On 7 November 2008, ARMA International organised its 3rd Roundtable on Information Governance and Records Management in Brussels. The event was attended by more than 80 representatives from the European Union Institutions, stakeholder organisations, and the private sector. The event was also attended by a large number or records and information management professionals, information security professionals and archivists from all over Europe and beyond, working in many different sectors.
Douglas Allen, President-Elect of ARMA International, opened the roundtable by addressing the need for good records management in view of the financial crisis which was in large part due to lack of transparency. He mentioned recent security breaches in Europe to underline that information have become corporate assets of critical importance and growing risk areas and that sound records management should be the responsibility of all individuals within an organisation.
Towards a European Freedom of Information ActMr. Marc Maes from the Secretariat-General of the European Commission gave first a short presentation of the history of the right of access to documents. He provided an overview of the current version of the
Regulation 1049/2001 regarding the beneficiaries, scope and limits of the right of access to documents.
He also presented the situation of third party documents that should be transmitted after the consultation of the author unless it is clear that the document should be transmitted. He stressed that the institutions who received a request should decide on the basis of the exceptions to this right and other institutions are consulted under a memorandum of understanding.
Mr Maes gave an overview of the
proposal to review the Regulation 1049/2001 that was published on 30 April 2008 on which ARMA replied to a consultation following the publication of a Green Paper and drafted a position paper. He pointed out in particular the main features of the definition of the term document and presented the main limitations to the scope of the Regulation. Finally, he mentioned the latest case laws on access to documents.
Mr. Fergal O’Regan, Head of Legal Unit at the European Ombudsman’s office addressed the main concerns of this organisation regarding the review of the Regulation 1049/2001.
He pointed out that the wording used in the definition of the term document is the main concern of the Ombudsman. He wondered if the term “formally transmitted” means documents transmitted within or outside the institutions or if this definition should be understood as including informal transmission. In its position paper on the review of the Regulation 1049/2001 ARMA International expressed that this definition should be revised to be more in line with document and records definitions included in international recognized standards in information management such as ISO 15489.
Mr. Hielke Hijmans from the European Data Protection Supervisor (EDPS) office explained the role of the EDPS in case law related to access to documents. He stressed that the fundamental right of access to documents sometimes clashes with the fundamental right to privacy. He pointed out that the review of the Regulation 1049/2001 does not find the right balance between access to documents and privacy as its provisions does not ensure that disclosure can only be denied if the privacy or the integrity of a person would be undermined.
The Markets in Financial Instruments Directive (MiFID)Mr. Salvatore Gnoni from the Directorate-General Internal Market and Services of the European Commission gave a wide overview of MiFID. He also discussed the MiFID provisions regarding transparency, transactions reporting and record keeping.
As regards transparency requirements, he explained that the market transparency regime concerns pre- and post-trade information and covers shares admitted on a regulated market while the transaction reporting regime covers all securities and derivative contracts admitted on a regulated market.
He stressed that investment firms should report details of their transactions to their national authorities and that these authorities should share information among themselves.
Investment firms should keep records of their transactions for a general period of 5 years in order to keep them at the disposal of the competent authorities. He quoted a
recommendation from the CESR (Committee of European Securities Regulators) which provides a list of minimum records and explained that Member States can keep records of telephone conversation or electronic communications which can be used in order to show that investment firms comply with record keeping requirements.
Mr. Jitz Desai, Director of JWG-IT,
pointed out the difficulties of firms to comply with MiFID requirements regarding record keeping as these new obligations are among the EU implementation priorities. Consequently, a short period of time is at the disposal of firms to comply with the Directive.
He stressed that firms need to know exactly their data in order to prove that they comply with this Directive. But some requirements such as proving best execution will make compliance difficult. It will be also difficult for firms to assess the costs to gather the relevant information.
e-Health Interoperability
Ms. Linda Mauperon, member of the Cabinet of European Commissioner Viviane Reding, insisted first on the benefits of eHealth for healthcare services and for citizens, and on the importance of the eHealth market compared to others health markets.
She stressed that the lack of interoperability is the most important obstacle to the development of eHealth. However, she pointed out that a growing will exists among Member States and stakeholders to solve this problem. The Commission is also committed to improve interoperability of eHealth services as it published a
Recommendation containing guidelines and principles to provide interoperability in a cross-border context in July 2008. She quoted other initiatives such as the
epSOS project whose goal is to reach a situation where doctors have access to information on a patient without taking into account the country in which they were created. She also stressed that industry is committed to interoperability and that all these initiatives will contribute to make interoperability a reality
Ms. Angelika Haendel from AHIMA explained on the fact that eHealth is a growing sector but interoperability is a prerequisite to its development. She stressed that interoperability is a necessity because trends such as international travel or multinational companies make boundaries less relevant.
Mrs Haendel pointed out that eHealth will become an important area as it represents 5% of the EU GDP and because the EU provides more funds to eHealth projects. However, there are several challenges eHealth projects have to challenge: the intervention of several Member States in an area of national competence, the fragmentation of health organisations in Europe and the growth of electronic data. She presented several eHealth projects such as the integrated care project or the Siemens Soarian Integrated Care.
The Internet of the FutureDr. Florent Frederix, Head of Sector Networked Enterprise & Radio Frequency Identification unit at the European Commission, presented past and future actions of the Commission on RFID. Regarding future actions, the Commission will adopt a Recommendation on RFID in Autumn 2008 and will publish a staff working paper and a Communication on the Internet of Things in winter 2008/2009.
He stressed that a secure and privacy friendly use of RFID is one of the objective of the Recommendation. He pointed out that RFID chips can become more intelligent and will be able not only to identify things but also to collect information.
The main challenges of the
consultation on RFID that close on 28 November 2008 were also put forward: security, privacy and data protection, control of critical global resources, governance of resources, standard settings and interoperability and social and human impact.
The different applications of RFID were promoted in areas such as health, transport, environment monitoring and disaster management.
During this session it appeared that RFID will entail important challenges for records management regarding privacy or security for instance as through this technology an important amount of information will be created and will have to be managed in compliance with EU requirements. However, the way record managers will have to manage these data did not appear clearly.
Mr; Laurent Beslay, Technology Adviser at the European Data Protection supervisor (EDPS) office, stressed the role of the EDPS and data protection principles applicable to RFID and explained that the EDPS office analyses the impact of new technologies on these principles.
He pointed out that privacy challenges are related to RFID as this technology will concern not only the industry but also citizens. If citizens store their data at home they will benefit from a legal protection as home is considered as a legal sanctuary but data are now spread everywhere. He also mentioned the trend of cloud computing where end users store their data on a server outside their hope but do not know where these data are stored exactly. He wondered if end users will benefit from a legal protection if there data are stored by a company.
He stressed that to implement successfully RFID applications security and data protection considerations should be introduced as soon as possible in the creation of new applications. Moreover, best techniques, i.e. the way a technology is implemented, should be used and the way security breaches will be managed should be taken into account.