Two conflicting definitions of a ‘record’ in use in organisations today

Organisations today are using two conflicting working definitions of a record. Neither definition is adequate on its own (which is why the two conflicting definitions co-exist with each other!).

The first of the two working definitions states that ‘records’ are those documents/communications that are needed as evidence of a piece of work. This definition comes from records management theory. Records management practice aims to capture these documents in a file/ records folder dedicated to each particular piece of work. The file/ records folder exists in a records system, which could be anything from a shared network drive, to a SharePoint team site, an electronic records management system, a line of business document management system, or a traditional filing cabinet.

Traditionally records management practice aims to ensure that the file/ records folder is the only information about a piece of work that survives over time. This translates into advice to colleagues on handling documents and e-mails such as ‘if it is important put it on the file, it if it isn’t important get rid of it ‘

If a team is confident that the file/records folder tells the whole story of the piece of work, then they can be confident in disposing of all information about that work lying outside of the file. The converse is also true – if you have not got confidence that the files in your records system(s) serves as a sufficient story of your organisation’s activities, then you are not going to be confident that you can delete material from other information stores such as e-mail in-boxes, and shared drives.

However for most pieces of work in an organisation ‘the file’ in a designated record system can no longer be regarded as the single source of evidence on that piece of work. This is down to two factors:

  • it is highly likely that other pieces of evidence about that piece of work persist outside of the file, and that these pieces of evidence are findable or discoverable
  • it is highly unlikely that each colleague has placed all significant documents/communications arising from that piece of work onto the file

I am struggling to think of a single organisation I have worked with that routinely delete e-mails after a period of months, or routinely deletes material on shared drives that is a year or two years old – they simply have not got enough confidence in their ‘records’ to risk losing important material like that.

The second working definition defines ‘records’ as being any information, in whatever form, that is held by that organisation. In other words any piece of information that exists anywhere: on the organisations network, in its filing cabinets, on people’s desktops, in desk drawers. This definition stems from the legal obligations placed on organisations. These obligations vary from jurisdiction to jurisdiction, but include data protection, freedom of information, and e-discovery. Such obligations make no distinction between those documents/communicaions that an organisation intended to keep as records, and those that have accidentally survived.

This definition is not adequate from a practical point of view either. When an organisation receives a data protection subject access request, or a freedom of information request or an e-discovery demand, they have to pull out all the stops and trawl their network. They might ask swathes of the organisation to go through their e-mail and unearth any messages regarding that matter. They might do searches of shared drives and document management systems. They unearth a pile or a mountain of material, that they then spend days or weeks sifting through. That is a massive pain, that an organisation is willing to put up with because that is the law that they are working under. But this approach would be overkill for most internal uses of record, such as the following scenarios

  • You have taken over the management of a contract that has run into problems. You want to understand what has been agreed and discussed with the contractor up to this point.
  • You have been asked to revise the service level agreement you offer to your customers. You want to understand the thinking behind the clauses in the current agreement. You want to read the discussions/correspondence that took place the last time the SLA was drafted
  • A budgeted cost has changed between different versions of a business plan and you are trying to understand why

In each of the above scenarios you would be hoping that the colleagues involved in those pieces of work had kept a good file/records folder of that work, in which they had brought together all the relevant documents/communications relating to the work.

The dilemma for organisations is that they are caught between a rock and a hard place. They are not able to maintain good files across all areas of work. The concept of a file/records folder feels like an old-fashioned concept, a legacy from the hard-copy world of decades gone by. And yet organisations still need some means of relating together the records (however defined!) of a piece of work and managing them over time.

If the file/records folder was invented today, from scratch, with no history or legacy, what features would it have?

Advertisements

8 thoughts on “Two conflicting definitions of a ‘record’ in use in organisations today

  1. Hello James,

    I suppose I tend towards the second definition of the record – a ‘record’ is recorded information. Indeed, there does not even have to be agency or intent: when we use terms such as ‘the geological record’, we are not merely dealing in metaphor. Any attempts to constrain and limit the meaning are tied to specific contexts and perspectives, and therefore liable both to challenge and contestation and to change over time. But you are entirely right that this leads to overkill in practice.

    So a fresh definition of file / records folder? I think the ‘file’ would have to be a dynamic entity, brought together and configured anew for each purpose the ‘documents’ it virtually contains are required for. Which would, of course, require proper metadata to identify the relevant documents in the first place – tagging is a possibility (using mutually agreed or even centrally imposed terms for consistency. The file or folder would then be the result of a query, and for audit/record purposes could be saved as the representation called up for that specific query. A wholly ground-up approach (which I do not think is really possible) would result in a file ‘plan’ that consisted of the aggregate of the various instantiations, subjected to auto-classification of some sort to identify classes, categories and linkages.

    This is all very roughly sketched out, but hopefully makes some sense. I’d be interested to learn how you would approach it …

    Regards,

    Rachel.

    1. I agree with you Rachel that we may be seeing a weakening of the link between ‘the record’ on the one hand and ‘the intention to leave behind a record’ on the other. But I hope we don’t lose the link entirely, because if we lose intention don’t we also lose meaning?

      Some commentators are already saying that we can no longer expect colleagues to ‘declare’ information (e-mails, documents etc.) to be records. The volume of information people create/receive is too great, the diversity of tools/applications that they work in is too great.

