Contradicting challenges: the complexity of documenting personal information in a regulatory environment

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Ragna Kemp Haraldsdottir ◽  
Johanna Gunnlaugsdottir

Purpose Many organizations are challenged by different and, perhaps, opposite, registration and protection obligations of information regarding their employees. The purpose of this paper is to explore how organizations balance the registration obligations of the Icelandic equal pay standard (EPS) and the protection requirements of the general data protection regulation (GDPR). It aims to raise awareness of how information professionals can ensure that documentation on the education and skills of employees is authentic, traceable and secure. Design/methodology/approach The analytical framework covered multiple-cases and semi-structured interviews with various professionals and comprehensive documentary analysis. Findings The findings indicate that the organizations were not properly prepared for the implementation of the EPS and were hesitant regarding further registration of personal information due to GDPR. Documentary analysis also revealed critical attitudes towards the legal endorsement of the standard and its potential success. Originality/value There is a lack of studies explaining the juxtaposition of information and records management and the legal and regulatory environment. This paper provides a unique description of how information and recordkeeping practices function with the requirements of the EPS whilst complying with GDPR. The results could bring valuable opportunities for the information profession regarding the development, implementation, administration and maintenance of documentary evidence regarding the requirements of international and national standards and legislations and advance their collaboration with other professionals in the management of information.

2016 ◽  
Vol 26 (3) ◽  
pp. 279-292 ◽  
Author(s):  
Sherry Li Xie

Purpose This paper, through examining the judgment on Case C-131/12 and the European Union (EU)’s Proposal for a General Data Protection Regulation, aims to demonstrate to the records management (RM) profession, the importance of being proactively involved in records creation identification and the challenges of performing sound retention analyses for newly emerging activities. It also serves as a call to the RM profession that more active participation in law-making processes is needed. Design/methodology/approach The research selects the current right to be forgotten phenomenon as an illuminating case and examines it with fundamental RM concepts and principles, in particular those relating to records creation and retention. The research process consists of three major parts: one, the establishment of an analytical framework based on RM theories; two, description of the selected case that is relevant to the analysis; and three, the application of the analytical framework to the described case. Findings Records retentions are much needed for the activities of data controllers that are now established by the most recent Judgment of the European Court of Justice pertinent to the right to be forgotten and the proposed General Data Protection Regulation. The determination of retention periods for such activities requires an RM framework that synthesizes the identification of digital records and the various types of value associated with the different usages of records. It is also observed that the data protection legal framework does not address RM considerations, or at least, not in any explicit, easily recognizable manners. Research limitations/implications Records retentions are much needed for the activities of data controllers and/or processors that are now required by the Judgment of the European Court of Justice and the proposed EU General Data Protection Regulation, yet the legal framework does not offer any assistance in establishing retentions. It is also observed that the data protection legal framework fully acknowledges the importance of records but fails to address RM considerations – at least, not in any explicit, easily recognizable manners. Practical implications The findings are expected to be instructive to data controllers and/or processors, in particular with respect to records creation identification and records retention establishment in their organizations. It is also expected that the observations generated during the analysis process could shed light on the development of the RM profession. Social implications The right to be forgotten in the digital world has newly acquired complications, and it has the potential to affect not just the privacy right but also the rights considered conflicting to it, such as the rights of freedom of press and freedom of expression/speech. Efficient and effective RM programs should be able to assist their parent organizations in dealing with this complicated situation through creating and managing records that support the compliance of regulatory requirements on the one hand and the balancing of competing rights on the other hand. Originality/value The research appears to be the first of its kind according to the literature search conducted within the accessibility scope of the researcher.


2019 ◽  
Vol 28 (1) ◽  
pp. 54-67 ◽  
Author(s):  
Hayretdin Bahşi ◽  
Ulrik Franke ◽  
Even Langfeldt Friberg

Purpose This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience. Design/methodology/approach The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries. Findings The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets. Practical implications Some policy lessons for different stakeholders are identified. Originality/value Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.


2020 ◽  
Vol 22 (3) ◽  
pp. 227-244
Author(s):  
João Serrado ◽  
Ruben Filipe Pereira ◽  
Miguel Mira da Silva ◽  
Isaías Scalabrin Bianchi

Purpose Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach The design science research process was followed and semi-structured interviews performed. Findings A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.


2017 ◽  
Vol 59 (9) ◽  
pp. 929-945 ◽  
Author(s):  
Jonathan M. Hollister ◽  
Laura I. Spears ◽  
Marcia A. Mardis ◽  
Jisue Lee ◽  
Charles R. McClure ◽  
...  

