We are re-posting this series as we recently held a webinar on this topic (which can be found here)
This is Part 6 in a series of 6 posts around creating and executing an effective file plan for your organization. Click the following links to read the previous posts: Part 1, Part 2, Part 3, Part 4, Part 5
As we move through this blog series focused on creating a usable, automated and simple file plan we will build the "house" in steps until there is a finished and beautiful looking building. With that in mind, today's post will cover determining the disposition type. Determining the disposition type completes the record lifecycle. Disposition is the practice of handling information that is less frequently accessed or has met its assigned retention periods.
As noted by David Stephens in Records Management: Making the Transition from Paper to Electronic: "Although a small percentage of organizational information never loses its value, the value of most information tends to decline over time until it has no further value to anyone for any purpose. The value of nearly all business information is greatest soon after it is created and generally remains active for only a short time --one to three years or so-- after which its importance and usage declines. The record then makes its lifecycle transition to a semi-active and finally to an inactive state."
Deletion vs. Transfer
When a record's usefulness and therefore lifecycle have ended, there are a few choices for organizations. They can choose delete as a disposition action, so the record has no remaining value and can be destroyed once its lifecycle has been completed. This is very common and makes sense for the majority of everyday business documents which no longer have any value.
It also makes sense for especially sensitive records. Once the retention period has truly ended, it is prudent to completely destroy these records to ensure they are not leaked or breached. Additionally, these defensibly deleted records cannot come back to haunt an organization in the event of litigation and subsequent eDiscovery.
We've discussed the risks of ROT data before and unfortunately records beyond their retention period held in an electronic archive can provide similar legal and financial risks. As mentioned in the quote above from Stephen, the percentage of records with actual value after their lifecycle is quite small, so your records team really needs to be critical in deciding which record types should be deleted.
Some software solutions have additional deletion capabilities, such as recycle or forensic delete. Recycle is both dangerous and useful, being that it doesn't destroy the record (until later), but for some types of user and/or collaborative data (usually not a record), it could make sense. Forensic delete on the other hand is the opposite, meaning that there is no possible way that a user or even Cloe the Forensic eDiscovery Analyst can reproduce the record.
The other option for a record that has reached the end of its lifecycle is to transfer. This decision would be prudent for records that no longer have "everyday" business value but may have reference value. Transferring these records out of the active repository maintains the organization and efficiency of that repository but would still allow an employee (or another party) to access the particular record if needed. In government agencies, often times a transfer could be to state or national archvies for long term preservation.
Again a word of caution regarding this data and its potential risk. Just because it is not in the "active" repository, does not mean it is immune to a breach or leak. A good example of this type of data might be overall historical sales figures. The data itself isn't necessarily sensitive, but may have reference value for certain business units within the organization.
Screenshot from RecordLion's File Plan Retention and Disposition Policies. See the bottom of this post to download.
Long-term or permanent records are those that are identified to have a continuing value to an organization. Based on the period assigned in the retention schedule, these may be held for a retention period of "indefinite" or "permanent". Although these types of records make up a small percentage of an organization's total data, they are important to consider.
There is a need to ensure records of a continuing value are managed using methods that ensure they remain persistently accessible for the length of the time they are retained. While this is relatively easy to accomplish with paper or microfilm based records by providing appropriate conditions and adequate protection from potential hazards, it is less simple for electronic format records.
There are unique concerns related to ensuring the format they are generated/captured in remains viable and the media they are stored on remains accessible. Media is subject to both degradation and obsolescence over its lifespan, and therefore, policies and procedures must be established for the periodic conversion and migration of information stored electronically to ensure it remains accessible for its required retention periods.
The review process is the next step and should not be underestimated. Complete buy-in from the entire organization is the only way for a file plan to be effective. Let all of your stakeholders review the disposition types and offer notes and changes. Give a firm deadline for when these reviews need to be conducted to ensure the project stays on track.
Once the first round of review is complete, the records manager should set up a detailed review with the inside counsel or compliance team. This confirms that everything is completely compliant and ready for the final review at the executive level. Who exactly is in this meeting will of course vary from company to company, but C-level approval will be crucial going forward, especially since this project (and the file plan overall) will involve the allocation of resources.
The next step is to go out and build your file plan and put it into use! As you move through this process and add layers, you must still keep in mind the general principles we have discussed throughout this series: automation, simplicity and completeness. This mindset will certify your file plan and overall information governance program is truly effective and providing value to the business.