Information Hoarding: Best Practice for Managing Retention?

Susan Cisco

Community Topic(s):

Keywords: Records Management, ECM, information governance, RIM, information management, best practice

By Susan Cisco, Director

August 24, 2010 - 10:47 AM

Current Rating:
(0 ratings)

According to a Symantec survey of 1,680 IT pros and legal executives in 26 countries, 75% of backup data are retained infinitely or kept for legal holds. In addition 25% of the data backed up is not needed for business or should not be saved. (Also called out is that nearly half of the enterprises surveyed are improperly using their backup and recovery software for archiving electronic records and legal holds.)  http://tinyurl.com/27lbzlm   

Symantec suggests it’s the fear of deleting important records that keep organizations from moving away from the outdated strategy of simply keeping everything forever.  I think information hoarding is more complex:

  • Some people (and organizations?) are compulsive information hoarders. This compulsive behavior was easier to spot when recorded information was mostly in a physical format. The hoarders would be engulfed in paper – files, boxes, stacks, and piles. You probably know a “piler.” http://tinyurl.com/28u9n8m (If you do, enter him/her in the AIIM contest:  http://aiimcommunities.org/capture/blog/messiest-desk-competition.)
  •  There is a perception that records management programs have failed to reduce information volume.  A colleague heard an attorney state at the recent American Bar Association conference that he no longer recommends record retention programs to his clients because all efforts to date have been expensive failures and advocates a Google-based approach to finding information. He understands that keeping everything indefinitely will require more storage but thinks it is less expensive than the alternative.
  •  Many organizations have found that it is just too hard to make enterprise records management work across multiple repositories with today’s tools. A perfectly rational response is to assume that smarter people with better tools will be able to solve this problem in the future. Conveniently, this approach is also the path of least resistance. 

We’ve discussed the pros and cons for years:

Pros – Retaining enterprise information indefinitely

  • Easy to implement and train
  • Organizations can be assured they have retained any requested information
  • Simplifies legal hold process because essentially everything is on legal hold all the time 

Cons – As the volume of stored information increases

  • Searching takes longer, and more hits are returned
  • Identifying the latest version of a file takes longer and increases risk of using obsolete or amended versions of information
  • Storage costs increase
  • Backup and recovery windows increase
  • Some information is retained longer than legally required.
  • Costs increase if litigation is a risk factor; from aiim.org, DuPont spent $11,961,000 in unnecessary costs in legal discovery for 9 legal cases because 50% of the responsive records were past retention period and could have been destroyed http://tinyurl.com/299hxcl

The cons provide compelling reasons to stop hoarding information yet most organizations continue to keep everything indefinitely.  So why don’t we make information hoarding the best practice? If hoarding becomes the strategy, what would our tactics be?

Report

Rate Post

You need to log in to rate blog posts. Click here to login.

Add a Comment

You need to log in to post messages. Click here to login.

Comments

John Isaza

Submitted by John Isaza August 25, 2010 - 12:50 PM

I will out myself here and reveal that I am the one who attended the ABA conference and witnessed the speaker in San Francisco. After ruminating on what I heard, I concluded that the speaker's thought process was probably based on a "brain" analogy. He probably figures our brain does not necessarily delete information, so why not do the same with archived information. The main additional problem I see with this thought process is that, at minimum, there are strict international privacy regulations that essentially forbid the retention of private information. Thus, if your organization does business abroad, you will have to contend with those regulations. In the U.S. this may not be the case just yet, but it is just a matter of time before similar regulations filter their way through our legislative system. If anyone can point me to more similar disposition requirements in the U.S. I would love to hear from you. Even though lawyers claim to know everything, the reality is that we don't. :-)
Report
Was this helpful? Yes No
Reply

Brad Harris

Submitted by Brad Harris August 26, 2010 - 12:51 AM

I think Susan has a very good post here. In my experience working with clients that have a "hoarder" culture, I've found that it doesn't necessarily simplify the legal hold process. There is always a perception that if one is saving everything, you don't have to worry about responding to a preservation obligation. Yet often "saving everything" isn't necessarily true (are all relevant data types and possible storage repositories being preserved), and can complicate the process of ensuring relevant data is available when and where you need it. There is often still a need to notify data stewards of the need to take action to preserve data, including from readily accessible locations.
Report
Was this helpful? Yes No
Reply

