Organizations should implement and periodically review record management policies and procedures to reduce risks associated with the maintenance and routine destruction of electronic and paper information. Periodic reviews will ensure that the record management policy is actively enforced and serve as a reminder to employees of the importance of complying with the policy. Below are ten reasons why every organization should not only implement a record management policy but also review it on an annual basis.
Why Should My Organization Even Have a Record Management Policy?
Compliance with the Law: Countless federal and state laws require the retention of specific documents for certain periods of time (e.g., Sarbanes-Oxley, OSHA, The Family Medical Leave Act). Without a record management policy in place, companies risk running afoul of record keeping requirements mandated by law.
Data Hygiene: It is not economically feasible for organizations to store every record indefinitely. Even electronic records occupy space on hard drives that have finite capacities. A record management policy provides company-wide, standardized guidance to assist in the destruction of records, which is an essential measure for every organization.
Inconsistencies: Any organization with more than one employee will inevitably suffer from inconsistencies in how records are maintained. To alleviate the problem of inconsistent treatment of the same types of records, a well-managed and widely-enforced record management policy will result in the consistent management of an organization’s records, which is critical, not only for internal record keeping purposes, but also for protecting an organization in the event of litigation.
Litigation Protection: Litigation invariably requires the production of electronic and paper records. There are countless examples of courts sanctioning parties for failure to preserve records that would have been key evidence in a case. Generally, courts are more forgiving of an organization’s inability to produce a specific record if the organization destroyed the record pursuant to a policy that is uniformly enforced and complies with state and federal law. For example, in the context of electronic records, the Federal Rules of Civil Procedure provide a party with protection from sanctions if the party destroyed the document in good faith pursuant to a record management policy.
Minimize Risks: The central goal of record management policies is to minimize potential risks, which can arise from disregarding protocol to properly create, use, retain and destroy electronic paper records. Employing a uniform record management policy will ensure that the organization is proactive in minimizing potential risks associated with the failure to properly manage its information.
Why Should My Organization Annually Review its Record Management Policy?
New Laws: A periodic review of record management policies allows organizations to make adjustments to the policy to comply with changes to laws and regulations that mandate duties to preserve data (e.g., rules and regulations implemented by the Internal Revenue Service, Securities and Exchange Commission, Department of Defense, Department of Labor and Equal Employment Opportunity Commission).
New Business Practices: An organization should periodically review its record management policy to ensure that it accounts for changes in the organization’s business practices and data architecture. It is imperative that as the organization’s business changes – perhaps due to reorganization, rapid growth, downsizing or changes in the use of technology – the organization’s record management policy changes to address the organization’s changing business processes. For example, social media is a relatively new form of electronically stored information that should be considered if the organization uses social media for business purposes (e.g., organizations using blogs, Twitter or Facebook to interact or connect with customers). Although there is no legal obligation to retain social media postings or communications in the absence of threatened or actual litigation, because social media information could be relevant to threatened or actual litigation, a thorough record management policy would provide for retention of social media records in appropriate circumstances.
Training: An organization should periodically review its record management policy to ensure that employees understand their responsibilities in connection with the creation, use, retention and destruction of electronic and paper records. An organization may choose to provide periodic training for its employees on the record management policy and should consider requiring its employees to sign written acknowledgments in which they affirm that they have reviewed, understand and agree to abide by the organization’s record management policy.
Cost Reduction: A periodic review of the record management policy could reduce costs if the policy and its implementation can be modified for efficiency. It may be that new technologies or employee ideas about how the record management policy is actually applied could result in streamlining.
Minimizes Liability: Periodic review of the record management policy and implementation of steps to improve it will likely reduce an organization’s risk of exposure related to the maintenance, retention and destruction of electronic and paper records.