Guiding Your Organization through Murky Waters Defining Your Retention Management Program
Hill, Brian W., Information Management
In today's economic atmosphere, compliance and e-discovery concerns have prompted enterprises to seek guidance on records and retention management ranging from how to define effective records management policies to best practices for enforcing e-mail retention. As these organizations prioritize, they should understand how to establish the business value of records management, avoid adoption pitfalls, and define and enforce retention policies on a broad range of information.
Recent regulatory requirements and the revisions of the United States Federal Rules of Civil Procedure (FRCP) have shifted historical focus from managing and retaining paper assets to retaining a broad array of electronically stored information (ESI). Yet, unbelievably, the 2007 Cohasset "ARMA AIIM Electronic Records Management Survey" noted that more than a third of organizations still do not include electronic records in their retention schedules. And, from inquiries Forrester receives, it's clear this remains common practice.
However, the number of standalone deployments continues to increase. According to Forrester's "Enterprise and SMB Software Survey, North America and Europe, Q3 2007," 51% of enterprises that implemented some type of enterprise content management (ECM) software upgrade in 2008 would invest in a records management solution.
Since then, Forrester analysts have fielded hundreds of client ECM inquiries, of which more than 20% relate to records and retention management. These inquiries on records and retention management indicate that organizations struggle with defining the business value of and the costs and risks associated with records management. These inquiries also indicate that enterprises contend with defining and enforcing effective information retention policies across a range of information from e-mail to content managed in collaboration tools like Microsoft SharePoint.
In this confusion, there are a few common topics professionals are asking about in pursuit of establishing the best possible e-discovery and retention management policies within their organizations. And, there are certainly a few key things to keep in mind and put into action.
Records Management Policies for E-Discovery
One common question concerns the amendments to the FRCP that took effect in December 2006. These changes include a focus on electronically stored information and clarify steps during the discovery process, such as organizations' duty to preserve information that could be classified as relevant. The key is organizations must demonstrate a defensible data collection process. While seemingly vague legal language leaves some of these rules open to interpretation, the FRCP regulations serve as a clear mandate to implement retention policies and procedures - along with technology - to both enforce those policies and audit enforcement.
Although litigations and regulations affect a broad spectrum of enterprises, many organizations, unfortunately, still have an immature understanding of e-discovery and struggle with poor internal communications, ad hoc processes, and disjointed applications. In 2009, Forrester expects that many enterprises will initiate or accelerate their efforts to standardize e-discovery processes and synchronize supporting applications to cut costs.
However, a standard records management or retention policy simply doesn't exist. Each organization has unique variables that preclude standardization, such as state and local laws and licensing regulations, federal regulations, and how business people and business processes use information. These professionals should ensure that the right team presides over policy definition and enactment and involve IT teams, legal departments, records managers, and business stakeholders in defining retention policies and deployment approaches. While this dialogue may not be easy, as the goals of these groups may be in direct opposition, meeting the most critical needs of each group is vital to successful implementations. …