Kamu Belgelerinin Hassasiyet Değerlendirmesi: Kuram, Süreç ve Zorluklar

Year 2024, Volume: 6 Issue: 6, 91 - 126, 20.12.2024

Hasan Öztürk

https://doi.org/10.59054/hed.1497456

Abstract

Kamu belgeleri, ulusal hafızanın korunması ve gelecek nesillere aktarılması için hayatî bir önem taşımaktadır. Bu belgeler ulusal güvenlik, uluslararası ilişkiler veya bireysel mahremiyet gibi hassas konular/bilgiler içerebileceğinden arşiv değeri taşıyanların doğru yönetilerek işlemlerin titizlikle yürütülmesi gerekmektedir. Hassasiyet değerlendirmesi olarak adlandırılan bu işlem, hassas/özel nitelikli bilgiler içeren arşiv/arşivlik belgeleri(ni) kapsamaktadır. Türkiye’de uygulama içerisinde yer almayan ancak gizlilik kapsamına giren hassasiyet değerlendirmesi, pek çok ulusal arşiv kurumu tarafından uygulanmakta olup temel arşiv işlemlerinden “değerlendirme(appraisal)” sürecinin odak bir safhasıdır. Hassas bilgi içeren belgelerin erişim kontrolleri, kısıtlamalar, kapatma kararları ve kamu erişimine sunulması, çeşitli yönlerden zorlukların oluştuğu bu yönetimsel sürecin adımlarıdır. Bu çalışma, odak bir işlem/adım olan hassasiyet değerlendirmesinin kuramsal çerçevesi, uygulama süreci ve zorlukları üzerine bir inceleme sunmayı amaçlamaktadır.

Keywords

Hassas bilgi, gizlilik, değerlendirme süreci, hassasiyet değerlendirmesi, değerlendirme zorlukları

Sensitivity Review of Public Records: Theory, Process and Challenges

Abstract

Public records are of vital importance for the preservation and transmission of the national memory to future generations. Since these records may contain sensitive information relating to issues such as national security, international relations or privacy, those with archival value should be managed correctly and the procedures should be carried out meticulously. This process, called sensitivity review, covers archive/archival records containing sensitive/personal information. Sensitivity review, which is not in practice in Türkiye but falls within the scope of confidentiality, is applied by many national archive institutions and is a focal stage of the ‘appraisal’ process, which is one of the basic archive processes. Access controls, restrictions, closure decisions, and public access to records containing sensitive information are steps in this administrative process, which can be challenging in various ways. This study aims to provide a review of the theoretical framework, implementation process and challenges of sensitivity review as a focal process/step

Keywords

Sensitive information, confidentiality, appraisal process, sensitivity review, appraisal challenges