      We could imagine the future replacement of the file to be pathways that enables the searcher to navigate to and through the information residue of that piece of work.

      Imagine if we kept everything. Imagine if we could have the equivalent of the ‘playback’ function in Google Wave, extended across different applications. You don’t just see what the individuals carrying out the work intended for you to see, you see how they actually communicated. The Google Wave playback function is like watching speeded up CCTV footage. It captures everything that goes on in that Wave, regardless of the intention of those involved in it. Its like pointing a CCTV camera at people working, they have no need to declare anything as a record, the CCTV camera/playback function captures everything. And it even has one of the attributes of the file- it is a narrative, a story with a beginning, middle and end.

      I don’t think it will go that far. Even if Moore’s law on storage solved the retention problem (by keeping everything), and even if search and tagging solved the classification problem, how would we solve the access problem? How would we solve the problem that we want different pieces of information to be concealed to different colleagues/stakeholders, and that those sensitivities change over time? Doesn’t that require human intervention?

  2. Thank you, James, this is really thought-provoking. I’ve tried in the past to suggest that the things outside what in the civil service is called the “official record” are “ephemeral records. And the Scottish Government is attempting to introduce an email deletion policy where email not stored in our formal record is deleted automatically at 3 months (I believe Cabinet Office also did this at some time – how successfully I don’t know).

    But I think your point is quite right: that it is not simply two types or categories of record, but two (or perhaps more?) actual definitions of what is “the record”, and these definitions come into play in different contexts and at different stages of the business lifecycle. And the management required for each – in terms of access, retention, etc – is different, and sometimes in contradiction.

    Part of me does still believe that if we could establish clear (and relatively short) retention periods for email and docs not stored in our corporate records repository then we would at least have limited the timescale in which these contradictions bite. But of course establishing what is reasonable as a retention period for “ephemeral” records is itself a hugely difficult take: and making people comfortable with losing all that extra content and flavour which may have value beyond the simple “corporate record” is also, as we are discovering, not easy.

    1. Hi Ben,
      Several years ago I heard that the National Archives(TNA) operated a policy of deleting all e-mails not saved to their EDRMS after 6 months. The thing that the Scottish Government and the TNA have in common is that you both have an EDRMS rolled out across your whole organisation. Not many organisations are in that happy position!

      It is hard for those organisations that do not have a comprehensive EDRMS to impose a blanket e-mail deletion policy, because they need to provide staff with an alternative place to store the e-mails.

      The shared drives are a parallel problem to e-mail – not many organisations have managed to switch them off entirely – and they contain the same cocktail of ephemera, high value documents, and stuff that could be toxic. I don’t know many places that have put automatic deletion periods on their shared drive – is it something that you have thought about at the Scottish Governmnent?

      1. Shared drives: it was part of the original EDRMS rollout project to switch them off… and some were. But we’re still struggling to shut the rest down – five years on!

      2. Oh, and I don’t think an EDRMS necessarily solves the problem you describe. Many emails/docs need to be kept for some (variable) time, but not as part of “the corporate record”. Does one want them cluttering up the record, making the story hard to distinguish? Or does one arbitrarily decide that they should live no longer than 3 months, irrespective of business need? Neither is satisfactory.

      3. The trouble is that we are asking our records folders in our EDRMS systems to fulfill all the same functions that a hard copy file did in the old days before e-mail.

        We want records folders to be able to be ‘read’ as a the narrative of a piece of work (so we don’t want them cluttered with too many e-mails). But we also want them to act as the container that protects all the documents and communications from that piece of work that we want to persist over time (so we do want all the e-mails that matter to be saved to the file).

        Maybe we can’t have it both ways!

      4. Are we not mixing a couple of things here; the need to capture all e-mail/communications (albeit for a short time) and the need to capture evidence of business transactions and other important records that happen to be using e-mail as a medium?
        Centralized e-mail capture and auto deletion is supported by e-mail journalling type solutions. Published policy on this provides a window of opportunity for staff within the organization to make decisions about the value of the e-mail that they send or receive and “file” the important stuff in the right place (ideally in an EDRMS that supports genuine e-mail management which captures all the metadata transmitted with the message). The advantage of internal e-mail being you’d have 2 sets of eyes (at least) making those decisions.
        This leads back to the earlier discussion; where is the line in the sand between good records management and good record keeping? As records managers we provide policy and process that enable an organization to manage risk associated with information, after the fact – i.e. we can have little influence over the quality of information produced; but we can point out obligation of what needs to be kept. Traditionally registries would fulfill a filtering role in reducing duplication and archival selection would look at the narrative qualities to determine historical/social value. The decision as to what is important or evidence is down to the person who knows the record (creator/receiver); enabling point of creation management is a records manager’s concern, using it appropriately is surely still the responsibility of the business as a whole. Balancing what has to be kept to meet legal/regulatory/historical/business requirement against risk/cost is ours (as a client once said “every line in this schedule costs me money”); duty of care and ability to understand what is important are things we put into policy (and ideally enforce) but are the responsibility of the individual. I’d be interested to hear from those involved in information quality as to how they enforce this – is this not the role of an auditor?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s