You might think it’s easier to manage records now that we have the technology to streamline and simplify information storage—but records management is more challenging than it’s ever been. That’s because organizations are generating data faster than they can sort through and new applications like instant messaging and collaboration tools are giving rise to new formats and types of data. On top of that, the laws and regulations establishing various recordkeeping requirements are constantly changing.
Records management is important not only for operational business and compliance but also because it forms the very foundation of eDiscovery. Businesses across all industries can improve their eDiscovery processes by implementing strong records management practices and policies.
And the key to successful records management programs is the effective application of technology, from archiving software to legal hold automation tools.
In this post, we’ll discuss the basics of records management, including what it is, why it’s important, and what makes it so challenging. Next, we’ll look at five best practices for records management and retention. Finally, we’ll explain how solid records management programs can improve eDiscovery.
What is records management?
Records management (RM) is an organization’s system for creating, storing, and destroying its records, including electronic data. Strong RM requires consideration of a wide range of governance, risk, and compliance issues, in addition to day-to-day practical matters. Organizations often adopt a comprehensive document retention policy that sets out all of their records management processes and procedures.
Why is records management important?
Records management is vital to an organization’s ability to comply with legal and regulatory requirements. In addition to saving time and space, an effective RM system allows an organization to rein in potential liabilities and mitigate the risks of breaches associated with ever-growing amounts of data.
Certain types of personal or proprietary information are required by law to be securely stored for a specified amount of time or destroyed after a certain point.
An organization could face serious penalties for the loss or destruction of evidence if documents are destroyed in bad faith or in violation of the company’s document retention policy.
Records management is particularly important in the context of eDiscovery. The eDiscovery process requires organizations involved in litigation to identify, protect, and share relevant data quickly and thoroughly. Without a strong RM system, an organization might not be able to locate or preserve the relevant information on time, or at all—which could potentially give rise to sanctions for spoliation.
Common challenges of records management
Both the volume and complexity of data are constantly expanding. Organizations have to find cost-effective ways to manage seemingly endless amounts of data across numerous and diverse repositories. Organizations also struggle to ensure that data is accurately recorded and stored, well organized, and properly tracked. In addition, recordkeeping requirements frequently change at state and federal levels, and keeping up with those changes can be difficult and time-consuming.
Another issue is accessibility. A goal of any records management program should be to ensure that data is easily and quickly accessible, a determination that can depend on how the organization stores data and, whether that data is digitized, and whether its metadata is intact.
Even organizations that have excellent records management policies can have a hard time training individual employees at every level on those policies or convincing employees to diligently comply with them. This is especially true when changes to the law or updates in technology necessitate frequent updates to RM policy or processes.
5 best practices for records management and retention
Organizations can follow these five best practices to overcome the increasing number of challenges related to records management.
1. Form a records management team.
A records management team is a designated group of individuals who are responsible for ensuring that well-vetted RM policies are established and enforced. The team’s composition will vary depending on the size and nature of the organization, as well as the organization’s specific business objectives. However, ideally, the team should include senior executives, legal counsel, and representatives from information technology and human resources departments.
2. Develop a records retention schedule.
Any records management program should include a carefully developed retention schedule. The retention schedule should, at a minimum, address where each record will be stored, how long it must be retained, when it may or must be disposed of, and how it must be disposed of.
Before creating or updating a retention schedule, the organization’s RM team and legal counsel should work together to determine which laws and regulations apply and what exactly they require. Different rules might establish different requirements for the same record or group of records.
For example, Equal Employment Opportunity Commission (EEOC) regulations require employers to keep all personnel and employment records for one year unless an employee is involuntarily terminated, in which case records must be retained for one year from the date of termination.
In comparison, the Age Discrimination in Employment Act of 1967 (ADEA) requires employers to keep all payroll records for three years.
Because recordkeeping requirements are constantly changing and evolving, this assessment is not a one-and-done deal. An ongoing review of a schedule’s compliance with new and existing laws will be needed.
3. Select a secure location to store records.
Data security is like real estate: it’s all about location, location, location. Organizations will need to consider storage options that offer several layers of protection, whether that storage is offsite and accessible only by authorized personnel or stored through a cloud-based service. More and more organizations are turning to software-as-a-service (SaaS) models and cloud-based platforms. And for good reason: cloud infrastructures provide convenient scalability and flexible pay-as-you-go structures.
Records retention demands archiving data as well with dedicated archiving software. Standard data backups aren’t enough to safeguard records retention.
4. Educate and train employees about records management.
Organizations should educate their employees regarding the basics of records management, the specific types of records that they handle, and the organization’s RM policies. Again, since policies will change over time, employees should be advised or even re-trained anytime a policy is significantly updated. The most up-to-date policies should always be available on the organization’s website or otherwise accessible to employees.
5. Update policies to address modern workforce issues.
Remote workforces are here to stay, so organizations should review and update their records management policies to address any records retention issues that may be related to remote work. Policies should establish rules for handling records remotely on both work and personal devices and accounts to mitigate the risk of lost or damaged records.
RM policies should also address the potential that data in new formats will need to be filed and stored as part of the business’s records.
With collaboration tools and recorded chat features, videos, and webinars becoming the new normal in the workplace, organizations need to stay vigilant to ensure that these evolving data types comply with recordkeeping requirements in the same way that more traditional types of records must comply.
Better records management leads to better eDiscovery
Now, more than ever before, organizations must pay close attention to the way that electronic information is handled. As data continues to skyrocket in volume and change shape as a result of new and diverse data formats, the eDiscovery challenges facing organizations and their legal departments are also growing and shifting.
A solid records management (RM) program can be a major key to unlocking those challenges and reducing the potential costs and liabilities associated with eDiscovery.
At a high level, a RM program enables an organization to efficiently identify, collect, and handle relevant data under tight deadlines. Beyond that, diligent records management can improve eDiscovery in a number of ways. For example, a RM program should account for litigation holds and help the organization avoid harsh sanctions for spoliation of evidence. If data is destroyed pursuant to a records retention schedule before a preservation obligation attaches, a good RM policy can help an organization show that it acted in good faith.
With effective records management forming the foundation of your eDiscovery program, your organization will be better able to defend procedural eDiscovery challenges and focus on the merits of the case.
How technology improves records management
Technology can save an organization time, money, and resources by streamlining records management. For example, the ZyLAB ONE platform from IPRO simplifies the process of issuing legal holds and automates communications with custodians throughout the life of the hold. ZyLAB ONE also enables users to connect and work with live, in-place data so they can search, review, and analyze data in place prior to collection.
The ultimate goal of any records management program is to stay compliant with industry and local regulations and ensure that retained records will be both accessible and defensible. Achieving those goals sets an organization on the path to more efficient and effective eDiscovery processes. Learn how technology can improve both records management and eDiscovery by scheduling a demo with IPRO today.