Thursday, 4 October 2007

Retention by format, not content?

It is one of the basic truisms of records management theory: that decisions regarding retention requirements are made based on their content and 'regardless of format'. This was an especially useful mantra a decade or so ago when some users would otherwise see the electronic version of a document as some alien construct, completely divorced from its paper counterpart.

Its still a mantra we cling to today and trot out as our first instinctive response, but its limitations are becoming more and more obvious, for example when it comes to email. Yes, its easy for us to say to our users that they must manage the contents of their inbox not as emails, but according to the content they contain but this is seldom reflected in reality. The simple fact is that the sheer volume of emails faced by users makes this virtually impossible to achieve and the majority of decisions taken regarding the fate of email are either taken on an individual ad hoc basis ("I don't think I need this any more") or en masse ("I've run out of space allocation so lets delete all last year's emails/all emails with large attachments etc").

The news that UK phone companies are now bound by law to retain information about all telephone calls and text messages for one year sounds a further death knell in the practicality of the 'regardless of format' concept. Even though this data might be used for one of three levels of enquiry the decision has been made that all such information must be retained for the same period: regardless of content, subject or any other criteria. If its information about a phone call it is kept for 1 year - and that is retention based purely on format and 'regardless of content'.

11 comments:

Larry Medina said...

I don't think the fact that the UK has made this proclamation should be misunderstood or misrepresented as a "death knell" to retention being based on content. The way I understand the ruling, it means they must be kept a MINIMUM of one-year, that is to say, they cannot be destroyed in less time.

And there IS NOTHING preventing organizations from establishing policies and practices for keeping them longer. Furthermore, if they're in the financial services segment and doing business with US clients, they had better not make the same misunderstanding that you seem to have made. The SEC rulings still require that ALL RECORDS related to certain types of transactions be held a MINIMUM of 6 years.

I think the concept that retaining e-mail based on content is nearly impossible (or implausible) is incorrect. As a first step, it's critical to ensure employees within an organization understand what the RIM policy is, and that it be based on laws, regulations, and statutes guiding the industry segment and country you do business in. This takes education, and that includes ensuring every employee understand the definition of a record for their organization.

Secondly, if it meets the definition of a RECORD, it has an assigned RETENTION PERIOD. The retention schedule needs to be accessible, and support must be available to provide guidance to employees as needed.

When it comes to e-mail, a simple "3 category sort" can be the starting point to content-based retention. Non-record; discard as soon as practical, it has no business value. Transitory record; serves a general business need and is seldom required to be retained for more than current year plus two years (CY+2). Record of greater value; serves a higher business need and a specific retention period needs to be assigned, based on content. This is obviously the most difficult category to handle, but in most organizations, this is also the smallest percentage of e-mail, and may not exceed 5%.

There are attempts being made at developing auto-classification tools to assist in assigning retention in a "rules based" manner, but these are yet to be very successful. However, establishing a policy and practices that support the retention of these records until such tools exist is a start.

If this blog is REALLY about "Futurewatch", it should be supporting the use of technologies that move practices into the future and support compliant behaviors, not throwing in the towel and saying it's too hard, so take the easy way out.

Patrick Cunningham, CISM, CDPSE, FAI said...

I also beg to differ. I think it is a long stretch to draw a conclusion that the retention of data about telecommunications transactions is the same as retaining emails.

First of all, even if the telecom companies were going to be forced to retain all message traffic (not just the information about each transaction), the telecom company would not be retaining their own record. In effect, they would be serving as a third party storage provider on behalf of the governmental law enforcement or intelligence agencies. It's akin to my company requiring a records storage firm to retain our records longer than the storage firm's retention period.

Since the telecom company is not now retaining copies of the actual message traffic, I don't think that we can say that it is necessary to consider this a matter of retaining a particular medium of storage of information. Even so, if that WERE the case, I would suggest that the message traffic was being retained as a record of a third party (the government) and not as a record of the telecom or the parties who sent and received the message. They would certainly still be able to retain the information per their retention schedules. The interesting bit would be understanding if message traffic retained by the telecom would be discoverable in civil litigation, even though the originating or receiving party destroyed local copies of the message traffic per their retention schedule.

A more worrying issue in this regard is the one recounted in Friday's USA Today http://snipurl.com/1rtrk The concept that someone would delete their entire Inbox ("email bankruptcy") without concern for record-worthy messages is a place that no one should be going. But now that is has been in USA Today, a zillion more people will think it's ok.

Steve Bailey said...

Hi Larry, thanks for your comments. I think you probably took my posting a little two literally – I was simply using the story on the BBC website about the retention of telecommunications data to make the more general observation of whether due to the ever increasing volume of data being created we will reach a point where expecting the user to make retention decisions based on each individual record’s content becomes unworkable and if so where that leaves us. The allusion to the way in which many users currently ‘ manage’ email retention was not an endorsement, but simply an example of how we are already witnessing this behaviour and the gulf which is growing up between how we as records managers may wish it to be done and how it often happens in practice.

I wasn’t aware that my post implied any form of ‘throwing in the towel’ – far from it. The whole point of the blog is to draw attention to trends and challenges which may impact on records management and to try to stimulate further thoughts and debate on how they might be met. Undoubtedly, as you mention, technology will play a role and may well offer the answers we are looking for but on this particular occasion the interesting (at least to me!) thought which occurred to me on reading this story was of a more fundamental nature. You are of course free to argue that this doesn’t qualify as ‘futurewatching’ but as an active blogger yourself you’ll appreciate that one of the joys of blogging is the freedom it brings to decide what to write about and therefore what is ‘in’ or ‘out’ of scope!

Cheers

Steve

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.