The impact of AI on records standards and privacy regulations | Barbara Reed, Recordkeeping Innovation

Rivial Data Security CEO Randy Lindberg discusses the challenges faced by security teams in the finance industry, and how a shift-left approach, and a more holistic viewpoint building security into all aspects of the business, can help overcome them. 

Topics discussed 

• The origin of Rivial, and the meaning behind the name 
• Why business leaders need more context when making security decisions 
• The challenge of quantifying risk using statistical analysis, and why business leaders still crave their stoplight graphics 
• How advances in technology like AI mean organizations must review risks constantly, not once a year 
• The importance of considering security early in a project’s development, rather than “bolting it on” at the end 
• Often in the finance industry, leaders bring in cutting-edge technology to gain an edge over competitors, without consulting the security or risk teams 
• What security teams in the finance industry do wrong 
• Why focusing on compliance leads to a reactive security team, responding to audits rather than addressing security holistically 
• Why auditors may be too narrowly focused on checklists, rather than organizational maturity? 
• Why security teams need to present risk better 
• The need for security teams to slow down when introducing AI 

Links: 

• https://www.rivialsecurity.com/board-of-directors-cybersecurity-report-template  

San Jose State University School of Information assistant professor and Masters of Archives and Records Administration program coordinator Dr Darra Hofman joins Anthony and Kris to discuss their research into the relationship between privacy and transparency from the perspective of recordkeeping. 

They explore the vital role records management and information governance can play in context-dependent fields like privacy, and in technologies like AI, and why records professionals need to be more involved from the start. 

Topics discussed 

• The balance between anonymity, transparency, and privacy. 
• The importance of provenance and contextual markers of data. 
• What recordkeeping can offer large organizations developing Large Language Models (LLM). 
• Why records management professionals need to be at the table. 
• How records management has an image problem 
• What is coming for information governance policy in coming years. 

Links: 

• "Between knowing and not knowing": privacy, transparency and digital records

Anthony and Kris take turns sharing their favorite discussions from FILED S1. From discussions of ransomware to AI, they share the surprising moments and interesting conversations they enjoyed in the first season.  

Topics discussed 

• Ugly freight and the similarities between shipping physical items and governing data. (Full episode)
• Why reducing third-party risk matters. (Full episode)
• Why are companies still adopting a “wait and see what happens” approach to data privacy? (Full episode)
• When it comes to hacks, prevention is better than the cure. (Full episode)
• How records and information governance can help cybersecurity professionals to overcome threats. (Full episode)
• How records and information managers are poised to be central to AI efforts. (Full episode)
• The impact of AI on society and the growth of misinformation. (Full episode)
• How are major institutions governing AI? (Full episode)
• The societal importance of records. (Full episode)
• Are there models for bringing records under control of the user, not the institution? (Full episode)

Freight Exchange founder and CEO Cate Hull takes us behind the scenes of "ugly freight"  — the process of moving goods that are difficult to transport due to size, weight, or the need for specialized equipment. 

She explains how her company leverages machine learning and other tools to overcome the many challenges of working at the intersection of the digital and physical worlds, in a field highly exposed to human error, fraud and theft.  

Topics discussed 

• The unique data challenges that arise at the point where digital technologies interact with real-world systems like freight. 
• How to manage risk in a system defined by human input and with a high likelihood of human error, theft, and fraud. 
• The roles artificial intelligence and machine learning can play in automating shipping management. 
• How the space needs to evolve in line with technological advances such as artificial intelligence. 

Co-founder and managing director of ISD Cyber Yvonne Sears offers her perspective on how public and corporate attitudes towards privacy have evolved, what may be next for privacy regulation, and what organizations need to do better to ensure they meet their obligations.  

Topics discussed 

• Key cybersecurity and privacy management mistakes organizations are making 
• The need for organizations to deeply understand the privacy regulations they are subject to. 
• Why business impact assessments (BIAs) are vital for organizations to understand their critical dependencies, risks, and controls. 
• Predictions for upcoming changes to privacy regulation, both globally and in Australia. 
• How have public and corporate attitudes toward privacy changed in recent years? 
• The convergence of information governance, data management, and privacy. 

Director of Third-Party Risk Management at UpGuard Aaron Spiteri discusses the challenges organizations face managing their third-party risk and offers suggestions for organizations to ensure vendors are maintaining a high level of security. 

Topics discussed

• The landscape of supply-chain risk 
• What does a third-party risk assessment involve? 
• The common mistakes third-parties are making 
• The evolution in attitudes toward security and risk, especially for those in leadership positions. 
• Advice for organizations who want to control their vendor risk. 

Andrew Ysasi is thoroughly immersed in information governance. As well his day job as Vital Records Control VP of advocacy, he is also a volunteer for ARMA, a teacher at San Jose State University, and a blogger at IG Guru. And he's loving every minute of it. He discusses the opportunities for information governance experts to partner with security teams to improve organizations’ security and lower risk. 

Topics discussed 

• How records and information managers can help cybersecurity professionals to overcome threats. 
• Practical ways records and information managers can improve security. 
• The importance of opening a dialog between information governance professionals and cybersecurity teams to ensure all data is captured and protected. 
• What organizations should be doing right now to prepare for AI. 

Resource links  

• IG GURU

John Bean Technologies documentation and information governance manager Andrew du Fresne shares key advice for organizations who wish to prepare their records for natural disasters. He also describes the unique and humbling experience of helping to secure records from first responders to the September 11 terrorist attacks. 

Topics discussed 

• Andrew’s work in disaster preparedness for records and staging one of the largest exercises for disaster preparedness for all federal agencies in a region including New York City and New Jersey.  
• What it was like to help with the effort to secure and archive records from agencies who responded to the September 11 terrorist attacks. 
• Key tips for organizations to prepare their data and records for a natural disaster. 
• The evolution of the industry he’s observed in his career. 

Truescope co-founder and CEO John Croll helps communications teams understand how the media and public discuss their organizations online. He says generative AI platforms like ChatGPT may accelerate the spread of misinformation, impacting public opinion and company reputations and making the job of a modern communications professional more complex.

Topics discussed 

• How the media cycle has sped up, requiring organizations to keep up with the real-time flow of information and sentiment. Many are struggling with this challenge. 
• How the Truescope platform provides organizations with media mentions and relevant public discussions in real-time, allowing corporations and governments to make communications decisions quickly. 
• Why, in the case of a data breach, getting accurate information to influential sources is critical and a significant test for an organization’s communications team. 
• The need for organizations to take control of their “digital facsimile” in both AI databases and in public conversation. 
• Why large language models (LLMs) and other forms of generative AI pose challenges and opportunities for organizations wishing to understand and influence discussion. 
• The critical steps for organizations who want to combat misinformation. 

Resource links  

• Truescope 
• UpGuard: How did the Optus data breach happen? 
• NewsGuard
• Truescope Talks 
• The Fin podcast 
• The Circuit with Emily Chang  

RIMPA CEO Anne Cornish discusses how records and information management professionals can maintain relevance in a world of frequent data breaches and emerging technologies like large language models (LLMs). The key, she says, is to focus on how their role is essential in reducing risk. 

Topics discussed 

• How records managers have done a poor job selling themselves in the context of risk
• Why records managers need to ensure they don’t miss the next wave of technological progress 
• Why AI presents an opportunity for records managers, not a threat
• What those in the records profession should be doing today to assist their business through the challenges of the next 5 years 
• Essential skills and traits records managers need to develop to increase their relevance to the enterprise 
• Why Anne is optimistic, not pessimistic about the future of records management

Resource links

• https://www.rimpa.com.au/