Economic risks to sustainability (revised)

13 Sep

(Draft 6)

Much effort has been put into digital preservation and curation as technical problems, and to addressing the technical risks. But apart from the Task Force, there has been little addressing curation as an economic problem. As Brian Lavoie has said “Even the most elegant technical solution is no solution at all if it is not economically sustainable”. Part of ensuring sustainability is addressing the economic risks.

Before discussing economic risks as such, it is worth rehearsing risk terminology. This is based on the ISO/IEC Guide 73[i]. The common language we use to discuss risk is ambiguous and confusing; in particular, the word “risk” is used in two different senses. It can mean simply the probability that something might happen (eg “there is a high risk of fire”). But in common speech “risk” is also extended to include the impact (eg “jaywalking is a big risk”, “nuclear power is too risky”, etc). To be clear, we aim to use the term “risk” as a combination of likelihood (or probability) and impact.

Broadly, risks are possible events that have likelihood and impact or outcome. It is wrong to think of risks as always being bad: impact or outcome can be positive or negative. Economists refer to a risk with a positive outcome as an upside risk; conversely a risk with a potentially negative outcome is a downside risk. We take an upside risk when we invest in something (whether with money or personal time or effort), which is exactly what someone has to do for sustainable archives or information services! We must take risks; if we are too risk-averse we will stay in bed all day and die of bed-sores.

How do risks apply in this context?

In the context of economically sustainable digital curation, risks could affect many different aspects. Assuming some sort of service for the management or curation of digital assets over time, risks could affect

  • The entire service
  • All or some digital assets in the service
  • The creation of the service
  • The continuation of the service
  • The termination of the service
  • The succession or transformation from one incarnation of the service to another, whether in succession or in parallel, eg through the handoff process (including legal and other agreements), through migration of the assets, identifiers etc, through revised technology for the underlying service, or new owners or policies
  • The quality of the service.

This list is inclusive rather than exhaustive.

The economic lifecycle implies risks at various points, but particularly at the stage labelled “problem?” [to be re-labelled “risk event”?]. Effectively, economic risks will most likely come into play when significant changes are expected, for example to the cost structure (where cost may include effort, time etc as well as money) or to the underlying resources. As such they are more likely to apply to the whole service rather than part of it, although economic risks could arise where a sub-collection needs expensive or difficult treatment, and there is uncertainty on whether its value justifies that work.

Examples of economic risks include:

  • Changes in funding priorities, such as decisions by the National Science Foundation to spend a bit less on basic research and a bit more on ensuring data from earlier research becomes and remains re-usable[ii].
  • Inability to gain sufficient audience share to attract adequate advertising revenue to sustain the service (a factor in the closure of some social networking sites).
  • Unwillingness to provide sufficient initial staffing support to build a service strong enough to get a critical mass of content (a factor reported in the low success and subsequent management neglect of some Institutional Repositories).
  • Unwillingness to provide an exit strategy, handoff mechanism or even adequate resource extraction capability (applicable in the failure of some social networking sites).
  • Publisher takeover or merger with subsequent review of title coverage leading to journal closure.
  • Inattention of editors to the basics, as in the vanished Internet Journal of Chemistry[iii].
  • A technical risk compounded by an economic risk would include failure to specify for a website redesign that all URIs must continue to be resolved (much more expensive post hoc than prior).

What kinds of things are affected by economic risks

The Task Force report suggested:

“The 5 conditions required for economic sustainability are:

  • recognition of the benefits of preservation by decision makers;
  • a process for selecting digital materials with long-term value;
  • incentives for decision makers to preserve in the public interest;
  • appropriate organization and governance of digital preservation activities; and
  • mechanisms to secure an ongoing, efficient allocation of resources to digital preservation activities.”

Any of these conditions could be affected by economic risks. For example:

  • decision-makers change, and policies can change over time, meaning that benefits once recognised may become deprecated (eg de-funding of AHDS[iv])
  • value perceptions, including returns on investment, tangible versus intangible value, differing “currencies” of value (versus cost), and the problem of public good versus private good are all susceptible to re-interpretation
  • perceptions of long-term value are not enough on their own, and selection processes are never final; there is often a hidden “value for money” proposition that can come in to play if resources become too tight, or the resource demands of part of a collection (perhaps for technical preservation reasons) become too great
  • where rights are owned by different parties than those interested in preservation, the incentives to act in the public interest may be out-weighed by the downside risks of market erosion
  • where organisations would need to spend resources on curating digital assets, but receive no direct return for use of those assets by others, they may need incentives to act
  • achieving balance in governance arrangements between public and private interests can be threatened by economic conditions [???]
  • all resource allocation mechanisms are subject to risk over time, including not only funding and staffing, but also volunteer effort and so on.

