Corporations often have written policies and retention schedules for managing records but they are not enforced consistently. As a result, companies are incurring millions of dollars in unnecessary fines and settlements. They cannot find the records they need, or, records that should have been destroyed are still available, which then have to be expensively produced. Even worse, records were modified after notice of litigation was received (or should have been expected) and the court rules “adverse inference.”
What is the State of Your Records Management?
If this describes your data and records management situation, you could be on a crash course for compliance issues. The longer this problem festers, the greater the likelihood of an adverse effect on business. If you aren’t deleting data that falls under the umbrella of the law–you could face fines and/or compliance violations. At the same time, deleting the wrong information can hurt business operations and potentially alienate your clients.
Additionally, according to AMI, organizations that have moved to making the employee more responsible and accountable for information management versus treating records as a business asset. Here are some best practices:
- Make 19 copies of each document
- Spend $20 in labor to file each document
- Spend $120 in labor searching for each misfiled document (executive and admin time)
- Lose 1 out of every 20 documents
- Spend 25 hours recreating each lost document
- Spend 400 hours per year searching for lost files
- Spend $26,000 per GB in legal review of responsive material; the average collection of documents for review is 100 GB!
Gain Control Before You Lose Control:
Gaining control back over organization records from the employee is difficult and the effort is often relegated to the back burner or simply abandoned. Employees have been known to make copies of records which have met disposition requirements “just in case,” to make convenience copies because the system of record is slow, or attach to an email because it’s easier than creating a link to the system of record.
The need for the organization to gain control was brought to the front burner with GDPR, and now CCPA. The organization is held accountable for finding and removing personally identifiable information from all repositories, not just systems of record. The tools for finding duplicates and near-duplicates have existed for years but the tools to address on-going copying and saving are fairly new to the medium to small business enterprise. New laws were put into place in January of 2020, and enforcement began on July 1, 2020.
The Consequences of Ignoring CCPA:
Any company in California that generates at least $25 million in annual revenue is subject to CCPA regulations. Additionally, ANY company that has collected personal data for more than 50,000 individuals also must comply to these laws. After their first notice of a violation, a company has 30 days to reach the desired compliance level or could face a fine of $7,500 per record.
There are also other caveats such as making it mandatory that a company clearly lists an “opt-out” option for consumers to elect if they would no longer like their information collected and distributed. This must be clearly visible on the company website. Failure to list this could result in a lawsuit, as stated by the new CCPA regulations.
Consumers are now able to ask companies what information they have collected on them, and if that company cannot provide a clear summary of that data collection, the consumer can also file a complaint.
How RPA can help:
Robotic processes can be set up to check email attachments for record value against the retention schedule. They can also be set up to check for duplicates on an ongoing basis and notify the drive’s owner that the record has been moved to the System of Record. The problem of record chaos can be fixed, repeat offenders identified and compliance levels reported. Removal of PII can be confidently confirmed. Compliance with the retention schedule can also be confirmed.
And, it’s much cheaper than paying an attorney to review 100 GB of duplicate and near-duplicate records in responsive document discovery!