Friday, 17 March 2017

Privacy, Security and the crossover with Information Services

Author Tracy Maleeff, Sherpa Intelligence LLC and BIR Editorial Board Member

In the March 2017 issue of the Business Information Review, Paul Pedley wrote about the “Relevance of privacy for corporate library and information services.” I find myself in an interesting position in regards to the intersection of library and information services with information privacy and security. After enjoying library work for almost 15 years in a variety of settings, I decided to make a career move towards the information security industry. I suspected that librarians and information professionals have the skills to be integral to the security processes of an organization, and I keep finding opportunities to confirm this. Pedley’s article resonated with me because I’m essentially living in that intersection of LIS and security.

In the information security world, I often give talks, podcasts, and write about how security professionals can utilize principles from library and information science for their work. Given my unique perspective, I will share some insight on how library and information services professionals can be proactive to help their organizations with security. To compliment Paul Pedley’s article, I’ve rounded up three practical, every day security practices that can help librarians and information professionals become allies on the security front of their organizations.
(
       Get to know the IT or security team at your organization. Before you try to execute any activities yourself, talk to the people within your organization who handle data privacy and information security matters. Find out what their pain points are and ask how your two departments can collaborate.

       Understand the basic vocabulary of security. Do you know what a DDoS is? How about an 0day? Do you know the differences between phishing, spear phishing, and whaling? You don’t need to know the technology behind these terms, but it can be helpful if you can have at least a basic understanding of the terminology used. Learning these terms can also help you do more comprehensive research for your clients or users. If you are asked to research a specific company and you see a headline with that company’s name and the letters DDoS in the headline, that’s important and you should understand how that affects the business. The National Institute of Standards and Technology has a glossary of terms. However, it is very technical, so for the less-technically inclined, utilize a resource like the National Cyber Security Alliance.

(      Passwords. Most libraries and on-site information professionals have a role in managing passwords for their users, as it pertains to databases and subscriptions that fall under the jurisdiction of the library. Many law firm libraries, for example, utilize enterprise electronic resource management software like Onelog. In addition to tracking usage, resources like that are also password managers. That is a great opportunity to encourage users to create long and strong passwords, and flag any duplicate usage. (Which, by the way, is a discourage password practice from a security standpoint.) Librarians and information professionals are too busy to become the “password police,” but they have a unique opportunity to help the security goals of the organization by being on the front lines of password defense when dealing with users.

       I’m not suggesting that librarians and information professionals need to become security specialists, in addition to their primary jobs. What I’m advocating for is becoming security allies within organizations, be collaborative with the IT people, and learn some of the lingo in order to better service users or clients. Corporate and law firm libraries are often in a constant battle to justify their existence within an organization, to prove their value. Security and privacy issues are only going to be more prevalent. Librarians and information professionals have a unique position to gain a little bit of knowledge in this area in order to cement their position of value within an organization.


Tuesday, 7 March 2017

March 2017 Business Information Review

We're pleased to announce the publication of the March edition of Business Information Review. 

Paul Pedley looks at the effect of technology in corporate libraries on privacy, is it an issue, should it be an issue? In his paper, Paul considers the developments in business information software which enable personalization and portability which comes along with greater usage of cloud computing. This means more recording and storage of personal data which creates privacy risks. He argues that good vendor management is important, ensuring that vendors know what privacy concerns there are. Regular data protection/privacy audits are also important.

In his second paper for BIR, Ian Hunter develops further his piece on leveraged finance. December’s issue covered researching the market size and trends. In this article, he focusses on how to find leveraged finance documents. It is an interesting paper reviewing what sources are available and how to find them, an important read for anyone starting out in corporate finance information teams.

Next is a paper from Lindsay Harris and journal board member Mary Peterson. Entitled The economic value and clinical impact of the South Australian Health Library Service 2011–2016, the paper explores one Australian state’s Health Department library service attempts to measure the economic value and clinical impact of its professional services and online resources. Developed as a case study of performance management, the paper outlines the context for the development of evaluation strategies and the key success indicators that emerged in relation to economic value. They note that “measuring in return on investment (ROI) in a cost quantifiable manner for entities such as libraries, whose central role is with the retrieval and dissemination of the abstract concept of ‘information’, shall likely always be demanding and complex to achieve. Nevertheless, libraries must now make the effort to measure and evaluate their performance in whatever ways work best for their particular conditions.” The paper presents a valuable study of the experience of measuring and communicating value to stakeholders beyond the information profession.

