Records Management and Social Justice

Despres
George Despres
University Records Manager, Brandeis University

(The content in this blog reflects the opinions of the author, and not of Brandeis University.)

 

Brandeis University upholds social justice as a core value, reiterated by our president, Fred Lawrence: “Today, as always, the campus community remains devoted to the concept of social justice, a legacy we inherited from the namesake of this university, U.S. Supreme Court Justice Louis D. Brandeis, who stood for the rights of individuals.” The University’s curriculum, programs, culture, and partnerships clearly reflect this commitment.

When staring at the list of GARP/“The Principles” (or whatever you want to call them) back in the spring, it struck me that our professional principles are not just guidelines for protecting our institutions, but are, more significantly, in the spirit of social justice. As will be shown, this is not a sappy or maudlin reflection on records management. And it’s not merely rhetorical. It’s a fact that can get buried in the day-to-day thrusts of what we do. This may be obvious, old news to most RMs, but it still warrants deliberate and periodic reflection.

As I’ve referenced earlier, we can’t read through the news without stumbling upon a records mismanagement story or several – every day. These stories reflect everything from ignorance and negligence to malicious obstruction and criminal activity. The principles are interrelated, and a single injustice or bad act can cut across and against several of them. We can briefly walk through the principles and show how they counter irresponsible and evil record-related activities that adversely impact social justice. It’s all about “doing the right thing” by our records.

Accountability

The Enron/Arthur Andersen episode exploded public awareness and sensitivity to record-based corruption. “Cook the books” is a mainstay in our vocabulary. Accountability of senior executives, in particular, has created an opportunity space for RIM people to win over conscientious decision-makers who sleep less well at night due to records-related risks and villainous headline news. I’m aware of institutions with senior execs who treat RM like a hot potato – nobody wants to take ownership of it.  Corporate culture run amok, bad values ($ first) replacing good ones (high quality product delivery), and the wrong people in C-suites perpetuate this trend, for which Enron and Arthur Andersen were early poster children. As mentioned, the principles aren’t mutually exclusive: the accountability theme will resurface in assessments of other principles to follow.

Integrity

For example, record integrity overlaps in the “cook the books” environment with accountability. Tampering and obstruction of justice run counter to this principle. Intentionally corrupted information is familiar to us, and it is not limited to financials: witness BP’s years-long falsification of test results from its blowout prevention devices, aside from the Deepwater Horizon explosion. Recent allegations of chic restaurant permit forgery in Miami and the VA’s falsification of appointment records that we’ve all read about add to this list. We are not limited to content integrity: malicious technical compromise of files and media threaten the very housing and presentation of information.

Protection

It’s no exaggeration to state that identity theft is a common fact of life. Unsavory and/or shadowy figures participate in what Transunion calls “the fastest growing crime in America (and likely elsewhere).” Whether through internal compromise, bad IT, or third-party blunder, failure to protect personally identifiable information (PII) is a central challenge to our job. Information security and records management should be joined at the hip, as over-retention is propane to the information leakage grill. Personal records and our profession are in the middle of this conversation. We employ record fortification and proper disposition as deterrents. And of course, it can happen anywhere –Target, TJX, Walmart, J.P. Morgan Chase, Heartland, and Home Depot (the list goes on) are not exactly mom-and-pop institutions that have been burned. The ascendance of private cloud services is a byproduct of this problem.

Compliance

Central to our mission, compliance spans the other principles and therefore takes several forms. Earlier this year, Rhode Island agencies were faulted for flagrant, even “hostile” noncompliance with open records laws, in the face of straightforward public information requests. In September, a Palmer, Massachusetts, hospital received a slap on the wrist for poor record keeping related to hazardous waste and air quality non-compliance. Most recently, Walgreens is fighting a $1.4 million verdict for a HIPAA violation in which one of its Indiana pharmacists snooped through the prescription records of her husband’s ex. We’ll leave the employee vs. institutional guilt discussion for another time. The compliance principle challenges us to wear many policy-awareness hats in order to avoid the wrong side of the tracks.

