Keys for securing private information in an EDMS: implementing an electronic document management system (EDMS) security scheme will limit personnel to the minimum information access needed for legitimate business reasons.

• Author: Mooradian, Norman

[ILLUSTRATION OMITTED]

Electronic document management/imaging systems (EDMS) are subject to the same rules and regulations as other information systems. However, being document-centric, applying these rules and regulations has its own particular characteristics. Anyone setting out to implement information privacy rules in their EDMS will need to bear this in mind.

Moreover, success in translating information privacy rules into the domain of an EDMS will be essential to any information privacy initiative. Because an EDMS accounts for a great deal of the information captured and managed by many organizations, failure to address the peculiar challenges it raises could leave organizations vulnerable.

High-Level Privacy Requirements

Most organizations will capture and manage diverse kinds of personal information that are protected or regulated under distinct legislative regimes at the international, national, provincial, or state levels. Although it is impossible in a single article to describe how to implement the requirements from all of these regimes, a set of common, high-level requirements can be abstracted and used as the basis for any implementation.

There are advantages to starting design and implementation planning from a set of higher-level requirements. First, it will help identify a common basis for all compliance protocols, thereby providing a comprehensive approach to diverse compliance needs. Second, it will provide a basis for personal information not covered by a particular legislative regime. Finally, it will provide the basis for a unified platform for technical development and implementation. This unified platform will enable common tools to be created, used, reused, and adapted to different and changing needs. The platform will simplify future development, administrator training, and end-user training.

The following requirements are abstracted from a number of frameworks and legislative regimes. They capture the main elements of most significant privacy legislation, such as those found in the U.S. Privacy Act of 1974, the Safe Harbor Agreement, and the Organization for Economic Co-Operation and Development Guidelines for the Security of Information Systems and Networks, even though terminology in the legislation may differ.

1. Consent: Obtain consent for collection and for additional uses or sharing of information.

2. Notice: Provide notice for additional uses and sharing of information.

3. Access: Restrict access to authorized individuals and parties.

4. Use: Limit use to minimum needed for legitimate business activities.

5. Retention: Retain information only as long as needed for legitimate business purposes.

6. Security: Provide adequate security for information.

7. Audit Trail: Maintain a record (history/audit trail) of uses of information.

8. Review: Provide subjects access to their data to view and correct information.

From a technical perspective, requirements 3 through 5 constitute the starting point and core of any privacy-compliant EDMS.

Overview of an EDMS

From a privacy perspective, the fundamental difference between an EDMS and other business applications is that the EDMS has a dual information structure. While business applications capture and manage data or information in traditional databases, an EDMS captures and manages document files.

An EDMS, however, uses databases to manage these document files. So, at a basic level, there can be two categories of personal information in an EDMS: that contained in the document file as its content or metadata and that contained in the database in data tables as index data or metadata.

An EDMS provides standard functional capability. These include the ability to store documents in repositories (typically called folders); retrieve documents through index (database) searches or full-text searches; browse or navigate to documents based on directory structures; and print, e-mail, or export documents singly or en mass. Also, systems can convert image files of text documents into readable text and move documents through workflows based on document attributes and events. Elements of an EDMS similar to other business applications include user accounts, user groups, user privileges assignable to user accounts or groups, security controls, reporting functions, automated processes, and audit trail creation.

The division of information into the categories of index data and documents means there will be two targets for privacy controls. The policies established for the different kinds of personal information will apply to both types of information, including an individual's full name, Social Security number, date of birth, address, gender, race, marital status, medical information, and employee performance evaluations.

If using an EDMS to store employee files, expect that some or all of this information will be stored in the EDMS. Unlike in other systems, however, it will be captured and managed in two different ways. First, it will be captured as data in a database management system such as MS SQL Server or Oracle, where its primary use will be for identifying, classifying, and retrieving...