Interested in the forum’s thoughts on a statement a client made in a meeting recently. She said that she felt the Record Retention Schedule was a red herring these days and that designing workflows for your information is the more relevant issue”. She works in a mainly Google environment.
What does everyone think?
Sounds like comparing apples and oranges to me.
Designing a workflow for your information will help to ensure items are properly categorized in the correct series – put in the right bucket. A retention schedule will define the series and how long to keep records in it – basically what to do with the stuff in the bucket.
You can design a great workflow that directs information through all it’s paces. However, you need a retention schedule to justify destroying any of it (or taking it off-line or into off-site storage).
A retention schedule can exist without effective workflows for your information, but you will spend more time trying to figure out which series a record belongs in and gathering a series together than you will spend in actually applying the schedule.
You need both.
Agree 101% with Christopher.
I’m not sure I would agree, but I do think that satisfying the records retention requirement is, at best, a starting point for an information management project. It’s critical, but I see the point that workflows are also important. However, organizing information so that the people who might benefit from having it a) know about its existence and b) have easy and reliable access is the most important thing (in my opinion). There’s little “business” benefit to simply retaining records.
American Nuclear Insurers
Interesting comment…. I think my first response would to her would have been – “What are you basing your workflows on?”. Workflows are a great way to manage records – but they need a foundation on which to be built (i.e. the retention schedule).
The two functions, records retention and workflow can affect one another, but are seeking to address two types of different, but not mutually exclusive, needs.
Retention is intended to limit the amount of information stored in the repository in order to:
1. Maintain efficiency and effectiveness (and consequently, effective user response time) in data retrieval (more data, more time to search);
2. Ensure the cost-effective use of physical storage resources (cost/benefit);
3. Limit the scope of exposure to legal liability for information held that has long lost its relevance, but for which you are legally liable in a litigation action because it is still within the your possession, even though you are no longer required, by law, to be in possession of that information.
Workflow is intended to effectively manage the flow of information based on predefined decision points and decision criteria to ensure the effective and consistent flow of information in a process. It provides clarity and the elimination of randomness (unless such randomness is designed into the process).
You cannot ignore one in lieu of the other. Rather, you need to consider which of the needs addressed by each function are the priority in your business process and use those priorities to drive the level of resourcing and time you apply to each area. I would suggest that you need both, but they are not necessarily equally important.
Azusa Pacific University
Agreeing with most other responses on this comment. However, If by “red hearing” the person was suggesting that retention scheduling is less important/significant (or maybe even irrelevant) to many/most managers and workers in their organizations, I would not argue that point.
As a long-time RIM practitioner and manager, I’ve come to think that the RIM function has three primary missions/roles (reason for being) within its organizational. In order of relevance and importance to most in the organization, these are:
To enable/facilitate access to the organization’s information assets by knowledge workers and management, so they can be more effective in carrying out their own job responsibilities. Building and supporting workflows is one example of how RIM can be relevant and useful in this regard.
To protect the legal and financial rights and interests of the organization and its employees. This is the compliance aspect, which includes but definitely not limited to development and adherence to records retention/disposition schedules and policies
To ensure retention and preservation of all of the organization’s historically significant records, and to provide for their effective access and use for future users over time — i.e., the archival function. I say these are in order of relevance/importance, not because they are not all critical functions to the organization, but because mission number 1 is what the typical business person thinks about and cares about in accomplishing their own job on a day to day basis. Number 2 is important to them, but only comes to mind infrequently (or maybe never) unless records are needed to protect them from adverse legal, investigative or non-compliance consequences. Likewise, number 3 is not something that most worry about every day, and most are very happy to have someone else (the RIM staff) take care of it.
Based on my consulting experience, I agree 100% with Ronald. RIM is not at the forefront of business users’ mind, and it should not be. They are not record analysts. Business users’ job is to complete their daily tasks vis-à-vis the business processes necessary to run the business. Upper management is concerned about governance, compliance, and risk management — so they will pay some attention to retention and disposition. As well, the legal, compliance, and audit functions will pay some attention to ensure retention periods, retention triggers, and disposition procedures are in place and followed. Finally, middle management will pay attention, because they will mostly likely be the ones to approve disposition reports.
Amitabh VP, Operations & Governance HELUX
In addition to the comments made by Ron & others, I would add a couple practical considerations given the tendency to over-retain data:
1. Unnecessary retention of non-public data significantly increases risk exposure in the event of a technical or physical breach.
2. Unnecessary retention of data drives the cost of data storage ever-upwards.
3. A growing number of jurisdictions are considering imposition of maximum retention periods for some types of data (namely, PHI/PII) — and many organizations are simply not equipped to address those requirements.
Can you expand on that ‘maximum retention’ comment? Specific examples? Is it part of GDPR, for example? If that idea takes off, it will put an end to the tendency to be complacent about RM.