Tuesday, September 21, 2010

ATR: The Future of Records Management

I've had several opportunities for a lot of introspection recently. My own role has radically changed over the summer. I'm backing away from records management and now run a team that I call "Information Governance". The focus is really on the protection of information. My team writes our information security policies, we keep an eye on data privacy, we audit SOx compliance for IT, we do security risk assessments, and we do computer forensics. Oh yeah, records management, too. It is a unique opportunity and a broad spectrum of governance activities. I'm again drinking from the fire hose and thinking... a lot... about how to make this group make good business sense to the company.

As I go through this process, I had occasion to look at extending an offer to our summer intern to work for us full time after he graduates next year. That causes me to make sure that the path we will take him down is personally rewarding, as well as a role that truly adds value to the company. I had dinner with a long time ARMA colleague and we talked at length about the profession and the Association and where it is heading. One of my staff has had an opportunity to step outside his comfort zone and enter a totally new professional focus as a leader and talking to him about his interests and capabilities gave me pause. I'm also speaking as a part of the Fellows forum at ARMA on just this topic and wanted to start sorting my thoughts out. Lastly, a dear colleague shared some of her musings online and those thoughts also set my head into a noodling mood.

As I look at our profession, I continue to wonder if it will exist a few years down the road. Is it truly a profession? Nearly 20 years ago, as a wide-eyed youngster in the profession, I was asked to participate in writing the Code of Professional Responsibility. At the time, we felt it was another step on the road to being recognized as a profession. But along the way, we seem to have lost focus on professional practice. The window to properly deal with email opened and closed. We records managers tried to manage it by insisting that email be printed and filed as in the old days. Like many Japanese-held islands in the Pacific during WWII, we were quickly bypassed. The inability of our profession to come to grips with the explosion of electronic records will spell the doom of the profession. In many organizations, that omission has made us irrelevant. If you look at two of the "hot" topics in technology, cloud computing and smart phones, we're seldom found. Google and the other cloud providers ignore retention as we know it and most organizations have no way to deal with records created on mobile technologies.

We can talk about the need to properly retain information, but there is so much accumulating and so little time and resource to manage it, that information just gets piled up and shunted into cheap storage. I fear the day when there is a significant judicial ruling punishing a company for diligently attempting to, yet failing to, manage electronic records in a manner satisfactory to a judge. The real fear there is that the judge will suggest that the company should have just kept everything if it couldn't have a completely compliant program. I see hints of that sort of thinking in a lot of places. It is what Google suggests to customers.

The failure is that we have focused on the tactics that won the last war and we have not adopted new strategies to win the next war. We continue to be drawn into debates about tactics and not ones that are about strategy. We fail to deliver meaningful value to the business. Yes, those are significant indictments of our profession.

Part of the problem comes down to simple constraints of a profession that rarely has members reach significant management status. The cardboard ceiling is very real. That lack of status means lack of visibility and influence. It means lack of buying capability and power and that means lack of market influence.

We are also fundamentally challenged when it comes to technology. I can't recall how many times I have stood in front of an ARMA audience talking about something in technology and the majority of the audience not only were unaware of the issue -- they were unaware of the technology of which I spoke. And many had no desire to try and deal with the issue. This vacuum has allowed IT professionals into our tent. IT is becoming more about the information and less about the technology. Recently, a senior IT executive told me that she wanted to be out of the "infrastructure" business and more into the information business -- finding ways for IT to help the business use and manage information. I would submit that information utility and utilization will drive retention periods more than any law that is passed.

The days of thousand line item retention schedules are over. I'd further suggest that the days of one hundred line item retention schedules are over. The end user in most organizations can't deal with more than four or five choices and likely would prefer that the decision about retention be made automatically.

So where does that leave us? Clearly, most records managers will have little opportunity for advancement. Those who do advance have great foundations to cover a broad spectrum of information issues. They can translate between IT and Legal. They can listen to the business. They can think creatively while setting bounds for new ways of managing information. But these opportunities will likely come along for a small subset of the profession. It will take a lot of personal effort, and a whole lot of right place and right time luck for many to progress.

