is challenging and in terms of the risks, because everything is handled by humans, you've got human truck drivers, you've got human people packing the trucks, you've got humans booking the freight, you've got humans pricing everything.

Cate Hull

It becomes very challenging to manage those risks. So, the physical risks might include theft or fraud. Error is usually the big one. Obviously, you can drop things and break them and all of those things. Managing those by exception is really the name of the game.

Anthony Woodward

There's so many similarities there in what Cate was talking about between what we do here at RecordPoint, I think what the industry does in terms of data governance and that real world set of problems that she's really focused on.

Kris Brown

Yeah, and look, I think if we tie into the next one here, the next clip for me, this was all about reducing risk for your organization. Another major trend when it comes to the risk this year was ransomware and the increased supply of supply chain hacks. This is something we've covered extensively in our newsletter, just that sort of very slight plug there. If you haven't taken time to subscribe to the newsletter, please do.  

Kris Brown

We also spoke to someone better equipped to discuss this issue in Aaron Spiteri at UpGuard. He's the director of third party risk management. So, he sees this issue play out from both sides. Organizations not managing their third party risk and then the third parties themselves doing a poor job of reducing their risk.

Kris Brown

He spoke about some of the really basic sort of cybersecurity 101 mistakes that some people are making. And I really wanted to highlight this clip because this is where he explains, you know, why this actually matters.  

Aaron Spiteri

Customers are getting audited on this all the time. And customers have a lot of interest in this now as well, given that there's been so much media around, you know, things are leaking or breaching.

Aaron Spiteri

There's a lot of reputation on the line now and our customers are putting a lot of trust in their third parties. So as soon as you put that trust in a third party and you're giving them some of your data, essentially any of the risks that they might have now become some of the risks that you might have because you're working with them.

Aaron Spiteri

So that's why this has grown so large because there are so many vendors and customers that are all working together now and there's data all over the place. People are sharing all different types of data, depending upon what service they've got for you. So if anything does get leaked out, if there is a security issue, anything like that with one particular company, if you can imagine they've got multiple customers now, all those customers, then become affected as well, which is why this is becoming such a big thing because there's so much reputational damage, irreversible damage as well. Once the data is actually available, it's next to impossible to get rid of that data once it does leak on the dark web, for example. And we just see it continuously getting copied and duplicated all over the place.  

Kris Brown

It's quite a simple way of putting it. Once you trust a third party, their risks become yours. I'm not sure all companies get that yet. I think Aaron's in a really interesting space. A lot of the information that people are dealing with, you know, you need to start to ask those questions of your suppliers.

Kris Brown

At the end of the day, it's that same trust, your customers place in the organization when they're providing their data to you.  

Anthony Woodward

Yeah, we've seen this trust often misplaced throughout the year. There's been a litany of sensitivity, failures of data breaches of ransomware attacks, and those have really made the media. But it is often that companies are failing not just to think about the firewall and the ring in the perimeter, they're actually failing to guard the sensitive information internally. Remove it when it isn't needed. We saw a bunch of the hacks accessing data that have been in organizations for quite some time, and that really exposed them when all they needed to do was actually clean things up.  

Anthony Woodward

We had Yvonne Sears on the podcast and she's the co foundering managing director at ISD cyber, and she's also one of the senior leaders in IAPP in Australia as part of the Adelaide chapter chair, and we really talked to her around how the entire community has been slow to realize that by correctly managing your privacy obligations, you can really be prepared for, and in fact, be in a better place when a breach does occur, because the reality is breaches are going to occur for everybody. I think this clip really takes us through Yvonne's thoughts and how we can deal with those things.

Yvonne Sears

I mean, there has unfortunately been the attitude of, they haven't got us yet, so we'll just carry on as we are, because why do I suddenly have to spend multiple thousands, millions on fixing an issue that hasn't previously been an issue, and I'm not going to get fined for.

Yvonne Sears

So, yeah, I'm forever hopeful that we're going to get privacy right across Australia and have the right cultural attitudes in place to do the right thing, especially when it comes to processing personal information, I will hit on that one again, because it's about respecting the individuals at the end of the day.

Yvonne Sears

So, you're dealing with people's lives and in some situations, depending on the service being offered, can be really detrimental to an individual. If their personal information has been disrespected. So, for me, I think there is that level of accountability, especially within organizations that process personal information, to really be transparent in how it's handled, where it's going, having that confidence that they know exactly where it is and that it is protected.

