HECTOR research project

Transcription

1

2 HECTOR research project 4-year project expert fields Law Information and Communication Sciences Archival sciences 4 partners Université de Namur CRIDS Université Libre de Bruxelles State Archives Université de Montréal - EBSI

3 Sébastien SOYEZ Promotor State Archives Picture Fiona Fiona ARANGUREN CELORRIO Researcher State Archives Bénédicte LOSDYCK Former researcher Université de Namur (CRIDS) Cécile de TERWANGNE Promotor Université de Namur (CRIDS) Picture Odile Odile VANRECK Researcher Université de Namur (CRIDS) Mathias COECKELBERGS Ph.D. student Université Libre de Bruxelles (MaSTIC) Seth VAN HOOLAND Promotor Université Libre de Bruxelles (MaSTIC) Laurence MAROYE Ph.D. student Université Libre de Bruxelles (MaSTIC) Ettore RIZZA Researcher Université Libre de Bruxelles (MaSTIC) Marie DEMOULIN Promotor Université de Montréal (EBSI) Antoine DELFORGE Researcher Université de Namur (CRIDS) Cécile GAIFFE Former researcher Université de Montréal (EBSI)

4 HECTOR research project 8 Main Case Studies Federal and local Police FPS Employment FASFC FANC FPS Justice and Public Order FPS Fedict (PersoPoint) Municipal Court of the City of Québec National Library and Archives of Québec (BANQ) Interviews in person and by phone +/- 29 Supervision committee gathering once per year +/- 50 members

5 HECTOR research project - deliverables Monograph Title Gestion et conservation de l information au regard de la transition numérique. Cadre légal, normes et pratiques archivistiques. Editor Larcier Date of publication 2018 Website Principle URL Practical support for public sector professionals (Belgium) directly or indirectly involved in day-to-day document management

6 Case studies = analysis of AS-IS situation 1 choice of study subject inspection proceedings Written document in which a qualified public officer relates facts whose veracity he or she has verified and research about which is among his or her competences Definition source: Droit de la procédure pénale (2005)

7 Currently, our systems are compliant if the proceedings are printed, signed and sent as paper documents. Things get more complicated when these documents must be sent electronically, that is to say as a digital document

8 There is no archiving strategy yet with regard to electronic processes because it does not cause any problem.

9 It is an outdated system but indispensable for carrying out research, for administrative ( ) and statistical purposes

10 Hybrid model for managing a workflow

11 Tasks and processing sequence of a file 1. Trigger 5. Decision-making 9. Revision T0 3. Exploration 7. Communication 11. Results 2. Opening 6. Validation 10. Execution 4. Analysis 8. Objection 12. Closure

12 Tasks and processing sequence of a dossier 1. Trigger 5. Decision-making 9. Revision T0 3. Exploration 7. Communication 11. Results 2. Opening To be scheduled beforehand 6. Validation 10. Execution 4. Analysis 8. Objection 12. Closure

13 Management systems for records T0 Interdisciplinary project management

14 ISO 30301:2011 Information and documentation Management systems for records Requirements T0

15 Management system for records T0 Multi-disciplinary project management Tool development Record schedule Filing plan Metadata scheme Management of these tools by taking time into account!

16 Management system for records Multi-disciplinary project management Tool development Record schedule Filing plan Metadata scheme Management of these tools by taking time into account! Change management T0

17 Management system for records Multi-disciplinary project management Tool development Record schedule Filing plan Metadata scheme Management of these tools by taking time into account! Change management Internally or externally? T0

18 T0

19 What about legal aspects? T0 Thoughts on life cycle of documents (creation, management, conservation,...) Many legal texts (at European and national level)

20 eidas and Digital Act T0 e-idas Regulation (no. 910/2014) Electronic identification Trust Services Belgian law Digital Act (21 July 2016) Digital archiving service Digital copies

21 GDPR (public sector) T0 Personal data? Abiding by the GDPR: data collection and destruction Main principles Lawfulness (legal obligation ) Data minimisation principle Security principle Privacy by design Data reliability

22 Organisational obligations of GDPR T0 1 Data Protection Officer (DPO) 2 Records of processing activities (filing plan, records schedule?) 3 Outsourcing 4 Hosting of data in Europe?

