What’s More Important -- Computers or the Information They Store?

I went to an hour long presentation at Aspiration Tech on Wednesday night, where Allen “Gunner” Gunn talked about the potential pitfalls of hosting your data online. However, he used this subject as a jumping off point to discuss the broader topics of data privacy, data security, planning and documentation. Although he advised us all to be cautious about Web 2.0 applications such as Flickr, Gmail, YouTube, etc, his real point was that all organizations have to be conscious and proactive about their data universe. Hosted, online, Web 2.0-style applications might be the best solution in some cases, but you should enter into these arrangements with a clear sense of the risks and benefits. Also, libraries and nonprofits have a special set of obligations because they're taking care of sensitive information on behalf of patrons and clients.

Below are the five key concerns that Gunner talked about. For more information, download Gunner’s PowerPoint presentation.

Planning and Documentation: Every organization needs a "data map", which describes its data universe. This map records the location of each piece of data, who can access it, how it’s backed up, etc. (see the rest of this post for other items that you can include in your data map). A lot of experts recommend that libraries document their technology and plan for changes to their technology, and there’s nothing wrong with this advice. However, it’s even more important that you document your know where your data is and plan for its future. Ultimately, your library runs on information about books, patrons, employees, facilities, budgets, etc. If one day you couldn’t access that information, what would you do? Answering that question might give you a sense of the importance of this topic.

Redundancy: What are your backup procedures? Just because your information is hosted online somewhere, don’t assume it’s being backed up carefully. Gunner related a few of horror stories about Hotmail, Gmail and Yahoo accounts that were suddenly and arbitrarily deleted (sometimes by accident, sometimes on purpose). For more about backup best practices, see this article by Kevin Lo, my colleague at TechSoup.

Access and Control: Who controls your data? What does the agreement with your hosting company look like? Can they block access to your data under certain circumstances? Can you export the data at any time? Which of your employees has access to your online information? If you put too much power in one person’s hands, they could lock you out of your own data, or even use that data against you.

Portability: Can you migrate your data from your current software to another product? Having control over your data is a start, but if you can only read your backup files in the originating program, your vendor can hold you hostage. Also, proprietary data formats often rely too much on the underlying software and hardware. If the underlying software or hardware goes away, the data is unreadable. It helps if your software vendor adheres to open standards. Also, at a bare minimum, you should be able to export your data in CSV format (comma separated values).

Privacy: Gunner suggested that your ability to legally assert your privacy rights is stronger when you store your data onsite. Legal experts claim that by hosting your data with an online provider, you give up some of your expectations of privacy, though onsite vs. offsite is only one factor of many in deciding this issue. Also, if a law enforcement agency presents your online hosting provider with a subpoena or a warrant, you can’t control their reaction. You have more control over the situation if your data is onsite.

Technorati Tags: asp Aspiration backup data online hosting privacy security techsoup web 2.0