Records In the Cloud (RIC) is a 4-year collaboration between the University of British Columbia (UBC) School of Library, Archival and Information Studies, the Faculty of Law, and the Sauder School of Business; the University of Washington School of Information; the University of North Carolina at Chapel Hill School of Information and Library Science; the Mid-Sweden University Department of Information Technology and Media; the University of Applied Sciences of Western Switzerland School of Business Administration; and the Cloud Security Alliance, supported by a Social Sciences and Humanities Research Council of Canada (SSHRC) Insight Grant.

Problem

Because of its low cost, organizations are increasingly moving their records into the cloud and delegating to cloud providers the responsibility for their security, accessibility, disposition and preservation. But how high is the price that these organizations pay in terms of control on their records or, as is the case with archives, on the records entrusted to them for permanent preservation? We have seen cloud providers go bankrupt, disappear or be sold; records being lost, retained when should have been destroyed, or mixed-up in shared servers; failed back-up; and unauthorised access by sub-contractors and hackers. Further, it is impossible to pinpoint the geographical location of the records at any given time and the jurisdiction under which they fall; to prove the chain of custody and the authenticity of the records; to ensure protection of legal privilege or trade secrets when using a third party; to isolate documents for legal hold; to conduct audits; and to guarantee that the records to be permanently preserved are kept according to archival standards. These are only a few of the problems encountered by organizations using the cloud as if it were a recordkeeping or a record preservation system. Yet, the number of those who choose to use the cloud for these purposes is growing exponentially by the day. If this phenomenon cannot be stopped, we must at least try to reduce its risks to an acceptable level.


Objectives

  1. to identify and examine in depth the management, operational, legal, and technical issues surrounding the storage and management of records in the cloud;
  2. to determine what policies and procedures a provider should have in place for fully implementing the records/archives management regime of the organization outsourcing the records, for responding promptly to its needs, and for detecting, identifying, analyzing and responding to incidents; and
  3. to develop guidelines to assist organizations in assessing the risks and benefits of outsourcing records/archives storage and processing to a cloud provider, for writing contractual agreements, certifications and attestations, and for the integration of outsourcing with the organization's records management and information governance programs.

Methodology

This is a qualitative research project that assumes an inductive relationship between archival, diplomatic, and legal theory, information technology and research findings. Research data will result from:

  1. a close analysis of the services offered by various CSPs, as well as the technology that supports such services, as revealed by their commercial materials and documentation and by semi-structured interviews;
  2. a study of relevant law and case law, regulations and standards, and
  3. a combination of surveys and interviews of CSPs and existing users of cloud computing services.
  4. View our Research and Privacy Statement

Who Benefits?

  1. all kinds of organizations who wish to store records on the clouds
  2. service providers
  3. records, archival and law professionals, and
  4. records and archival management students.