Email once was our only form of electronic business communication, and the records generated by messages and attachments were the only electronic documents we needed to retain. Thanks to tweets, texts, video conferences, blogs and posts, employers now face growing challenges when it comes to effective and compliant e-records management. Add remote workers to the mix, and records retention becomes increasingly complex and consequential. For those in the health care arena, financial world and other heavily regulated industries, records risks are magnified. From lawsuits to regulatory fines triggered by mismanaged, misplaced and missing records, employers can face a host of potentially costly risks.
All electronic content — whether written, transmitted or posted on business sites during working hours or on personal accounts after hours — could create records that must be preserved, protected and produced in the event of a subpoena. Don’t leave e-records management to chance. Let’s take a look at these seven strategies to help minimize e-records risks.
Minimizing E-records Risk
1. Establish a records management program based on the three Es: (1) Establish effective, up-to-date records retention policies for your organization and training department; (2) Educate employees about records risks, rules and requirements; and (3) Enforce policies through a combination of disciplinary action, training and best-in-class technology solutions.
2. Form an e-policy team. Researching, writing and implementing records retention policies and procedures is a big job. Form an e-policy team to oversee development and administration of your records management program. Team size and makeup depend on the nature of your business, exposure to risks and availability of financial and human resources (HR). Ideally, team members would include a senior executive/policy champion supported by representatives of training, legal, compliance, records management, information technology (IT) and HR.
3. Define “business record” and teach employees to differentiate between records and non-records. An e-business record is the electronic equivalent of DNA evidence — information that may help or hurt the organization in litigation. All employers are obligated to retain business records for their ongoing legal, regulatory, operational and historic value. If subpoenaed by courts or regulators, business records must be produced promptly and in compliance with the organization’s records retention policy and federal/state e-discovery (evidence-gathering) guidelines. Business records focus on content, not format or storage mechanism. Messages/posts that are insignificant or unrelated to business are non-records. Define what business records are for your organization, and make sure employees can distinguish between records and non-records.
4. Update records retention policy for work from home (WFH) staff. Have you updated records retention policies and procedures for WFH employees? Best practices call for updated records retention policies governing remote use and retention of records via employer-provided and personal devices, sites and accounts. With so many people working remotely, mismanaged or misplaced records are more than a nuisance. They are a liability. You must preserve, protect, produce and purge records in compliance with federal/state laws and industry/government regulations. You can’t afford to leave remote records retention to chance.
5. Address video conferencing and meeting tools in records retention policy. Just like email, the internet and social media, content that is created, shared, transmitted, acquired, recorded and stored via collaboration tools can be filed as business records. Don’t let unmanaged collaboration content —recorded chat, instant messaging (IM), videos, webinars, meetings, text transcripts, audio transcripts, meeting reports — undermine legal and regulatory compliance. Prepare today for tomorrow’s e-discovery requests with a collaboration-specific records management strategy.
6. Safeguard records with secure storage. If your organization relies on backup systems for records retention, your legal position is at risk. Backup is no substitute for the long-term secure storage that archiving software Designed solely for post-disaster data recovery, backup is nothing more than the mass gathering of electronically stored information in a known location. Only with archiving, will your organization be able to ensure the preservation, protection and prompt production of legally compliant e-records.
7. Train the workforce. You cannot expect compliance from untrained employees. Make records retention training mandatory for everyone, from student interns to C-suite. Participants should include everyone who communicates electronically on behalf of the organization. Conclude training with a certification quiz to ensure users fully understand records risks, policies and deletion procedures. At the conclusion of training, require employees to sign an acknowledgment form, attesting they: (1) Have read the records retention policy; (2) will adhere fully to retention policy and procedures; and (3) will accept the consequences for noncompliance, up to and including employment termination. Retain one copy of all policy and training materials. You may one day need to prove — in court — your commitment to compliance.