Well, it's finally happened. A large Canadian municipality, Edmonton, has decided to make the jump to Google for email and office productivity. In the past, City of Toronto staff raised concerns about how this would benefit service delivery and what security risks this might bring.
According to Edmonton's press release, benefits include the ease of accessing these tools from any desktop or mobile device, real-time collaboration capabilities, expansion to staff currently without email, and reducing anticipated future costs, so "staff will spend less time maintaining systems, allowing them to dedicate more resources to the important mission of serving the citizens of Edmonton". They also note that "Google Apps has completed a rigorous security certification and accreditation with the U.S. federal government."
City Clerk's Office staff will naturally have more questions about privacy, access and security. This Edmonton Journal article provides some additional context on security and dismisses the issue of storing data in the US. According to Edmonton's CIO Chris Moore, Edmonton will continue to own all their data. He adds that concerns about the Patriot Act are a red herring since Edmonton's email traffic already travels through the US. The University of Alberta (with 125 000 users) has also begun shifting to Google apps, and their vice-provost of IT notes that "during 18 months of study, he determined the company's information security and privacy is far tighter than anything he could afford to provide."
For a more critical analysis, I recommend this 2-part blog post and interview with Edmonton's CIO here. The interview includes discussion of legal implications, Edmonton's completed Privacy Impact Assessments, the City Clerk's Office and Freedom of Information and Privacy Office. In the interview and part 2 post, the author questions why the City of Edmonton's Privacy Impact Assessments have not been submitted to the Office of the Information and Privacy Commissioner of Alberta and the Office of the Privacy Commissioner of Canada for advice and recommendations. This is not mandatory, but was voluntarily submitted by the University of Alberta for their project. Recommendations from the Commissioner included notifying all staff and students that their email is now under US legal jurisdiction, the university cannot guarantee it will be protected from disclosure and to carefully consider what information they chose to send.
I have to admit (if it wasn't obvious already) that a compelling case has been made, with some reservations. The collaboration capabilities and mobile access of Google apps are impressive. From an information management perspective, the integration with Google's Vault feature, providing retention, archiving and legal hold functionality, is very appealing. The project is clearly being driven by Edmonton's IT department, but is being carried out in consultation with their City Clerks' Office and Legal partners. I would love to hear their thoughts on the project, especially regarding the decision not to solicit further advice on their Privacy Impact Assessment. As the City of Toronto sets out on its own more traditional implementation of EDRMS, we should monitor Edmonton's progress closely and evaluate how it could inform our own approach.
No comments:
Post a Comment