Formalizing a document retention policy is a key piece of any enterprise content management (ECM) roll out, yet putting those policies into practice is where many organizations trip up in terms of effective deployment.
A document retention schedule helps support an organization’s overall effort to manage its intellectual property while also serving as an aid to control information storage costs and to facilitate the location and retrieval of documents for legal discovery that aids in compliance.
The need for document retention and disposal has escalated these last few years given the meteoric rise in the amount of data companies are hanging on to. According to Microfocus, data created globally in 2017 amounted to 8 exabytes on mobile devices alone – the staggering equivalent of nearly 43 million Blu-Ray Discs. Moreover, an increasingly complex regulatory climate driven by laws like Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, and the Health Insurance Portability and Accountability Act, just to name a few, is shifting attention to effective document retention. Companies that fail to comply with such regulations face million-dollar fines and their executive teams can be held personally responsible.
With so much at stake, organizations are making headway on document retention strategies, yet some gaps remain. The Cohasset/ARMA International 2016/2017 survey on Electronically Stored Information (ESI) practices found that while 91% of responding companies had document retention schedules in place, only 79% of those surveyed said the policies were applied to ESI and 34% indicated that electronic communications were excluded from the mix.
Moreover, 80% of respondents report rapidly increasing volumes of data as one of the biggest challenges to IG in their organizations. But only 61% of survey participants strongly and mostly agree that their organization’s important business information is retained securely, in immutable form. And only 77% of survey participants strongly (18%) and mostly (59%) agree that important information is accurately and completely captured, whether paper or ESI. Perhaps the most telling statistic that shows there is still work to be done: most respondents strongly and mostly agree that their organizations’ retention schedules can benefit from enhancement.
With that in mind, consider these tips when hammering out a document retention strategy:
It’s not just legal’s problem
While the legal department certainly plays a key role in defining and interpreting the legal and regulatory landscape for a particular industry, they should not pursue document retention policies in a vacuum. In order to be effective and represent the needs of the entire business, it’s critical that a cross-functional team with representation from the business, IT, legal, and records management, among other areas, be part of the process, from early definition through continuous improvement.
Start small, but think big
While the ultimate goal is to adopt one retention schedule applied across the business, it can be more effective to target a specific area, achieve early wins, and move forward from there. It’s also important to establish on-going training programs for employees so what’s established as policy is actually put into practice.
Don’t overlook disposal
Sure, companies want to make sure they retain critical documents and information, especially as they relate to compliance. But in order for a document retention policy to really deliver the goods, it needs to provide a framework for companies to get rid of information that is no longer an asset or a requirement for compliance. Regular disposal will help reduce storage requirements and cut back on the labor costs associated with maintenance of unnecessary data.
Automate whenever possible
While an effective document retention policy can be supported by manual efforts, it can be far more effective when automated via an enterprise content management (ECM) tool. Most ECM platforms allow users to set policies to automatically purge files from the system or to archive them to another location once a pre-determined life cycle has ended or compliance requirements have been met.
Focus on continuous improvement
Regulations are evolving as are internal business requirements, which means the creation of a document retention policy isn’t a one-shot deal. In order to ensure your policy represents current information and the on-going needs of the business, organizations need to revisit policies and procedures on an on-going basis.
Establishing a document retention strategy is one thing, but ensuring that it’s widely embraced and effectively implemented is where the rubber meets the road and how companies will see positive results.
A version of this article was published as How to Institute a Retention Policy With Legs by Beth Stackpole on February 11th, 2014.