References

• Allan, Alex: Records Review. London: Cabinet Office, 2014.
• As sociation of Records Managers and Administrators: Glossary of Records and Information Management Terms (3. Baskı). Lenexa KS: ARMA International, 2007.
• Belen-Sağlam, Rahime, Nurse, Jason R. C. ve Hodges, Duncan. “Personal information: Perceptions, types and evolution”, Journal of Information Security and Applications, S. 66 (2022), 103-163.
• Birleşmiş Milletler Geliştirme Grubu. (2017). Data Privacy, Ethics and Protection. Guidance Note on Big Data for Achievement of the 2030 Agenda. https://unsdg.un.org/sites/default/files/ UNDG_BigData_final_web.pdf [Erişim tarihi: 31.03.2024].
• Borden, Bennet B. ve Baron, Jason R. “Opening up dark digital archives through the use of analytics to identify sensitive content”, 2016 IEEE international conference on big data içinde (s. 3224-3229), IEEE, 2016
• Bulut, Metin. “Özel Bir Hukuksal Koruma ve Veri Kategorisi Alanı: Hassas Kişisel Veriler”. Ankara Barosu Dergisi, C. LXXVIII, S. 3(2020), 99-150.
• Ceza Muhakemesi Kanunu ile Bazı Kanunlarda Değişiklik Yapılmasına Dair Kanun. T.C. Resmî Gazete (12.03.2024 -32487).
• Cook, Terry: The Archival Appraisal of Records Containing Personal Information: A RAMP Study with Guidelines. General Information Programme and UNISIST United Nations Educational, Scientific and Cultural Organization. Paris: Unesco, 1991.
• Čtvrtník, Mikuláš. “Closure periods for access to public records and archives. Comparative-historical analysis”, Ar chival Science, C. XXI, S. 4(2021), 317-351.
• Devlet Arşivleri Başkanlığı Hakkında Cumhurbaşkanlığı Kararnamesi (11 Sayılı Kararname). T.C. Resmî Gazete (16.7.2018 -30480)
• Devlet Arşiv Hizmetleri Hakkında Yönetmelik. T.C. Resmî Gazete (18.10.2019 -30922)
• Elliot, Mark., Mackey, Elaine. ve O'Hara, Kieron: The Anonymisation Decision-making Framework (2. baskı). Manchester: UKAN, 2020.
• Entrikin, J. Lyn. “Family Secrets and Relational Privacy: Protecting Not-So-Personal, Sensitive Information”, University of Miami Law Review, S. 74(2020), 781-897.
• Etzioni, Amitai. “A cyber age privacy doctrine: More coherent, less subjective, and operational”, Brooklyn Law Review, C. LXXX, S. 4(2014), 1263-1308.
• Fu le, Peter. ve F. Roddick, John. (2004). Detecting privacy and ethical sensitivity in data mining results. Proceedings of the 27th Australasian conference on Computer science-Volume içinde (s. 159 166), Dunedin: Australian Computer Society.
• Geng, Liqiang., You, Yonghua., Wang, Yunli ve Liu Hongyu: “Privacy Measures For Free Text Documents: Bridging The Gap Between Theory and Practice”, Tr ust, Privacy and Security in Digital Business: 8th International Conference Proceedings içinde (s. 161-173), Berlin Heidelberg: Springer, 2011.
• Henkoğlu, Türkay, Hassas Bilgi Varlıklarının ve Kişisel Verilerin Hukuksal Düzenlemeler ile Korunması ve Bu Kapsamda Üniversiteler İçin Bilgi Güvenliği Politikasının Geliştirilmesi, (Doktora Tezi), Hacettepe Üniversitesi, Sosyal Bilimler Enstitüsü, 2015.
• Henttonen, Pekka. “Privacy as an Archival Problem and a Solution”, Archival Science, C. XVII, S. 3(2017), 285-303.
• IFLA-ICA St atement on Privacy Legislation and Archiving (2020). https://www.ifla.org/publications/ifla-ica-statement-on-privacy-legislation-and-archiving/ [Erişim tarihi: 30.01.2024].
• International Council on Archives. (2012). Pr inciples of Access to Archives. Committee On Best Practices And Standards Working Group On Access. https://www.ica.org/sites/default/files/ ICA_Access-principles_EN.pdf [Erişim tarihi: 20.01.2024].
• Jaillant, Lise. ve Rees, Arran. “Applying AI to digital archives: trust, collaboration and shared professional Ethics”, Digital Scholarship in the Humanities, C. XXXVIII, S. 2(2023), 571-585.
• Jo Pugh, Mary: Providing Reference Services for Archives and Manuscripts. Ch icago: The Society of American Archivists, 1992.
• Johns, R. (2017). Appraisal and Disposal. https://silo.tips/embed/04-appraisal-and-disposal.html?sp=0 [Erişim tarihi: 20.05.2024].
• Johnson, Chris., Badger, Lee., Waltermire, David., Snyder, Julie. ve Skorupka, Clem. “Guide to Cyber Threat Information Sharing”, NISTS Special Publication, C. DCCC, S. 150(2016), 1-35.
• Kindt, Els J.: Privacy and Data Protection Issues of Biometric Applications. New York: Springer, 2016.
