Records and information management continues to struggle with some fundamental challenges. The rapid advance of technology, the popularity of “big data,” the proliferation of mobile devices equipped with numerous data-producing and aggregating “apps,” the migration to cloud computing infrastructures and the transformational nature of social media platforms continue to present unprecedented challenges to the proper management of records and information.
Executives responsible for ethics and compliance must now address growing complexity in the management of records and information within their organizations.
The Advance of Technology
Today’s businesses rely on technology for virtually everything. Business records are almost exclusively becoming electronic and are generated by a wide variety of devices, systems and applications. Records managers who have employed retention schedules to detail appropriate retention periods and records disposition actions are faced with adjusting their thinking to accommodate new and different types of records.
Mobile devices are now the business appliance of choice. Smartphones, tablets and other mobile devices are generating and holding more records than ever before. Information Technology functions are now abandoning efforts to “control” which devices are used by employees in favor of a BYOD (Bring Your Own Device) approach. With this flexibility comes numerous risks to the records manager, including:
Rapid expansion of data requirements, expenses associated with running company data centers, complex infrastructure upgrade projects and numerous other traditional IT challenges are made even more difficult with the explosion of data volumes and cost pressures on companies whose focus must be on their core business. As a result, many IT departments are electing to move all or part of their infrastructure “to the cloud.” Cloud computing enables companies to reduce their investment and take advantage of greater infrastructure flexibility over time. For the records manager, associated risks have emerged, some of which coincide with those for mobile devices:
The very nature of information is also transforming from relatively small-sized documents to very large, media-intensive files that make transport through traditional infrastructure difficult. This is leading employees to find alternate ways to transmit large volumes of data; services such as Dropbox are presenting additional challenges to the management of data, records and information.
More and more insight is being derived from “big data” efforts, and these initiatives also present new challenges to the records manager: What exactly is a record and what exactly should be managed, preserved and disposed of in the world of “big data” analysis?
The explosion of social media is transforming the world as we know it. The nature of these platforms is changing the way that people connect, collaborate and communicate, and social media is dramatically changing the way businesses fundamentally operate. More and more, companies are marketing through social media, collaborating with business partners over social media, connecting with customers through social media and even developing new products based on social media. Many of these interactions are captured in business records, and most companies struggle with managing these records. The Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC) require that all business records related to financial transactions over any media, including social media, be preserved appropriately.
Courts are becoming increasingly interested in social media communications in the context of litigation. Social media platforms encourage casual and informal communication, which is often seen as more “authentic” compared with carefully managed corporate communications. Professionals using social media to conduct business conversations need to be educated in how to responsibly and respectfully communicate using these media so as not to create enhanced risk.
The risks that records managers face from social media are:
The Way Forward
Records management is essentially—and has historically been—about “governance.” The efficacy of records management programs has generally depended upon compliance, using the lens of a fear of running afoul of regulations or suffering legal consequences for poorly managed records.
The United States Federal Office of Management and Budget (OMB) issued a memorandum in August 2012 that refers to records management in different terms:
“Records are the foundation of open government, supporting the principles of transparency, participation and collaboration. Well-managed records can be used to assess the impact of programs, to improve business processes and to share knowledge across the Government. Records protect the rights and interests of people and hold officials accountable for their actions. Permanent records document our nation’s history.”
Although this was a document focused on government agencies, its implications can be extended to the public sector. Executives tasked with managing corporate records must view their programs and services as business enablers, striving to achieve the appropriate controls while creating programs that can work in today’s ever-changing world to provide business benefit and advantage.
Records managers should implement governance structures that include business leaders in determining how to address records management concerns. The perspective of the business is vital to the creation of workable policies and procedures. Next-generation workers should also be invited to help shape the programs, especially as they relate to the usage of new technologies.
Records managers must reconsider exactly what defines a record in their business. Traditional records retention schedules are fast becoming obsolete. Records managers should carefully consider new software systems that can help create new taxonomies of information and can be useful in framing a new perspective on information within an organization.
In order to manage records in the cloud, records management executives must first address service-level agreements and contracts with cloud providers to ensure that records are managed in accordance with company needs, regulatory requirements and legal obligations.
Social media platforms present unique challenges in terms of access and preservation of records. Records managers should investigate emerging management systems technology to capture records and preserve them for records management purposes, but should also be aware of the casual nature of social media communications, which heightens risk for inappropriate records creation. Without discounting the value of effective social media policies and guidelines, extra attention must be placed on education of workers who are engaged with social media platforms from a records management perspective.
Advanced search technologies will prove more valuable to records managers than comprehensive records management systems. Search technologies can be very cost-effective alternatives to costly manual searches for records, especially in the context of litigation and document discovery. In complying with their records retention requirements, records managers should consider search technology as a potential alternative to complex, and often ineffective, records management systems based on a repository model.
A Future Challenge
Looking ahead, records management needs to fundamentally change by challenging the very requirements imposed by the regulators and courts so that companies may derive financial benefits from more realistic programs—which stand a better chance of compliance over time. Simply put, the ability to “manage records” using traditional methods may become impossible, given the transformative nature of today’s technology platforms and the advent of new technologies that enable the rapid creation of rich content and the immediate sharing of data worldwide with thousands of people. To address this challenge, records management executives, legal professionals, consortiums and professional organizations must come together to fundamentally re-examine these practices and determine what can be changed so that compliance with requirements is actually possible and so that businesses can derive value from the financial investments made in managing records. Companies must make a real effort to change the regulations and laws that inform the programs they try to implement.
There are serious discussions taking place globally to update various laws and requirements to do just this. Efforts are underway to overhaul the existing and outdated EU data privacy requirements, and similar efforts are taking place in many other countries as well. Records management executives should strive to help shape these changes in ways that are reasonable and contemporary and that can withstand the advance of technology for years to come.
Government agencies are increasingly focused on addressing the obsolescence of existing policy and law as technology rapidly transforms the world around us. Ethics and compliance executives in 2014 must remain committed to the governance of records in their companies while addressing significant technology challenges. Funding is necessary for management systems to address the identification, capture and preservation of company records that exist in the cloud, on mobile devices and on social media platforms. In order to obtain that funding, records management executives must encourage the business to identify the risks and, more importantly, the business benefits associated with properly managing corporate records. To be successful in the long term, records management professionals must begin to challenge the very requirements that they are attempting to comply with, examining those requirements with an eye to overhauling and removing those that are outdated and impossible to achieve.
The full LRN Risk Forecast Report can be accessed at: http://pages.lrn.com/risk-forecast-report-2014
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Michael Salvarezza is a tenured and accomplished leader with a career that includes extensive experience in the complementary disciplines of information technology, records and information management, and compliance systems, enabling him to succeed in traditionally difficult areas by combining unique perspective and knowledge. After working in the defense industry for nearly a decade, Mike transitioned to a successful career at Altria Group, Inc., where he embraced various positions of increasing responsibility within the IT function to include a role as Group Director, IT, that included responsibility for setting technology standards on a global basis.
Until 2014, Mike was actively involved in LRN’s Governance System, and helped pioneer, communicate, and integrate knowledge in the areas of legal, compliance, governance, and risk; ethical leadership; social responsibility; and environmental responsibility.