For more AIIM Conference 2022 coverage, check out “When IT and Information Management Collide: 4 Takeaways from AIIM ’22.“
Last week, I had the pleasure of connecting with information management colleagues live and in-person for the first time in, well, how do you measure a pandemic year?
Gathered in beautiful Denver at the AIIM Conference, we couldn’t help but reflect on the massive digital transformation of the past few years and the way it’s impacted information management. As the best in the business shared perspectives and practices for adapting to this shift, I thought it important not to lose sight of what’s at stake. I’ll tell you what I told them.
—
When my son was an infant, he was hospitalized several times. On one particularly scary occasion, he was unable to breathe and we raced him to the hospital only to be told, “Wait, we can’t treat him until we get the records from the other hospital.” That’s right, life-saving care was dependent on paper medical records being faxed from one hospital to another. To be clear, this was not the 1980s—this was about five years ago.
If the importance of information management wasn’t real to me before that night, it certainly was after.
I think we’d all agree that data and information are critical—so why don’t we give the same credence to the management of that information? The ramifications of poorly managed information can range from life-threatening to litigious.
A few years back, I found myself doing an impromptu road trip across the entirety of the United Kingdom, with only the radio to keep me company. The public news station was doing a story about the UK’s contaminated blood scandal, in which the country had imported blood for medical use that had not been properly screened for diseases.
Many years later, after contracting life-threatening illnesses, the victims and advocates demanded access to the records about how decisions that lead to this tragedy were made. However, government organisations were unable to produce many of the records. Victims and their advocates were making allegations of a cover-up, including in the interview I was listening to. As I continued to drive, it hit me—this was not a cover-up, it was incompetence and failed management of valuable information.
Being able to prove what has happened to our information is important.
So what can Records and Information Managers do to make sure that robust information lifecycle processes are applied? Audit, audit, audit. Audit trails help you prove exactly what happened with the management of your information, which means they are as important as the information itself. Audit trails should be retained for as long as the records are so that information history can be interrogated.
There is nothing inherently wrong with disposing of information. In fact, the opposite is true—disposing of information you no longer require is a good thing! However, that disposal must be done defensibly. Your defensible destruction program may look different from the next organisation’s and should be appropriate to you, but it might include one or many of the following things:
- Audit trail retention of disposal actions
- Manual review and getting business owner buy-in and oversight
- Metadata stubs to prove that records once existed
- Destruction certificates to show what was disposed as part of an action
- Disposal class capture to show that the disposal was authorized under either internal or external standards
Taking parts of this as part of a defensible destruction program is a really important component in being able to prove the integrity of your information.
How can we maintain integrity over a period of time?
- Say it. Tell people exactly what we’re going to do. Shout it from the rooftops. Publish retention and disposal policies on your website. Not only does this transparency help with information access requests, it provides clarity to the general public and any regulatory bodies.
- Do it. A lot of organizations I see don’t have regular disposal processes in place. These lifecycle outcomes must be implemented. Records and information absolutely should be disposed of, where appropriate. However, these processes aren’t meant to be set in stone. They should be updated, reviewed, and revised along the way. Information management should be fluid, changing alongside our changing environment.
- Prove it. I’ve said it before and I’ll say it again—audit, audit, audit. We have those defensible disposal processes for a reason. It’s also equally important to retain important information that needs to be retained, i.e. high-risk information that will become part of national significance in some cases. You don’t need to dispose of everything, but you need to consider everything as part of a risk and value framework.
I’ll leave you with this—there is no such thing as one-size-fits-all information management. Simply put, we must strive to make things better.
—
AvePoint’s information lifecycle management solution, Cloud Records, allows businesses to take control of their content, easily managing digital and physical content from one centralized SaaS platform. Request a demo today!