23 Other legal texts T0 Directive PSI II (Law of 4 May 2016) Open data format (if possible) Law on archives (24 June 1955 May 2009) Forbidden to destroy administrative documents (records schedule)

24 Tasks and processing sequence of a file: step 1 Accessibility of the administration 1. Trigger Motivation of a request by a service, a complaint Electronic identification Electronic Identity Card (e-id) egov: what about the recording and archiving of transactions? T0 2

25 Tasks and processing sequence of a file: step 2 If hybrid format/media? 2. Opening The file, activity or workflow is officially initiated Opening a file in the system: saving metadata (23081, Dublin Core, internal scheme) (automatic saving?) GDPR: Data collection (minimisation) 1 3

26 Tasks and processing sequence of a file: step 2 2. Opening The file, activity or workflow is officially initiated If hybrid format/media? Opening a file in the system: saving metadata (23081, Dublin Core, internal scheme) (automatic saving?) GDPR: Data collection (minimisation) METADATA Definition of metadata fields (title, description, format) Norms Standards > Adaptation 1 3

27 Tasks and processing sequence of a file: step 2 2. Opening The file, activity or workflow is officially initiated If hybrid format/media? Opening a dossier within the system: saving metadata (23081, Dublin Core, internal scheme) (automatic saving?) GDPR: Data collection (minimisation) METADATA Definition of metadata fields (title, description, format) Norms Standards > Adaptation Characteristics: Data feeding method Mandatory or not 1 3

28 Tasks and processing sequence of a file: step 2 2. Opening The file, activity or workflow is officially initiated If hybrid format/media? Opening a dossier within the system: saving metadata (23081, Dublin Core, internal scheme) (automatic saving?) GDPR: Data collection (minimisation) METADATA Definition of metadata fields (title, description, format) Norms Standards > Adaptation Characteristics: Data feeding method Mandatory or not Data format 1 3

29 Tasks and processing sequence of a file: step 2 If hybrid format/media? 2. Opening The file, activity or workflow is officially initiated Opening a file in the system: saving metadata (23081, Dublin Core, internal scheme) (automatic saving?) GDPR : Data collection (minimisation) 1 3

30 Tasks and processing sequence of a file: step 3 Sharing information: authentic sources 3. Exploration Collecting data and preparing a file for processing the itinial request Reliablitity of collected data: metadata about the source and context must be collected Symbiosis between the different systems: interoperability (internally between the different tools, but also externally) 2 4

31 Tasks and processing sequence of a file: step 4 Use of analysis tools? If automated data analysis: need for indexation? 4. Analysis Collected data is analysed in order to justify the decision about the initial request: accepted or refused Linked data? OCR? Value / Probative force eidas : Non-discrimination principle 3 5

32 Tasks and processing sequence of a file: step 5 5. Decision-making Analysis provides conclusions and objective evidence for taking a positive or negative decision Good management and conservation of metadata in order to guarantee reliability of the systems and of the information collected GDPR: Right not to be subject to automated decision-making (legal exceptions possible) 4 6

33 Tasks and processing sequence of a file: step 6 Automated workflow in the system: need to develop a mapping of processes + to pin down repsonsibilities 6. Validation A higher-ranking supervisor must sometimes validate a decision taken by an expert Impossible to modify the document (access management) Digital signature / digital stamp Preservation of digital signature/ stamp? 5 7

34 Tasks and processing sequence of a file: step 7 7. Communication The initial requester must be informed about the decision. The decision must often be communicated to a different service. Metadata + filing plan allowing to know where personal information is located, thereby avoiding publication of such data. Filing plan: good practices, storing (xls? xml? Management of file history) No digital gap / Accessibility of the administration Which pieces of communication should be conserved? 6 8

35 Tasks and processing sequence of a file: step 8 Legal time limits to be observed (retention schedule) 8. Objection Right to objection against decision if applicable Could such time limits extend beyond closure? Access to and search for information are important 7 9

36 Tasks and processing sequence of a file: step 9 9. Revision Opportunity to rectify or confirm the decision 8 10

37 Tasks and processing sequence of a file: steps 10 and Execution The decision requires the execution of a concrete action Traces must be kept in the system even if other systems are used (for budget for example) Results As a result of the action the file must be complemented New complementary documentation must be added to the file, including the corresponding metadata.

38 Tasks and processing sequence of a file: step 12 Closure? Which criteria? End of operational activities? Or archiving? Or end of objection time limit? Or prescription? File no longer modified? 12. Closure (and follow-up) The activity or service is done and finished 11 Legal aspects? Diversity of texts Digital Act: Conservation and digitization Qualified or non-qualified Internally or externally Publicity of the administration Re-use of public sector information Law on archives GDPR : Minimisation: Anonymisation? Processing for archival purposes in the public interest Transfer to State Archives or destruction: OAIS / PAIMAS standards Does operational closure entail a digitization process? Digitization for qualified digital archiving purposes? For substitution of the paper files?

39 Conclusion hybrid management and information governance Information = Strategic resource Context Abuses Evolution Stakes Protection Valorisation Information governance = global approach

40 Information overview On paper or digital Databases s Intranet Cloud Social media

41 Life cycle 1. Trigger 5. Decision-making 9. Revision T0 3. Exploration 7. Communication 11. Results 2. Opening 6. Validation 10. Execution 4. Analysis 8. Objection 12. Closure

42 Stakeholder overview Interdisciplinarity Hierarchical support CIO Information governance instance (Chief Information Officer) Users

43 Rules overview Judicial norms Technical norms Reference frameworks policies guidelines

44 Thank you for your attention