This article seems particularly a propos, given recent local discussions about whether universities should outsource many of their IT services to providers such as Google and Microsoft. On the one hand is the argument that universities often can no longer afford to maintain massive server space to provide the increasing needs of faculty, staff, and students. Outsourcing to a cloud computing environment is a greener option, reduces the operational costs of the IT department, and provides us with better and more efficient services at lower costs. On the other hand are the concerns about privacy, security, and academic freedom. If universities no longer store their information on their own servers, but contract this services to vendors, how secure will this information be? I’ve heard excellent arguments from the IT, legal, and faculty association sides of the question.
A lot of what I’ve heard reinforces the crucial need for organizations to have well-developed and centralized records and information management policies. We need to have a clear idea of the types of information that universities and their personnel generate, legal obligations with respect to the retention, privacy, and security of this information, and clear guidelines with respect to who actually owns the records generated within a university. How will digital records with archival or long-term retention periods be preserved to ensure that they will continue to be readable and accessible? What metadata do we assign to our records to enable efficient recovery? What plans do we have to address eDiscovery requests? The list goes on. I understand why the question of privacy is so high on people’s agendas, but it does tend to overshadow the larger matter of centralized policies, of which privacy is a key component.