Indigenous people are deeply concerned about keeping their Traditional Land Use and Traditional Knowledge information secure. Avoiding putting this information into a digital format is not practical so the question facing indigenous people is how to minimize the risks of having potentially sensitive information in a digital format. The natural response for people is to keep this information close to them, but this natural impulse may not have the intended effect.
The body of thought behind data security, privacy and integrity is vast so this short post is intended to highlight some of the issues and is not an exhaustive guide. I'll focus on three areas:
- Data Security
- Data Privacy
- Data Integrity
Data security is primarily concerned with keeping your information out of the hands of people who should not have access but it also includes preventing its loss or destruction. The ways to address those concerns include:
- Physical Security - Putting the computer with the sensitive information in a physically secured and monitored space.
- Digital Security - Putting the computer in a managed environment where software is kept up-to-date so the computers and the information on them can only be accessed via secure protocols.
- Backups - Making copies daily both locally and off-site in the event of a fire or natural disaster.
Well managed cloud based services perform well in the area of data security because they have access to professional hosting staff and equipment to address these issues. Small organizations of all types have a much harder time meeting these stringent requirements. In smaller organizations, computers with sensitive information are often in someone's office where many people can access them. Also those same computers are used for web browsing, email and other activities which opens them up to many forms of attack. Lastly many small organizations don't have formal data backup procedures including off-site backups so natural disasters could potentially wipe out their information.
Data privacy, in the context of having effective data security, is primarily concerned with valid users access to private information being limited by need. In evaluating options in the area of privacy some questions to consider would include:
- Does the system control access to information based on its privacy?
- Does the system generate warnings about reports that could be distributed by insecure means if they include private data?
- Does the system provide the means to hide personal identifying information?
In this area well managed cloud services do quite well, but the weak privacy controls in some social networking tools have raised doubts in the minds of many users. On this issue it is important to understand who is the service provider and what steps have been taken to protect privacy. For example LOUIS Heritage requires every mapped feature or non-spatial discussion be marked with a privacy setting which is then used to filter search results based on user permissions. Similarly LOUIS Heritage limits the inclusion of information about participants in reports to protect privacy. In contrast, desktop GIS systems if managed in on a file server tend to give either no-access or complete access which is too crude to properly address privacy concerns.
Data integrity is primarily concerned with information accuracy. When evaluating options from this perspective questions to be considered include:
- It is possible to specify a particular format for information?
- Does the information require review before it is used?
- How does the system prevent accidental deletions or edits?
- Does the system ensure that relationships between different pieces of information are maintained?
No desktop GIS solution has these capabilities out of the box. Version management tools or tools for managing the consistency of format exist for GIS environments but using them can be technically challenging and usually requires significant effort. Cloud based services perform variably on this front. Generic archive services do not address this issue at all because they simply store files without any knowledge of their contents. LOUIS Heritage however requires data meet certain format requirements and the data exists in a number of states from when it is first gathered to when it is reviewed and finalized. The use of states in LOUIS Heritage prevents finalized data from being deleted or edited accidentally.
It is possible for indigenous communities to put in place all the measures discussed here but in most cases it is financially and functionally impractical to do so. Cloud based services, like everything else in life, are not risk free, but when compared to files on someone's computer in an insecure office, the choice is clear. To contact us about how to better secure your local information or learn more about the LOUIS tools use the contact page here.