There is no such thing as the perfect policy for managing enterprise records.
Many people believe there should just be a perfect template on the web and everyone should download it, fill in the blanks and adopt it.
However, the truth is there is sharp disagreement among experts as to what is the correct policy. This disagreement shows that a “best practice” does not exist in virtually any industry.
Firms Are Diverse
Enterprises are different. Some are government agencies; others are non-profits; others are for-profit corporations. Some are large; some are smaller. Some are highly-regulated; some are not.
Different organizations have different cultures and are subject to different laws and different litigation profiles. One size does not fit all. In fact, one size does not even fit many!
Adopt a Good Process
Thus, in my experience, instead of striving to adopt a perfect policy, an enterprise (a firm) should strive to establish and maintain a good, orderly process.
A good process involves taking input from all of the relevant stakeholders in the firm. The “stakeholders” are advisors and leaders in the firm who have needs, responsibility and knowledge in regards to records management.
In my experience the stakeholders will have different points of view.
Stakeholders, such as the legal department, the IT department and the risk management department, will each come with their own vision on which records should be retained for how long.
A good process for development of records policy will involve these stakeholders analyzing the particular problems (law, technology, risk, operational need, cost and so on) and then collaboratively making decisions.
A good process involves taking these different points of view from the stakeholders and then coming up with compromises.
What Does the Law Say?
Laws requiring record retention are numerous . . . very numerous. They are often vague, and they change from time to time. In light of all the many laws that may apply to your enterprise, as well as other risks involved in the retention of destruction of records, it is inevitable that your well-informed stakeholders will hold different opinions about what records should be kept and what should be destroyed.
Some professionals prefer destroying records quickly, on the idea that those records could be used against the enterprise in litigation. But other, equally-knowledgeable professionals argue that records are good for an enterprise . . . that they are an asset that can enable the enterprise to enforce its rights and protect itself from allegations of wrongdoing.
Similar Firms Can Adopt Very Different Policies
In my experience two well-managed firms can be in the same industry and the same geographic location and still hold vastly different visions on what records they should keep and how long to keep them. These two very similar firms may adopt dramatically different policies on record retention and destruction.
Neither firm is more right or wrong than the other. They can each follow a good process for crafting policy and simply end with a different result.
BYOD Needs a Good Process Too
My suggestion here for focusing on the adoption of a good process applies just as much to bring-your-own-device (BYOD) policy as it does to records management policy.
A Never-Ending Process
A good process is a continuous process, which never ends.
After adopting a policy, the enterprise is wise to review and update it on a periodic basis. Technology and laws and perspectives change constantly. Policies often need to change with them.
To schedule a free 20 minute email policy consultation, Contact Us.