How to Jump-start Records Management

Recent legislation and litigation have made effective records management critical (see Records Retention: Who Cares? April 16). As a result, records management is receiving increasing amounts of attention. Forrester Research Inc. predicts that the records retention market will grow from $100 million in 2004 to $1.6 billion in 2007.

When organizations initially recognize the importance of records retention, they sometimes attempt to save everything. If you do this, the amount of data you retain will quickly grow so large that it will become impossible to manage effectively. Worse, you may retain something embarrassing that you could have deleted.

Instead, use these guidelines for effective records management:

Involve every department. Representatives from across the company should develop the retention requirements. Involvement of your legal department is also critical. If that departments understanding of the latest legislation and court cases is weak, retain outside counsel. Ensure that retention policies are current. A comprehensive records-retention policy identifies each record type and any regulations governing that type of record. It also defines the records retention period. This can be tricky. For example, the SEC and the IRS sometimes require different retention periods for the same record. The policy also should describe circumstances for approved deletion, along with acceptable deletion methods. These policies can become mind-numbingly detailed and complex. For example, e-mails regarding lunch plans can theoretically be safely deleted unless they would become critical during a lawsuit to prove when two individuals met. No policy can protect you from the hazards of litigation, but without any specific policies, you are headed for danger. Once you have a retention policy, update it periodically.

Establish a position responsible for records management. Compliance requires day-to-day attention. Without a watchdog, retention policies are unlikely to be followed. If you dont already have such a position, you can hire someone with the expertise you need through an organization specializing in this area, such as the Institute of Certified Records Managers.

Define records broadly. Historically, records requiring retention have been found in corporate databases. However, recent court cases have relied on different types of data, including e-mails, text messages, IMs, toll tag records, building access records, video surveillance files, time-clock data and early versions of documents that were deleted from a PC hard drive. Carefully consider what to retain, and dont forget paper files!

Organize archives. Separate backup archives from record retention archives. Backups are used to restore data after system failures and are regularly overwritten. Record retention archives are corporate records that require secure storage for a predetermined period. Records that dont require retention should be purged, and retained records should be organized to facilitate easy searching and retrieval. Moreover, according to the Federal Rules of Civil Procedure, retained records must be maintained in ways that prevent them from being inadvertently (or maliciously) modified or destroyed.

Manage data formats and media. Data storage formats change frequently. In addition, digital media degrades quickly; writable CDs may become unreadable in less than 10 years. Even high-end tapes have at most a 25-year life span assuming you still have a tape drive that can read them.

Delete thoroughly. Once you find it, paper is easy to shred and burn. Electronic data is more complicated. Records management must include an effective method of identifying and destroying duplicate records. Classified or confidential information should be deleted according to Department of Defense standards.

Stop all deletions immediately when facing legal action. If you continue to delete rele­vant records after you are notified of (or even suspect) a potential suit, the court can assume that the deleted records were incriminating. After Frank Quattrone learned that Credit Suisse First Boston was facing investigation, he sent an e-mail to staffers that contained the banks retention policy, with a reminder to catch up on file cleaning. He spent three years fighting an obstruction of justice case before the charges were dropped.

Monitor supplier compliance. You are responsible for records retention even after outsourcing a business process. The Sarbanes-Oxley Act, in particular, is very clear that simply assuming that your business partners are compliant doesnt absolve you of responsibility.

Many companies are just beginning to realize the importance of an effective records management program. Recent legislation demands compliance, and penalties can be enormous. No one is exempt. In the past month, Intel and the White House have fallen into this pit. Records retention may be boring, but ignore it at your peril.

BART PERKINS is managing partner at Louisville, Ky.-based Leverage Partners Inc., which helps organizations invest well in IT. Contact him at BartPerkins@LeveragePartners.com.

Copyright © 2007 IDG Communications, Inc.

How to supercharge Slack with ‘action’ apps
  
Shop Tech Products at Amazon