A Records Retention Schedule is a TOOL that EMPOWERS organizations to GOVERN and DEFENSIBLY DISPOSE of their information.
Records retention is first and foremost about complying with laws and regulations. However, a retention schedule, when properly developed and utilized, is not simply a tool that tells you how long you must keep (or when to destroy) your records, it is a blueprint that provides powerful insight into the information lifecycle and knowledge management capabilities of your company as a whole. It saves you money on storage and helps shape the way you curate your information enterprise-wide.
Records retention is first and foremost about complying with laws and regulations. However, a retention schedule, when properly developed and utilized, is not simply a tool that tells you how long you must keep (or when to destroy) your records, it is a blueprint that provides powerful insight into the information lifecycle and knowledge management capabilities of your company as a whole. It saves you money on storage and helps shape the way you curate your information enterprise-wide.
OUR RETENTION SCHEDULES:
Serve as a primary tool for ensuring records compliance with federal, state, local laws, regulations and business requirements
Identify business continuity records
Document all records categories, records formats, systems of record, retention requirements and data classifications
Can be updated automatically and integrate with IT infrastructure
Reach out to us today to schedule a free consultation at 323-413-7432
7 Ways To Prepare Data In The Age Of Privacy and Information Governance
7 Tips for Data Preparation in the Age of Information Governance
Content may still be king, but now the rights to some of it may belong to the people! In response to the EU’s General Data Protection Requirement (GDPR) and recent stateside efforts to enshrine data protection including the California Consumer Privacy Act (CCPA), organizations are revisiting the efficacy of their Data and Information Governance (IG) programs. Laws and regulations vary by industry and company size but each intend to protect consumer’s personal data by prescribing technical and governance standards backed by stiff penalties for non-compliance.
Notably, while many companies are already familiar with records retention laws, these latest controls also introduce a duty to destroy data once no longer required for a legitimate business purpose. For entities that have grown accustomed to leveraging cheap digital storage, this new responsibility presents a number of logistical hurdles.
However, directives on how you may use your customer’s data or any other information you store doesn’t necessarily have to be burdensome. In fact, these new guardrails present numerous opportunities to implement better governance, monetize the lifecycle of information assets and foster trustworthy relationships that can actually enhance the customer experience.
These 7 tips can help prepare your data to support an IG strategy:
Automate Retention Schedules – Legal and compliance requirements are the cornerstones of corporate governance programs. Yet tracking the multitude of historical and emerging state, federal and international laws and regulations that affect your data decisions can be a monumental task that even the most robust law departments aren’t prepared for. Consider leveraging SaaS software to keep your Risk, Compliance and Legal staff current on the latest citation changes to these nuanced instructions. These tools empower you to defensibly destroy and cleanse costly data no longer useful to your organization.
Cover Your Assets – Satisfying new compliance requirements like GDPR and CCPA means it’s not enough to simply know what kinds of records you keep, you need to know what systems they’re kept in and how that data flows between them. That’s why Chief Data Officers and Enterprise Architects are increasingly embracing asset management tools that not only perform diagnostics on their application stack but allow them to inventory their attributes and map related processes that inform long-term strategic roadmap planning. Tools like these also help support application rationalization projects which in turn aid in classification and disposal of unneeded data.
Introduce Big Buckets – The biggest challenges with enforcing retention across an enterprise are “event triggers” that complicate how long sets of records must be retained. For example, an employee file might be held X years following a termination “event.” Big Bucket strategies allow you to simplify and group “like” records together to support more efficient destruction actions while assuming some risk. Work with your governance partners to determine reasonable standards for a Big Bucket policy and quantifying the acceptable amount of risk your company is willing to assume to achieve cost and efficiency benefits.
Enforce Legal Holds – Cleansing your data lakes and silos to save costs and minimize risk is an exercise in defensible destruction but requires awareness of outstanding legal holds. A company that spoliates evidence subject to a legal hold, even without malice, can be fined and suffer adverse inference litigation rulings resulting in unfavorable judgments. Additionally, healthy oversight of records under a preservation hold doesn’t just make good legal sense, it can also help better identify opportunities for even more defensible destruction, cost reduction and risk mitigation.
Activate File Analysis – The tricky thing about new laws like the CCPA is that they require companies to find and produce data for the consumer wherever it exists. That can be a cumbersome test for many entities that have hundreds or thousands of repositories. Luckily, advanced File Analysis tools can plug directly into your network and help quickly identify sensitive and personally identifiable information (PII). They can also help you deduplicate records and find redundant, obsolete and trivial data clogging your systems, also known as ROT. These tools produce a tangible ROI that management can point to as a prime example of why IG works.
Embrace Content Migrations – Unless you’ve only lived in one home your entire life, you’ve probably experienced the cathartic process of cleansing your old wares in preparation for a move. Bringing in a new content management system is not much different and it’s a unique opportunity to apply retention to your data, discard ROT and provide employees with more accurate knowledge resources.
Bake-in Best Practices – Information Governance is not a “one and done” proposition, it’s a rinse and repeat discipline that only works when management sees to it that organizational culture is along for the ride. These days a basic understanding about data handling is vital for every new hire. Concepts like records retention, data protection and privacy should be part of any overall corporate training plan.
