Support vs Responsibility

Watson won handily, and many disappointed humans were blaming him for his answer that Toronto is a US City. Several humans blamed the outsourced programmers in India for this mistake. Blaming is so human, so it is understandable. However, I was very happy to see that companies like IBM are still interested in some of the fundamental research in computing. For the next 6 weeks, I will be preoccupied with Cricket World Cup which is being played in India, Bangladesh and Sri Lanka.  So far, no surprises, though England had a scare against Canada (yes, the country where Toronto is, plays cricket) yesterday.

On to the topic at hand… Library and Technology Services (LTS) is in the business of maintaining and supporting the consumption of information. Whereas we also create some of the information ourselves, that is a much smaller portion than making sure that we develop the appropriate mechanism for our users to get access to the information. It is sort of what Google does – billions of people create content, but it facilitates the consumption of this information through search frameworks that makes it easy to get access to information (though some would argue that it does a poor job!). And makes billions of dollars in the process… The question is, who actually is responsible for the information?

We have elaborate organizational structure to develop and support infrastructures that allow our users to access information easily. Whether it is Library or Technology, we have staff who have very good understanding of the information landscape we support. We have subject matter experts who would be able to direct our users to the appropriate resources – be it books, journals, student data, or financial data, you name it. This is the “Support” aspect of what we do.

We also take some “responsibility” for the information infrastructure. Librarians take responsibility for acquiring and licensing content based on the needs of the College, but within the financial constraints imposed on them. Archivists are responsible for developing “records management” guidelines for the College – what are the most important information that College should retain and what information is not worth retaining.

Similarly, technologists are responsible for developing infrastructure that allows easy access to information. They are also responsible for making sure that the data is secured from illegal or inappropriate access. In addition to financial constraints, the technologists have another problem in that they are supporting many systems that have been developed by others which allow users to access data that are totally out of their control. This is why the technologists go through painful processes to vet and choose a product that they feel most comfortable about supporting.

Just the way that while the Librarians support and facilitate access to information, they don’t generate the underlying content and therefore cannot be held responsible for it, technology has a parallel. Whereas we support access to data and we have “subject matter expertise”, we rarely generate underlying data and therefore responsibility for it does not reside in LTS. The parallel between information in the Library and technology diverges here a bit. Content generators for the information in the Library are the authors that are very rarely the members of the College. In technology, almost always, the content generators are in the College.

Banner is a primary information repository that we “support”. However, we cannot be responsible for the data that is entered into Banner. As a part of the support, we can develop frameworks to ensure that data validation takes place, but the ultimate responsibility for the underlying content resides with the person who enters the data into such a system.

We have administrative offices who are traditionally “responsible” for different data. For eg. the Registrar’s office is responsible for student data, Academic affairs for faculty data, HR for Personnel data, Finance and Administration for Finance data etc. This gets to be very detail oriented and the exact responsibilities tend to be very institution dependent. The “responsibility” here refers broadly to both the accuracy and access. The reason for this has to do with the fact that the individual administrative offices are far better positioned to know about the data and access (and the laws surrounding this) than we in LTS can possibly do.

We in LTS work very closely with the offices to enable them with technologies to detect and correct inaccurate data and work with them to make sure that the appropriate access controls are in place.¬†Whereas we are responsible for enforcing access control, the rules of who gets access to what information, and updating the access control when a user’s status changes are all the responsibilities of the administrative offices. This is very important and may not be apparent to many of our users.

Similarly, the information consumers have a lot of responsibilities. Once access control is established and access to data has been opened up, typically, the users are told of their responsibilities on the appropriate use and protection of data. Depending on the nature of the data accessed, the care that must be exercised by the users increases. Someone having access to Personally Identifiable information such as the social security number, and data of birth have to be extremely careful about how they access the information, where they store them and proper destruction of the data when not needed. These are individual’s responsibility because once, the data leaves our servers, there is very little we can do to enforce these.

For example, we can prevent someone from connecting to the source of the data from outside the campus network, but there are many ways in which the person can take the data home and work on a home computer and bring it back. We are responsible for educating the users and training them on appropriate use of secure data, that is, if we can get them to come to training :)

Seriously, we are in the process of developing a strong education and training program on secure data as required by law and the community will hear about this soon.

The bottom line is, we, in LTS support access (methods of access, implementing access control etc.) to information but the responsibility for the accuracy, access and appropriate use is shared with primary responsibility residing elsewhere (with the users and the administrative data owners).

Leave a Reply