Yvonne Sears

But I don't know, like I say, I'm forever hopeful that we'll do the right thing, but we need some sticks to get us there. But, yeah, we'll see, I guess.  

Anthony Woodward

You know, what I think we observed there from Yvonne is really her point around organizations needing to adopt across your fingers hope and really thinking through how they're going to deal with these obligations isn't enough.

Anthony Woodward

They actually need to proactively sit out there, map out the obligations, understand their records, understand their information governance and really look at how they're reducing their concerns around privacy risk and data risk.  

Kris Brown

Yeah, it was a great conversation, that one. Obviously, a lot tighter aligned to what we're doing.

Kris Brown

And so, when it comes to discussing preparing for a breach, I personally can think of no one better than RecordPoint's VP of Engineering, Josh Mason. He spoke to some of the key things you can do to prepare for a breach, so we'll roll that clip.

Anthony Woodward

Again, building on the layers here, you've now been able to discover the content, you know where it is, you've mapped it, you've been very hygienic over those processes.

Anthony Woodward

What can you do to mitigate this risk in the future? So, if we were to think about what are the things we can do to prevent, in fact, in this stage around a data breach, prevention is far better than the cure. What are the kind of activities that we can go on to create some prevention mechanisms?

Josh Mason

Yeah, so I think it's kind of a broad question.

Josh Mason

There are so many things that can be done here. If we kind of stay in the records management piece, part of the scope of impact and the size of the breach is going to be a lot based on the corpus of documents that was actually breached into. One important part of records management is actually having the disposition and disposition schedules in place so that you're eliminating documents and logs and other types of data in your environment so that they're not just sitting around to be picked up some of the data breaches from Yahoo or Google where they've released 52 million, 350 million records out into the market. That information is then picked up and used as stuffing attacks where they take those same username and passwords and break into other systems. Many of those accounts closed for years, just floating around in the system. So, they're going to be paying that $180 per record for data that they didn't need to have around and shouldn't have around. So, it was costing them money to store it, costing them money when it was hacked, and now it's going to cost them the money again to pay out on last actions of the litigation.  

Kris Brown

I love this one. It's really clear from this discussion that disposal data minimization is sort of core to weathering these attacks.

Kris Brown

For me, this is sort of key to what we do here and helping organizations understand that it's very, very difficult to breach something that's not there. There's certainly sometimes a bit of ignorance on what records and information governance professionals could offer to their businesses.

Kris Brown

And for me, just in this forum, obviously but also through our newsletters and obviously what we do in the marketplace, we're constantly trying to help these professionals communicate what they're doing for the rest of their business.  

Anthony Woodward

I think a number of those questions around how to communicate, what do you do in a crisis and all of those elements was probably my favorite interview of the year with Andrew Ysasi, if you haven't listened to it, go back to episode eight.

Anthony Woodward

We're obviously going to play a clip in a minute, but there's so much to hear from Andrew that I think it's worth popping in that one on replay, even if you've heard it before. The great thing about Andrew is he's really operating at that intersection between information governance and cyber security and crosses those worlds.

Anthony Woodward

I mean, he's working right now at Vital Records Control. He's the VP of Advocacy. He's a volunteer at ARMA, the American Records Management Association and he also happens to be a lecturer at San Jose State University. And if you want to follow him as a blogger at IG Guru, which there's a wealth of information at.

Anthony Woodward

You know, what I really loved about the conversation in particular with Andrew was just the breadth of experience he had talking about working with the technology groups showing how disposal can actually improve a technology group's life, how you can think about security, but from an information management lens, not from an IT security lens. I'll let Andrew take it away here and really fill in that detail about what his thoughts are.  

Andrew Ysasi

There's a number of different ways that the academic side of looking at the principles of records information management, you know, what do we own? There's a lot of overlap when you look at IG.

Andrew Ysasi

And you start to peel through and look at, you know, if you have a Venn diagram of who's responsible for what that might have to be defined by an organization because there could be 4 or 5 groups part of the IG ecosystem that would claim responsibility or portion responsibility. But the two areas that typically live within records information management as far as ownership goes are retention and disposition. If we can have a conversation with cyber security around that specific to not only the information that cyber security is protecting, but also maybe the records that they're producing that gives us the opportunity as professionals to at least help with reducing the potential landscape that could be at risk by applying retention and also disposing of information securely, whether it's redundant, outdated, trivial, we've heard the term rot, or if it's genuine records that come up for destruction, if we can be a part of that and operationalize that if we haven't already, I think that's really the 1st step.