A healthy dose of realism is required for us all. The days of starting in the file room and getting promoted into managing the records management department with 40 staff are likely gone from most organizations. The file room is a commodity to be outsourced. The records center, likewise. Imaging, the same. Microfilm, yep, a commodity. Certainly, there are pockets of records management work that will stay in house for economic or control reasons. But the base of records management will shrink. At the same time, higher end positions will likely come to the fore as adjuncts of litigation functions or compliance departments. Unfortunately, those positions will require education, deep communications skills, and significant business sense. You don't get that with a high school diploma and command of the alphabet.

I've argued here and on the Records Management Listserve that people need to "show their work". It disturbs me that so much of what we do is not footnoted or referenced. There is no standard "body of knowledge". We have much to do, folks. Handouts, opinions, and no real standard vocabulary and method do not a profession make.

So where does this leave ARMA, AIIM, and the profession at large? The opportunity for these professional organizations is that there are no other organizations out there who can step up and lead the records management profession into the future. The challenge is hooking the right people with the right message and the right skills and tools to meet the needs of information management broadly. That requires vision and the ability to build on the past without remaining anchored by the past. It likely means moving away from the old core constituencies. This is hard to do. ARMA started down that path a number of years ago and mangled the change management. But change and growth are necessary for survival. Maybe ARMA's GARP initiative is the hook and the opportunity. But that will take a lot of push and a few breaks along the way.

I'll keep thinking about this topic more as we get closer to San Francisco.

9 comments:

John Annunziello said...

Patrick....Good comments. I look upon records managers as information managers now. The fact that you call your team "Information Governance" is a sign of the times.

We need to fight the battles we can win. Too often we want to tackle all aspects of RIM such as social media where clearly there really are no answers to manage these tools effectively. That being said, we shouldn't give up. We recently developed an email policy that "actually works". If you asked me years ago if this was possible, my answer would be emphatically "No!!"

We as RIM's need to continually change. We can't be stagnant. We need to read lots and stay informed about current trends and technology. I'm very fortunate in the fact that I am able to work from home two days a week and it is during this time that I get a lot of my reading done.

Is managing RIM getting any easier? Of course not, but RIM professionals still possess needed skills within any organization. We can't have status quo in performing our duties.

RIM is a field that continues to evolve and will well into the future. Is this the end of our profession? I don't think so. After all " "Information is a corporate, strategic asset that needs to be managed". Keep this in mind. An asset is something of value to an organization and assets are retained.

Chris Hohman said...

Patrick, excellent summary of your "noodling." I have also been searching for the direction of all things RIM.

I am a part of this community from many different angles, one of them being a board member of my local chapter. I find it interesting that many times members feel the need to say things such as "don't forget your paper records, we still manage paper records." As a newer member to the RIM community, I don't think in terms of paper versus electronic, I call it all "information." There is definitely a shift in thinking for those who have more recently entered the profession.

Please continue to share your evolving thoughts!

TC said...

I agree wholeheartedly with you Patrick. As a RIM consultant who works with mostly large, well known clients, I have over the past few years been preaching in the same vane you are writing.

If you truly want to help your employer/client, you need to think about the records/information and what it means to them. With the advent of data warehousing and business intelligence comes questions that go beyond the requirements of legal, regulatory and historical points looked at in creating retention schedules. The business and functional needs now can extend the utility and hence the retention of records/information a great deal. This creates a need to be a better requirements gatherer when updating the schedules.

This brings up another point you touch on, the RIM professional's place in the organization, mobility and ability to communicate. In order to be a good requirements gatherer the RIM pro needs to be visible and communicate with all parts of the organization. This includes being able to get middle-management in parts of the organization to articulate the true needs they have for the particular bits of records and information beyond the typical answers of "Just because" and "Just in case."

