Keep Refining Your Information Governance
Many of the information governance challenges that organizations will face result from the pandemic and are due to content created from new collaboration platforms or new ways of collaboration such as Zoom or conference calls, documents shared in Slack, or client service requests web forms. Other questions that befuddle organizations include:
What happened to the records we created and shared in MS Teams?
Do we have a retention schedule for internal Zoom recordings? What about client calls?
Who will be permitted to access these recordings?
Where did Jeff put those RFP responses?
Some organizations didn't struggle with these questions because they had a robust information governance framework (and a records manager). External forces will continue to impact organizations that have not done so negatively. Now is the time to put in an IG framework to mitigate the potential cost of noncompliance, respond to discovery requests, and make better decisions.
Get your leadership team in place
Some think that having the framework in place should occur before leadership is decided, but I've seen that proceeding without dominion is risky. Buy-in needs to happen from the top down to achieve cooperation.
Communicate the "whys" to your team
When it comes to activities that require much accuracy and detail, such as IG, it's often helpful to communicate why they need to happen. The reasons for governance may vary. Are you in a regulated industry? Is the organization involved in frequent litigation? Are there industry standards that must be met to sell a product? Generally, the organization's content types will also inform the governance policies. Overall, developing a set of guardrails helps frame key questions organizations need to ask themselves about governance. Sample questions include:
What regulatory mandates does the organization need to meet?
Is there historical value to the information
What risks do we need to consider?
How will this program integrate with our Disaster Recovery and Cybersecurity efforts?
How long do we need to keep business information? How will the retention help or hinder any litigation?
How long do we need to maintain employee files?
I shudder to think what a resulting discovery response would entail from a legal perspective. Remember that someone in the organization will have a tale of when some piece of content from 1967 saved the day. While probably valid, the last thing an organization should do is make every record permanent. Indeed, a balance should be struck between keeping important content and throwing everything away. Also, documents' immediate business needs tend to fade over time–say over five years. However, the historical value increases with age. This is one of many paradoxes of record-keeping and where applying your IG framework will help you to decide to keep or discard.
Building and maintaining a robust program isn't a walk in the park. While there tend to be more pressing operational needs, structuring an IG program will mitigate risk, reduce the negative impact of noncompliance, and expend less effort in the long term because your retention requirements are understood before the content is created.