Wayne Hoff

Submitted by Wayne Hoff August 31, 2010 - 4:14 PM

Good post, Susan. I too am noticing with greater anxiety the willingness of some people with some authority wanting to keep everything forever. We know all the reasons that it's a bad idea to do that, but I can't help thinking there's some kernel at the center of that attorney's reccommendation to his clients. The fact is that a huge proportion RIM efforts ARE expensive failures, if success is measured by RIM policy compliance across the entire organization and across all media.

I think that we need to apply a little more simplicity to the traditional models, which tend to be very complex, and implement policies and procedures that a) fit the organization and b) make it easy for users to comply with. I'm not sure that a Google search bar does it (great for general info, but not so good for finding specific documents). On the other hand, In my case at least, the LAST thing my organization needs is a DoD-compliant RIM program - although that seems to be one of the top advertising points of every RIM software application on the market.

High-penalty or high-expense stories scare the odd organization, but more effective in making RIM programs a higher priority in Legal, IT, and CxO circles, IMHO, are implementable, lower-cost, and practical RIM programs that achieve simple but effective searchability and retention.
Report
Was this helpful? Yes No
Reply

Anne Bentley

Submitted by Anne Bentley August 31, 2010 - 5:07 PM

In government environments, records retention statutes about personal data are often about purging (not retaining) data. Some statutes limit what you keep to just the data needed for a specific purpose. In other words, the law may legally limit what can be scanned and kept, by whom, for how long, and for what purpose. In these environments hoarding can even be illegal.
Report
Was this helpful? Yes No
Reply

maureen cusack

Submitted by maureen cusack August 31, 2010 - 6:18 PM

Why is 'records management program' being conflated with 'records retention program'? Let's assume for a second that it's better to do away with retention (destruction) scheduling and simply keep everything forever. It then becomes more important to thoroughly identify, and accessibly store data and records. A records management program addresses those things; it's not only about destroying data and records at a specific time. How can any amount of improved record identification and access be a 'failure'?

Also, why would an attorney, or anyone, think that a 'Google-based approach' is incompatible with, and unrelated to, managing records? How does one get to the (fantasy) end state of all data and records indexed and accessible via a single search tool if not by 'records management' activities that include technical tasks like indexing, metadata mapping, file format/media converting, and non-technical tasks communications and training for users?
Report
Was this helpful? Yes No
Reply

Swinitha Nawana

Submitted by Swinitha Nawana August 31, 2010 - 7:25 PM

Records Retention/Disposal

As a records manager, I have found that retention and disposal periods have made managing records much easier. The schedules provided the minimum period of retention for those records identified as temporary by the organisation which create them. If needed, the organisation can keep the record for a longer period. In a paper based environment the organisations will be able to decide the value for money in keeping these records for a longer period. Only those records which have been identified as having a permanent value are kept.

Whether paper based or electronic, if organisations classify records according to needs of an organisation, the can retrieve and access is easily.

It is important to educate staff in the processes such as creation and capture records in Records Management Systems they use so that they are empowered to take action and keep their records properly and retrieve them as needed.
Report
Was this helpful? Yes No
Reply

Karen Stanley

Submitted by Karen Stanley August 31, 2010 - 8:35 PM

When it comes to hoarding information, talking to different attorneys can get you different answers. I spoke to two attorneys at a client site a few years ago about this issue. One attorney wanted to keep records for as long as possible "in case we get sued". The other attorney, who was a litigator, wanted to keep retention periods as short as possible "in case we get sued". In many cases, attorneys are most concerned about the risks associated with transient information and informal communications that would be classed as "non-records" in most cases.

