Prior to the COVID-19 pandemic and the sudden launch of the working world into remote operators, the world of information governance had already reached a sleepy wake-up point. Concern had been growing and the drumbeat warnings regarding privacy and information security were being heard. Corporations are continuing to install chief information governance officers, information governance steering committees, data privacy officers, and information security departments. This is in response to legal department concerns, law and regulations, concern about exposure to bad press, and other worst-case scenarios. Other entities are hiring external experts to help set up the framework for a new or improved information and records management program. Despite these signs of progress, and even in the most perceptive firms, the general business world has not reached maturity in the way it treats data and information. In these unpredictable times, access to information has never been more important, nor has the protection of it.
Corporate professionals have been listening to their colleagues in Information Technology and Records Management departments about concerns over the excessive amount of information in physical and electronic formats and the security and management of both formats over time. There are examples of firms and corporations which have invested in the infrastructure of policy and practice to define what data and information will be accessible, at what levels, and for how long. Policies and training have added to employee understanding of responsibilities in the use of corporate information.
Another growing concern has been what to do with the actual information as it is stored, in whatever format. Some questions arise regularly in the absence of guidance:
- Is it acceptable/risky/encouraged/required to keep company information in several locations to avoid data loss?
- Is it okay to keep the paper copy, plus an electronic version?
- Who is managing the coordination of all this information?
- Is there any consistency to the treatment of the information as it ages?
The worst possible action to take would be inconsistent and intermittent destruction which could be interpreted negatively by a judicial court or the court of public opinion. Examples of improper actions include:
- An attempt to cover-up internal governance or financial issues
- Spoliation of information regarding a particular matter which may be subject to litigation
- Destruction of information which might negatively impact the firm or client
- Destruction of any information which, if released, would lead to the loss of faith in the company and color its reputation
There are organizations that are ahead of the pack in defensible disposition. For these, the infrastructure to defend the destruction of records and information is in place and include:
- Professional oversight of the information lifecycle
- Approved policies
- Records retention schedules
- Firm-wide training
- Commitment to consistent implementation
Defensible destruction begins by putting the pieces in place to define, support, and defend the organization’s decisions in the treatment of information at the end of the information lifecycle.
There are consultants in your area who are available and who specialize in these skills.
Related Posts
Data Breaches Are All Around Us It seems like every day we hear [...]
Can You Safeguard What You Don’t Directly Control? Navigating a work-from-anywhere (WFA) environment [...]
Information Governance Requires Defensible Destruction Part 1-Implementing Policies-The Hows and Whys Corporate workplaces [...]