That traditional concept of using a retention schedule to manage just "records" is no longer sufficient. This article offers practical advice for developing and implementing a modern, executable retention schedule based on the business value of all "information"--regardless of its location--in today's complex business environment.
Despite the digital sea change in the way information is created and stored, most organizations continue to use their retention schedule solely to define what a "record," is and they adopt a simplistic approach to managing these records, whether it's to "manage everything," "dispose of everything," or "keep just what's needed."
Some organizations, however, recognize that these antiquated approaches actually increase costs and risks because of a widening gap between those employees who understand the value of information--records and information management (RIM), legal, and other business units--and those who actually manage the data--IT.
These organizations are closing the gap by modernizing the retention schedule to reflect how the business values information, how legal obligations impact information, and how IT stores, secures, and disposes of information.
To create a retention strategy that works, they are bringing together stakeholders from RIM, legal, business, and IT units to create an information governance framework that lowers costs and risks by enabling the legally defensible disposal of valueless information.
Why Retention Schedules Don't Work
The traditional approaches to records retention don't work for a variety of reasons:
* IT now manages information, not RIM or legal.
* Data is now mostly created in electronic form, and data volumes are increasing at an exponential rate.
* The variety and complexity of information systems and technologies are rapidly progressing, so defining a record is far more difficult and becoming unnecessary.
* The cost of storage, backup, and management of information is increasing every year.
* As a result of evolving and increasingly complex regulations, organizations face equally painful risks when saving too much or too little information.
The daunting nature of responding to these challenges is evident in the results of a survey conducted by the Compliance, Governance and Oversight Council (CGOC), a forum of more than 1,300 corporate RIM, legal, and IT professionals who conduct research, form working groups, and host meetings on the topics of discovery, retention, privacy, and governance.
The CGOC study that resulted in the "Information Governance Benchmark Report" (www.cgoc.com/register/ benchmark-survey-information-governance-fortune-1000-companies) was conducted in collaboration with the Information Governance Reference Model (IGRM) project within the Electronic Discovery Reference...