Our next article from Malawi, Professor Winner Chawinga, lecturer in the Department of Library and Information Science at Mzuzu University and his colleague George Chipeta, senior lecturer in the Department of Library and Information Science (LIS) at Mzuzu University, investigates how the synergy of knowledge management and competitive intelligence may be a key success driver in small and medium business enterprises (SMEs). They consider the turbulent environment that SMEs now need to operate in and the importance of identifying and gaining competitive advantage. Knowledge management techniques and competitive intelligence research are investigated as a way to achieve competitive advantage.

Out of the Box makes a one off appearance in this issue, addressing developments in AI and the challenge to professional roles. While AI is a technology that has long been on the horizon, the increasing adoption of AI technologies within professional and business services contexts points to a challenging future for a range of professional fields. Out of the box explores the latest development in the use of AI in commercial contexts and discusses the future of professional fields. A one-off feature, we hope out of the box will return in a more regular form in the near future to explore all aspects of technology in commercial contexts.

Perspectives – Martin White’s article in this issue reviews a number of interesting articles. Subjects covered include information overload – does age have an effect? The development and use of personas – how they are used in human computer design (HCD), whether or not they are a useful tool in the design process and what best practice methods to use to make the use of this tool as effective as possible. Also covered is a paper on the balance between employee autonomy and corporate control. A highly interesting subject the paper explores the increasing need for collaborative working and the tools and social networks available to achieve this against the need for corporate governance and control. What is the best way to work in the digital workplace? This paper in particular is highly recommended by Martin to read in context of your own organization.

Initiatives – We’re sad to announce that this long running column of Allan’s, which has been a fantastic contribution over the last 10 years, is going to be his last contribution to BIR. Allan has been with the journal since the beginning and up until last year had also been responsible for the annual business information survey that has been running since 1991, giving a detailed picture on developments within and the state of the information profession, delivery and use of business information. The initiatives column has run in many guises since late 1990s. Allan’s contributions started in 2007 and have provided consistent and detailed overviews of what is current and important in the information profession at the time. In his last column, Allan takes a brief look back at his time with BIR as well as updating us on the latest initiatives in the profession. Luke and I would like to take this opportunity to say a big thank-you to Allan from us and on behalf of Sage for his valuable contributions and insights over the last 33 years.

You can find the March 2017 edition here: http://journals.sagepub.com/toc/bir/current

Friday, 10 February 2017

Demonstrating value of information services - a view from South Australia

Author: Mary Peterson, BIR Board Member and Health Library Knowledge Manager at Department of Health, South Australia

We often hear or read that one of the key strategies to ensure our survival in the library and information world is to be able to demonstrate our value to our parent organisation. There’s an increasing body of literature on the subject, but when it comes down to doing it, there aren’t too many practical examples.

I work in the health area, managing the South Australian state government’s Department  of Health library service. In health, access to current, evidence-based information can literally mean the difference between life and death, and there’s no doubt that it’s valued by the clinicians who use it. To demonstrate the usefulness of the library and information service, it’s necessary to collect data which can be presented in meaningful ways to senior administration.

Libraries are very good at collecting activity statistics. In themselves, they can be very useful for the tweaking of service delivery, but they may not convey very much to anyone outside the service itself.
Some work has already been done in the health area, and has yielded some significant results. In Australia, a commissioned study by CGS Economics showed that health libraries were returning $9 for every $1 spent. (1) In the USA, one study showed that health libraries and librarians can provide information support and information literacy training which has a direct effect on clinical decision making and results in improved patient outcomes. (2) Another major study conducted over a group of teaching hospitals in the Rochester area of the USA clearly demonstrated that the work of library services had a significant impact on patient care quality. (3) The data from this study is available for use in future research projects.

Replicating such a piece of work isn’t always possible, dependant as it is on commitment and manpower. However, it is possible to collect data which enables the production of documents which will demonstrate the usefulness and cost-effectiveness of a library and information service. We have developed several Key Performance Indicators which have proved to be a way to clearly show our value to the organisation.

