Tuesday, August 21, 2012

Records Management Is Easy, Disposal is Hard

Records management is one of the traditional disciplines in the vast field of enterprise content management. The purpose of records management is to satisfy the regulators and the court of law by ensuring that official records of transactions and activities are being preserved for future reference. The regulators typically prescribe a retention period - the length of time for which your organization needs to keep the record.

From the outset, records managers focus on making sure that all records are being retained, that they cannot be tampered with, that the retention period is being enforced, and that the records are properly classified so that they can be easily found when requested. The more sophisticated records management solutions also deal with advanced capabilities such as access control, storage optimization and legal holds to pause the retention clock in the case of a lawsuit.  

However, the most important part of records management is, in my opinion, the disposition. The idea of disposition is pretty straightforward - once the retention period expires, the best practice in records management is to dispose of the now no longer needed records. This is nothing shady in the ways of Enron but rather a perfectly legal and recommended practice. A reliable records disposition, though, is very hard.


Photo by bartmaquire Flickr
Indeed, filing records and locking them up for the prescribed number of years is not trivial but it is a solved problem today. Disposing of the record in the official records repository is also relatively easy. The problem is to dispose of all copies of the record. That’s right, records disposition is pointless unless you can ensure that the record has been completely expunged. Gone. Forever. If not, you can rest assured that a copy of the record will be found by investigators or by a subpoena and it can and will be used against you.

But, a reliable and secure disposition of records and all its copies is the tough part.

Chances are, that a copy your record exists in more than a dozen locations - on your co-workers’ desktops, on various servers, on SharePoint sites, and as an attachment in many email inboxes. Add all the iPads and other mobile devices to the mix and combine it with the popular cloud-based file sharing services such as Dropbox, Microsoft SkyDrive, Apple iCloud, Amazon Cloud Drive, or Google Drive and you have a very challenging scenario for records disposal. How can you ever be sure that you are expunging all copies of your records?

There are ways to solve this challenge. It starts with a common enterprise governance infrastructure that applies de-duplication across your email and all servers. That way, the record only exists in one instance while keeping the links to all the SharePoint sites and email inboxes. It also requires the ability to give employees a secure alternative to Dropbox that can be part of the same de-duplication infrastructure. In extreme cases where you know that your documents are regularly shared with external parties, the solution may need to involve rights management as well. While I usually try to stay away from blatantly promoting my employer’s products, we have some really good solutions for all of that.

Don’t get fooled into believing that you have solved your records management problems by applying retention rules to your documents. While that may satisfy the regulators, it won’t address your need to reduce unnecessary liability. Reliable records disposal is difficult but very important. Because you can be sure that if a copy of that smoking gun document exists on someone’s iPad or in Dropbox, it will be found when you least expect it.

2 comments:

  1. Hi there can I use some of the material found in this entry if I provide a link back to your site?
    Records management in kentucky

    ReplyDelete