Schedules must shrink in order to ease the burden on the front-line employees as well as the IT pros, all who are involved in getting the records/information into the right categories for retention and use.

No sooner did I become a records manager, my employer (a municipal government) began to discuss topics such as bringing e-mail to employees desktops, and mobile terminals to its police cruisers, and I got a seat in the back of the room (not at the table yet) at the IT steering committee meetings, and began to tell them that there were rules about the capture and retention of the associated records. By this time I had already joined the Records Management Listserv (good move) and had access to the internet (AOL style) via a dial-up modem at the office, and had experience as an end-user in my previous positions in City Hall in providing requirements as we had gone through the process when upgrading our permitting system and before that in assessing and improving the quality of data.

Tools such as ISO 15489 and GARP are there for us to use to help our employers/clients and give credibility to the profession. We must use them and build more and keep them accessible.

This is an important discussion and I will see you in San Francisco to continue it.

TC said...

Sorry - Previous post did not identify me well.

Tod Chernikoff, CRM

Larry Medina said...

As always, a very thoughtful post.

One thing to keep in mind is how you got where you are and how your perspective is influenced by that. The decision to 'include records management' in what your present group does shows the relevance isn't gone.

Many elected (some a LONG time ago) to elevate our skills, embrace technology and work to improve access to information through new methods and procedures as records took new forms.

Success depended in part on methods chosen to demonstrate the value of information. In some cases we were successful in convincing them... but in others we were not.

What was once all produced by hand, typewriters, in postal mail, or from other 'physical sources' was now created digitally.

By encouraging the need to manage records of transactions and agreements, decisions, directions to others, or legal opinion, some understood format wasn't the issue- CONTENT was. An organization's records are required to be retained for specified periods of time by regulators, statues or laws.

In the future, we may see fewer cases where sanctions or penalties for failure to retain things, or for what may be viewed as selective retention rather than 'keeping everything'. But I'm not necessarily convinced of this. I believe "what's past is prologue" and we've seen cases of this in business.

It seems things your group does are re-branded terms for things done with physical records for years.

Forensics? We did that. Something existed and you need to find it- now you scour a hard drive or server; before you searched file cabinets and checked logs for the last remaining copy.

Compliance? Did that too. Requirements exist to keep things based on legal, statutory, regulatory or business needs. A legal battle creates the need to discontinue destruction of impacted information, you issue holds and inform staff of the requirements.

Have all RIMs been successful in influencing policy for managing information in electronic formats, like e-mail, voice, messaging, or other forms of communication? Nope, few have. But we may have informed management of the need to establish systems for items meeting the organization's definition of a record. And we may have given them examples of judgments issued against others for failing to institute practices compliant with policy. But they made business decisions to take the risk for the potential consequences for failing to do so.

Business support functions (records management, compliance, information management, information compliance, IT, even legal) can't force a business to make decisions. All we can do is suggest practices are inconsistent with existing policies, or guidance provided by those who regulate the 'business of the business'. Senior Management decides their level of risk tolerance.

Will this profession disappear or become marginalized? If we allow it to, maybe it will. Those who have seen the writing on the wall (as old as cave paintings) have chosen to evolve, but are not giving up what we know because there will ALWAYS be a need for it.

We may become specialists, but fewer people are learning what we learned and more of us dropping out of the talent pool due to age or other reasons.

I will continue to proudly refer to myself as a Records and Information Manager. That is until I can get my employer to accept me as an Information Asset Manager =).

Larry Medina said...

As always, a very thoughtful post.

One thing to keep in mind is how you got where you are and how your perspective is influenced by that. The decision to 'include records management' in what your present group does shows the relevance isn't gone.

Many elected (some a LONG time ago) to elevate our skills, embrace technology and work to improve access to information through new methods and procedures as records took new forms.

Success depended in part on methods chosen to demonstrate the value of information. In some cases we were successful in convincing them... but in others we were not.

What was once all produced by hand, typewriters, in postal mail, or from other 'physical sources' was now created digitally.