Andrew Ysasi

So, at that point, we are a partner in that discussion instead of just a, well, call the records people and have them bring in some shred bins and shred all the stuff and have them leave again. If that makes sense.

Anthony Woodward

I think the intersection of these two fields is really obvious to you and I, Kris, and we really live in this domain every day, but I don't know if the wider world really understands just how important it is to, in order to have strong data management, you need to have strong systems and processes that underlie that.

Anthony Woodward

And that really comes to the technology these days. If we're going to have an increased risk posture, we need to consider it much more holistically.  

Kris Brown

Yeah, it was one of my favorites too, and I think again, if I get a little bit sentimental here, the next one for me, I've known Anne Cornish for a very long time.

Kris Brown

She was one of our early, early episodes back in episode five, and we certainly had a lot to say specifically in the industry around records management and how the actual records managers themselves can actually prove their value in this, this current landscape. She's currently the head of RIMPA Global, the Records and Information Managers Practitioners Alliance.

Kris Brown

They're starting to align with ARMA and other international organizations. So, they're trying to bring that to the fore from each of the professional associations. So certainly, you'd expect her to be fairly gung ho about, you know, what she can tell us about what's frustrating about how slow the industry is to take advantage of the crisis that's going on right now in privacy and cybersecurity.

Kris Brown

In the last 27 years, she's seen the industry evolve as her own career has and as I said, Anne and I have known each other for a long time. I probably dropped her in there by dropping the length of time that we've been doing that. But straight from the beginning, you're talking about even just opening mail to you know, now running that Australasian industry body.

Kris BrownShe's sort of seen and done it all in that information management space. She's watched the roles evolved, managed paper records, worried about AI, but all the individuals themselves have been slow to adopt this technology. So, she's a real advocate, sort of saying, you know, we need to take that industry forward.

Kris Brown

We obviously missed the boat, on email, was one of the key things that she sort of talked about. This wave of information came through, and she's really worried that that's gonna happen again off the back of the, you know, just the change in the workplace environment these days. I actually really like to take on AI, you know, as she said, going, the information managers are the ones who are going to feed the AI.

Kris Brown

They're the ones gonna be training it. They're the ones gonna be giving it its information and helping it to become a better citizen as it relates to records management. And so, you know, as a result, the field has set the change enormously. She's really excited and optimistic, which I think is great.

Kris Brown

It's super refreshing given, you know, all of the doom and gloom wrapped around AI. So, I'll let Anne sort of, you know, speak her piece now.  

Anne Cornish

So, the first thing we're going to do is make sure that the records managers aren't scared about this technology, and they have an understanding, which is what we've said at the start of this podcast.

Anne Cornish

But this is really important that they ride this wave, right? Don't sit back and let everyone else do it because they will lose their jobs, or they won't be involved, and they won't be valued. I think AI is more than just auto classification, and from an IM practitioner point of view, I think there's a lot more involved, it impacts the organization.

Anne Cornish

So, you're just talking specifically about what's impacting information managers in their day to day role. I'm thinking that information managers need to be more involved in a whole lot of AI, like, what's the impact of chatbots? What's the information going on in that relation? What's happening with risk modeling and the, and the artificial intelligence that's doing that and how involved are we?

Anne Cornish

Because we're the ones that are going to feed the AI. They're going to learn from us. It's got to learn from somewhere. It doesn't just happen as we all know. And so, our jobs will change where we no longer put pieces of paper on file or classify bits of mail. We now teach the rules to the systems and allow the algorithms to do what they do in the AI but don't be scared of that. Personally, to me, that's a challenge. To me, that's exciting. And that's how records and information managers should look at it. I don't know about you guys, but you know, after a few years doing the same old thing, it sort of gets a bit boring. The fundamentals are always there.

Anne Cornish

Everyone should pride themselves. That's their value. And when I say ‘them’, it's the IM's value. It's the fundamentals. They are fully aware of the fundamentals of records and information management, you know. All the compliance requirements and as I said, the rules that go with that, they all have to be implied in the AI world.

Anne Cornish

It's ongoing, and AI will continue to learn, and we have to continue to teach it. And that's where I see the roles long term. I just think it's a challenge.  

Anthony Woodward

Yeah. And look, I think what a fantastic conversation it was with Anne. One of the other conversations that I really enjoyed, and again, still staying on the topic of AI, was John Croll.

