Recordkeeping Advice No. 7

Information Rights Management

Issued: 11 June 2009 (download the formal issued MS Word version of this revision 83KB)
( first issued 13 July 2005 download the formal issued MS Word version 76KB)

Recordkeeping Advices issued by the State Archivist provide advice on the management of records of State and local government organisations and support or explain recordkeeping requirements set out in formal State records guidelines.

Ian Pearce
State Archivist

Introduction

Information Rights Management is an information protection technology that allows users to place restrictions on who can view, print, forward or copy documents or email messages and the time frame in which that information remains accessible. Information Rights Management is also known as Digital Rights Management (DRM), Document Rights Management, Rights Services Management or Enterprise Rights Management.

Implications for government recordkeeping

This technology is designed to enable copyright owners to protect their intellectual property when their work is held recordkeeping systems of other entities. Government has an obligation to prevent unauthorised or improper use of information. Nevertheless, legitimate copyright interests have to be balanced against the statutory requirements for government agency recordkeeping, which in the Tasmanian context derive primarily from the provisions of the Archives Act 1983. Agencies are required under the Act to manage and preserve the evidence of their decisions and activities and records access and disposal provisions must also be observed. These records may include documents where the copyright is not held by the Crown.

The specific risks to good recordkeeping that are posed by DRM technologies include the following:

Auto-deletion - inhibits the ability of an agency to capture and maintain full records of its business. For example, the sender of an email can stipulate the lifespan of a message and force the deletion of the message from the system at a predetermined time. Automatic deletion (not involving human intervention) of messages received by government agencies is most likely to result in unauthorised disposal.
Print disabling - for agencies maintaining records in paper format, this prevents them from creating and maintaining proper records.
Forward disabling of email messages - prevents capture into many systems thereby preventing agencies capturing records of business.
Encryption - through loss of keys and passwords, encryption can prevent access and therefore results in the effective loss of records to government and the public.
Security - each time a protected object is accessed, there is communication between DRM systems and external rights services, which may affect information security and access provisions.

Advice for government recordkeeping

The State Archivist does not endorse the use of information rights management to enable the automatic deletion of documents or email messages, or to place restrictions on documents/messages that may impede recordkeeping practices. State and local government organisations are advised not to use this functionality.

If your organisation is receiving information rights protected documents and messages from other organisations, it is recommended that the documents/messages have all rights protection controls removed from them prior to their capture into recordkeeping or document management systems. This may involve requiring the sender to re-send the document/message or to use an alternative format or communication method.