Two things are paramount for information management when considering security. Confidentiality of the data stored and the integrity of the data. This applies to both hard copy documents as well as digital data.If either of these is compromised, the ramifications could be significant.
In one way it seems easier to secure hard copy documents with locked cabinets, locked doors, CCTV in place, and limited access to the actual documents. You can see when hard copy records have been tampered with-pages torn from a document, a numbered page missing and so on. It appears to be easier because you can see the measures in place, it is tangible.
Digital data can in fact, be more secure from damage and destruction.
First, there are the actual document files. Restrictions may be placed on a number of formats to restrict editing, copying, printing and even screen shots (when viewing online) can’t be done. This protects the integrity of the document.
PDF documents also have an electronic footprint, which is why they are now admissible in court under The Evidence Act 1995. This means they cannot be altered without leaving a trail of the amendments and the originator of the document is stored. This metadata is automatically created from the document of origin.
Access to systems storing records can be controlled by applying authorisation i.e. login via an ID and password. Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA) can also be implemented e.g. ID and password plus answer a secret question or a passcode which has been sent to a mobile device.
Even before getting to the system storing the data, access to the network can also be via authorisation and the same MFA can be implemented. So from a broad aspect down to an individual record, security can be applied.
It is much easier to backup digital data than hardcopy records and who would want to make a copy of every important document owned by an organisation? Digital data backups can be stored offsite and across multiple locations, this is a common strategy used in disaster recovery. Several backup versions can be stored, in case earlier versions of documents need to be recovered. It will all depend on the level of importance an organisation places on its data or on specific types of data.
It may be that data for a specific project or legal case is treated with high levels of security across all components until such time as the project or case is completed. We have all heard of security breaches in some unlikely organisations but these are usually high profile entities and there would have been a concerted effort to hack into their systems, usually by a group rather than an individual.
Security measures must be reviewed regularly and modified regularly. Just as an individual’s login password should be changed on a regular basis, system-wide measures must also change. Yes, it can be irritating but as the old saying goes, “it is better to be safe than sorry.”