When looking for the types of data collection which can be manipulated to give a good picture of the library service business, we’ve looked at answering the following questions:
·       What types of service are being provided? (print / archive collections, database access, e-book access, help with searching for specific information, information literacy training)
·       Who is using the service? (doctor, nurse, allied health,  administrator)
·       What is the information going to be used for? (Research, patient care, teaching, CPD)
·       How has the information obtained been used? (Publication, patient care)
Using a simple, brief survey mounted on Survey Monkey to collect data from our patrons and with librarians collecting and inputting data on the work they do, we have produced KPIs which show:
·       Cost avoidance through services such as document delivery
·       Clinicans’ time saved
·       Summary of service efficiencies
·       Purpose / use of literature searches and information literacy training.

All these can be used to indicate the value of the library and information service to the work of the organisation as a whole. Using infographics where possible, these are presented in one or two pages only to ensure that the messages are clear and the effort required to read the documents is minimal. The data collection is included in the everyday workflow and would be replicable by even the smallest library and information service.

We have prepared an article which will be published in BIR the near future which outlines the processes behind each KPI, with the KPI documents themselves included in order that they might be used or adapted by other library services.

References:
(1)   The community returns generated by Australian health libraries: Final report, September 2013. SGS Economics & Planning: Canberra, 2013.
(2)   Sollenberger, J. Holloway Jr, R. The evolving role and value of libraries and librarians in health care. JAMA. 2013 Sept 25: 310(12): 1231-32.
(3)   Marshall, J. et al. Library and information services: impact on patient care quality. International Journal of Health Care Quality Assurance. 2014:27(8): 672-83.



Thursday, 2 February 2017

Digital communication, improved knowledge sharing?

Here at BIR we have been looking into the rise in mis-information and fake news – is it a result of the ease of publishing created by social media platforms, or has it always been around?  I think it is certainly more obvious now that it ever was before and perhaps too because some of what is said online can be just too outrageous.  I also think that for me there is an element of having more trust in the printed word rather than the digital one which is perhaps just a generation thing!

I was intrigued by an episode of the BBC programme The Big Questions aired on Sunday 15th January 2017.  The programme was entitled “Is digital media good for democracy?”  With representations from the Guardian, Channel 4, Labour and Conservative parties and UEL (University of East London) to name a few, it was a varied and interesting discussion covering many aspects of communication on social media platforms.  Fake news was a topic covered in quite some depth and it was interesting to note that no form of media was exempt from having produced fake news at some point or other in the past though it was re-iterated several times that TV is covered by the strictest regulations of any form of media now.  When regulation was considered as something needed for social media platforms heated discussions ensued on the importance of freedom of speech and expression on these platforms. 

When we consider that social media platforms are increasingly being relied on as a source of information and news, - Mentioned on the programme was the fact that although some people use traditional sources of media (newspapers and TV) as trusted sources, there are others who solely use digital media sources as their trusted sources for information. – should social media platforms not be subject to similar types of regulations to aid the process of ensuring that what is being published is truthful and reliable?

The full programme is available to view on BBC iPlayer for another 10 days here http://www.bbc.co.uk/iplayer/episode/b08bb6rd/the-big-questions-series-10-episode-2

To help us combat the deluge of fake news and at least be able to identify what is definitely fake a number of tech products have been developed to help – extensions from Chrome and others have become available since the US election.  Facebook has also developed tech to identify fake news for its users too.  At Mashable.com there is an interesting article reflecting on the topic and the new tech available which you can read here http://mashable.com/2016/12/20/only-one-way-stop-fake-news/#B5DMt5r35gqS

As however, they point out in this article it ultimately comes down to us as individuals to identify and stop the publishing of fake news.  We can try to fact check everything we read but this is a very lengthy process.  It was pointed out in BBC’s The Big Questions episode on digital media and democracy that it can take days to thoroughly check a fact. The next best thing is to develop a portfolio of trusted sources that you can be absolutely sure are publishing accurate information though this is something that you would still need to personally re-validate every so often.  The challenge of fake news is certainly a complex and difficult one to resolve.