Anthony Woodward

John is another friend of mine that I invited to the podcast. He comes from a slightly different direction, but in reality, is very much aligned to what we do every day. John's company is a company called TrueScope that focuses on helping other companies, particularly the PR and communication departments and companies understand how the media is discussing their brand online.

Anthony Woodward

It's a super interesting product that I've really enjoyed watching John grow and augment and make better. But really what John delved into was all the different considerations around, how do you launch a product? What happens when there's a crisis around a major data breach? How do you handle the communications?

Anthony Woodward

You know, here in Australia, where Kris and I are sitting today, as we build into Christmas, very early in the year, there was some very damaging cases for companies like Medibank and Optus. And John went into the detail around what were the different ways they could have handled it? How did they handle it?  

Anthony Woodward

Some of you may even know John from his previous business that operated globally called Media Monitors. It was originally a newspaper clipping business where they'd clip articles out and expand it to the online world. He also in what he's doing today in true scope is really on a daily basis, dealing with AI and data quality and a whole bunch of issues that we are dealing with every day in the information management and privacy domain.

Anthony Woodward

And I really liked his take on how AI is going to shape how we communicate with each other, how we connect with each other and how it's also going to create misinformation that we're going to have to deal with. And I think this clip here really talks to that misinformation, the reinforcement of bad data and how I can hallucinate and those kind of things.

Anthony Woodward

I'll let John take it away.  

John Croll

Probably when we're sitting back four years ago, the true part of the TrueScope came because there was so much discussion around fake news and those sorts of things at that point in time. Yeah, so I think it's got two elements, one that it's generating, but also, it's learning from the content that's out there from, you know, the language model is being taught by what's out there.

John Croll

So, you got to know if that's being influenced right by the different bots and bad actors who are trying to put that content out there, and then it can only learn from what it's actually consumed and seen what it thinks is just information that's out there. And so, the first part is there's poor information going into that and if you've used. it, you already know that you're getting bad results out of some sectors of what you do. The second part is reputations get damaged by both fake news and real news. Our job is to get that information to clients as quickly as possible. The second part is we're talking to good organizations like NewsGuard and those sorts of guys to actually add that straight into the platform.

John Croll

So, from a client's point of view, they will get a piece of information and there will be a news guard score against it. We haven't done it yet, but we've been talking to the guys that will give you a confidence level about is this accurate information? Has it been produced by an accurate source, and does it have the rigor of either a journalist or an industry, a known industry expert so that you can rely on it?

John Croll

So that's good if you're sitting in the corporate comms chair or the government relations. But if you're Joe Public consuming this information, it's still going to affect the reputation or what you think of that organization and that's where the difficulty comes. You can already see about the number of people who don't believe an election was won or lost or whatever.

John Croll

Even if there's facts in the marketplace, those views don't change. Audiences don't change.  

Anthony Woodward

You know, what John spoke about there is that we do really need to think about what is it we're inserting into the AI. What is high quality data that traditionally in the journalist world, we would have published? What did the journalists actually go through the different protocols to approve internally before it was published? Whereas today we have a lot of data being published that is of low reputational value, and that is really being disseminated out to a whole bunch of information and we need to think about that and information governance.

Anthony Woodward

Because what we should be doing is really trying to find those golden nuggets and protect those and get rid of all the dross and very much, I think that's what John was pointing out in this conversation there.  

Kris Brown

Yeah, it was really cool to hear John talk about, you know, those other major organizations and what are they doing, obviously TrueScope, very deeply involved with AI.

Kris Brown

For us, the next one I wanna talk about, probably sits in some of the, you know, when we talk about sort of the largest organizations on the planet, what are they thinking and what are they doing in this same space? We're sort of rolling all the way back to one of the very first episodes, but again, I think was a great kickoff to FILED and that was asking Pauline O'Toole, the commissioner of New York City Department of Records, about what she thinks about AI and where the industry is going. She spoke to us way back in June, so we're rolling back a long way now, and we covered a lot of ground from how she got her start, but also what she's thinking about the future.

Kris Brown

She was very pragmatic when it came to AI. She was clear about what data needed to remain private and how access to the information was based on the freedom of information laws. She was optimistic about how generative AI tools would be useful in the future as it was related to building out the historical record and, you know, given the role that she takes there, the city of New York, you can see why that was obviously of a keen interest to her.