Since a sustainability case is particularly hard to build where the costs are real but the returns are non-financial, sustainability can be greatly affected by perceptions of value. Attempts have been made to express value of curatorial efforts in financial terms (for example the British Library carried out such an exercise a few years ago[v]), but they are not necessarily convincing either to a hard-nosed accountant or to those who see value in more societal terms.

However, being able to make a strong value proposition that is persuasive to relevant decision makers will be critical in addressing these risks.

Risks might include

  • Value issues: uncertainty of value, or “soft” value; insufficient value, or poor return on investment (however calculated); maintaining perception of value; or ensuring usable incentives
  • Selection issues: where selection does not match demand; unmeasured demand, or uncertain future demand (or on the up-side, excessive demand causing server problems)
  • Rights issues: many, including orphan (unknown) rights; legal dispute on rights; rights needed but not available (eg request for rights denied)
  • Organisational issues, including political/policy change.
  •  Resource issues, eg getting sufficient initial investment, or sufficient continuation resources, or getting resource timing right, AKA “cash flow”

Risk treatments

There are at least 4 things you can do about risk. They include:

  • Risk avoidance: stop the activity with the risk (eg only preserve PD material)
  • Risk reduction/mitigation: lower probability (eg improve procedures) or lower impact (eg get multiple resource streams)
  • Risk transfer: pass risk to another party (eg insurance!)
  • Risk acceptance: recognise the risk but decide to live with it.

It is sensible to do a risk assessment when deciding how to respond to risks. These can be extremely valuable. One approach would be to use the ISO 27000 series on information security (bearing in mind the added dimension of time) or the ISO 31000 series on risk management. These are expensive standards however: freely available alternatives are now available (eg an older “standard”[vi] from IRM and a response to ISO/IEC 31000 from a group of risk management organisations[vii]).

Risk avoidance

Some organisations are extremely risk-averse, and are unwilling to expose themselves to any significant risks. As this section has mentioned, risk is unavoidable in organisations as in life; however, assessing the possible impacts and the likelihood of them occurring (a risk assessment process) is sensible. An example of a class of works that carries in-built risk would be orphan works. These are works whose rights-owners cannot be traced even after reasonable effort. Legally, making these available or even carrying out some preservation actions could be viewed as copyright violations, so this does become an economic risk. Risk avoidance in this situation would be implementing a strict policy of preserving and/or making available only resources whose rights-ownership status clearly allows this. (The reality of this risk is shown by legal action taken in 2011 against HathiTrust and 5 universities by various authors’ organisations[viii].)

The example above also suggests that preserving only public domain works, or even deciding that making the resource a dark archive (not making available to the public at all) could reduce risk even further.

As should be clear, risk avoidance tends to result in reduction in capability and/or value of the resource, which must be balanced against the reduction in risk.

Risk reduction or mitigation

Once the more serious economic risks are identified, and a decision has been taken that the risks cannot be avoided, then if possible steps should be taken to reduce or mitigate those risks. This approach would be needed even if taking a positive risk, so one would include a risk section in any business plan.

There are two approaches here, preferably to be used together but if necessary in isolation. These are to reduce the likelihood of the risk event occurring, and to reduce the effect or impact if it does occur.

