28 January 2016
The chief executive officer of a large organization with multiple divisions and tens of thousands of employees across the United States is interested in minimizing the risk of lost records, reducing costs and enhancing the ability of the organization’s employees and customers to use the information and knowledge collected by the organization. The CEO asks each operating unit of the organization to update and enhance its records management policies and practices.
Proper Management of Electronic Records
In most companies today, 90 percent or more of the records being created are electronic. The overwhelming growth of electronic messages—email, instant messaging, texts and tweets—and the likelihood that messages are stored multiple times on various media, makes the management of electronic records a critical business issue. How that information is managed has significant business, legal and technology ramifications. However, from a records management perspective, the medium used to create, deliver or store information is irrelevant; it is the content of a record that mandates how the document should be managed. Yet, in many organizations, the function of records management is still the realm of paper folders, physical file rooms and dusty warehouses. As the amount of electronic information grows, the ability to manage that information, which is often very valuable to an organization, can diminish rapidly.
Presidential Memorandum on Managing Government Records
On November 28, 2011, President Obama issued a Presidential Memorandum directing all executive agencies to begin the process of reforming records management policies and practices. Although the requirements of the memorandum apply only to federal agencies, it marked the beginning of an Executive Branch-wide effort to reform records management policies and practices and to develop a 21st century framework for the management of government records. According to a 2012 memorandum from the Office of Management and Budget, the expected benefits of this effort include:
- Improved performance, transparency and accountability due to better documentation of actions and decisions;
- Better identification and transfer of permanently valuable historical records to the National Archives; and
- More efficient operation and minimized costs.
As of 2015, 24 federal agencies had taken actions toward implementing the directive on managing government records.
Lessons for the Private Sector and Non-Government Organizations
Good information governance practices are not limited to federal agencies and private companies. State governmental agencies and other non-government entities should also take note of the importance of efficient, modern and legally sound records management policies and practices.
- Designate an official who is knowledgeable in records management practices. Whomever is tasked with analyzing, updating and improving the management of records should be familiar with the entity’s current records management protocol, as well as more recent developments in the field, especially practices involving electronic records (including email and social media), data protection and cloud-based services.
- Ensure the proper allocation of resources. Although a principal benefit of records management reform is long-term cost savings, entities will likely need to allocate resources in order to enact these money-saving procedures.
- Familiarize senior management with records management requirements and benefits. Records managers in private companies and non-governmental organizations can work to educate senior management on records management legal obligations, including data privacy and regulatory obligations, and the benefits of information governance to the bottom line and business efficiency.
- Make information governance a priority for the entire organization. The successful implementation of improved records management policies can cut costs, streamline the agency’s information management system and facilitate a more efficient and effective response to the demands of litigation. Knowing what, and where, records are maintained can be invaluable when responding to a data breach, or in the case of a disaster recovery.
- Information and records management policies and procedures should be realistic, practical and tailored to the organization’s circumstances. No single standard or model can fully meet every organization’s unique needs. Each organization should consider its own particular business needs, operations, IT infrastructure and regulatory and legal responsibilities before putting in place a practical, flexible and scalable records management policy.
- An organization need not retain all electronic information ever generated or received. This is especially important in today’s world of email, instant messaging, text messaging and multiple duplication of data for disaster recovery and other purposes. Absent a legal requirement to the contrary, an efficient records management policy should include programs that routinely dispose of redundant records and other data.
- Ordinary disposition practices must be suspended as necessary to comply with preservation obligations related to actual or reasonably anticipated litigation, government investigations or audits. Legal holds should be tailored to the legal requirements of the situation and informed by legal judgment. Moreover, effectively communicating and ensuring implementation of notice of a legal hold is an important component of an organization’s records management policy.
In an era when a single smartphone, laptop or tablet computer can hold substantial and highly confidential information, it is important that entities have effective and workable records management programs and policies. Knowing what records are kept, where and how to access those records and when to discard them is a good way to start the process of developing and implementing a information governance program for the digital age.