Defensible Disposition of Records: Overcoming Operational and Technical Challenges

Any records and information manager will tell you: defensible disposition of records is a crucial part of information lifecycle management (ILM) and a vital component of business operations. Ignoring it has negative implications for:

• Data privacy
• Information security
• Records management
• Regulatory, litigation, and consumer responsiveness

What are the barriers to effective disposition of records? And how can information governance (IG) help your organization overcome those barriers, reduce risk, and manage information more effectively?

Challenges to disposition of records

There are some fundamental operational and technical issues that businesses and other organizations must grapple with in order to manage the disposition of their information.

Data is growing exponentially.

Throughout every organization, people are collecting, creating, processing, consuming, and storing information at an exponential rate. In fact, a 2019 World Economic Forum article stated that by 2020, the world’s volume of data would reach an estimated 44 zettabytes. As 2021 gets underway, we’re predicting that estimation to be grossly understated.

But why is data growth such a problem? Because as information growth accelerates, the usual manual efforts to enforce full ILM are becoming outdated. It means that records and information managers simply cannot keep up, with the result that records disposition and defensible disposal best practices suffer.

Systems and applications are numerous and varied.

Organizations today heavily rely on a variety of systems and applications to collect, create, and store information. These cloud-based and on-premises systems can include (but are not limited to):

• Shared drives
• Corporate file servers
• Email and attachments, sometimes with other documents imbedded within them
• Groupware platforms
• Instant messaging environments
• Video meetings and recordings
• Social media applications
• Bring your own device (BYOD)

Use and development of these systems is increasing, especially as work-from-home continues to be the pandemic business model. With so many different sources and repositories for collecting, creating, and storing both structured and unstructured data, information is splayed everywhere.

It is difficult to know what information you have and where to find it, so it is often left ungoverned in the digital ether. Often referred to as “dark data,” this creates an operational void that makes defensible disposition of records seemingly unattainable.

Governance of information is often unmanaged.

Employees, with the best of intentions, are often very focused on their job at hand, with the result that appropriate information collecting, managing, and storage is not always a top priority. These days, many are working remotely, sometimes acting with little guidance or knowledge of records management best practices.

This means the data is spread further afield, difficult to keep track of, and more susceptible to lapses in security, putting valuable and sensitive data at risk.

Efficiency is compromised.

Having so much data spread across so many possible sources also turns records retrieval — whether for disposition or to respond to a legal, regulatory, or customer request — into a time-consuming and costly ordeal.

And despite all the technology that contributes to the size and complexity of records as a whole, many organizations are still trying to manage the information lifecycle manually. Or, they ask IT to provide a solution, not knowing it takes more than technology to bring records management under control.

That’s why operationalizing information governance is key to overcoming common records management barriers like records disposition.

The risks are not well understood.

Traditionally, industry regulations have been more about retaining data — such as customer communications and transaction records in the financial sector. But today, tightening data privacy laws are creating the need to know the limits on not only how you can use information, but also how long you can keep it.

Outside of individuals or departments that are responsible for records management, many organizations don’t understand why they need to dispose of records, preferring to retain information indefinitely in case it may prove to be valuable later. Understandably, they are more focused on growth and the bottom line, not the downsides of keeping data.

But the reality is, there are legal and regulatory obligations that require organizations to dispose of records that are no longer used or have reached their retention limit. So, the risk of not getting rid of records is now as great as the risk of disposing of them.

The elements of defensible disposition — and the critical role of IG

To handle information properly, you need a holistic approach to information lifecycle management, and defensible disposition is the first line of defense. To achieve this, you need to establish a set of rules — or a policy — for the creation, classification/naming, use, storage, and disposal of data records.

You also need to create a consistent and auditable process for the disposition of records based on their legal, regulatory, and business value, so that you are only keeping what you need to keep. You must put technology in place to manage records and ensure that the disposition policy and process are enforced.

Of course, you need to train people so they know what is required (policy) and how to handle information (process and technology) so they can meet their obligations for the disposition of records.

To learn more about one of the key elements of defensible disposition, access our free webinar Addressing the Critical Challenge of Defensible Disposal: Operational and Technological Insights. Or, to talk about information governance in general, please contact lynn@bernsteindatao.wpenginepowered.com or watch our on-demand webinar on how to operationalize data privacy in a changing enforcement environment.