POLICY 17: Ensure security, authenticity and integrity of digital records and heritage
4.17.1 All governmental bodies in the Western Cape Province must ensure that digital records adhere to standards of security, authenticity and integrity.
-
All governmental bodies must take acceptable care of the digital heritage under their care with regard to information security considerations in terms of national and international standards. The security measures must include control over accessibility of the digital records, as well as prevention of unauthorised change or deletion.
-
All digital masters must include provenance metadata which provides for the authenticity, provenance and integrity of the digital record. Additionally, this metadata must be maintained as an integral part of the digital master.
-
The provenance metadata must include the description of any specific preparations or treatments performed on the digital records as well as on the original or analogue record prior to digitisation.
-
Digital masters, as the master copy of digital records, must each carry a digital signature to ensure authenticity and to ensure that they cannot be modified without invalidating the integrity of the digital master. This signature should enable linkage back to the original creator, in the case of government records this will be a governmental body.
-
Digital masters must be lodged with the Provincial Digital Repository (PDR) and the digital master located within the Provincial Digital Repository (PDR) is the only truly authentic version. The term “digital master” should only apply to those records maintained in the Provincial Digital Repository (PDR).
-
All digital records other than digital masters are not considered as authentic including exact copies of the digital master from the Provincial Digital Repository (PDR).
-
Each digital master is required to have a unique address or name that provides reference back to the record within the Provincial Digital Repository (PDR). This may take the form of a URI, URL or URN or any other internationally agreed unique naming convention. This unique address is to be used when citing references back to the digital master.
POLICY 18: Privacy policies
4.18.1 Archival records/public records contain information that is of a personal nature, and whose unconsidered dissemination could cause personal and public harm. Privacy is a constitutional right and must be integrated into the core of the digital repository design and functioning of digitisation processes and programmes.
-
Until legislation is promulgated to cover this contingency, the ethical treatment of personal information in digital record form must be managed under existing institutional policies.
-
Governmental bodies must compile a privacy policy to provide guidance as to how private information held in their care is to be appropriately handled and safeguarded.
-
Personal information that is in digital form must, ideally and where reasonably possible, be identified within the metadata for the digital masters as information concerning the nature of the subject matter.
-
The digitisation strategy of the Provincial Digital Repository (PDR) must include the manner in which personal information is to be handled and protected during the capturing, describing, loading, storing and accessing processes.
POLICY 19: Handling of confidential and secret records in accordance with MISS
4.19.1 Digital records falling under the Minimum Information Security Standards (MISS) as published by the National Intelligence Agency must be managed in accordance with this standard.
-
Each governmental body is required to handle digital records that fall under the Protection of Personal Information Act , Protection of Information Bill or MISS on secure servers that are not accessible through standard access methods.
-
Records falling under these legislation must be managed in a manner so as it is not possible to separate digital content from metadata.
-
Metadata associated with sensitive digital data must clearly indicate any moratorium periods that are applicable in order to support automated or semi-automated release of such embargoed information.
-
Sensitive information must be accessible only to those with the required level of access authority. This may require additional forms of information security to be implemented, including the usage of one-time passwords, biometric authentication or device-based security.
POLICY 20: Development and implementation of national metadata and vocabulary standards
4.20.1 There is a need for national metadata and vocabulary to ensure semantic interoperability between digital collections, since purely technical interoperability is insufficient.
-
In order to allow for effective searching across institutions and holdings, the metadata associated with digital records must conform to an agreed national set of metadata elements including schemas, thesauri, ontologies, terminologies, vocabularies and authority files.
-
All governmental bodies in the Western Cape must adhere to the minimum national standards and metatdata.
-
Private custodians in the Western Cape are encouraged to adhere to these minimum national standards.
-
Policy 22 explains the construction and maintenance of vocabularies, authority files and other such elements.
4.20.2 These metadata and vocabulary standards must be built on strong semantic principles, to facilitate improved access to large repositories and to provide for a more natural interface to complex repositories. This must be done in a way that provides for long-term evolution and improvement of the semantic structure.
Share with your friends: |