How dog food can improve accountability and compliance
FDA project exemplifies efforts to promote accountability and compliance
The Pet Event Tracking Network, or PETNet for short, shows the potential power of secure, Web-based information sharing. The information exchange system, which was announced on Aug. 1, was created by the Partnership for Food Protection and the Food and Drug Administration as a way to share information among more than 200 representatives from four federal agencies.
If someone discovers a pet food-related incident, they can upload the information to PETNet, where it can be disseminated to other participants. There’s no waiting around until a problem becomes widespread, and because there’s a record of who made the first post, when and at what time, there’s built-in accountability. A regulator in Texas can’t say he or she was unaware of a problem when there’s a record of the person logging in and reading the specific post.
This idea of accountability and information sharing is one of the things that David Gehringer hears about all the time when he’s out talking to CIOs and IT directors and mostly for the very reason that PETNet exists. “People are very worried about compliance,” says Gehringer, who is a principal at IT consulting firm Dimensional Research in Sunnyvale, Calif. “What we’re starting to see is a lot of people putting in a lot of systems to handle regulatory accountability.”
Extending accountability across platforms
The PETNet system is unique in that it extends to multiple agencies, but even organizations that don’t have the time, technology or manpower to create an exchange system still want ways to track knowledge and data transfer, say experts.
In many organizations, the only way to share information securely is peer to peer, and when it comes to direct file transfer, many CIOs rely on encryption and data loss prevention to create digital accountability, says Graham Titterington, a principal analyst and security expert at research firm Ovum. “Encryption technology can monitor who is using the encryption key, and when and where they are using it,” he says.
DLP tracks what’s going in and out of an organization. The downside is that DLP produces so much information overall that there’s a big chance of missing something that’s really relevant, says Titterington. “The problem is identifying what’s normal behavior and what’s not.”
This is why many organizations are turning to SharePoint, which allows collaboration and file sharing under the auspices of version control and retention schedules. “It enables teamwork that’s very flexible, but you can still create a hierarchy, attach permissions and use it for document rights management,” says Titterington.
On the social networking side, accountability presents more of a problem, especially when it comes to compliance. Third-party networks such as Twitter and Facebook store digital copies of everything that goes up, even if it is deleted by the user, but there’s no way to say who posted something, says Roger Entner, an analyst and founder of Recon Analytics, a research firm based in Boston.
The bigger issue, at least for government users, is the assumption of privacy coupled with the fact that third-party systems can keep track of which accounts are logging in and posting things.
“If a third party knows every visitor to the [Justice Department’s] Facebook page, that’s a problem,” says Pam Dixon, executive director of the World Privacy Forum, a nonprofit public interest research group.
That might be why there have been 15 social media applications released on Apps.gov, some of which enable internal Facebook-like discussions and sharing.