Retention

Violation of the retention principle is reflected in a steady fountain of examples, like this Virginia bank CFO who thought that he had deleted over 20 GB of records in the wake of a Ponzi scheme. Or this Saugus, Massachusetts, town manager, or Halliburton’s destruction of evidence after the Gulf oil spill disaster, or the EPA chief’s deletion of IMs, or (allegedly) this Louisiana governor’s administration, or the IRS director’s missing emails pursuant to FOIA. And we’ve all been following the story about the destruction of (literally) fishy evidence, which SCOTUS has taken on. It’s the “sweep it under the carpet” gift that keeps on giving, and records managers police it.

Disposition

The disposition principle is intended in part to ensure that records, like sensitive records, are not over-retained, thereby dovetailing with the protection principle. Last year, the UK’s Information Commissioner’s Office determined that the majority of audited charities were over-retaining personal information at risk, for lack of a retention policy. A recurring and inexcusable headline theme is the surfacing of private physical records in public bins and spaces, like this billing company depositing medical records at a town dump. The flip side of the retention principle, disposition brings in the retention schedule and its enforcement, fine-toothed destruction policy, and adequate controls over absolute physical and digital destruction – to protect people.

Availability and Transparency

We may combine availability and transparency principles against a recurring array of not-so-open or honest records debacles. A retention principle breach can be related to breach of these principles. Granted, some open record requests can be unusual (whimsical?), and plaintiff subterfuge is worth a whole discussion on its own with respect to bogus lawsuits and grandiose ESI requests (which can be tempered with reasonableness arguments). However, I’d argue that the “worse evil” is the deliberate obstruction of rightful information access.

An investigation of waste and fraud by the Massachusetts Attorney General has been thwarted by public agencies not turning over records and accruing significant public legal expense trying to avoid turning them over. The Ontario Ministry of Energy email deletion scandal, which challenges retention, protection, and disposition principles as well, provides a good example of availability/transparency obstruction, powerfully illustrated through this comic strip series [no extra charge for the RIM outreach tactic tip]. Circumvention of open records requests can take on cloaked facades: Florida public universities have evaded open records laws via partnerships with private corporations.

 

While it’s not news that some people do pretty horrible things, the centrality of records as a potential mechanism for these ends is under-appreciated by the general public. Enter us. Reflecting on the principles should give us the resolve for what we do. In the middle of a bad day, we can remind ourselves that we are fighting the good fight.

Comments

Socializing Records Management

George Despres
University Records Manager, Brandeis University

At a recent benchmarking group meeting involving records managers and archivists from small- to midsized colleges, the outreach challenge was unanimously called out as a big problem. In an earlier post, I reviewed the challenges to, and opportunities for, promoting a records management program within an institution. We are charged with persuading executive leaders and colleagues to buy in to our programs, but the prospect of just introducing RM, before we even get to mutual understanding, is a daunting challenge.

I’ve had the opportunity (not as a third-party consultant, but as a coworker) to introduce RM from scratch in well over 100 stakeholder meetings, with a wide range of audiences (in one company, to revenue-generating technical engineers and senior executives; at Brandeis, to people representing functions from across the university). Most meetings begin with apprehensive body language, and some individuals outwardly profess something like “I don’t know if you have the right person. I’m not a records manager.” I was initially perceived as a cop by some. By the end of every session save only two or three, the stakeholder sincerely acknowledged an appreciation for the RM mission.

By no means do I contend that developing and socializing RM is a simple process, or that waving a magic wand and sprinkling pixie dust will achieve your objectives. Socializing RM is a mindful, labor-intensive and delicate journey – or one piece of the journey. What I offer is that in many institutions there are tactical and strategic approaches to RM communication that can mitigate challenges to the program’s development, while improving the likelihood that we get our messages across and achieve buy-in. I say “many institutions” to mean places that want RM in the first place: chapter one, page one, of our literature tells us that if you don’t have at least some senior leadership support, you are wasting your time. Even your own lukewarm or closed-minded department leader can spell many hours of futility and detours for RM program development. Granted, some institutions are hopelessly RM averse/ignorant, at their peril. But professionals in aspiring enterprises should approach outreach as a fact-finding, back-and-forth conversation, and not as dentists.

