It’s no secret to constituents or government workers that Uncle Sam and his state and local counterparts are powered by paper. It’s also no secret that government lags behind the private sector in digitizing, automating and securing paper-heavy processes.
But agencies around the country are making inroads in converting traditionally paper-heavy processes to digital ones, and they’re realizing an unexpected benefit when converting to a modern Enterprise Content Management (ECM) platform: improved information security and compliance.
While simply moving to digital documents is a step in the right direction for government agencies looking to improve the constituent experience, it’s not enough in order to create a secure and compliant workplace and protect those constituents’ sensitive information. As we’ve seen in numerous headline cases in both the public and private sectors, digitized information carries a huge risk and liability if security and data retention isn’t properly managed.
Just why is information security and compliance so important in a government setting? Here are three compelling reasons:
Compromising information security can lead to embarrassing (and expensive) security breaches.
It’s easy to see how this happens in a paper-intensive environment, where documents are usually received via a non-secure method like mail, fax, or printed from email and delivered to an inbox.
Once documents are taken in, they still tend to float around in a not-so-secure fashion, from case files going desk to desk to untracked photocopies being made to documents hitting the trash bin instead of the shredder. This amount of unsecured paper is understandable, given the sheer number of documents a typical agency has to intake, track, and process every day, but it’s also a ticking time bomb. No agency wants to be headline news for a confidentiality breach.
On the digital front, many documents are needed temporarily, such as driver’s licenses or forms with social security numbers to apply for benefits or a license. Once the information is taken in, it sits among other unstructured digital data and becomes a huge liability unless your agency has created intelligent retention policies that actively manage the lifecycle of sensitive information. Those policies may enable the destruction of content that’s no longer needed based on a timeframe or event, or securely archive content for compliance reasons.
While on a per-record basis the government sector has one of the lowest costs for breach remediation ($68 compared to $363 in healthcare), the final costs can run into the millions due to the sheer scalability of government breaches.
Information requests are difficult to respond to in a timely manner.
Federal and state freedom of information laws often require agencies to access and deliver documents to the public. When those documents are trapped in paper filing cabinets, often off-site in a storage facility, information accessibility is an issue.
Discovery requests pose a similar problem when the majority of files are on paper and unsearchable. With a digitally-managed retention policy, your organization not only has accessible digital documents, but also a complete audit trail, including certificates of destruction and chain of custody.
Meeting regulatory requirements for storage, security and retention is costly.
How many pieces of paper or digital documents does your agency process each day? Each month? Each year?
How long are you required to hold on to those records? Are you running out of room yet? When was the last time someone went in to clean out the records that are no longer required to be held, and were they disposed of properly? If your agency is like most, it’s a catch-22 of needing the space to store the ever-increasing volume of records, but not having the manpower to deal with the turnover.
If your agency is partially digitized, much of the data is likely not in your secure system of record (SOR), but in an unstructured format like email, scans, PDFs, and text files floating around the network outside of the SOR. Many times these documents are both the easiest to hack and among the most confidential, like signed contracts and personally-identifiable information.
The most difficult piece of information security can be in complying with an alphabet soup of regulations like FISMA and HIPPA. With ever-changing regulations, how can your agency stay compliant while processing everything manually?
Keeping up with the constantly changing regulatory mandates and best practices is much easier with digital rather than paper records, but requires a capable and flexible system designed with compliance in mind.
How going paperless solves these information security and compliance problems
You already know that taking traditionally paper processes digital can dramatically improve the constituent experience and streamline productivity in the back office. But going paperless with an ECM with retention policy management tools also solves burdensome information security and compliance problems, as these three agencies have discovered:
Maintaining confidentiality: The San Francisco Employees’ Retirement System (SFERS), which manages a $20 billion trust fund for more than 60,000 members, implemented transaction-specific folders that enabled staff to conduct business processes while still maintaining confidentiality of sensitive information. No more unsecured papers floating around the office, exposing the agency to potential confidentiality breaches.
Respond quickly to information requests: The Kansas State Board of Nursing (KBON) licenses more than 2,000 nurses each month, and the state records policy requires them to keep all original applications for life. Because they’re under the Open Records Act, the KBON gets an average of 8-10 requests for document copies. When those copies were paper, they spent 15-30 minutes locating, copying and re-filing each document, then mailing out the copies. With electronic content management, they can locate and send a document within a minute. Plus, using retention policy management tools, KBON can securely store those documents and meet state records policy regulations.
Save on storage and records retention: The Army National Guard Bureau’s global presence made medical paperwork a triple burden of HIPPA compliance, processing time and storage issues. Moving to digital allowed them to scale more than 20 million documents for National Guard personnel in all 54 states and territories plus in areas around the globe.
Learn more about achieving regulatory compliance by going paperless in our ebook, Paperwork and the Government Agency.