One of the common misconceptions I hear from organizations is that they do not need to worry about records management. This is from both end-users and vendors. Once content has completed the business process, they feel they can do “anything” they want with the content. When a contract expires, delete it. When an employee leaves, delete it. When taxes have been filed, … well those documents we need to keep.
Records management is the big stick of managing content. The easiest time to get buy in for a records management program is after a member of C-staff, in a court or a deposition, is unable to produce a requested document. Many records management systems have been implemented after such scenarios. Records management is reactive. Many executives have forgotten that there is a business reason why organizations create content. This also means there’s a business reason to keep it.
Content, that is evidence of a business transaction, a customer interaction, or response to an event, has legal standing. Federal, state, and local government regulations generate reasons to manage content. Content generated in on-boarding and off-boarding can have evidentiary value. As processes cross local and national boundaries the legal and regulatory roles of content becomes more complex.
Controlling your organization’s content is not an option. It’s a requirement. There is no difference between electronic and paper documents. A lost document can result in adverse action in audits or litigation. Organizations can’t simply say, “we don’t know where that document is located.” Yet we continue to build application silos that don’t take this into consideration.
Today, it’s about protection of content. The GDPR, in Europe, and CCPA, in California, makes protecting content that has personally identifiable information a requirement. By asking your customers for their personal information, your organization now has the responsibility to protect that content. Not knowing where this content is located and that it’s protected can put your organization at risk of fines.
Organization need to take an active role on governing their information. Organizations need an inventory it’s content, know why it’s kept, where it’s located, and how it’s protected. Without this information you are creating organizational risk. It’s an area of risk that can easily be managed with a formal information governance program.