Ask a person at any given time in their life how they define authentic and you’re likely to get as many different responses as the people you ask. A young parent will likely say that a child’s smile, when given freely, is authentic. Or, Hunter S. Thompson’s blisteringly direct response to a journalist interviewing him in connection with Watergate, one of many quotable moments in a life that arguably defined authentic:

Journalist: What part of the Watergate were you in? Thompson: I was in the bar. Journalist: What kind of a reporter are you, anyway, in the bar? Thompson: I’m not a reporter, I’m a writer.

Genuine, entertaining and authentic. But defining authenticity beyond these anecdotal asides is actually challenging and complex. It is especially difficult when trying to define in terms of records management. But because records management and discovery play such tightly integrated and interrelated roles, it is incumbent upon all information governance professionals to frame and codify a definition of authenticity that meets legal and regulatory mandates. Simply put, a record is considered authentic when it can be proven that it is what it purports to be and is free from manipulation. This is a fine definition but it doesn’t help us to understand how we can actually prove its authenticity. Having Joe or Jane Records Manager raise their right hand and swear to the Almighty that the documents before them are authentic may provide a minimal level of authoritative attestation but with the messiness of unstructured data hanging out with structured data and databases comingling with other databases and applications upon applications containing millions of documents with just as many versions and renditions, well, you get the idea. Couple these challenges with the interoperable layers of data-in-use, data-in-motion and data-at-rest and the task for legal and IT professionals becomes almost overwhelming. You need something cleaner, more precise, more objective in which to help prove that what you say is an authentic record is actually an authentic record. Records authenticity has been a consistent theme in records management forever but it gained traction as a front-burner issue in the mid-late 1990s when three major universities and the U.S. Department of Defense developed conceptual models and requirements to define records authenticity. Drawing from this research, a UCLA paper in 1999 attempted to organize the previous research and apply structured contextual analysis. These efforts culminated with the formation of the InterPARES Project  (International Research on Permanent Authentic Records in Electronic Systems), which is now in its 10th year focusing on long-term preservation of authentic records that meet legal, regulatory and organizational requirements. InterPARES is devoted to defining records authenticity but even more broadly to provide a framework by which best practices, information governance strategies and operations can be designed and developed in a manner consistent with preserving authentic records and giving the user community the tools to trust the records authenticity. As any CIO, CCO, Records Manager or other compliance and information management professional will tell you, managing complex sets of data across multiple repositories, databases and applications can be daunting even without considering authenticity. But in today’s e-discovery climate it is vital to an organization’s well being to be prepared for litigation. Enter technology. Even just a few years ago it was difficult, if not impossible, to authenticate electronic data. At any given stage in its life-cycle, the data could have been altered whether on a maliciously intentional basis or on an accidental, migratory basis. Discovery efforts to determine a record’s authenticity as fact-based evidence proved costly and time consuming. To address these concerns information governance software is now being developed with the application of hash algorithms. This electronic fingerprint provides a unique identifier to that particular record and stores it as such in the database. During any access (download, export, etc.) the hash of the actual record is compared to its original value from the database. This technology has evolved to the extent that it is transparent to the end user except at such time when a record’s authenticity is called into question. Automatic stop actions and lock downs support an administrator’s desire and need to preserve authentic data and document when breaches of security have occurred. Additional workflow notification processes can be queued to alert both user and administrator of the anomaly after which proper action can be implemented. With heightened focus on transparency, requirements for litigation and regulatory compliance this evolution in technology can supplement a sound information governance strategy and give IT professionals and legal practitioners the additional ammunition they need to structure their organization’s data in a manner consistent with their legal, regulatory and organizational responsibilities.