The problem is that many organizations continue to follow the old "central files" pattern of thinking that RM begins after the records are created. In the paper-only days, the decisions on how business actions and decisions would be documented (i.e. record creation) were imbedded in business process design. One of the biggest challenges of ERM is caused by the automation of business processes without including record creation as a deliberate step in the process design. In the paper-only days, records managers could take the record creation processes for granted; their job was to find a place to put the records that were deliberately created by the business process. If they were inundated with mountains of rough drafts, post-it notes, lunch invitations, jokes, and other non-record materials, they would have swiftly put a stop to it by insisting that business units exercise more control and discipline over record creation. This is not just a records management issue; it's a business management issue.

I do not believe that end users should have to declare and classify records. I do believe that it is possible to imbed the identification and classification of records in the business process in ways that do not require end user intervention. It wouldn't eliminate the non-record materials which are of as much concern as records to the discovery process, but it would help to ensure that the official records that document business activities and decisions can be distinguished from non-records and allow the application of default disposition rules for non-record materials. I am encouraged by the increasing emphasis on business process/records management alignment that I see in the current literature, and hope to see more success stories shared on this topic.
Report
Was this helpful? Yes No
Reply

Bryant Duhon

Submitted by Bryant Duhon September 01, 2010 - 12:27 PM

We had a very similar discussion about Google/hoarding on the discussion board. Anyone interested in Susan's post will be interested in this exchange too:
http://aiimcommunities.org/erm/discussions/google-says-keep-everything-rm-relevant

Bryant
Report
Was this helpful? Yes No
Reply

John Bellegarde

Submitted by John Bellegarde September 01, 2010 - 2:40 PM

If compulsive information hording is a common among employees everywhere, then an “intervention” will not work. You just can’t change everyone’s behavior. And all of the Con’s in your posting will just get worse and we need to give up on any kind of Information Management in organizations.

That is, unless organizations recognize this is going on, and deal with it at a macro level. Rather than counting on employees on being proactive and informed about these issues, just deal with consequences.
With products like Active Navigation, one can embrace a program of regular content cleanup! Eliminate the duplicates, the junk and leakage from the Records or ECM solution. Use technology to clean up after the records process, and even reorganize the file systems into something useful. That alone will make a dent in all of the con’s. This can be done in a way that does not disturb end user operations at all. The organization will improve its productivity, lower costs, and have less exposure to discovery.
Report
Was this helpful? Yes No
Reply
Rich Lauwers

Submitted by Rich Lauwers September 02, 2010 - 3:50 PM

I agree with John, but would add that a combination of tactics is needed to get the change needed.
You have to work with people and educate on the techniques and benefits for managing information pro-actively. These benefits need to be realized by incorporating changes to processes that reinforce the positive behaviors and measure the impact. When appropriate, then leverage technical products that can make the effort to change easier and multiply benefits dramatically.
Report
Was this helpful? Yes No
Reply

Randy Moeller

Submitted by Randy Moeller September 02, 2010 - 3:42 PM

I wonder if the attorney is often the plaintiff's attorney against a company. Look closely at the survey to see what the worse countries are which also says something. Humans are humans and we like less effort, not more. Reviewing records is an effort so you better have top management ringing the compliance bell or your program/policy is sunk. At least until they are replaced. No one cared much about sexual harassment until enough burns took place and management started ringing that bell. Same with everything.

Many companies do very well in removing old records. I constantly get calls from IT on helping to set retention in systems and the process to ensure the right stuff is ID before it’s tossed. We had one group eliminate over $1M off their budget charges by cleaning out their team spaces over a 3 day period. It can work and be accepted by employees as the right thing to do. Perfect? Never. Mistakes? Sure, but worth the effort. Almost all of our backup tapes are rotated after 32 days.

If you have a corporate policy clearly stating annual use of the company retention schedule, then you have a compliance issue. I don't trust a company that blows off its policies or doesn't care enough about the cost impact of its products or services.
Report
Was this helpful? Yes No
Reply

This post and comment(s) reflect the personal perspectives of community members, and not necessarily those of their employers or of AIIM International

Blog email facebook linkedin Rss Twitter Youtube

Copyright © AIIM 2013 Privacy Policy