Records management is wanted – dead or alive

I attended the Information Governance and eDiscovery summit in London last week.

Two friends,  both  stalwarts of the records management world in the UK, separately came up to me and said ‘you know what I think Records management is dead now James’

Records management isn’t dead.  It is a contestable space at the heart of information governance.

In the e-Discovery stream of the summit there was no mention of any type of document management or records  system (whether that be an electronic records management system, or SharePoint).  This is because these systems are often not relevant to the preparation of lawsuits, where the lawyers go straight to the e-mail record and/or text messages to establish the chain of events and discussions pertinent to the case.

In effect organisations are operating two parallel spheres of recordkeeping.

  • the communications/correspondence sphere that consists mainly of their e-mail servers/e-mail archive,   but also any capture of instant messaging and/or text messages
  • the document sphere that consists of whatever combination of electronic records management (ERM) system/SharePoint/line of business system/fileshare applications they deploy

The key difference between the correspondence/communication sphere and the document sphere is that:

  • an e-mail server/archive can be set up to capture all the traffic going to and from a particular e-mail account on a particular server.  Similar arrangements can be set up for text messages on company devices and for instant messaging systems.
  • an organisation wide ERM system/SharePoint implementation captures only those documents/communications that an individual chooses to declare to that application.

The paradoxical relationship between the two spheres of recordkeeping

This split between e-mail servers/archives on the one hand and corporate ERM systems/SharePoint implementations on the other creates the following paradoxes:

  • Organisations fear the contents of their e-mail archive/servers but lack confidence in the completeness of their designated record repository (ERM/SharePoint etc.)
  • An implementation of an ERM system/SharePoint or similar has an advantage over an e-mail server/archive in that  the information in it poses a lower risk to the organisation.  Sensitive personal information is likely to be confined to predictable places within the system, and unguarded comments are less likely to find their way onto the system.      
  • an e-mail server/archive  is more effective than an ERM system/SharePoint in enabling an organisation to account for itself in difficult or controversial circumstances.  For example in situations such as litigation, investigation, or hostile freedom of information requests.   However an e-mail server/archive is not useful for non- contentious, day to day internal usage, because the undifferentiated presence of sensitive personal communications means we cannot allow colleagues to access/search each other’s email accounts.
  • An ERM system/SharePoint is good for non-contentious day to day internal usage but is weak in times of dispute, litigation and investigation.
  • Some organisations configure their e-mail server/archive so that it retains a copy of every message even after an individual has deleted that message from their e-mail client.   This best ensures they have have a complete record of e-mail correspondence and thus best supports accountability.  However it also means that they are more likely to hold unguarded, trivial and sensitive personal e-mails because the individual account holders will not be able to delete them
  • The weakness of corporate ERM systems/SharePoint  implementations is that they are incomplete.  They do not contain relevant documents or correspondence if the individuals who handled them lack the time, motivation and/or awareness to put them onto the system.
  • Organisations are operating two separate sets of governance arrangements for these spheres    Records managers might typically set  the retention rules for the ERM/SharePoint sphere.    IT managers and/or legal managers might set the rules for the retention of communications/correspondence stored in e-mail accounts and for instant messages and text messages.
  • Most records management retention schedules are written as though they are universal and format neutral.   They often make provision for relatively long retention periods for certain types of correspondence (ministerial correspondence, correspondence with regulators, correspondence with foreign powers etc.).   And yet these retention schedules are rarely applied to the e-mail accounts which hold most of that correspondence, and which are often deleted after a relatively short time period.   Note that NARA’s recently issued retention schedule for e-mail accounts of US Federal agencies is an exception to this rule (NARA, 2015)

The task of information governance

Information governance is often described as an umbrella term covering the separate disciplines of eDiscovery, records management, access to information and privacy.    

The inclusion of both eDiscovery and records management under this umbrella means that information governance spans both:

  • the communications/correspondence sphere (e-mail archives/servers and any other communications tools deployed)  AND
  • the document management sphere (ERM systems, SharePoint and other collaboration systems,  shared drives)

One of two things could happen here.