Even in receptive institutions, we are encumbered with important-to-us but unwieldy jargon like “retention schedule” and “information governance” (say those five times, fast). I normally use “records policy” instead of“schedule” in conversation, even though the former is broader. And only my C-suite presentations, and meetings with legal counsel and info security might include the term IG – administrative and mid-level employees normally don’t need to hear it, as predominant as it is in the RM reads. Its precise definition and scope are still argued among our own colleagues (see this and that and this). I know firsthand that walking busy and groggy employees through this terminology is like working in a horse pill dispensary, or trying to sell kryptonite to Superman. We must normalize our communication language and keep some of the trade jargon to ourselves. Likewise, I’ve learned to keep the “non-record” rabbit hole out of the conversation. I’ve survived 1-2-hour meetings where this argument is beaten to the ground by records people, culminating in a stalemate shrouded in further head-scratching. If your institution generates it or receives it, then it’s a record, period. Move on. And your audience certainly doesn’t want to get that nerdy.

One of the best phrasings for the “about RM” elevator speech comes from Randy Kahn at a MER conference and other venues, and from Barclay Blair (not sure on the exact origin): “We can’t keep everything forever” and “We can’t destroy everything tomorrow.” That is retention management, plain and simple, and I’ve encountered no confusion or pushback when presenting these statements early in my conversations with stakeholders. One can easily follow up each of these statements with several justifications to which lay audiences can relate, as I have in my Brandeis webguide.

My stakeholder meetings begin with a brief Intro:

  • Standard record definition
  • We’re generating many thousands of these every day and they are mushrooming as we speak
  • We can’t keep it all or destroy it all, because…
  • RM comes in to inventory, categorize records, and publish retention policy (with Legal)
  • We’re identifying record-generating processes, gaps, issues with stakeholders like you
  • Oh, and we offer pilot offsite storage, secure document shredding, and digitization services

Offsite storage and shredding are relatively inexpensive operations that you should be able to justify with reasonable management chains. This sounds paper-intensive at best and Luddite at worst, but addressing old-fashioned, low-hanging-fruit opportunities goes a long way toward securing initial stakeholder faith and support in future activities, like building out the retention schedule, dealing with naysayers, and piloting electronic records management. Paper record solutions (we’re still not paperless, although it’s waned in many offices) also provide relatively easy, quantifiable, and tangible wins – e.g. space recuperation, secured personal information, # of boxes in managed storage.

The stakeholder introduction is followed by a question set that is conversational rather than authoritarian. The question set consists of both standard queries and other questions specifically tailored to the stakeholder ­– of course, the stakeholder’s intranet pages and any other documentation I can get in advance of each meeting has been studied to generate the tailored questions. The standard questions (generally speaking) include:

  • What is your paper vs. electronic records generation?
  • Are there paper-based forms that you would like to have in electronic format?
  • What record systems are used to store your documents and data – from file shares to proprietary solutions, and what is your satisfaction with them?
  • What are your record handoff points with other units – who “owns” what?
  • Do multiple offices keep copies of the same records?
  • What are your record and information pain points? (without promising immediate solutions!)

Notice that the questions are process-intensive: this discussion tends to be of great interest to stakeholders, elicits eureka moments for THEM (“hey, wouldn’t it be great if we could search those records online?”; “why are we keeping so many copies of those records?”; “I don’t feel comfortable with that personal data out there.”), and elucidates record-generating process outcomes for your fact finding and future program development. It tells you what needs to be fixed. You can also relay valuable information (situational awareness) to colleagues in Legal, Info Security, and IT, bumping up your street cred with them. Learning about the processes within my institution is one of the most rewarding aspects of my profession, and records are in the middle of it.

These recommendations don’t necessarily suggest that all advocacy and communication is harmonious. At times we have to escalate opposition against the dismissive and “I want to keep this just in case” people. That’s why we need the senior exec support mentioned above. There is a time for the stick, especially in highly regulated and ruthless industries. The emphasis here is for first contact to be a rolling up of the sleeves side by side and discussion, rather than dictation.