Kris Brown

So, I'll let her say in her own words that now we'll pass to that clip.  

Pauline O'Toole

The private data in records is governed in New York or access to that private data is governed by the state's freedom of information law. It establishes several categories of information that do not need to be made publicly available.

Pauline O'Toole

And some of it is things you would expect, such as, you know, a person's date of birth and address and items that have to do with secure police operations and security, but other data all is supposed to be made publicly available upon request. To that end, the city has a public data portal that has datasets about almost everything and this is actually where AI could have a really interesting intersection to sort the content from what otherwise would be divorced pieces of information and put it together in a way that helps to better inform local residents about different kinds of opportunities or services. And I think down, so that's the privacy that historical records don't have the same issues with privacy.

Pauline O'Toole

So, we have an online—13 million, I think—vital records of birth, death and marriage records that obviously show the date of birth or death or marriage and the people's names and their addresses, but they're of a historical nature. And so those aren't governed by the same privacy rules, but that's also where I think AI could have an interesting effect in accumulating content from these digital images and using it in a way to better tell a historical story about who these people were, who were getting married or were dying at a particular time, sort of by reading the content, right? And then putting it into a spreadsheet and helping analyze it to tell the story. That is, I think, something that will happen in the not too distant future and that will be really exciting.

Kris Brown

For me, having the opportunity to work with such an organization, having a leader there in Pauline and getting a great understanding of where she's come from was actually really refreshing. I really enjoyed it. You know, there's lots of widespread doom and gloom, especially about these subjects and hearing a practitioner who's actively doing this every day leading, you know, a group that is dealing with very, very large amounts of information was just really cool and a great way to kick off FILED for me.

Kris Brown

Listening back and hearing her mention the historical record reminded me of another guest we had, Andrew du Fresne, and who spoke quite movingly about the value of records management. Andrew's been around for a long time, working in a lot of roles in the industry. He's currently at John Bean Technologies, and he's the Documentation Information Governance Manager.

Kris Brown

We had a great conversation. He offered a bunch of guidance, which was cool especially as it related to preparing and recovering from a natural disaster which unfortunately is something that we all need to be prepared for more and more these days. I said, certainly being a Queenslander, you know, we, we see our fair share of natural disasters and I've been a part of a few, even just in the last decade, but it was his work involving recovering the records from 9 11 terrorist attacks that actually really spoke to me. The task of building that historical record of something so impactful was really meaningful and showed another aspect of the role of information custodians.

Kris Brown

I'll let Andrew tell us that story.  

Andrew du Fresne

Still to this day, just watching it just reminds me of the people that I met, the people that worked at the agencies, but how hard it was to even talk to anybody about it. You had this mission to go out and try to seek these records and some people were responsive, others were not, I was told a lotI don't want to be part of this because I'm retiring, but the people who did like the Coast Guard, for example, they had all of these ship to shore messages that were going back and forth from all the ships to the Coast Guard.

Andrew du Fresne

So, you had this transcript essentially from the time the planes hit the trade center until, you know, like 24 hours later, and it was a huge, huge digital file. They also provided some paper printouts of it as well and videos, all the video, because all the ports have videos going into the New York Harbor.

Andrew du Fresne

So, we had all that video too, that's all now part of the National Archives and being preserved. So that was one of the proudest things I've done to just be part of that effort. I met some people who survived 9 11, the firefighters that were there. And I think about them every year because the stories that they told, I just, I couldn't believe it, you know, that they're standing there next to me talking about it.

Andrew du Fresne

And I said, well, how did you survive it? They climbed under a fire truck and, you know, prayed and I came out and I survived. So, you know, just stories like that. It was pretty amazing. Now there's this archive is part of the national archives. It's part of the commission records. Some of them are still closed. I was looking it up just the other day to see if they were even available for the public and some still are not.

Andrew du Fresne

I met a woman also who was collecting all the phone records that people were calling in and leaving messages around the airplanes. I just came across these people and all their stories were just so phenomenal and interesting and moving every day. It was hard.  

Kris Brown

It's a very moving story and one that would not have been able to be told without the work of the records custodians.

Kris Brown

It's certainly historically, this was something that, you know, it was touched very, very close. My wife's family's based there. We were visiting at the time. We were right in amongst this. And so, the interesting thing was, you know, hearing that the side of the industry that obviously I was a part of at the time, but that it was actually dealing with that on a day-to-day basis.