One possibility is that each of the component disciplines of information governance stay entirely separate.   Records management carries on asking people to move important correspondence to an ERM/SharePoint or whatever tool they designate as their main repository.   Lawyers perfect their eDiscovery/analytics tools which allow them (and only them) to search across the email server/archive and across all repositories in the organisation.

The other possibility is that information governance acts to influence these disciplines, to create synergies and to enable them to become more than the sum of their parts.  To an extent this is happening already as analytics tools honed on eDiscovery cases cross over into the records management space to enable organisations to apply disposition decisions to hitherto intractable repositories such as shared drives.

Information Governance should work towards becoming the arena in which the tensions and contradictions between accountability, risk, and privacy can be resolved or managed in relation to both the main correspondence system (which at the time of writing happens to be e-mail) and the main document management applications and repositories.

The task of records management

I would like to see records management use information governance to blur the  boundaries between the systems they designate as records systems, and the other repositories in the organisation including, but not limited to, e-mail servers/archives.    Lawyers use their eDiscovery tools to search across all repositories in the organisations.     As records managers we should be seeking to stretch their retention remit to cover all repositories.  We should be seeking to establish relationships between content held in whatever we designate as our main records repository and related content held on shared drives, in e-mail accounts etc.

Cutting through the e-mail paradoxes

Organisations would like to be in a position where they can dispense with the complete record of e-mail communications after as small a time interval as possible, and rely instead on the  filtered, lower risk records that exists in their document management sphere.   However the swift deletion of e-mails from their email server/archive adversely impacts their ability to account for their actions.

The irony is that external stakeholders/litigants/regulators/hostile FOI requesters are not  interested in trivial e-mails, and they are not interested in personal e-mails. External stakeholders would be happy for organisations to delete or redact them.

The problem is that organisations cannot currently defend or explain how they got from the complete correspondence record on the e-mail server/archive, to the filtered record on a corporate electronic records management system/SharePoint/shared drive.

Records management should work towards providing organisations with a defensible consistent, routine and transparent way of distinguishing trivial, sensitive and personal e-mails from typical business correspondence, with a view to enabling organisations to have a record of each individual’s business correspondence that is both filtered and comprehensive;  defensible and accessible; to which defensible retention rules can be applied, and which can be linked to related collections of documents and communications  held in other applications/repositories, including the designated records repository (ERM/SharePoint or similar).

References

NARA (2015),   GRS 6.1 Email Managed Under a Capstone Approach http://blogs.archives.gov/records-express/files/2015/04/FINAL-GRS-6.1-Review-Package-FR-Posting-03.30.15.pdf (accessed 19 May 2015)

Ravanbakhsh, Arian (2015) DRAFT Capstone GRS Available  http://blogs.archives.gov/records-express/2015/04/02/draft-capstone-grs-available/ (accesssed 20 May 2015)

10 thoughts on “Records management is wanted – dead or alive

  1. Thanks for another excellent post James and good to see you also at the Information and Records Management Society Conference! When chairing the panel on “Piecing Together the Content Management Jigsaw” yesterday afternoon, when I asked who saw email as a primary challenge next year I think everyone in the room put their hand up!

    I am wondering whether there is potentially a situation where:

    1. Users save important emails of a business narrative into a designated records repository in order to access the complete story of an activity, project, case, transaction etc. However, this is for business use rather than e-discovery, so users can focus on ‘saving’ off the relatively small number emails that contain important information or decisions relating to ensuring they have the narrative story.

    2. There is enforcement of having to make these decisions by removing emails from day-to-day access after a certain time frame (and by this I mean archive rather than delete, although routine deletion of the trivial should of course be encouraged).

    This approach is not without risks, dependent as it is on the user to identify which emails are records and to categorise them according to their content to ensure their appropriate management. It could lead to valuable messages / attachments being lost before they have been “filed”. However, there are of course many tools to help users, such as auto-classification or embedding EDRM folders into the email client.