 

Comments (1)

Archivist, Meet Records Manager. Records Manager, Meet Archivist. Part II: Opportunity Spaces

Despres
George Despres
University Records Manager, Brandeis University

(The content in this blog reflects the opinions of the author, and not of Brandeis University)

In Part I of this discussion, I outlined the lukewarm, sometimes snippy, legacy relationship between the archives and records management professions and people. Several examples of interaction and recent expressions of mutual interest were briefly reviewed. With the understanding that every institution is unique and will have its nuances, what follows will address areas of overlap and potential integration opportunities that can be achieved between the disciplines in the trenches.

Common Metadata

Shared metadata requirements should be leveraged: both archivists and records mangers inherit legacy collections that may have been poorly identified by the people who generated the documents. Many of the same metadata fields are of mutual interest: certainly date(s), author and authoring department, media format, volume, condition, and custody chain are common and central points of reference for RM and archival stewardship. If either the records manager or archivist within the institution has plugged in this metadata, the corresponding colleague can benefit. In an ideal sequence, metadata entered into records management deposit forms later provide the archivist with a baseline for the historical subset of those deposits (accessions) after the compliance retention period has expired. Depending upon the relative maturity of your records and archives program, the foundation established by one unit should feed the establishment and growth of the other: as I’m establishing a new records management program at Brandeis, our University Archivist provided me with a nice university collections template that served as an institutional “grid” for us to build out some document categories for the retention schedule. An archivist might also help to piece together the historical audit trail metadata for records inherited from defunct departments and terminated employees.

Taming the Digital Deluge

The increasing and guaranteed inheritance of massive and opaque digital collections is broadly referenced above. These legacy collections, often light on context and metadata, are a common challenge. Both professions are now charged with visualizing and acting upon massive amounts of unstructured electronic information—it’s obviously not feasible to click on, open, and review every file and folder when you have thousands or millions of them. Emerging tools that enable visualization, auto-categorization, de-duplication, deleting the ROT (redundant, outdated, and trivial), and machine learning to support them will be of mutual interest. Partnership on analytics and auto-categorization strategy and solutions (maturing as we speak) is a place to start. Cost centers, budgets, and influence can potentially be merged toward technological success in grappling with the volume of digital tidal waves that confront us.

One area of increasing convergence between records managers and archivists is digital preservation. Cheryl McKinnon in KM World recently listed“Digital preservation forces itself onto the governance agenda” as #3 of five major trends “reshaping” records management. Don Lueders has also cited “long-term preservation” as a strategic essential for Next Generation RMs. While DP has been a challenge to archivists, there is a solid standard and framework (OAIS), tools (e.g. the BagIT file aggregator), and other progress in this area that records managers would be well served to investigate with technically literate archivists. The digital revolution caught both archivists and RMs flatfooted: the four-headed monster of media, software, file format, and legacy system obsolescence will require an army to slay. Why not join forces? With more document generation agents going paperless, the challenge will only increase. And long-term retention records, like digital employee records (think termination of employment + 10 years for a thirty-year employee), are making conscientious records managers care about this topic. Within an institution, the two disciplines can stand shoulder to shoulder in planning read-only lockdown, migration, conversion, and other digital preservation best practices and solutions, even if tactical. They can also present a united front to IT against new system acquisitions with proprietary handcuffs or no exit strategy.

Conversely,some records people can share their digital forensic experience with archivists, thanks to partnerships with the legal community.Archivist Cal Lee and SAA have worked to bring over affordable (i.e., archivists’) digital forensics knowledge and tools from the expensive legal sphere. Both professions struggle with the stewardship or curation of the same prickly content formats, which are aging by the moment. Records managers and archivists are typically both confronted with legacy media—archivists to preserve, records managers to produce for business or legal requirements: whether a CEO’s announcement of a new major program in WordPerfect or a possibly exonerating email chain on a 3 ½-inch floppy, both disciplines are trying to “get at” (never mind preserve) waves of legacy digital records that they’ve inherited in all sorts of containers. There exists, if not explicitly, mutual interest in digital forensics. As with digital preservation, the answers aren’t all there yet, but some records managers can begin to help and partner with archivists in this matter.

