I’ve worked in a number of places, both as an employee and a consultant, that lack a substantive RIM, or Records Retention, policy. On a number of occasions I’ve been in meetings with senior executives who explain that for better or worse, in the absence of a real policy, they have adopted a “save everything policy”.
It seems misconceptions persist about what an adopted “save everything policy” really means, especially at the senior executive level. A formal approved policy requiring an organization to save everything would not only be hugely expensive over time, but almost impossible to enforce. Does this mean every draft or aborted effort at something has to be saved? Every piece of scrap paper or post-it with some hurriedly dashed notes must be kept and (shudder) scanned into some document repository system or shared network drive? Would delete be removed as an option from the keyboard and menu options? And I cringe to think of the super-human efforts that would be required to find anything of value, especially if there weren’t robust metadata standards and superb information architecture in place.
I do wonder how senior executives get this impression that the absence of a RIM, or Records Retention, policy means the automatic default is to “save everything” when in fact the reality is something worse, a complete lack of governance and control over an organization’s records and information. Not having a policy gives users a free pass to keep and discard whatever they feel like at any time. This often leads to users “cherry-picking” the documents that they wish to save and just destroying everything else without any regard to the integrity of the records or awareness of legislative and business requirements that impact the destruction process.
It is puzzling to me why this perception persists among organizations that by not telling users what to do they will instinctively elect to save everything. I do think that a RIM, or Records Retention, policy strikes a certain chord of fear and discomfort with a lot of senior-level executives. I’m not sure if it’s because implementing a policy of this nature feels abstract and is not well understood, or if there are general fears associated with destroying things (albeit in a controlled and standardized way) that makes people feel uncomfortable with the idea. I have personally experienced this type of policy paralysis in more than one place regarding the creation and implementation of records - related policies.
When considering policies, it’s never good to be too extreme, otherwise compliance is almost impossible to enforce. Regarding a RIM, or Records Retention, policy requiring users to “save everything” or “save nothing” would put an organization in a difficult predicament of either saving too much or not saving enough. Ideally, the policy should be constructed to balance the best of both options. In other words, records should be saved long enough to fulfill legislative and business requirements, but not past the point at which they cease to provide value and meaning to the organization. Then they just become dead weight, an added expense, both in storage costs and time/effort wasted in searching, and potentially some risk liabilities.
So how do we convince others of the need for RIM, or Records Retention, policies?