By encouraging the need to manage records of transactions and agreements, decisions, directions to others, or legal opinion, some understood format wasn't the issue- CONTENT was. An organization's records are required to be retained for specified periods of time by regulators, statues or laws.

In the future, we may see fewer cases where sanctions or penalties for failure to retain things, or for what may be viewed as selective retention rather than 'keeping everything'. But I'm not necessarily convinced of this. I believe "what's past is prologue" and we've seen cases of this in business.

It seems things your group does are re-branded terms for things done with physical records for years.

Forensics? We did that. Something existed and you need to find it- now you scour a hard drive or server; before you searched file cabinets and checked logs for the last remaining copy.

Compliance? Did that too. Requirements exist to keep things based on legal, statutory, regulatory or business needs. A legal battle creates the need to discontinue destruction of impacted information, you issue holds and inform staff of the requirements.

Have all RIMs been successful in influencing policy for managing information in electronic formats, like e-mail, voice, messaging, or other forms of communication? Nope, few have. But we may have informed management of the need to establish systems for items meeting the organization's definition of a record. And we may have given them examples of judgments issued against others for failing to institute practices compliant with policy. But they made business decisions to take the risk for the potential consequences for failing to do so.

Business support functions (records management, compliance, information management, information compliance, IT, even legal) can't force a business to make decisions. All we can do is suggest practices are inconsistent with existing policies, or guidance provided by those who regulate the 'business of the business'. Senior Management decides their level of risk tolerance.

Will this profession disappear or become marginalized? If we allow it to, maybe it will. Those who have seen the writing on the wall (as old as cave paintings) have chosen to evolve, but are not giving up what we know because there will ALWAYS be a need for it.

We may become specialists, but fewer people are learning what we learned and more of us dropping out of the talent pool due to age or other reasons.

I will continue to proudly refer to myself as a Records and Information Manager. That is until I can get my employer to accept me as an Information Asset Manager =).

Nicky "D" said...

Pat,

As always, well said. I love it when we challenge the status quo, say the unpopular thing, and push the porfessionals that are passionate about this professional.

You and I have spoke about this and I can guaran-damn-tee you our dialog is at the core of the message that I hope to convey in the keynote. The time to look forward, not backward is here.

As you well know, I need to watch my "P's" and "Q's" ... at least until 7/1/2011 but I applaud your message and plan to reference this and some of our dialog in my message. You are a far better statesman than I my friend (and I will show my work, as well as give credit where it is due - I have learned an incredible amount from you and continue to do so!)

I knew it the first time I heard you speak circa 2000 at a Great Lakes Leadership Conference that you possess a trait I have always admired my friend... VISION!

Keep up the noodling, rants et. al.


Nick

Homer Hoff said...

I'm so glad that these concerns are being grokked at the higher levels of the industry (as evidenced in both the post and in comments). That maybe gives us a chance.

Perhaps we're on the verge of revolutionary change in IM as opposed to evolutionary. Small "i", small "t" information technology is far ahead of the game - we can barely keep up with the changes, the latest being social media. Changes tend to be slow in Legal, but the new FRCP and the Sedona principles indicate that they at least understand the importance of addressing the new paradigm.

My fear is that RIM will continue be too comfortable selling buggy whips. Paper still exists, of course - but it represents such a tiny fraction of any organization's corpus of information that it's almost foolish to put as much attention to it as to the digital, and in my experience most RIM professionals still deal with paper more. Me included.

I do have the potential solution - I think that RIM professionals need to start finding jobs in IT departments. If IT is creeping into RIM, let's creep back. We will naturally rise to the top - the future, as you say, is in policy and governance, which RIM pro's rule at, rather than in the mechanics of the technology. In time the IT department will be renamed the IG department and we'll be where we should be.

Mike said...

Quite inspirational post ! I read your complete article. It is quite impressive one. The line who is inspiring me lot : The failure is that we have focused on the tactics that won the last war and we have not adopted new strategies to win the next war. Thanks Man !
records management