Purpose In response to recent calls for research relating to employers’ perceptions of the workplace readiness of new graduates in a variety of fields, the purpose of this paper is to report North Florida employers’ perceptions of information technology (IT) program graduates’ workplace readiness. These findings are relevant to stakeholders in growing technology regions. Design/methodology/approach Researchers conducted 18 semi-structured interviews with IT employers in North Florida. Data were deductively coded with codes derived from national standards. Interviewee verbatim was also inductively coded by theme. Findings While employers valued a blend of technical and general skills and hands-on experience, they also sought new professionals who possessed fundamental understandings of business and computer programming to tailor their problem-solving skills to the specific company environment. Research limitations/implications This research represents a limited number of employer viewpoints in one representative community. Practical implications Ongoing industry input into curricula and expanded experiential opportunities may ensure that graduates are prepared to address current and future IT developments. Because the region under study was typical of many regions with growing technology sectors, these findings may inform partnerships, curriculum, and program design. Originality/value Given the rapid growth and constant advances of the IT sector, institutions with IT degree programs are challenged to ensure that their curricula are current and meeting the needs of employers. This study’s findings may offer timely insight into elements of workforce preparedness.


2016 ◽  
Vol 12 (3) ◽  
pp. 408-431 ◽  
Author(s):  
Ranjith Appuhami ◽  
Sujatha Perera

Purpose The purpose of the study is to examine the use of management controls by a public partner to minimise risks associated with a public-private partnership (PPP) in a developing country. Design/methodology/approach Using case study method, management controls used in a power project formed as a PPP are examined based on data gathered from semi-structured interviews and documentary analysis. Findings The study reveals that the public partner of the PPP used multiple controls depending on the nature of risks in different phases of the project. While bureaucratic control was the predominantly used control pattern throughout the three phases (namely, selecting, building and operating) of the PPP, trust-based controls also played an important role. Market controls on the other hand played, somewhat, a nominal role, particularly in the selecting phase of the project. The study also highlights the problematic nature of forming PPPs in developing countries despite the various benefits associated with such organisational arrangements. Additionally, the study provides insights into how certain contextual features of developing countries affect the way in which controls are applied. Practical implications The insights provided in this paper would be beneficial to policy makers, in developing countries in particular, when making decisions in relation to implementation, management and risk control of PPPs. Originality/value This study makes an original contribution to the existing literature on PPPs by examining the way in which management controls are used to minimise risk in a PPP in a developing country.


2018 ◽  
Vol 19 (1) ◽  
pp. 112-134 ◽  
Author(s):  
Gulbakhyt Sultanova ◽  
Serik Svyatov ◽  
Nurzhan Ussenbayev

Purpose The purpose of this paper is to measure individual intellectual capital (IC) of academic staff as well as to test its impact on the employability readiness of future graduates and the reduction of the discrepancy between competencies developed and grades obtained with the help of two indicators, i.e. intellectual capital indicator (ICI) and employability readiness indicator (ERI). While ICI measures the level of a teacher’s competencies to be transmitted in the education process, ERI measures the level of a student’s competencies developed after completing relevant courses. Design/methodology/approach This is an empirical research carried out in the form of a case study. Regression model is applied to find the influence of ICI on ERI. The minimisation problem is set with relevant constraints to decrease the discrepancy between ERI and traditional grade point average (GPA). Findings The data were collected at one Kazakh university and from experts from academia and industry by means of documentary analysis, specialised tests and structured interviews. The direct impact of ICI on ERI is confirmed and the optimal level of ICI that permits an effective decrease in the discrepancy between ERI and GPA is identified. Research limitations/implications A longitudinal study covering more programmes is necessary to draw conclusions concerning causality. The application of ICI as a university’s management tool is shown. Originality/value The novelty of this study lies in providing a consistent and simple approach for calculating a teacher’s IC and its impact on a student’s employability readiness.


2017 ◽  
Vol 27 (1) ◽  
pp. 84-98 ◽  
Author(s):  
Weimei Pan

Purpose This study aims to present the findings of the first phase of a project entitled Putting the “Fun” Back in “Functional”, which has been investigating the socio-technical issues surrounding users’ interaction with electronic recordkeeping systems. The ultimate goal of the project is to improve that interaction by positively influencing the way in which individuals perceive their work practices and the tools they use to accomplish them. In its first phase, the project considered the implementation of such systems for the purpose of gaining a better understanding of the factors and processes that contribute to its success. Design/methodology/approach Semi-structured interviews were conducted with 17 public employees from a large provincial government and a large city government in Canada about two information systems (ISs) – a meeting management system and an Electronic Documents and Records Management System. Findings Several salient themes emerged from the research data, including the value accorded to information and records, the implementation of electronic recordkeeping systems as a complex process, the appropriation of electronic recordkeeping systems, understanding users, ease of use and information/records specialists as part of the solution. Analysis of these themes shows that many of them can be explained through theories developed in the IS field. Research limitations/implications The results show that many themes are common across the records management and IS fields. Further, the results indicate the applicability of theories in the IS field to explain and predict the implementation of electronic recordkeeping systems. Originality/value This study is one of few that explicitly draw on IS theories to understand the implementation of electronic recordkeeping systems. The results of this study open up many opportunities for future research on electronic recordkeeping systems.


