Ransomware Can Hold Your Records “Hostage”

In another unfortunate trend for Ohio in 2024, Wood County had experienced a ransomware attack that has prevented them from accessing their electronic records management system. As seen in the article found here, while the attack is not impacting public services, the county is resorting to using pen and paper to record emergency calls as well as preventing them from accessing historical police records.

Just like water or a fire damaging paper records, your electronic records are vulnerable to disasters and disruptions to business like these cyberattacks. There are several things your office should keep in mind:

  1. Understand where your records are on your network as well as who has permission to those files. ARMA International has a great article on defining data maps found here. This will also help identify where your vital records are, those records integral to your business operations and should be recovered quickly.
  2. Have your IT routinely backup your electronic records as well as run updates to system software/antiviruses/network firewalls.
  3. Provide mandatory cybersecurity training to your office staff to educate them on identifying fraudulent requests and the steps to report on them.
  4. Clean up electronic records that have met their applicable records retention schedules and are no longer needed. The less files there are on your network, the less files that could be potentially stolen from your office.
  5. Finally, establish continuity of operations plan (COOP) in place to define the policies and procedures to respond to an emergency or disaster. Have a COOP plan in place will allow a swifter restart of your operations. FEMA has a brief brochure describing a COOP plan found here.

Re-Evaluating a Public Record

A recent ruling by the Ohio Supreme Court concerning email distribution lists for a township newsletter helped define a “public record” for something simple as a mailing list. Per the recent article from Court News Ohio found here, there were some back-and-forth disputes concerning a 2022 public records request for the township newsletter email distribution list. The requester originally had his request denied by the township, but he argued that the list is a public record and contained no exempted information as found in ORC 149.43. While the township claimed the list did not document the activities of the office and was developed/maintained by a vendor, in Hicks v. Union Township, the Supreme Court agreed that the list was a public record per the three elements of a public record as defined in ORC 149.011(G). Remember, a public record is:

  • “Any document, device, or item, regardless of physical form or characteristic, including an electronic record as defined in section 1306.01 of the Revised Code”,
  • “Created or received by or coming under the jurisdiction of any public office of the state or its political subdivisions”,
  • And “serves to document the organization, functions, policies, decisions, procedures, operations, or other activities of the office”.

As always, when working with public records requests, it is important to have your office’s legal counsel review the request, the responsive records, and the response sent.  The case can be found here: Hicks v. Union Twp. Clermont Cty. Bd. of Trustees.

AI helping Archives and Researchers

Another example of how artificial intelligence (AI) is impacting archives and records programs in government, a Maryland Today article reports on a research project by the University of Maryland and the National Archives and Records Administration (NARA) to see how AI could comb through 10 billion pages of documents to reduce wait time for researchers. The project team is finding that AI can help predict the content of undigitized records based on the organization of a collection as well as use camera software system that will collect information on undigitized collections as researchers look at them; literally “looking over their shoulders…as they work”. You can go here to read the article.

NARA is also developing a strategic plan for how it will use AI responsibly to improve access and navigation of the federal agency’s collections. You can read more about this plan as well as upcoming projects by NARA here.

The OhioERC is starting to explore creating some guidance on AI technology and how it will impact our records management responsibilities in Ohio government, so keep a look out at our blog posts when we have those resources available. You can always subscribe to our blog by entering your email in the “Follow The Ohio Electronic Records Committee blog!” sign up on the OhioERC homepage.