Over the past few years, a lot of our information has gone into ‘the cloud.’ The appeal is clear—the ability to access data (files, spreadsheets, schedules, etc.) from anywhere. Drop and drag a file from your desk top and retrieve it from any device you use. The convenience is undeniable. But is convenience overshadowing reason?
For months I have been discussing ‘cloud technology’ with my Board. They want to put all of their minutes, handbooks, and policies into the cloud so that all board members can have access to all documentation anytime, anywhere. Since we are bound by law to keep these documents in a form that is accessible in perpetuity; the Board sees the cloud as freeing up filing space as meeting this requirement. Yet, my board is also adamant that these documents must remain confidential. The inherent contradictions here seem to be the elephant in the room no one wants to discuss.
The problem as I see it is the intangible nature of electronic data. If I suggested to my board they take all their hard copy files and send them to a warehouse 3000 miles away, with the promise that any of those files could be faxed to us in minutes, they would freak out. They would ask what kind of security the building had. What kind of fire or flood protection? Who vetted the employees? Never mind the risks of sending the only copies of the files. Yet, talk about doing the same exact thing with a more vulnerable electronic file, and they don’t bat an eye.
The reality is that much electronic record keeping is problematic and the majority of cloud based file sharing is not secure. Part of the requirement for records that must be kept forever is the assurance that the record can be easily produced. For hard copies, this is a matter of filing and space allocation. For an electronic document, this is a matter of file format and readability. How many times have you gone back to an old resume, presentation, or instructional document only to find that the word processing version used to create the document was no longer supported and the content therefore lost? Personally, I would rather print a document, file it, and forget it, then spend every three to five years having to open the document up and resave it with an updated file format. And really. . . who does this?
Keeping file formats updated with an easily understandable file structure is one issue, but the cloud poses an additional layer of concern. Most file sharing clouds can be easily hacked. Company employees are not bound by any confidentiality agreements. Many companies indicate directly in the fine print of their user agreements that your data will be mined and used at the company’s discretion. There have been multiple news reports that the National Security Agency routinely gathers data from companies such as Google, Yahoo, Facebook, etc.
While there are companies, such as BitTorrent, that offer services that keep you in control of your data, they are far and few between.
For library data that has issues of confidentiality, I’d urge people to think long and hard before placing it into the cloud. Always remember that all passwords must be changed with every change in staffing or board membership. Libraries may not be a target, but we also don’t want to become a target.