Filtering

Records management filters non-historical and transactional records—a core operation—hopefully leaving the “good stuff” for archivists to review. Financial and sensitive human-resources records (highly regulated) are sorted and handled under RM disposition. Archivists normally don’t want sensitive and personal information, like social security numbers, and records managers (not to mention legal offices and information security people) want to destroy this material as soon as there is no obligation or business need to keep it. The records retention schedule, beyond just stating “retain five years,” should also include a field stating “potential archival value?” with Yes/No values for the field. Corporate and other archivists often need to expend a great deal of time weeding and destroying ephemeral, administrative records from historically substantial ones (processing). Sound records management can reduce this need, going forward, by presorting and/or tagging the wheat and the chaff. Another consideration is immediate archival curation for permanent records (e.g., corporate charters, by-laws, and BOT meeting minutes) on initial deposit: acid-free boxes, optimal climate and humidity controls, and long-term batch reformatting can be exercised on collections that would otherwise end up in hot and humid warehouses, or soon-to-be obsolete formats. Grounds for discussion.

Other Points of Contact

The following are additional areas for potential records management–archives discussions:

  • A shared institution means a shared vertical industry, organizational workings, components, departments, stakeholders, document types, and information structures and restrictions (e.g., higher ed, healthcare). In Part I of this piece, I referenced two stakeholder groups that were formed from the same industries, and the commonality between the two disciplines in both has been exemplary. Leverage and share organizational commonality and discovery.
  • Forms management, a component of records management (with its own association), can ensure optimal and integrated RM-Archives service forms. At Brandeis, faculty members were discovering that former and emeritus faculty member biographical highlights were under-documented when external bio queries or obituary questions arrived. As part of an institutional forms management study, University Records Management developed proficiency with several form creation tools. We employed this skill by setting up an online form that enables faculty to enter a small amount of metadata and upload CVs and bibliographies (minus sensitive personal information) for University Archives capture. Several inaugural submissions have come in to date, and we expect to further socialize this form in the future. The metadata overlap was discussed above, and forms is certainly an area where effort can be economized through partnership.
  • Document scanning activities occupy both RMs and archivists, though they serve different objectives and require different levels of quality: auto-feed copying is fine for invoices, but heresy for nineteenth-century manuscripts, so there is some differentiation. The records manager appreciates administrative efficiencies, and the archivist saves wear and tear on hardcopy originals through digital service copies. Preserving integrity throughout the scanning process is important in either instance. A master pool of digitization requirements should be discussed and mutually reviewed on behalf of the institution. This discussion should happen in relation to digital preservation, covered above. Scanning budgets or labor resources might be combined for mutual benefit.
  • While filtering and destroying ephemera has been covered, there may be a few exceptions to this rule. Non-sensitive administrative records—junk at first glance—can be preserved very selectively for the institutional memory, as historical samples or snapshots over time. Like a trophy on the wall of a well-established institution, an early cafeteria menu, a corporate invoice from 1975, an inaugural contract from 1995, an employee badge from 2014 (viewed in 2050), etc. can foster a sense of employee pride in the long heritage of their institution. This is admittedly an archivist-centric interest, yet it illustrates the focus on, and respect for, the record (i.e., the content, stupid!) shared by both professions. It also illustrates how professionals can see, appreciate, and realize a new picture through a broader lens.

If you’re a records manager working at an institution with an archives, or vice versa, reach out if you haven’t. There is power in numbers—mutual watchdogs, mutual advocates, stronger, multidisciplinary agency under the broader information lifecycle management umbrella. While each institution has its own organizational structure, there’s no good reason for fellow info professionals not to be talking with each other. These can be the first steps in a long, shoulder-to-shoulder journey. Take time to at least understand the companion discipline—without bias.

Comments (1)

Archivist, Meet Records Manager. Records Manager, Meet Archivist. Part I: The State of the Matter

A Lukewarm Background

An acquaintance of mine works in a large corporation that includes an archives unit and a records management unit. There is no dialog between them. Pity. The archivist focuses on historical reference, preservation, and branding support. The records management people focus on retention schedules, destruction, and compliance. While this company is not emblematic of all institutions, the general dialog, or lack thereof, between the two disciplines has room for improvement. Granted, some connections have been established, as will be shown, despite the fact that operational focus areas for records managers and archivists are different. There are law firms with no archives and manuscript repositories with no formal records program: not every institution has an overwhelming need for both entities. But those that do have both, and the respective agents for each service, may want to rethink the relationship. An indifferent or condescending attitude between the two disciplines serves no constructive purpose.