By complementing policy frameworks and toolsets with the types of Information Governance approaches noted here we can better enable our workforce to hone their knowledge skills, achieve defensible destruction and improve audit outcomes. In effect, we are future proofing ourselves for a business world destined to face increased scrutiny and under siege from data breaches and privacy issues with seemingly no end in sight. IG is the bright light at the end of that tunnel.
Rafael Moscatel, CRM, IGP, is the Managing Director of Compliance and Privacy Partners, LLC. Reach him at 323-413-7432, follow him on Twitter at @rafael_moscatel or visit http://www.capp-llc.com to learn more.
Originally published in Document Media Magazine, July 2019.
Harnessing Analytical Insights and Illuminating the Physical Realm of Dark Data – An Interview with Markus Lindelow of Iron Mountain
Eighth in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.
Markus Lindelow leads the IG and Content Classification Practice Group at Iron Mountain, the world’s largest information management company, where he’s been pioneering breakthrough analytic techniques for over a decade. He holds a Master of Science degree in Computer Information Systems from Saint Edwards University and consults across a broad set of industries. I interviewed him in November to discuss his thoughts on the evolution of metadata, content classification, AI, and how organizations are using the new pillars of data science to break down their silos, help customers get lean and discover the hidden value in their big data sets.
Markus, you work with all kinds of companies to help them better understand and address the often incomplete metadata tied to some of their most valuable information assets in the form of historical paper records and materials retained over decades. In many cases, institutional memory has been completely lost and they’re struggling to figure out whether to dispose of these business records, balancing costs of over retention with risks of untimely destruction. How does your team leverage diagnostic, predictive and prescriptive analytics to make sense of what little data they might have to make informed decisions?
Our content classification process focuses on making the best use of the available metadata. This means classifying records with meaningful metadata as well as analyzing the classified inventory in order to create classification rules for records with little or no metadata. We have identified a number of attributes within the data that tend to correlate with classification conclusions. We assess the classified records associated with an attribute to create a profile that may inform a rule to classify the unclassified records sharing that same attribute…
If, for example, there are 100 cartons associated with pickup order XYZ, 90 of those cartons have been classified, and furthermore all 90 are classified to ABC100, can we create a rule to classify to ABC100 the 10 unclassified cartons belonging to pickup order XYZ? Clients may need to weigh the risk when applying this type of classification rule and the process may include a random sampling of cartons for physical inspection in order to verify the classification.
There’s usually a disconnect between the needs of information managers and legislatures which set retention periods for records. We see this in regulations where the granularity of both fixed and event based retention triggers complicates the practical management of records. Over the years, strategies like “big buckets” have attempted to lessen this challenge but even the best efforts are imperfect and carry their own risks. What can be done to better bridge the divide between the need for due diligence in retaining records and the business case for a more practical solution?
There are two pieces to the puzzle of records management: classification and retention. A records retention schedule needs to be straightforward enough to implement so that users can apply record codes to records. But the retention periods for the record classes need to be specific enough so that some types of records are not being over or under-retained because they are being grouped with other records…
Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.
Navigating The Global Digital Economy – An Interview with April Dmytrenko, CRM, FAI
Seventh in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.
April Dmytrenko, CRM, FAI is a recognized thought leader in the field of information management, governance, compliance, and protection. As both a practitioner and consultant, she works with global organizations on key initiatives and best practice approaches for the enterprise; developing sustainable solutions; integrating legally compliant programs focused on information/digital assets; motivating and facilitating multi-disciplined groups to collaborate on achievable goals; and building strategic partnerships with internal and external teams. She serves on industry action committees and governing and editorial boards, and is an active industry speaker, trainer, and author. I had the pleasure of sitting down with April this September to discuss privacy, the role of industry associations and key concerns for leaders navigating the global digital economy.
April, almost five years ago I asked what the next big frontier would be for those of us managing data, and more importantly where the jobs would be. You wisely predicted that privacy would be on the horizon. Well we now have a number of legislatures drafting regulations and CPO positions can’t seem to be filled quickly enough. Do you believe there is still time to enter this emerging field and make an impact?
Right now we are experiencing an amazing transformation of the business environment based on many things but particularly the evolution of technology and the global digital economy. It is indeed an exciting time but we are acutely “headline news” aware of the impacts of compromised data security and privacy, including financial impact on brand and reputation, litigation, and the overall burden and distraction on the business. The exponential growth rate of incidents of data theft, damage, loss or inadvertent disclosure continues to expand not only in frequency but scope, and complexity. While privacy concerns gained attention over 100 years ago, and became topical about 15 years ago, it is still truly in an infancy state. Privacy offers IG professionals a rich and important opportunity to expand their leadership or advisory role in maturing a unified approach to protection, compliance with laws and regulations, and incident response and recovery.
Courtesy ARMA International
In your role as a fellow of ARMA International, you’ve helped to connect organizations with practitioners who truly understand the discipline and benefits of Information Governance. How has this evolved over the years and what steps do you think organizations like ARMA and the ICRM need to keep taking to remain relevant?
