Just Because Something Is Not An Enterprise Information Asset Does Not Stop It From Being A Liability

By Jeffrey Lewis posted 05-23-2013 09:57


I recently blogged about how information governance has the role of reducing risk of indictment.  One of the questions I have been pondering lately is to what extent should those in information governance reduce the risk of indictment.  Many organizations want to want to be held accountable for the information they create depending on the business value.  Unfortunately the term business value is relative.  Records management policies and auto classification/categorization rules are typically based upon business value.  All information, including non-record, has some type of value, even if only transitory, so every scenario should be accounted when creating policies, predictive coding and auto classification/categorization rules.

This may conjure up images of “Big brother is watching”, but what if auto classification/categorization was applied to personal papers and non-records. Many organizations have a rule that e-mail is to only be used for business matters, but it is often the case that e-mail is used for personal matters.  This is a little fish in the pond of information management, but imagine if you had all employee e-mails related to March Madness and other non-business matters?  This would not only add up quickly, but also send a message that you are serious about workplace productivity. Also, the prevalence of non-record information on business systems can create a strain on resources, whether it is an e-mail server or local drives. In terms of reducing risk of indictment it also helps to prevent anyone from suing a company for unlawful termination.

This next case might be harder to get senior management buy-in, but is actually what got my wheels churning on this topic. Reducing risk of indictment is typically done by knowing what we have and making sure we don’t keep it for too long.  What about the information that we don’t know about.  The example above about March Madness is an obvious one that is common in most offices, but this one is harder to filter out and yet can have major litigation implications.  The reason why is because the information you don’t know about, is the information that will be brought up in e-discovery when your company is being taken to court for illegal activities.  Most likely these records are not on the retention schedule and the company will not want to be held liable for them. 

As information governance workers our role is to reduce risk of indictment, but if we discover information that is damning to our company what is the legal obligation to contact the authorities.  Some may say obligation can vary depending on the scenario.  I am not going to play the role of moral police, but many people feel a loyalty to an organization, a cause, an image or a paycheck that stops them from doing the right thing.  Maybe this is a no-brainer for most people, but the Sandusky scandal at Penn State reveals how much people will hide information from authorities even when the most heinous offenses are committed.  Managing information is more than just retention and disposition, but also complying with all laws and regulations and being accountable for all information on enterprise resources.  We are called to protect confidential information, but must do so in a manner that keeps our integrity intact

#InformationGovernance #electronic records management #compliance #AutoCategorization #autoclassification #RiskofIndictment #ElectronicRecordsManagement