• Lemieux, Victoria. L. ve Werner, John. “P rotecting Privacy in Digital Records: The Potential of Privacy-Enhancing Technologies”, ACM Journal on Computing and Cultural Heritage, C. XVI, S. 4(2024), 1-18.
• Martin, Kirsten. ve Nissenbaum, Helen. “Privacy interests in public records: An empirical investigation”. Harv. JL & Tech, S. 31(2017), 111-125.
• Mathers, Josette. “Providing access to sensitive records: the Personal History Index (PHIND)”, Archives and Manuscripts, C. XXVIII, S. 2(2000), 58-70.
• McCardwell, Katherine: Intellectual Propoerty Concerns in Undocumented Corporate Collections – Case Studies in Archival Ethics, Chicago: Society of American Archivist, 2014.
• McCullagh, Karen. “Data sensitivity: proposals for resolving the conundrum”, Journal of International Commercial Law and Technology, C. II, S. 4(2007): 190-201.
• McDonald, Graham, A Framework For Technology-Assisted Sensitivity Review: Using Sensitivity Classification to Prioritise Documents for Review (Doktora Tezi), School of Computing Science College of Science and Engineering, Un iversity of Glasgow. 2019.
• McDonald, Graham., MacDonald, Craig. ve Ounis, Iadh. “Active learning strategies for technology assisted sensitivity review”, European Conference on Information Retrieval içinde (s. 439-453), Cham: Springer International Publishing, 2018.
• Moss, M. S. ve Gollins, T. J. “Our Digital Legacy: An Archival Perspective”, Journal of Contemporary Archival Studies, C. IV, S. 2(2017), 3.
• Narvala, Hitart., McDonald, Graham. ve Ounis, Iadh. “Sensitivity review of large collections by identifying and prioritising coherent documents groups”, Proceedings of the 31st AC M International Conference on Information & Knowledge Management içinde (s. 4931-4935), 2022.
• National Records of Scotland (2021). Guidance to the Form and Content of the Model Records Management Plan. https://www.nrscotland.gov.uk/files//record-keeping/public-records-act/Guidance_Document_v2.0_-_21_February_2024.pdf [Erişim tarihi: 21.04.2024].
• Naugler, Harold: The Archival Appraisal of Machine- Readable Records: A RAMP Study with Guidelines, General Information Programme and UNISIST United Nations Educational, Scientific and Cultural Organization Paris: Unesco, 1984.
• OECD: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, Paris: OECD Publishing, 2002
• Ohm, Paul. “Sensitive information”. Southern California Law Review, C. LXXXVIII, S. 5(2014), 1125-1196.
• Olusola Olajide Ajayi ve Temidayo Olarewaju Adebiyi. “Application Of Data Masking in Achieving Information Privacy”, IOSR Journal of Engineering, C. IV, S. 2 (2014), 13-21.
• Özdemir, Lale. “T he National Archives and the Lord Chancellor's Advisory Council on National Records and Archives in the freedom of information era”, Jo urnal of the Society of Archivists, C. XXX, S. 2(2009), 137-145.
• Pearce-Moses, Richard: A Glossary of Archival and Records Terminology. Chicago, IL: The Society of American Archivists, 2005.
• Photopoulos, Constatine: Managing catastrophic loss of sensitive data: A guide for IT and security professionals. Burlington: Elsevier, 2011.
• Ponemon Institute. (2017). 2017 Cost of Data Breach Study. Research Report. https://documents. ncsl.org/wwwncsl/Task-Forces/Cybersecurity-Privacy/IBM_Ponemon2017CostofDataBrea chStudy.pdf [Erişim tarihi: 31.01.2024].
• Poole, Alex H. “An ethical quandary that dare not speak its name: Archival privacy and access to queer erotica”, Library & Information Science Research, C. XLII, S. 2(2020), 101020.
• Public Record Office (2022). A guide to accessing ‘closed’ records. https://www.gov.im/media/1377168/20220725-accesstoclosedrecords-v1-2.pdf [Erişim tarihi: 13.03.2024].
• Redwine, Gabriela., Barnard, Megan., Donovan, Kate., Farr, Erika., Forstrom, Michael., Hansen, Will., John, Jeremy. Leighton. Kuhl, Nancy., Shaw, Seth. ve Thomas, Susan: Born digital: Guidance for donors, dealers, and archival Repositories, Washington: Council on Library and Information Resources, 2013.
• Reed, Barbara. “Reinventing Access”, Archives and Manuscripts, C. XLII, S. 2(2014), 123-132.
• Rukancı, Fatih., Anameriç Hakan. ve Başar, Alparslan: Arşiv ve Arşivcilik: Kuram, Strateji ve Uygulamalar. Ankara: T.C. Cumhurbaşkanlığı Devlet Arşivleri Başkanlığı Yayınları, 2021.
• Rukancı, Fatih – Hakan Anameriç ve Alparslan Başar, “Gizlilik”, Arşiv Terimleri, İstanbul, Devlet Arşivleri Başkanlığı Yayınları, 2023.