2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Jacob Agyemang ◽  
Kelum Jayasinghe ◽  
Pawan Adhikari ◽  
Abongeh Tunyi ◽  
Simon Carmel

PurposeThis paper examines how a “quasi-formal” organisation in a developing country engages in informal means of organising and decision-making through the use of calculative measures.Design/methodology/approachThe paper presents a case study of a large-scale indigenous manufacturing company in Ghana. Data for the study were collected through the use of semi-structured interviews conducted both onsite and off-site, supplemented by informal conversations and documentary analysis. Weber's notions of rationalities and traditionalism informed the analysis.FindingsThe paper advances knowledge about the practical day-to-day organisation of resources and the associated substantive rational calculative measures used for decision-making in quasi-formal organisations operating in a traditional setting. Instead of formal rational organisational mechanisms such as hierarchical organisational structures, production planning, labour controls and budgetary practices, the organisational mechanisms are found to be shaped by institutional and structural conditions which result from historical, sociocultural and traditional practices of Ghanaian society. These contextual substantive rational calculative measures consist of the native lineage system of inheritance, chieftaincy, trust and the power concealed within historically established sociocultural practices.Originality/valueThis paper is one of a few studies providing evidence of how local and traditional social practices contribute to shaping organising and decision-making activities in indigenous “quasi-formal” organisations. The paper extends our understanding of the nexus between “technical rational” calculative measures and the traditional culture and social practices prevailing in sub-Saharan Africa in general, and Ghana in particular.


2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Chelsea Renshaw ◽  
Chern Li Liew

Purpose This paper aims to examine the attitudes and experiences of information professionals with descriptive standards and collection management systems (CMSs) used for managing documentary heritage collections held by cultural heritage institutions in New Zealand (NZ). The aim is that such insights will inform decision-making around promoting documentary heritage collections discoverability and accessibility, in terms of advocating for appropriate system requirements when procuring or updating CMSs, and application of descriptive standards. Design/methodology/approach A qualitative design was applied to investigate the attitudes and experiences of information professionals working in libraries, archives and records management institutions, museums and public galleries. Data was collected through semi-structured interviews with thirteen participants who worked across ten different cultural heritage institutions. Findings The findings reveal that variances among metadata in libraries, museums, public galleries, archives and records management institutions continue to lead to challenges around discovery and access of documentary heritage. If opportunities for connecting documentary heritage collections in the age of linked data are to be realized, the sector needs to work collectively to address these variances along with consideration of the CMSs used. The study findings highlight issues currently affecting the NZ cultural heritage sector goal to make collections discoverable and more widely accessible. Originality/value The findings highlight a need for deeper research into CMSs used by the cultural heritage sector as these systems have an impact on metadata management including constraining the application of appropriate descriptive standards for documentary heritage collections.


2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Daniela Pianezzi

PurposeThis study offers a critical inquiry into accountability vis-à-vis organizational identity formation. It investigates how accountability evolves in the transformation of an NGO operating in the field of migration management from an informal grassroots group into a fully-fledged organization.Design/methodology/approachThe paper is the outcome of a participatory action research project on Welcome Refugees (WR), a UK-based NGO. The project involved documentary analysis, focus group and semi-structured interviews, field notes, and participant observation. The analysis draws from poststructuralist theorization to explain the interplay between organizational identity and different forms of NGO accountability over time.FindingsThe study shows how different forms of accountability became salient over time and were experienced differently by organizational members, thus leading to competing collective identity narratives. Organizational members felt accountable to beneficiaries in different ways, and this was reflected in their identification with the organization. Some advocated a rights-based approach that partially resonated with the accountability demands of external donors, while others aimed at enacting their feelings of accountability by preserving their closeness with beneficiaries and using a need-based approach. These differences led to an identity struggle that was ultimately solved through the silencing of marginalized narratives and the adoption of an adaptive regime of accountability.Practical implicationsThe findings of the case are of practical relevance to quasi-organizations that struggle to form and maintain organizational identity in their first years of operation. Their survival depends not only on their ability to accommodate and/or resist a multiplicity of accountability demands but also on their ability to develop a shared and common understanding of identity accountability.Originality/valueThe paper problematizes rather than takes for granted the process through which organizations acquire a viable identity and the role of accountability within them.


Sign in / Sign up

Export Citation Format

Share Document