|Are Your Information Governance Policies Still Based On This?|
Since 2007, in spite of my best efforts, I have watched as organizations lost control of their electronic data and struggled to implement classification systems and other good information governance protocols. And yet, it might not be entirely their fault. I routinely see advertisements from "expert" consulting groups that offer a “solution” for records and information management based on the ancient approach of retention policies and schedules. This is like having a modern steel and glass building and hiring a carpenter with wood and nails to help you expand. The usual advice starts with “the foundation” that includes a records plan or policy and then attempts to expand it to cover electronically stored information (ESI). Why? Is it because existing records programs have been performing so well? I doubt it. Ask employees at most organizations about the adequacy of their current records policy and you will receive the same response, “what records policy?” So, if it really was not working for paper, why would consultants suggest that you just update it to handle ESI? Classification and retention programs that achieved barely adequate to horrendous results historically with paper, are not going to work with your expanding email, instant messaging, social media, and new media applications. How about an approach that will work?
A Radical Solution
Instead of “updating,” switch to a proactive model. Fixing your existing data/record mess is very costly and time-consuming, if it can be done at all. I have seen many attempts at "remediation" come to a halt after those involved recognize the actual work involved. However, setting up a sound program for new applications and technology, is easier. Notice I said “easier” and not “easy.” But, if you take the time to do this at the outset, as new applications are deployed, it will give you two huge benefits. First, you will stop making your problem worse while waiting for the all-encompassing enterprise solution for your new and legacy data (hint, the all-encompassing solution is as rare as seeing Santa Claus). Instead, your new applications will have retention and deletion policies that make sense and are more likely to work because they are implemented at the outset. You avoid having to change the procedures and peoples' habits later (we know how challenging that is) and now, your organization will not be adding new "unmanaged" on top of your existing "unmanaged" data. Second, you will be on the path towards good information governance. As each of your applications is upgraded or added to your network, and existing applications are retired, the percentage of your important information that is properly governed will increase. New email application in the cloud? Migrating some workflows to SharePoint? Adding a new database application? Great! A simple taxonomy and retention plan can help your organization separate the data into those items that need to be deleted quickly, slowly, and those that will be retained as business records. Will it remediate the mess on your existing servers, overloaded with unstructured data and emails? No. But who cares. If you had an easy and cost-effective solution for your existing data, you would have already deployed it.
To be fair, if your organization has been successful with a RIM program in the past, and you have the technology in place to do so, then by all means, update it to include new data sources and procedures. If however, yours is like 95% of organizations, you will be better served to begin addressing your information governance concerns one application, one work-flow, one policy, and one procedure, at a time