I’ve had the opportunity to work for several years on both sides, leading and working within two “records AND archives” teams. Outside of these teams, the overriding visible evidence among the two professions points more to silos than to cooperatives. Many archivists (and their institutional reimbursement caps) cannot afford the four-digit fees to attend the major records management conferences (the Bureau of Labor Statistics and several .com job banks indicate that mean and median records manager salaries typically exceed archivist salaries on the order of $30K per year).  Some archivists renounce all things business (i.e., “the Man”), perhaps to a fault. Conversely, some records managers don’t appreciate historical artifacts and cultural heritage when they’re obsessed only with the bottom line, potential lawsuits, and risk management, also perhaps to a fault.

At the recent (and otherwise excellent) Managing Electronic Records (MER) conference in Chicago, the trained archivist could hear prevalent and annoying use of the term “archive” in the IT sense, equivalent with an email or listserv “archive,” and by no means an historical one (i.e., what archivists are all about). While archivists have come to expect this from the IT folks, hearing it from fellow information managers on the records side doesn’t foster a warm and fuzzy feeling. Another trivial but careless and aggravating-to-archivists glitch—especially seen in the RM product literature—is the misuse of “archival” as a noun, e.g., “for your records management and archival.” Ugh.  A key and obvious differentiator is that records management is baked into the business and compliance functions of the institution, while archives foster historical material for the institutional, intellectual, and cultural memory. In its very first clause, the international standard for records management (ISO 15489) explicitly precludes archival records from the scope of its specifications. From this face-value standpoint, these are unrelated missions.

Archivists-as-records-managers don’t always get it, either. A survey of published college and university retention schedules shows more than one (they will go nameless here) that are clearly archivist-authored and archives-biased. They do not call out destruction of transactional and ephemeral records, but rather state only potentially historical record groups that should be retained “as needed” then sent to archives for review. One college “schedule” states that various departmental records are simply managed by their respective departments, without any prescription for duration. This is not a retention schedule (or possibly a clever safety valve so that the archivist can blame the respective departments if anything goes wrong). To be fair, records responsibilities in tight budget institutions can be foisted upon already-busy archivists, whose efforts are well intentioned, if under-informed and -resourced.

Some U.S. government professionals are no exception to this imperfect relationship, and rifts go back decades. The National Archives was placed under the auspices of the GSA in 1949, and a bitter union ensued: during the merger, Archivist of the United States Bob Warner condescendingly referred to records management as lowly governmental “housekeeping,”as opposed to sacred archival curation of the Crown Jewels. The separation of the Archives from the GSA in 1985 was hailed, not without reason, on the archives side of the house. Cross-profession government records snips and jeers linger on the listservs to this day.  Unfortunately.

Some Good News

That said, we should be careful not to overstate the lack of archives–records management connections. The Society of American Archivists has hosted a dedicated Records Management Roundtable group since 1996. And while it is unusual to discover in-depth records management treatments in the major literature by archivists, several seminal RM monographs concern themselves briefly with archival thinking (e.g., Carol Choksy’s excellent Domesticating Information). However, their archival conclusions (sometimes dismissive) may be challenged in American Archivist reviews and other archives literature. Acknowledgements, but not exactly a love fest.

More recently, we see encouraging trends between the professions, suggesting that an increased meeting of the minds is happening: in New England, ARMA Boston and New England Archivists (NEA) offer mutually reduced membership-based rates to event attendees. Furthermore, ARMA Boston’s June meeting consisted of a field trip to the Massachusetts Commonwealth Museum, for a speech by the Executive Director of the Massachusetts Archives, Commonwealth Museum and State Records Center. Reciprocally, NEA’s fall meeting will include a dedicated records management working session, facilitated by the current author.  A recent Society of Southwest Archivists conference featured a session titled “Records Management for Archivists: Embracing the Dark Side.” While some records people may take umbrage to the “dark side” reference (once again, implying “evil business” and “the Man”), the solid, Star Wars–themed slide show touches on some of the realities mentioned above and makes a case for more mutual understanding. In another cooperative example, a Princeton University records manager shredded about 300 boxes of over-retained administrative records to free up shelf space for Archival collections. In addition, the records management–archives discussion is international. There is undoubtedly mutual interest at the seams.

I have had the opportunity to co-establish and foster two benchmarking groups consisting of records managers and archivists from several institutions within the same industries: (1) government-funded R&D centers and (2) colleges and universities. Both groups organically evolved with the two disciplines from the get-go, based on the common discourse leading up to their establishment.  It became apparent that both disciplines read into information lifecycle management (ILM) and fall under the broader information management umbrella. Yes, archivists occasionally glazed over when retention schedules were discussed in these meetings, and records managers were appreciative but not as smitten by historical artifacts like incunabula during the archives discussions. Yet there was and is a strong sense of commonality, community, and mutual respect in all of these meetings.

At a fundamental level, the two disciplines have a good deal in common: a review of Generally Accepted Recordkeeping Principles—accountability, integrity, protection, compliance, availability, retention, disposition, and transparency—shows principles that are centrally relevant to archivists, except perhaps for RM compliance. Authenticity, integrity, protection, and retention, in particular, resonate highly within the archival mission. And the archival role of disposition, or weeding down collections, is often under-appreciated by those who contend that archivists are simply pack rats who want to keep everything.

So, what’s in it for archivists? What’s in it for records managers? What does the institution gain? Answers to these questions are coming in Part II.

Comments

Promoting Records Management, For the Rest of Us

Despres

George Despres, University Records Manager, Brandeis University

(The content in this blog reflects the opinions of the author, and not of Brandeis University)

One Size Doesn’t Fit All

There are many rich sources of information, and many great thought leaders, supporting the fields of Records Management (RM) and Information Governance.   These resources provide solid arguments to justify and advocate for good records practices.  However, a bulk of the writings and discourse in the profession assumes that the audience operates within highly-regulated, highly litigious institutions.  Representatives from these institutions are prevalent at professional conferences. We think of (assume?) vertical industries like pharmaceuticals, finance, law firms, and public utility companies; we think of huge corporations churning out Fortune 500 record and litigation volume, and it is easy to envision round-the-clock hotbeds of high stakes record and data accountability. The nightmarish spoliation and botched eDiscovery news headlines, with their seven-digit fines, sanctions, and public humiliation, are evoked like cudgels against anyone who dismisses good record keeping in these hotbeds.  This makes perfect sense for such institutions.  Several years ago, I began my work in the RM field armed with my own “eDiscovery horror shows” PowerPoint slide, dedicated to this topic.  And it didn’t work.

The problem was that I worked in a very private, government-funded, non-profit, R&D corporation.  Sure, we had statutes like the Federal Acquisition Regulations that governed our record keeping. Yet my corporate counsel pointed out that “we only take one or two cases to court per year.” The same can be said for most small- to mid-sized colleges and universities that dot the map. Likewise, for small- and mid-sized businesses operating outside of the above mentioned hotbed industries.  Granted, any records manager reading this can find good reasons for caring about the potential adverse impact of even one or two cases per year – low probability yet potentially high impact risk.  But many senior leaders perceive this as a manageable risk:  Witness the deflating results of the annual Cohasset Associates recordkeeping surveys.  Most institutions are not doing RM, or they’re doing it half-baked.  And, as an RM advocate in alternate industries, the negotiation challenge is greater: You simply can’t hang your hat on slam-dunk arguments that work for companies operating under Sarbanes-Oxley, continual lawsuit streams, and other such regulatory whips and chains.

