The basic components of a records and information management program are:
1. documented procedures
2. consistent, standard business practices
3. people, overseen by RIM-educated managers and executives
4. the proper use of technology to protect, capture and manage information across its life cycle, including disposition holds for litigation and/or audit
5. Meaningful metrics to show that #1, #2, and #4 were actually used by #3.
IRL: Poor practices, bad behavior and inadequately trained employees continue to invite an unwanted spotlight on organizations who fail to take document and records management seriously as a part of day to day business practices. Inevitably, the offenders see RIM as something that only happens when a subpoena or audit request is received, or, the organization is undergoing some other change. With each scandal that makes the news, the trust we have in institutions, companies and the people who run them erodes a little bit more.
Real Life Examples:
1. Vital records stored in leaky, vermin-infested shipping containers
2. Business documents with PII downloaded onto personal computers
3. Automated email deletion based on mailbox size, not business value
4. Disposition hold on an entire mailbox, not on the specific case/matter or audit subject
5. Records Retention Policy: “Employees shall use common sense in the retention of records.”
6. Applications thrown in the trash or unsecured burn bin
7. Key to “secure” fileroom hanging by the fileroom door
8. Using public wifi
As regulators, enforcers, legislators and essential service providers, public sector organizations especially need to be information management leaders by example -- by doing the right thing, not the expedient thing.