This is a great question as the core IG professional organizations have been dealing with an identity crisis for some time, and still struggle to have a clear and concise “elevator speech” on mission and value. IG, while it has a wide breath, has many in the industry confused, and still is a term that does not universally resonate with senior management. These associations have tremendous value and passionate support but numbers speak volumes and membership and conference attendance have been decreasing for years. We are seeing the technology vendor market taking over a leadership role and may serve as the new defining force in setting direction and guiding the industry – self-serving yes but it could be what is needed going forward. I am not concerned about relevance as it will continue to be all about information and technology, and the management, protection and leveraging of information asset. While the role of a traditional Records Manager may not continue to be relevant, I don’t find it concerning – the relevance is in the work and it evolves…
Read the entire interview and more in my new book on leadership in the information age, Tomorrow’s Jobs Today.
Earlier this month, Farmers Insurance Group, Inc. was honored with the highest award for Records Management and Information Governance, “Excellence for an Organization,” by ARMA International. The award recognized the achievements that our organization has made in the implementation and enhancement of our Records and Information Governance program as defined by the Generally Accepted Recordkeeping Principles® and the ARMA Maturity Model®. ARMA announced the award in InfoPro Magazine and at the ARMA Live Conference in Orlando.
ARMA received the following nomination from April Dmytrenko, CRM, FAI, for the Member Spotlight:
Meet Rafael Moscatel, IGP, CRM
Rafael Moscatel is a Certified Records Manager (CRM) and Information Governance Professional (IGP) with more than 20 years of experience implementing world-class records retention, data governance, and compliance programs for large enterprises. He designed process transformations, led team-building efforts, and spearheaded change management initiatives in a variety of complex and highly regulated industries. His expertise includes developing document management strategies, decommissioning legacy systems, performing risk assessments, and performing audit remediation.
Rafael truly understands his field and specifically IG and technology. He was instrumental in rolling out the enterprise-wide program at Paramount Pictures. Now he is working for Farmers Group, where he has established an outstanding IG framework from which to continue to support an effective program. He is proactive, strategic, and not only a talented RIM professional but an excellent business professional. He develops outstanding collaborative relationships, understands the value of senior management support and involving the business units, and is a strategic risk taker.
Moscatel lives and works in Los Angeles. He serves as the director of information governance for Farmers Group, Inc. He has been an ARMA member for 12 years.
As you can tell, Rafael is a great fit for the Member Spotlight, an honor meant to recognize members’ involvement within the profession and the association. If you would like to network with him, you can contact him through LinkedIn www.linkedin.com/in/rafaelmoscatel or at rafaelmoscatelcrm.wordpress.com
Please join me and some of my esteemed colleagues at the Annual ARMA-GLA Spring conference taking place this April at the Microsoft Technology Center in Playa Vista on April 15th, 2016!
DETAILS:
REGISTRATION CUT OFF: April 8, 2016 CANCELLATION POLICY: Full Refund if Canceled before April 8. $50 cancellation fee if cancelled after April 8. TRANSFER POLICY: Registrations are transferrable anytime PRIOR to the event. Attendance can not be SPLIT. One attendee per admission only. Please contact Event Organizer for transfer requests. LOCATION:
The Microsoft Technology Center
The extent to which any organization can reduce its dependency on paper is largely determined by laws and the industry regulations it faces, the technology available to it and how well its leaders manage change, internally as well as for customers.
Here are some thoughts on how to begin solving the paper problem around your office:
Understand the affordances of paper –One of the most thorough examinations of the issue of paper and its role in our lives and workplaces came in 2002 when MIT press published The Myth of the Paperless Office. The book’s findings make a case for the “affordances of paper” and stress that to reduce paper production and consumption we must understand the underlying habits and processes driving how our clients and colleagues work.
Attorneys for example often require a contextual or “case at a glance” perspective that a chronological or issue focused file offers… a “story telling” approach to presenting information which can’t always be matched even with the best software. Similarly, auditors or project managers will often work with and create aggregated records which serve a specific purpose for which imaging might be overkill or too costly. And contrary to popular belief, there still exist quite a few scenarios where it remains more affordable, practical and efficient to even store information in paper form. Conversion costs and risks required to maintain the digital lifecycle of infrequently referenced documents and avoid bitrot* can often exceed those associated with retaining the same materials in paper form.
Make the right policy changes with executive level support –Every Records or Information Governance policy initiative or project your business undertakes should have senior level executive support and reflect the best practices within your industry.
Here are some policy and procedural ideas to consider that can act as catalysts for change.
Get a Retention Policy / Schedule, implement it and regularly enforce it -A Retention Schedule (often in line with a data map) is the most effective tool for properly managing records and information and its necessity cannot be understated. It not only protects an organization and keeps paper and electronic storage costs low, it gives executives a tool for understanding and navigating the massive network of silos and records their businesses create.
Institute an E-signature Policy for all contracts under a specified financial threshold
De-duplicate emails and all other electronic content repositories systematically
Identify where duplicates are created, determine why and what can be done to prevent them going forward
