Saturday, March 19, 2011

Preventing insider theft: lessons from NARA's Holdings Protection Team

On Thursday, I had the good fortune to attend a training session offered by representatives from the U.S. National Archives and Records Administration (NARA)'s newly established Holdings Protection Team. I've already posted about the team's tips for preventing thefts committed by researchers, and today I'm going to post about -- and reflect upon -- the team's recommendations regarding prevention of thefts committed by staff.

Approximately 75 percent of archival thefts are committed by staff, and Holdings Protection Team member Michael Knight suggested that this figure is probably low.

This is a sad truth, but there's a definite logic to it. We archivists have ready access to the collections and the expertise to identify records that are intellectually significant or have the greatest resale value. We enter this profession mindful of our role as stewards and guardians of the historical record, but a few of us ultimately repudiate this obligation. The reasons for doing so are, of course, varied:
  • Life-changing developments such as addiction, a sick child, a messy divorce, or a disastrous investment decision can render a person desperate for cash. Some people feel compelled to ensure that their families enjoy a certain standard of living.
  • In some instances, an archivist's love of the past has a covetous component.
  • Workplace resentments may lead a person to lash out at an employer or decide that he or she could take better care of the records at home.
  • Some people become archivists because they seek access to materials that they can steal and sell. Others enter the profession and then realize that theft can augment their earnings.
Before we all get jumpy and paranoid about our co-workers, let's keep in mind another fact that Knight emphasized: less than 1 percent of NARA employees have been proven to be thieves. I suspect that the percentage of dishonest staff at other repositories is similarly low.

Most of us are honest, and we have to keep in mind that security policies are meant not only to protect our holdings but our own sanity and reputations. Several years ago, my colleagues and I learned that one of our co-workers had been stealing materials from our holdings and that of our sister institution. Fortunately for us, the authorities quickly pinpointed him and he readily admitted his guilt. Archivists at several other repositories that experienced similar thefts haven't been so lucky: they worked under a cloud of suspicion for months on end, had their personal lives and finances picked apart by law enforcement personnel, and couldn't lean on each other for support.

Moreover, good security policies support our efforts to maintain physical control over our holdings. As Knight pointed out, records " go missing" for a variety of reasons:
  • Staff fail to complete sign-out cards or pull-slips. A slip or card should be completed every time a box is moved . . . even if the staffer plans to bring it right back.
  • People make mistakes when re-shelving -- especially when supervisors give the impression that speed is more important than accuracy.
  • Catalog records or box tracking systems are outdated or inaccurate.
  • Staff leave them unattended, either at their desks or in public areas.
  • Inadvertent discarding or destruction -- a threat in facilities that house both archival and non-permanent records or in areas in which a lot of rehousing is taking place.
  • Deliberate discarding or destruction. In one instance, a disgruntled contractor working in a NARA facility sporadically pulled boxes off the shelves and tossed them into the trash.
What to do? Senior management must create and enforce policies that safeguard holdings:
  • Insist that staff complete pull slips, sign-out cards, or otherwise document the movement of records.
  • Make it plain that leaving records in unsecured and unattended areas -- even for a moment -- is prohibited.
  • If stacks have electronic card key access, each person who enters the stacks must swipe his or her ID. "Piggybacking" (i.e., following a person who has swiped his or her card and failing to swipe one's own card) is not appropriate.
  • Emphasize that accuracy, not speed, is paramount when reshelving records.
  • If at all possible, monitor contractors who work in areas housing records.
  • Staff who discover security breaches must report them to their supervisor or to another person in the organization and, if appropriate, take immediate action to rectify the situation.
Knight mentioned at the start of his presentation that one of the Holdings Protection Team is, in essence, helping to create an institutional culture that enables everyone to take ownership of physical control and security matters. In the days following the training session, I spent a lot of time thinking about the Holdings Protection Team presentation and Richard Strassberg and Mimi Bowling's archival security workshop, which I attended a couple of years ago. For what it's worth, I drew up a list of what I consider to be the core characteristics of a security-focused institutional culture:
  • Senior management encourages and expects all staff -- managers, archivists, technicians, clerical/support -- to identify and address security issues.
  • Senior management solicits input and feedback from all staff.
  • Supervisors train subordinates properly, encourage subordinates to share their concerns, use minor lapses as teaching opportunities, and use punitive measures as a last resort.
  • All staff understand why security and physical control policies exist, accept that everyone is responsible for helping to protect the repository's holdings, and feel comfortable speaking up when confronted with the unusual or unexpected.
About 15 years ago, when I was still in graduate school, Richard Strassberg came to my Archives and Manuscripts class and gave a guest lecture on archival security. He placed a lot of emphasis upon the relationship between labor-management relations and archival security. A few people are inherently honest, a few people are inherently dishonest, and the vast majority of people can go either way depending upon the situation. Creating a work environment in which everyone -- custodial and security staff included -- is made to feel valued and respected reduces the risk that staff will steal because they feel demeaned, excluded, or powerless. In light of the Holdings Protection Team's training, I would argue that a work environment in which everyone is made to feel valued, respected, and empowered to address security issues also increases the chance that insiders who steal for monetary gain or to augment their own collections will be caught sooner rather than later. In the final analysis, repositories intent upon protecting their collections from insider theft must consciously create a positive, open, and supportive work environment.

NARA's Holdings Protection Team hopes to offer additional training sessions for non-NARA staff in the coming months. If you get the chance to attend, by all means do so.

1 comment:

records management said...

I think in every profession a certain percentage eventually abuses their position, we read about it in the papers all the time. The security policiy research is very interesting!