    3. That a corporate “Compliance Archiving” solution is in place for ingestion and retention of email, instant message and other such content that can provide a single pane of glass view for e-discovery and other investigation purposes. Perhaps there is not a worry of keeping “too much” in the archive, as per the quotation from Ralph Losey in your recent post on An attorney advises clients against the routine deletion of e-mail: “The meaningless email of yesterday about lunch at a certain restaurant could well have a surprise value in the future. For instance, a time-line of what happened when, and to whom, is sometimes an important issue in litigation.”
    Whilst this archive would contain personal confidential information, perhaps from a privacy / data protection perspective this would be OK because the archive would be for specific compliance user and purposes access only.

    4. That a move away from email is encouraged by the adoption of social features, fully integrated with a designated records repository, to ensure “conversation” about a work activity is inherently classified and managed from the outset.

    1. Hi Reynold – thank you very much for this

      I think your approach would be an improvement on the current situation.

      On your first point you talk about the ‘the relatively small number of e-mails that contain important information’. I wonder whether the truth is that any correspondence between two parties consists of a relatively large number of e-mails that each contains a relatively small amount of important information. This is because e-mail has fragmented correspondence and we have changed from writing very considered memoranda to firing off quick e-mails.

      I also wonder what your approach would look like if you put point 3 first (capture a record of all correspondence ) and then worked out ways to tackle the privacy and sensitive risks so that parts of that record could be accessible and usable for reasons other than e-Discovery, and so that it links to related records in other repositories

  2. James, perhaps it would be interesting to consider the contrast between the attendance at the Information Governance and eDiscovery summit and the swiftly following IRMS Conference. Maybe I wasn’t looking closely enough but I would expect/love to see an overlap between the attendance because I think the IRMS conference would greatly benefit from some of the material/thinking presented at the eDiscovery summit.

    In short, records management needs to learn the skills and approaches being pioneered by ediscovery to answer lawsuits so that it can begin to deliver what you describe. The information professionals that ensure information is managed according to an organization’s needs and obligations should be adding these skills to their arsenal so that they can remove burden from users and protect and add value to their organization’s information asset. I’m deliberately not referring to records here because I find that term increasingly unhelpful and baggage laden.

    What should be cool about this is that if current records management types can take more from ediscovery-type methods they have the chance to transcend what is in danger of becoming a tired image. That doesn’t mean that records won’t be managed according to GARP principles (or other) – for me it should mean that vision, skills and thinking (and technology) can be grown so that what you describe becomes just part of their contribution and that they can add value beyond their more traditional sphere.

    In the US there is evidence that this is already happening. Maybe the UK is just that little bit behind or I’ve not encountered those people.

      1. Hi Reynold, hi Rich. Would it be possible to have a stream of the 2016 IRMS conference devoted to technologies and approaches influenced by the eDiscovery space?

      2. If i were being parochial I’d say ‘yes’ James. Personally, I think its a little too narrow with that definition. I’d love to pedal analytics and similar for obvious reasons but I think the track might be more of a ‘future info skills’ within which data science/analytics type aspects would play a part. For me I think this sort of discussion might really help to change up what I believe is a tired vibe (no offence meant) at IRMS Conference. I would especially like to see such sessions deliver something for delegates to take away. That way they leave conference potentially with real tools to apply when they get home. Note (by the way) that I don’t say ‘future RM skills’ because I think info skills is the broader more forward-looking scope.

        One other thing – it would be tempting to just focus on technology skills but I also think ideas like risk, process design/thinking, business analysis etc could also appear.