Kris Brown

I had some customers that I dealt with that were involved and impacted by this. And so, you know, coming full circle, this is the other side of how, you know, records are valuable. Not just the practical side of improving privacy and compliance, but you know, building a sense of, of who we are and, and what's happened.

Anthony Woodward

Absolutely. And I think, you know, it's really important to think about records and how we actually manage ourselves and the sense of self. And one of our very early episodes was with another friend of mine, Barbara Reed. She's a research fellow now at the Faculty of Information Technology at Monash University down in Melbourne and she's done a lot of research into what she calls participative record keeping. I'll let her explain in her own words because the clip we have here is really vivid and I think really gets into the crux of what that means. One of the big principles rolling around the privacy community is privacy by design and therefore bringing data ownership to the hands of both the user and the owner of the data, you know, my personal data being my own and I'm sharing that, and I want to have rights to revoke that.

Anthony Woodward

Do you see the same happening in the records landscape where there's this kind of records by design principle and we're rethinking that? And where do you see that evolving?  

Barbara Reed

Yes. And I think it's, so the research projects I've been involved in have been very much around this. So, we've been paddling around in participatory record keeping.

Barbara Reed

My interest in it came from the work I was doing for the Royal Commission into institutional sexual responses to sexual abuse and people had no recourse. The records were kept by the organization for the organization and yet they were fundamentally about my childhood. So, I didn't have access to them, and I couldn't get to them, and I didn't agree with what's there and it was all fragmented.

Barbara Reed

So, we have been working in that space in the out of home care, particularly because it provides a lens that is really socially important and critical to life chances actually of people. So how do you do that? And one of the issues that we were talking about is being able to share far more instead of having organizational records owned by organizations that in fact they’re co-owned.

Barbara Reed

That's a bit tricky because then you need to give rights to the person to control access. These things for organizations are almost intolerably and unspeakably challenging as systems are being rolled out. The other thing that we explored was actually depositing a copy of records, specific records in a space that is totally controlled by that person.

Barbara Reed

So, it's like two sets of records. Well, records are transactional. There are two sides. And then the person owns and completely controls the records. That has been deposited with them. We would at one stage playing with MyGov being that type of, or a technology like that. But again, very challenging for organizations who lose control of their information, and it skews the way records are created as well as their management.  

Barbara ReedSo, implementation is incredibly difficult in those areas.

Anthony Woodward

You know, I think the reality of this concept and what Barbara has really focused on in many conversations I've had with her in her research is the whole process of managing data and managing information is about the types of obligations we have to each other and what kind of control we're going to exert over that data so that we can build trust in the obligations that we're going to either put out there in the community or we're going to, we're going to give to each other and I think she really captures that in that conversation. I really very much enjoyed that. And I think on that note, we'll sort of wrap up there because I think that obligation has been a real theme of FILED - a real theme there that you see with many of those different clips around how the very purpose of this convergence of data privacy and data governance and information is really the obligation, the social contract we have as companies we have as people we have as others that are doing things for other people.

Anthony Woodward

And I think that really is a fascinating set of highlight reels that go deep into that conversation, explore those themes that operate there and recap that, you know, thank you Kris for being a part of FILED this year. And I'm really looking forward to next year.  

Kris Brown

Yeah, no, thank you, Anthony. I think this has been great and for the, you know, for the team that helps put this together, it might seem like you and I sort of roll in here and grab a microphone and. It just sort of happens, the magic, if you will, but certainly a big thank you goes out to the team that also helps pull this together and to our guests this year who have been, you know, patient with us as we've managed to work our way through the TV issues early and certainly as we get to this position now at the end of our first year.

Kris Brown

Rolling up an entire season. That's just crazy to me.  

Anthony Woodward

And I'd like to thank the listener. I think when we put this out there, we weren't sure exactly who would log in. We're seeing some amazing stats on who's listening early next year. We'll no doubt be doing some things like some listener surveys and getting some feedback on what you want to hear from the FILED podcast, but until then, we're going to see you in the podcast feed next time.

Anthony Woodward

Thanks for listening. I'm Anthony Woodward  

Kris Brown

And I'm Kris Brown, and we'll see you next year on FILED.

Enjoying the podcast?

Subscribe to FILED Newsletter.  
Your monthly round-up of the latest news and views at the intersection of data privacy, data security, and governance.
Subscribe Now

We want to hear from you! 

Do you have a burning topic you'd love to hear discussed?
Submit your topic idea now to help shape the conversation.
Submit your Topic