Protection and privacy
Information protection and privacy is another major concern of organisations. The emergence of WikiLeaks, a website professing to publish sensitive and classified governmental information, has raised alarm bells globally on the need to secure and prevent information leaks.
As a result, governments and enterprises have re-examined their identity and data access control systems to see if they were adequate in stopping the wrong employees from accessing information they did not need.
While there is a need to tighten policies concerning information retrieval and sharing, this must be balanced against the need for businesses to improve workers’ productivity by enabling users to organise, store, share and find business documents.
In the healthcare and research sectors, the need for efficient retention and sharing of information is critical; so is the need to safeguard the content, in order to protect intellectual property (IP) rights and sensitive medical records.
“We want to retain the vast knowledge and experience residing in SingHealth, especially when experienced doctors leave. There are also tons of research material available, which includes knowledge about some very rare diseases that we want to share among medical staff,” said Benedict Tan, group chief information officer, Singapore Health Services. He added that “although the statutory requirement for cancer research is to keep records for nine years, we keep them internally forever.”
“The National Institute of Education (NIE) too has produced extensive research on pedagogy for children and on education,” said Tan Hoon Chiang, chief information officer, National Institute of Education. “Record keeping and research are very important to us, as well as copyright management of the research results,” he added.
Patrick Tan, senior manager of IT at the Genome Institute of Singapore, emphasised that it was important to “keep the IP in-house and secure, while allowing free sharing and collaboration among researchers in GIS”.
Pullen felt that technology alone would not be able to stop the leakage of classified information from an organisation such as in the WikiLeaks case, although ECM software could help by way of information tracking and control measures, such as raising red flags and blocking data transmission once a small data breach has been detected.
Benedict Tan opined that it was important to educate staff to instil discipline in safeguarding confidential information. He felt that “depending on enforcement alone is a disaster waiting to happen” and that “locking down information too tightly will stifle productivity as doctors often consult each other to share their experiences”.
In response to Tan Hoon Chiang’s query, Benedict Tan said that access control in SingHealth was based on role and seniority. Data pertaining to VIPs and HIV patients were not open to junior staff. Senior staff, however, would be given greater access since they were considered more matured and indoctrinated in information security.
Sign up for CIO Asia eNewsletters.