Once upon a time, I told someone that I was going to open a concession at an ARMA or AIIM Conference selling t-shirts with the phrase, "Image It All -- Let God Sort It Out". (If that hasn't been copyrighted, I'm copyrighting it right now.) Back in the day, it seemed like the records management solution du jour was simply to image everything. That thinking drove me insane. I could never understand why anyone would see logic or good business sense in taking dead records and imaging them for the sake of imaging them. "Oh, but we'll save so much money in records storage." Uh huh. If you're dumb enough to think that spending a couple hundred dollars to properly image and index a box of paper records is a good idea to save a couple dollars of annual storage cost, I'd like to open an imaging service bureau for you.
Well, today I continue to see various bloggers and pundits suggesting that applying proper records retention rules to electronic records is "too hard and complex", so just keep everything because "storage is cheap". If you think that is a good idea, I'm going to open up a legal discovery document review business, just for you.
I've had a couple small written disagreements with some pundits when I see these sorts of recommendations posted. They tend not to see it my way.
Now I suppose that if you can't get anyone in the organization to properly retain records and spoliation is an everyday occurance, you might feel that you have little or no choice but to keep everything. At least you're consistent. Your storage vendors will love you. Your outside counsel will alternately love and hate you.
But, in my opinion, organizations that defer making records disposition decisions should start setting money aside as a deferred liability on their books (accountants, please pardon my butchering of good accounting practice). Why? Well, sooner or later the company will need to migrate all those records. They will need to convert them in a manner that doesn't screw up the metadata. They will need to move them to cheaper storage. They will need to purchase more powerful search engines and search caching systems. And sooner or later, they will hit some litigation that will require a search through all of the documents and a physical review of all of the potentially responsive documents. That will take serious money because automated keyword and even context searches will reduce the volume, but a human being (generally a highly billed legal professional) will need to read the potentially responsive document to figure out if it is truly responsive. And the more stuff you start out with, the more stuff you have to look at once the search results come back.
Once upon a time, in the good old paper world of yore, we didn't create as many documents. But some people managed to become packrats just the same. And at some point, they simply ran out of space or were forced by the fire inspector to do something about the mess. Generally, that involved a dumpster or lots of records boxes. The pack rat was unhappy because sorting through the mess was time-consuming and the filing was beneath them. But the choice was made once the paper built up to a point where even the pack rat had to admit that there was a problem. Flash forward to the world today. While many organizations limit electronic storage, there always seem to be ways around the rules. The real problem, however, is that the storage takes place out of sight. It is invisible to the pack rat. And the pack rat perceives electronic storage as incredibly cheap -- terabyte hard drives go for less than $500 these days. So it is hard to convince the pack rat that something has to be done -- after all, they can usually find what they need after a little digging.
The other problem is that pack rat workarounds tend to involve offline storage -- CDs, DVDs, thumb drives, etc. When the company insists that the pack rat gets organized, the pack rat goes to Best Buy. A credit card swipe later and that pack rat has reduced his or her corporate storage requirements to zero. No real work is required. A few mouse clicks and everything is copied over to the portable media. And that makes the pack rat even happier because now he or she can take all their stuff home. In those days of yore, the pack rat was limited in what could be carried out of the building and the pack rat's spouse / significant other would tend to frown on a garage full of paper.
A pundit recently suggested that all email should be retained "forever". I challenged that. The problem is that at some point, someone (likely a bean counter)will realize that keeping spam, personal email, and unimportant emails ("let's do lunch!") is probably a real resource waste, so those things should not be kept -- and preferably should be deleted by the user. Well, that will require written rules about what should be kept and what shouldn't be kept. Then someone else will decide that some email really doesn't need to be kept "forever". So they will write some rules that suggest which items can be kept for briefer periods of time. Then someone else will be afraid that the end users are making bad decisions about what to keep and what to delete. Pretty soon you have a retention schedule again.
The ultimate solution is simply to teach people how to file electronic records and provide the user with simple tools to do their filing as quickly as possible. Users will need to make a decision as soon as they create or touch a new document / email. That touchpoint will need to last a matter of seconds. And that touchpoint will need to ensure that the user can quickly find what has been filed. That's a tall order, but one that I'd suggest will happen a lot sooner than waiting for God to get busy filing.
Thoughts and musings about issues that are at the edges of the Records and Information Management (RIM) profession.
Thursday, June 5, 2008
Wednesday, June 4, 2008
ATR: Records Management -- It All Used to be so Simple...
It's somewhat before 0800 EDT, it's raining and gloomy, and I'm sitting in the Red Carpet Club at LaGuardia Airport. My flight is at 1000 and is supposed to be on time. This is LaGuardia and I'm going to O'Hare, which is also rainy and gloomy. I rather expect a long day... As insurance, I've upgraded to a comfy seat for what will likely be a number of hours on the plane. (Which of course means everything will be on time and we'll arrive early.)
One of the cool things about my career is that it has been a continuous stream of learning opportunities. I have rarely felt like I had mastered everything. This past year has been no exception. It is challenging enough to take on a new job at a new company and have to learn all the players and the company culture, but add in to that whole new areas of focus. This does tend to keep you engaged in your job.
