Off the Record: Information and Data Sharing

/ September 4, 2025
A vinyl record on a blue background with the words Off the Record and the TSLAC logo in white.

Welcome back to our occasional series “Off the Record,” a curated collection of articles we found interesting on a broad range of topics, some which are directly related to records management and others which might share common themes.

No, we didn’t write these articles—hence the name of this series, “Off the Record”— but, fortunately, we didn’t need to in order to share the knowledge with our subscribers.

These articles about information and data sharing caught our eye, because it can be extremely beneficial for entities to externally share their information as though they are within the same entity. For example, imagine how much time, and therefore money, would be saved if a business owner submitted the form to renew their liquor license to their city’s office without having to email the form to the Texas Alcoholic Beverages Commission (TABC), and TABC instantly saw the form. Imagine now if the local government and TABC were only able to see the information that they actually need, and the form was only viewable by approved staff within both entities.

This is a pretty exciting opportunity in our modern records management world; however, just like everything else, there are definitely precautions! This includes, but is not limited to, ensuring that only authorized members from authorized entities have access to the information, limiting this to only the information they actually need, determining who are the records custodians and keeping in mind the record’s retention period, and vetting any vendors who will store the information. TSLAC’s article, Considerations for Data Implementation, list questions that we ask vendors before they have access to our information.

We caught 4 more states sharing personal health data with Big Tech — Cal Matters

Data trackers have become commonplace when navigating websites, often collecting information on the user for purposes such as marketing. That use comes into conflict when information designated and meant to be private through advertent or inadvertently gets collected by third parties. The article outlines an investigation into 19 state-run health care websites to see where the private health care information was sent to in the entities codes and how the entities would remedy it. The findings showed how the personal identifiable information (PII) from health conditions to prescriptions to doctors names were sent to third parties such as Google, LinkedIn to Snapchat by trackers or cookies that may not be in line with the Health Insurance Portability and Accountability Act (HIPAA), and that the state’s in charge of the health care sites claim they were not aware of the specifics of the configuration of the codes used to operate the sites. To find out what the response to this conflict and the legal questions it brings up check out the article.

-Anne Poulos

Pro Tip: If using the list of questions that TSLAC ask before sharing their data, make sure to update the list of questions based on the type of information that will be collected and shared. e.g., with this recent article, we would want to add questions that ensure the process meets HIPAA requirements.

How one state overcomes barriers to better share public health data — Route Fifty

This article provides an example of how data sharing can lead to positive outcomes, including literally saving lives! This article does a great job at providing guidance based on what the government entities have learned from their data sharing experience.

TSLAC wants to mention that if your government entity does decide to implement a similar concept, your government entity will want to remain aware that they are still responsible for protecting the records and information as though they are the sole custodian of both. This is why it is critical to understand what your government entity’s weaknesses and strengths are before taking advantage of something so modern. Ensure this is truly something feasible and secure for you and all others involved. The more you understand your limitations and strengths, the more prepared you will be to implement a workflow that protects your data.

-Rebecca Hanna

Like it?

Related posts