  • For example, if the risk is loss of trust by depositors or users, then improving procedures or undergoing some quality assurance process (such as the Data Seal of Approval[ix], for example) would reduce the likelihood of this happening.
  • Value perception risks might be mitigated from two directions: by ensuring that the cost base is as low as possible (decreasing the divisor in value for money discussions), and ensuring that outputs and outcomes have value and are seen to have value from the points of view of both the user community and decision-makers.
  • Where there is doubt about future value, then an upside risk might be to carry out an option strategy: make an interim selection but spend little resource in doing so, expecting to spend more resource on making available if demand materialises. For example, movie studios now retain more out-takes and material previously discarded, which is packaged with DVDs to provide further sales opportunities.
  • Demand risks could be tackled not only by ensuring the value proposition is clear and known, but also by engaging with potential users. It is also important to keep evidence of demand in ways that can be queried later.
  • Rights risks can be tackled by a combination of appropriate advice, soundly-based policies, licences and disclaimers, and prompt action when appropriate. They might also be addressed by incentives to the rights-owners.
  • Political/policy risks are difficult to anticipate, and too often are driven by dogma rather than evidence. They might be addressed indirectly through the value and demand risks mentioned above. Note, these three risks suggest that a sustainable service needs to get its value message across, and this implies something akin to a public relations role as a key element.
  • Resource risks might be mitigated by developing multiple funding streams; this helps reduce the impact if one stream were to dry up. It is possible that multiple funding streams might also increase funder confidence and reduce the chance of ending support (that was certainly suggested as one reason for the survival of the Archaeology Data Service when AHDS lost its funding, given the ADS’ other funding streams, eg from developers.

Risk transfer

The common approach to risk transfer is to take out an insurance policy (transferring the risk to the insurance company in exchange for a premium; the insurance company aggregates the risk and aims to be able to cover that proportion of them that do occur). There are insurance policies that cover economic risks, but we do not know of any that might be applicable to archives and data services, other than legal protection.

An important form of risk transfer is to simply transfer an activity to another organization. So the arrangements that publishers have with Portico[x] or CLOCKSS[xi] are essentially risk transfers, because they are transferring the responsibility (and therefore the attendant risks) of digital curation to other organizations. This is an example where risks were misaligned between the rights owners and the preservation services, but the rights owners have an incentive to enable trustworthy preservation due to the demands of their large academic library customers.

Risk acceptance

Let’s emphasise again that the last of these, risk acceptance, is essential if you are even to run an archive or data service. Someone has to take the risk of starting this up and continuing it. If you’re sensible, however, you will certainly put in place some risk transfer and/or mitigation. Among other things, you should try to ascertain best practice for your kind of service. And part of the point of this reference model on economic sustainability is that you should also pay attention to expressing the value and impact of your service, and making sure this message gets through to the key decision-makers.

Another example of risk acceptance would be to decide that you will archive (and perhaps make available) orphan works (described above). It would be sensible to include some risk reduction or risk transfer such as developing (and implementing) a takedown policy, and perhaps reserving some resources or taking out insurance[bfl1] . To an extent then, risk acceptance is orthogonal to risk treatment and risk transfer; where we accept a risk, we generally try to do something to reduce, mitigate or transfer it, and only rarely accept it without further qualification.

Report recommendations table vs risk TBA…

Up to Table of Contents


Replaced by?

[i] ISO/IEC. (2002). ISO/IEC Guide 73:2002 Risk management — Vocabulary — Guidelines for use in standards.

[ii] NSF. (2007). Cyberinfrastructure Vision for 21st Century Discovery. Arlington, Virginia: National Science Foundation. Retrieved from

[iii] Bachrach, S. M. (ed). (n.d.). Internet Journal of Chemistry. Retrieved from

[iv] AHRC. (2007, January). AHRC reshapes its funding of ICT research. Press releases. Retrieved from

[v] BL. (2004). Measuring our value. London. Retrieved from

[vi] IRM. (2002). A Risk Management Standard. Retrieved from

[vii] AIRMIC, Alarm, & IRM. (2010). A structured approach to Enterprise Risk Management ( ERM ) and the requirements of ISO 31000 Contents. Retrieved from

[viii] Authors Guild. (2011). Authors Guild, Australian Society of Authors, Quebec Writers Union Sue Five U.S. Universities. Authors Guild Blog. Retrieved from

[ix] DANS. (2008). Data Seal of Approval. The Hague: Data Archiving and Networked Services. Retrieved from

[x] Fenton, E. (2006). Portico: An Electronic Archiving Service. iPres 2006. Retrieved from

[xi] CLOCKSS. (2008). A Trusted Community Governed Archive. CLOCKSS Overviews. Retrieved from

 [bfl1]General comment: It would be nice to take some of the recommendations in the BRTF report and slot them in their appropriate category in the risk treatment framework. That would be a nice tie-in to the final report.


Comments always welcome, will be treated as CC-BY

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: