Records Management and Social Justice

November 19th, 2014

Despres
George Despres
University Records Manager, Brandeis University

(The content in this blog reflects the opinions of the author, and not of Brandeis University.)

 

Brandeis University upholds social justice as a core value, reiterated by our president, Fred Lawrence: “Today, as always, the campus community remains devoted to the concept of social justice, a legacy we inherited from the namesake of this university, U.S. Supreme Court Justice Louis D. Brandeis, who stood for the rights of individuals.” The University’s curriculum, programs, culture, and partnerships clearly reflect this commitment.

When staring at the list of GARP/“The Principles” (or whatever you want to call them) back in the spring, it struck me that our professional principles are not just guidelines for protecting our institutions, but are, more significantly, in the spirit of social justice. As will be shown, this is not a sappy or maudlin reflection on records management. And it’s not merely rhetorical. It’s a fact that can get buried in the day-to-day thrusts of what we do. This may be obvious, old news to most RMs, but it still warrants deliberate and periodic reflection.

As I’ve referenced earlier, we can’t read through the news without stumbling upon a records mismanagement story or several – every day. These stories reflect everything from ignorance and negligence to malicious obstruction and criminal activity. The principles are interrelated, and a single injustice or bad act can cut across and against several of them. We can briefly walk through the principles and show how they counter irresponsible and evil record-related activities that adversely impact social justice. It’s all about “doing the right thing” by our records.

Accountability

The Enron/Arthur Andersen episode exploded public awareness and sensitivity to record-based corruption. “Cook the books” is a mainstay in our vocabulary. Accountability of senior executives, in particular, has created an opportunity space for RIM people to win over conscientious decision-makers who sleep less well at night due to records-related risks and villainous headline news. I’m aware of institutions with senior execs who treat RM like a hot potato – nobody wants to take ownership of it.  Corporate culture run amok, bad values ($ first) replacing good ones (high quality product delivery), and the wrong people in C-suites perpetuate this trend, for which Enron and Arthur Andersen were early poster children. As mentioned, the principles aren’t mutually exclusive: the accountability theme will resurface in assessments of other principles to follow.

Integrity

For example, record integrity overlaps in the “cook the books” environment with accountability. Tampering and obstruction of justice run counter to this principle. Intentionally corrupted information is familiar to us, and it is not limited to financials: witness BP’s years-long falsification of test results from its blowout prevention devices, aside from the Deepwater Horizon explosion. Recent allegations of chic restaurant permit forgery in Miami and the VA’s falsification of appointment records that we’ve all read about add to this list. We are not limited to content integrity: malicious technical compromise of files and media threaten the very housing and presentation of information.

Protection

It’s no exaggeration to state that identity theft is a common fact of life. Unsavory and/or shadowy figures participate in what Transunion calls “the fastest growing crime in America (and likely elsewhere).” Whether through internal compromise, bad IT, or third-party blunder, failure to protect personally identifiable information (PII) is a central challenge to our job. Information security and records management should be joined at the hip, as over-retention is propane to the information leakage grill. Personal records and our profession are in the middle of this conversation. We employ record fortification and proper disposition as deterrents. And of course, it can happen anywhere –Target, TJX, Walmart, J.P. Morgan Chase, Heartland, and Home Depot (the list goes on) are not exactly mom-and-pop institutions that have been burned. The ascendance of private cloud services is a byproduct of this problem.

Compliance

Central to our mission, compliance spans the other principles and therefore takes several forms. Earlier this year, Rhode Island agencies were faulted for flagrant, even “hostile” noncompliance with open records laws, in the face of straightforward public information requests. In September, a Palmer, Massachusetts, hospital received a slap on the wrist for poor record keeping related to hazardous waste and air quality non-compliance. Most recently, Walgreens is fighting a $1.4 million verdict for a HIPAA violation in which one of its Indiana pharmacists snooped through the prescription records of her husband’s ex. We’ll leave the employee vs. institutional guilt discussion for another time. The compliance principle challenges us to wear many policy-awareness hats in order to avoid the wrong side of the tracks.

Retention

Violation of the retention principle is reflected in a steady fountain of examples, like this Virginia bank CFO who thought that he had deleted over 20 GB of records in the wake of a Ponzi scheme. Or this Saugus, Massachusetts, town manager, or Halliburton’s destruction of evidence after the Gulf oil spill disaster, or the EPA chief’s deletion of IMs, or (allegedly) this Louisiana governor’s administration, or the IRS director’s missing emails pursuant to FOIA. And we’ve all been following the story about the destruction of (literally) fishy evidence, which SCOTUS has taken on. It’s the “sweep it under the carpet” gift that keeps on giving, and records managers police it.

Disposition

The disposition principle is intended in part to ensure that records, like sensitive records, are not over-retained, thereby dovetailing with the protection principle. Last year, the UK’s Information Commissioner’s Office determined that the majority of audited charities were over-retaining personal information at risk, for lack of a retention policy. A recurring and inexcusable headline theme is the surfacing of private physical records in public bins and spaces, like this billing company depositing medical records at a town dump. The flip side of the retention principle, disposition brings in the retention schedule and its enforcement, fine-toothed destruction policy, and adequate controls over absolute physical and digital destruction – to protect people.

Availability and Transparency

We may combine availability and transparency principles against a recurring array of not-so-open or honest records debacles. A retention principle breach can be related to breach of these principles. Granted, some open record requests can be unusual (whimsical?), and plaintiff subterfuge is worth a whole discussion on its own with respect to bogus lawsuits and grandiose ESI requests (which can be tempered with reasonableness arguments). However, I’d argue that the “worse evil” is the deliberate obstruction of rightful information access.

An investigation of waste and fraud by the Massachusetts Attorney General has been thwarted by public agencies not turning over records and accruing significant public legal expense trying to avoid turning them over. The Ontario Ministry of Energy email deletion scandal, which challenges retention, protection, and disposition principles as well, provides a good example of availability/transparency obstruction, powerfully illustrated through this comic strip series [no extra charge for the RIM outreach tactic tip]. Circumvention of open records requests can take on cloaked facades: Florida public universities have evaded open records laws via partnerships with private corporations.

 

While it’s not news that some people do pretty horrible things, the centrality of records as a potential mechanism for these ends is under-appreciated by the general public. Enter us. Reflecting on the principles should give us the resolve for what we do. In the middle of a bad day, we can remind ourselves that we are fighting the good fight.


Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)