Mining the Goldmine

So how do we advocate with a compromised litigation argument?  The “good” news, at least from the standpoint of advocacy, is that records mismanagement abounds. While spoliation-specific headlines may not apply for many of us, other daily news headlines do.  An effective combination of info security risk management and good business and info management arguments can be brought to bear using failure headlines to illustrate.  This can serve as a useful promotional supplement for the hotbed records people, as well.  The headlines are available in your daily newspapers; through the Twitter feeds and blogs of RM institutions, societies, and professionals; and certainly through the RM listserv, with Peter Kurilecz’s valuable postings therein. We can flexibly categorize these headlines while keeping an open mind for other categories to arise.  Categories that I have created based on headlines from the past several months include:

  • Application and electronic system failure
  • Third party handling of personal or sensitive information
  • Siloed information’s negative impact
  • Inappropriate and embarrassing record exposures
  • Careless over-retention or malicious destruction (not litigation-generated)

Application / electronic system failure:  A solid example of this category is the failure last year of the Common Application, an online app that allows prospective college students to apply to over 500 colleges and universities through one interface.  In 2013, applicants experienced problems, including browser incompatibility, which mis-formatted or failed to submit applications.  Applicants panicked, and colleges had to delay their admissions deadlines to accommodate the error.  While this might be considered “an IT problem” by some, it is very much a records problem – not just any records, but prospective student applications to colleges and universities.   Furthermore, the deadline delay would affect the retention period for those colleges that define retention based on application submission date.  Recent, parallel issues with the Affordable Care Act program, an Agriculture Department system failure that shut down meat inspection activities and forced reversion to paper records, and last year’s failure of the Massachusetts unemployment system illustrate that this category of mismanagement is not rare.  Again, we must perceive these as records issues, not just technical ones, if we are to understand the full picture and impact.  These aren’t just faulty systems; they are systems of record, and all institutions use systems of record.

Third party handling of personal or sensitive information: Good RM supports good information security, and every institution cares about information security. The RM discourse is rife with warnings about crossing the contractual t’s with third party vendors who handle private information, and headlines show why: The Boston Public Schools entrusted Plastic Card Systems of Northboro, MA with the creation of new middle and high school student badges.  Information on 21,000 students was placed on a flash drive, which was lost by the vendor.  And while Plastic Card Systems may have lost the flash drive, Boston Public Schools appeared in the news article – guilt by association.  In a separate third party issue, a Colorado school superintendent seeking efficiencies found herself in a controversy with parents for placing student data on the cloud (somewhat behind closed doors).   Almost all institutions engage third parties, the cloud is here to stay, and this category is all about records: Does your institutional leadership want to be in these types of headlines?

Siloed information’s negative impact: Some of you will recall a shooting last year in a Virginia Navy yard that left twelve people dead. The shooter, who had twice received U.S. Government classified security clearances, had an earlier record of gun violence in Texas: The dots between the criminal record and the clearance system were never connected. Information managers in general frown on siloed repositories, which can create much less violent, but still adverse, results for institutions.  Look for examples in the headlines.

Inappropriate and embarrassing record exposures: While this story may also fall under the third party category, it reflects the dark side of flinging big data around: Mike Seay of Chicago received an envelope in the mail from OfficeMax. Under his name in the address field was the statement, “Daughter Killed in Car Crash.” He and his wife, had, indeed, lost their daughter to an automobile accident a year earlier. OfficeMax’s big data broker had somehow inserted this information upon a request for allegedly “non-personal” mailing list information.  Between data volume and big data constituting a way of doing business for more and more institutions, the risk of plugging the wrong information into the wrong records increases.  Enter records management.

Careless over-retention or malicious destruction (not litigation-generated): Adding to the recent NSA controversies regarding personal info retention, improper disposition and “digital hoarding” constitute another broad theme in the RM literature. The ACLU is fighting Connecticut law enforcement over five-year retention of data gathered from automatic license plate readers, including plate data unrelated to investigations.  Conversely, an egregious email destruction case involved a Colorado school district directive instructing staff to delete all emails related to a particular student and his family.  The parents were placing public records requests related to their autistic son’s behavior in class.  The school district’s deletion motive was “to protect against” open records requests (!) This and other FOIA and open record cases remind us that there are many flavors of improper record destruction in addition to spoliation, while the over-retention argument is familiar to us all.

An abundance of rich news items illustrates the need for vigilant RM.  Your internal audience can relate to headlines that touch everyday life, news, and experiences that we all share. Senior executives are wary of appearing in such headlines. The argument for solid RM is not constrained by lawsuits and intensive regulations.  Records management and mismanagement touch many things, and this needs to be emphasized when we advocate for our institutions to do the right thing.

Comments (2)

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)