I attended the Information Governance and eDiscovery summit in London last week.
Two friends, both stalwarts of the records management world in the UK, separately came up to me and said ‘you know what I think Records management is dead now James’
Records management isn’t dead. It is a contestable space at the heart of information governance.
In the e-Discovery stream of the summit there was no mention of any type of document management or records system (whether that be an electronic records management system, or SharePoint). This is because these systems are often not relevant to the preparation of lawsuits, where the lawyers go straight to the e-mail record and/or text messages to establish the chain of events and discussions pertinent to the case.
In effect organisations are operating two parallel spheres of recordkeeping.
- the communications/correspondence sphere that consists mainly of their e-mail servers/e-mail archive, but also any capture of instant messaging and/or text messages
- the document sphere that consists of whatever combination of electronic records management (ERM) system/SharePoint/line of business system/fileshare applications they deploy
The key difference between the correspondence/communication sphere and the document sphere is that:
- an e-mail server/archive can be set up to capture all the traffic going to and from a particular e-mail account on a particular server. Similar arrangements can be set up for text messages on company devices and for instant messaging systems.
- an organisation wide ERM system/SharePoint implementation captures only those documents/communications that an individual chooses to declare to that application.
The paradoxical relationship between the two spheres of recordkeeping
This split between e-mail servers/archives on the one hand and corporate ERM systems/SharePoint implementations on the other creates the following paradoxes:
- Organisations fear the contents of their e-mail archive/servers but lack confidence in the completeness of their designated record repository (ERM/SharePoint etc.)
- An implementation of an ERM system/SharePoint or similar has an advantage over an e-mail server/archive in that the information in it poses a lower risk to the organisation. Sensitive personal information is likely to be confined to predictable places within the system, and unguarded comments are less likely to find their way onto the system.
- an e-mail server/archive is more effective than an ERM system/SharePoint in enabling an organisation to account for itself in difficult or controversial circumstances. For example in situations such as litigation, investigation, or hostile freedom of information requests. However an e-mail server/archive is not useful for non- contentious, day to day internal usage, because the undifferentiated presence of sensitive personal communications means we cannot allow colleagues to access/search each other’s email accounts.
- An ERM system/SharePoint is good for non-contentious day to day internal usage but is weak in times of dispute, litigation and investigation.
- Some organisations configure their e-mail server/archive so that it retains a copy of every message even after an individual has deleted that message from their e-mail client. This best ensures they have have a complete record of e-mail correspondence and thus best supports accountability. However it also means that they are more likely to hold unguarded, trivial and sensitive personal e-mails because the individual account holders will not be able to delete them
- The weakness of corporate ERM systems/SharePoint implementations is that they are incomplete. They do not contain relevant documents or correspondence if the individuals who handled them lack the time, motivation and/or awareness to put them onto the system.
- Organisations are operating two separate sets of governance arrangements for these spheres Records managers might typically set the retention rules for the ERM/SharePoint sphere. IT managers and/or legal managers might set the rules for the retention of communications/correspondence stored in e-mail accounts and for instant messages and text messages.
- Most records management retention schedules are written as though they are universal and format neutral. They often make provision for relatively long retention periods for certain types of correspondence (ministerial correspondence, correspondence with regulators, correspondence with foreign powers etc.). And yet these retention schedules are rarely applied to the e-mail accounts which hold most of that correspondence, and which are often deleted after a relatively short time period. Note that NARA’s recently issued retention schedule for e-mail accounts of US Federal agencies is an exception to this rule (NARA, 2015)
The task of information governance
Information governance is often described as an umbrella term covering the separate disciplines of eDiscovery, records management, access to information and privacy.
The inclusion of both eDiscovery and records management under this umbrella means that information governance spans both:
- the communications/correspondence sphere (e-mail archives/servers and any other communications tools deployed) AND
- the document management sphere (ERM systems, SharePoint and other collaboration systems, shared drives)
One of two things could happen here.
One possibility is that each of the component disciplines of information governance stay entirely separate. Records management carries on asking people to move important correspondence to an ERM/SharePoint or whatever tool they designate as their main repository. Lawyers perfect their eDiscovery/analytics tools which allow them (and only them) to search across the email server/archive and across all repositories in the organisation.
The other possibility is that information governance acts to influence these disciplines, to create synergies and to enable them to become more than the sum of their parts. To an extent this is happening already as analytics tools honed on eDiscovery cases cross over into the records management space to enable organisations to apply disposition decisions to hitherto intractable repositories such as shared drives.
Information Governance should work towards becoming the arena in which the tensions and contradictions between accountability, risk, and privacy can be resolved or managed in relation to both the main correspondence system (which at the time of writing happens to be e-mail) and the main document management applications and repositories.
The task of records management
I would like to see records management use information governance to blur the boundaries between the systems they designate as records systems, and the other repositories in the organisation including, but not limited to, e-mail servers/archives. Lawyers use their eDiscovery tools to search across all repositories in the organisations. As records managers we should be seeking to stretch their retention remit to cover all repositories. We should be seeking to establish relationships between content held in whatever we designate as our main records repository and related content held on shared drives, in e-mail accounts etc.
Cutting through the e-mail paradoxes
Organisations would like to be in a position where they can dispense with the complete record of e-mail communications after as small a time interval as possible, and rely instead on the filtered, lower risk records that exists in their document management sphere. However the swift deletion of e-mails from their email server/archive adversely impacts their ability to account for their actions.
The irony is that external stakeholders/litigants/regulators/hostile FOI requesters are not interested in trivial e-mails, and they are not interested in personal e-mails. External stakeholders would be happy for organisations to delete or redact them.
The problem is that organisations cannot currently defend or explain how they got from the complete correspondence record on the e-mail server/archive, to the filtered record on a corporate electronic records management system/SharePoint/shared drive.
Records management should work towards providing organisations with a defensible consistent, routine and transparent way of distinguishing trivial, sensitive and personal e-mails from typical business correspondence, with a view to enabling organisations to have a record of each individual’s business correspondence that is both filtered and comprehensive; defensible and accessible; to which defensible retention rules can be applied, and which can be linked to related collections of documents and communications held in other applications/repositories, including the designated records repository (ERM/SharePoint or similar).
References
NARA (2015), GRS 6.1 Email Managed Under a Capstone Approach http://blogs.archives.gov/records-express/files/2015/04/FINAL-GRS-6.1-Review-Package-FR-Posting-03.30.15.pdf (accessed 19 May 2015)
Ravanbakhsh, Arian (2015) DRAFT Capstone GRS Available http://blogs.archives.gov/records-express/2015/04/02/draft-capstone-grs-available/ (accesssed 20 May 2015)