ISO Matters

What is ISO 20614, and why does it matter?

The search to ensure the privacy and protection of digital and physical information is an ongoing one. While physical information security has been practiced for centuries, most people view digital information security as a new concern.  However, governments and standards bodies have been coping with issues of the privacy and security of digital records and archives for decades longer than most people realize.

40 years ago, France enacted Law 78-18 on Information Technologies with the principle notion that “information technology is at the service of each citizen and cannot violate human identity, human rights, privacy, or individual or public liberties.” Library of Congress, Online Privacy Law. Since then, these principles have evolved to meet changing privacy protection needs, with Law 78-18 being followed by the Data Protection Directive of 1995, and today’s General Data Protection Regulation (GPDR), enacted by the EU on May 25, 2018. France and the EU have been consistent in their privacy protection goals.  Law 78-18 lays out critical elements of privacy protection familiar to those who know GDPR – including a data subject’s “Right to be forgotten”, “Right to Correct and Delete”, “Right of Indirect Access”, and “Right of Access ”. Library of Congress, Online Privacy Law: France

Organizations adapting to increasingly stringent privacy regulations are looking toward technology and tools to help them manage their large volumes of sensitive data more securely.  The volume of customer data that is essential to their business also puts them at increased risk for non-compliance and loss of customer trust. But who can compliant-aware companies trust to assist them in their quest to manage, protect, and secure this sensitive information from its creation through its archival and eventual destruction? One way to narrow the field is to look for vendors whose products or services conform to ISO standards.

ISO stands for the International Organization for Standardization and is an “independent, non-governmental international organization” (ISO: About Us) which publishes international standards conceived by experts to help organizations provide products, solutions, and services that are reliable, safe, and of good quality. Often, new or revised laws and regulations (like GDPR) serve as the catalyst for new or expanded ISO standards. In such cases, ISO certification is a vehicle to demonstrate adherence to those laws or regulations.

ISO 20614 certified software piques particular interest for GDPR-aware data and information managers governing large stores of archival records (physical and digital) with protracted disposal terms.

ISO 20614 is a Data Exchange Protocol for Interoperability and Preservation (DEPIP) and defines a framework that addresses interoperability problems in data storage exchange, integrity, and archiving. In other words: archived, sensitive information can be accessed and transferred safely and securely, without corruption, leaks, or risk to preservation (including metadata).   This translates to flexibility with regard to decentralized archiving (including the use of archive service providers outside the organization) while retaining the highest levels of archive fidelity.

With its recent release, everteam.archive now supports the ISO 20614 standard. The everteam.archive product provides this combination of archive flexibility and control so that records managers, archive service providers, and archive consumers all benefit from a more robust, secure archival process. And as regulations, privacy concerns, and business processes develop and advance, everteam.archive software will continue to extend its support for standards like ISO 20614 to help organizations evolve their capabilities to meet emerging requirements.

Invariably, technology has an enduring effect on personal privacy and information governance strategies. Around the world, organizations are adjusting their tools and processes not just to follow new regulations, but to better secure customer loyalty and promote trusted client relationships. 

Forty years after the 1978 privacy law enactment, customer privacy and security concerns have been seen their visibility grow tremendously, first in European and French markets, and now with US organizations looking towards their counterparts abroad for guidance in privacy matters.

Everteam, a French-owned software company with a nearly thirty-year history in the ECM / DM and information governance sector, understands the rigorous standards used to protect sensitive data throughout its lifecycle, from creation through archive and eventual destruction. Everteam software, including everteam.archive, leverage standards like ISO 20614 to empower organizations to discover, identify, classify, and remediate sensitive data. By protecting valuable information assets throughout their lifecycle, organizations strengthen their most valuable, substantial asset – customer relationships.