• Rumbold, John M. M. ve Pierscionek, Barbara K. “What are data? A categorization of the data sensitivity spectrum”, Big data research, S. 12 (2018), 49-59.
• Sa bah Al-Fedaghi. “How sensitive is your personal information?”, Proceedings of the 2007 ACM symposium on Applied computing içinde (s. 165-169), New York: Association for Computing Machinery, 2007.
• Sillitoe, Paul J. “Privacy in a Public Place: managing public access to personal information controlled by archives services”. Journal of the Society of Archivists, C. XIX, S. 1(1998), 5-15.
• Simitis, Spiros. (1999). Revisiting sensitive data. https://rm.coe.int/16806845af%3E [Erişim tarihi: 17.05.2024].
• Sloyan, Victoria. “Born-Digital Archives at the Wellcome Library: Appraisal And Sensitivity Review Of Two Hard Drives”, Archives and Records, C. XXXVII, S. 1(2016), 20-36.
• Stein, Zachary G. “Privacy in Public Archives: Managing Personally Identifiable Information in Special Collections”, RB M: A Journal of Rare Books, Manuscripts, and Cultural Heritage, C. XXII, S. 2(2021), 85.
• Society of American Archivists (2020). SAA Code of Ethics. Society of American Archivists, tarafından Şubat 2005'de onaylandı; Ocak 2012 ve Ağustos 2020'de gözden geçirildi. https:// www2.archivists.org/statements/saa-core-values-statement-and-code-of-ethics [Erişim tarihi: 19.04.2024].
• Şişman, Nazife: Mahremiyet, Hayatın Sırları ve Sınırları, İstanbul: İnsan Yayınları, 2019.
• Tekerek, Mehmet. “Bilgi Güvenliği Yönetimi”, KSÜ Doğa Bilimleri Dergisi, C. XI, S. 1(2008), 132-137.
• The National Archives (2012). Disposal scheduling. https://cdn.nationalarchives.gov.uk/documents/information-management/sched_disposal.pdf [Erişim tarihi: 23.03.2024].
• The National Archives. (2015). Ac cess to public records. https://cdn.nationalarchives.gov.uk/documents/information-management/access-to-public-records.pdf [Erişim tarihi: 24.04.2024]
• The National Archives. (2018). Gu ide to archiving personal data. https://cdn.nationalarchives. gov.uk/documents/information-management/guide-to-archiving-personal-data.pdf [Erişim tarihi: 15.02.2024]
• The National Archives (2019b). Pr ocedures for closure on transfer. https://cdn.nationalarchives. gov.uk/documents/information-management/procedures-for-closure-on-transfer.pdf [Eri şim tarihi: 12.03.2024].
• The National Archives. (2021a). Access at transfer – Sensitivity Review Overview. https://cdn. nationalarchives.gov.uk/documents/information-management/access-at-transfer-sensitivity-review-overview.pdf [Erişim tarihi: 03.04.2024].
• The National Archives. (2021b). Closure Periods. https://cdn.nationalarchives.gov.uk/documents/ information-management/closure-periods.pdf [Erişim tarihi: 10.05.2024]
• The National Archives. (2022). Redaction Toolkit: Editing exempt information from paper and electronic documents prior to release. https://cdn.nationalarchives.gov.uk/documents/information-management/redaction_toolkit.pdf [Erişim tarihi: 03.01.2024].
• The National Archives. (2023). Sensitivity Review. https://www.nationalarchives.gov.uk/information-management/manage-information/public-inquiry-guidance/sensitivity-review/ [Erişim tarihi: 27.05.2024].
• Thompson, E. Dale ve Kaarst-Brown, Michelle L. “Sensitive information: A Review and Research Agenda”, Journal of the American Society for Information Science and Technology, C. LVI, S. 3(2005), 245-257.
• Tipton, Harold F: Purposes of Information Security Management. Handbook of Information Security Managemen, CRC Press, 1998.
• Tough, Alistair G. “The Scope and Appetite for Technology-Assisted Sensitivity Reviewing of Born-Digital Records in a Resource Poor Environment: A Case Study From Malawi”, Editör P. Ngulube. Handbook of Research on Heritage Management and Preservation içinde (s. 175-182). Hershey: IGI Global, 2018.
• Transportation Security Administration (2008). TSA Management Directive No. 3700.4 Handling Sensitive Personally Identifiable Information. https://www.tsa.gov/sites/default/files/foiareadingroom/handling_sensitive_personally_identifiable_information_3700.4.pdf [Erişim tarihi: 20.02.2024].
• Whorley, Tywanna Marie, The Tuskegee Syphilis Study: Access and Control over Controversial Records (Doktora Tezi). Un iversity of Pittsburgh. Th e School of Information Sciences, 2006.