Anyway. I was at a seminar yesterday in Manhattan. The seminar, "The Intersection of Privacy, Retention and Discovery Obligations" was presented by CGOC. It was quite good and gave me a lot to consider.
To sum up some of what I picked up yesterday, I think the records management profession is at a very opportunistic inflection point. In the past year since I joined the Day Job, I've moved from the Law Department and just trying to work out the records management program to the IT department under the CISO and taken on Discovery and Forensics Support responsibilities. And there are more changes likely to come.
What I am experiencing is not unique. Records Management isn't just about retention schedules and filing systems anymore. That's the core, but there are other things that crowd into this space as well in many organizations.
The premise of the seminar was that the relationships between Records Management, Privacy, and Discovery (among several other areas of focus) are so strong that they need to be organized together. While most of the people in the audience reported that Records Management was organized under their company's Legal Department, there were a number of us reporting organization under IT. One speaker indicated that it is only logical for the CIO to actually have responsibility for all of the information in the company. In addition, the CIO tends to have troops in the field in many more places than the Legal Department, so the reach and opportunity to properly manage information is far greater.
So that is one data point to mull over. Another is that Records Management has to understand and have very close relationships with legal discovery processes and data privacy issues. The presenters at the seminar are seeing global regulatory trends which mandate that certain records must not be retained longer than necessary -- and that some regulations specify the maximum length of time that records can be retained. This is a fundamental change in our world. Historically, we have looked at a regulatory retention period as a minimum. Business need or some other reasonable internal need could trump the regulatory retention period and require that the record be maintained for a longer period of time. In addition, there are a number of pundits out there that advocate "keeping everything forever". (I'll rant on that later.) The reality is that in certain geographies, certain information will be required to be dispositioned under penalty of law. Now that clearly will be a challenge at times. For very large global companies, the IRS can be notoriously slow at resolving tax audits. Sometimes litigation takes forever. And sometimes regulations will simply be out of step with business requirements for certain information. But what this points to is a need for Records Managers to be aware of all of these issues and work hand in hand with experts in these areas.
The bottom line to all this is that Records Managers need to start looking beyond basic Records Management. If you are stuck in the file room or the records center and you aspire to do more, you will have to get out of those operational jobs. Build relationships. Learn more. Deliver more thought leadership in your organization. There may be times where the opportunities will come to you, but you also need to seek opportunity and demonstrate that you are conversant with these issues and be ready to take them on.
One of the cool things about my career is that it has been a continuous stream of learning opportunities. I have rarely felt like I had mastered everything. This past year has been no exception. It is challenging enough to take on a new job at a new company and have to learn all the players and the company culture, but add in to that whole new areas of focus. This does tend to keep you engaged in your job.
Anyway. I was at a seminar yesterday in Manhattan. The seminar, "The Intersection of Privacy, Retention and Discovery Obligations" was presented by CGOC. It was quite good and gave me a lot to consider.
To sum up some of what I picked up yesterday, I think the records management profession is at a very opportunistic inflection point. In the past year since I joined the Day Job, I've moved from the Law Department and just trying to work out the records management program to the IT department under the CISO and taken on Discovery and Forensics Support responsibilities. And there are more changes likely to come.
What I am experiencing is not unique. Records Management isn't just about retention schedules and filing systems anymore. That's the core, but there are other things that crowd into this space as well in many organizations.
The premise of the seminar was that the relationships between Records Management, Privacy, and Discovery (among several other areas of focus) are so strong that they need to be organized together. While most of the people in the audience reported that Records Management was organized under their company's Legal Department, there were a number of us reporting organization under IT. One speaker indicated that it is only logical for the CIO to actually have responsibility for all of the information in the company. In addition, the CIO tends to have troops in the field in many more places than the Legal Department, so the reach and opportunity to properly manage information is far greater.
So that is one data point to mull over. Another is that Records Management has to understand and have very close relationships with legal discovery processes and data privacy issues. The presenters at the seminar are seeing global regulatory trends which mandate that certain records must not be retained longer than necessary -- and that some regulations specify the maximum length of time that records can be retained. This is a fundamental change in our world. Historically, we have looked at a regulatory retention period as a minimum. Business need or some other reasonable internal need could trump the regulatory retention period and require that the record be maintained for a longer period of time. In addition, there are a number of pundits out there that advocate "keeping everything forever". (I'll rant on that later.) The reality is that in certain geographies, certain information will be required to be dispositioned under penalty of law. Now that clearly will be a challenge at times. For very large global companies, the IRS can be notoriously slow at resolving tax audits. Sometimes litigation takes forever. And sometimes regulations will simply be out of step with business requirements for certain information. But what this points to is a need for Records Managers to be aware of all of these issues and work hand in hand with experts in these areas.
The bottom line to all this is that Records Managers need to start looking beyond basic Records Management. If you are stuck in the file room or the records center and you aspire to do more, you will have to get out of those operational jobs. Build relationships. Learn more. Deliver more thought leadership in your organization. There may be times where the opportunities will come to you, but you also need to seek opportunity and demonstrate that you are conversant with these issues and be ready to take them on.
Labels:
discovery,
privacy,
records management,
records retention
Subscribe to:
Posts (Atom)