  3. Dear James, I do not succeed in taking the point of the two friends of yours: what they maintain does not mean that records management is dead; the fact that lawyers or whoever else try directly to browse e-mails or instant messaging repositories through a text research only shows: 1) that the attempt of creating just one and only one corporate environment to keep all of the records (or all of the information intended to give evidence of the activities: terminology is not an issue – I shall be dealing with this point later on) of an organisation has ended in a failure; 2) that the huge document flows and stacks found in an average organisation exceed the current capabilities of the staff to deal with them, and therefore the only feasible solution is to resort to text-based search by key words, irrespective of whether it may be effective or not.
    All that may demonstrate the inadequacy of the current records management strategies, but not the fact that “records management is dead”.
    The need of retrieving the information you need and being able to demonstrate the reliability and trustworthiness of that information is at the core of records management: it was so from the age of Uruk III in Mesopotamia (3200 BC) and will in 3000 AD.
    Of course, needs and strategies to meet them may change: sometimes you also need to change terminology: it is also possible that scope of the word “records” has become too narrow to describe what we want to achieve: some century ago “alchemy” has been renamed “chemistry” because this name was fitter for the description of how some objectives were to be pursued, but the core need did not change, because both yesterday and today mankind want to know substances and through this knowledge use them, modify them and benefit from their original or modified properties. This is not a problem: in my country, in Italy, I am not a “records manager”, I am an “archivista”; other times in the past and in other countries “records managers” were named “treasurers”, because “records” were perceived as an element of the treasure of an organisation or an authority; tomorrow we can change into “information managers” and after tomorrow into “data masters”: what matters, in my opinion, is that the need of finding the information you need and being sure that you can trust that information is intrinsic to human history, and therefore the most important thing is not terminology, but the strategies, methods and tools available to achieve this objective.

  4. E-mail is the dreaded evil… it emanates from Pandora’s Box and sadly, no one thought about a need to develop a means to effectively deal with it before they opened the seal. The problem has become even worse as time moves along, not only due to the ever increasing volumes, but as you mentioned, the manner in which organizations have chosen to ‘deal with it’… maintaining copies of all traffic, even though individual users (in some cases) are attempting to ‘weed out’ the non-records by deleting them locally.

    Sadly the “Capstone approach” and even MORE DRAFT GRS 6.1 from NARA only serves to muddy the water further. I commented to the AOTUS Blog regarding the Draft http://blogs.archives.gov/aotus/?p=6055 and pointed out some rather large discrepancies in the ‘guidance’ given. And it doesn’t take a highly critical eye to find many more holes. One of the largest holes is a failure to comprehend that much of the work done on behalf of Federal Agencies is done by outside contractors, within their own organizations, and on their own systems. While the GRS for other records (non-email, now that NARA has elected to consider e-mail a “record type”) clearly calls out the need for records of senior officials in similar capacities within Contractor organizations to be handled identical to those of their Federal counterparts, the same guidance DOES NOT apply to e-mail.

    Sadly, I feel few “do e-mail’ management right- excise the content that qualifies as a record, schedule it based on the value of its content, and then allow transitory information to remain in the native system, and auto delete it in 180, or whatever number suits you, days. Folders can be established for each user based on types of information they deal with (rule and role based) that have a retention schedule tied to them, and once an email is opened, it must be actioned- either dragged into a folder, or left in the native application. On send, the user must do the same. Anything left in the in-box or out-box will be discarded automatically after an assigned time frame. The content of folders with a set retention will be copied at day’s end into an EDRMS for retention; only copies will remain on the users desktop.

    I also agree with your description of the problems related to unstructured content- it’s left up to the decision of creators what gets ‘managed’ and how it’s done. However, some organizations have taken better control of this, developing systems that require all content to be managed at the time of creation, by generating a control system. This will catalog everything as generated and develop log entries when items are deleted, and it also controls versions and full revisions of items. And as we ‘speak’, people are busy developing workarounds to avoid complying with logic.

    I don’t feel records management is anywhere near dead… I see IG as another attempt to re-brand it and use an umbrella to bring other aspects of information management that began far after RM practices began, under the same roof. But if you look under the hood, the engine is STILL basic records management, with increased horsepower, fuel injection instead of carburetor, a forced-air intake and a few other bells and whistles.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s