Businesses today function primarily with records in electronic form. The power of technology enables companies to become more competitive and to streamline business processes. Therefore, more and more of an organization’s records are electronic. Companies are more dependent than ever on the electronic records and information pulsing through their networks, wireless devices, data warehouses, transactional systems and unstructured data stores. These records and information facilitate decision-making, provide evidence of regulatory compliance, enable customer service and are the lifeblood of any organization’s ability to conduct its business.
It is just as true, but frequently overlooked, that these electronic records and information are subject to the same legal/regulatory/compliance requirements that impact records in other formats. It is a great temptation to manage electronic records and email according to their format (e.g., “How long do we have to keep this email?”) Treating electronic records in groups based on their format seems, at least on the surface, to be a simple and practical solution. But this approach overlooks the reality that any record or correspondence used in the course of conducting the organization’s business is subject to all the regulatory, legal and compliance requirements that impact the organization. It doesn’t matter whether the record information is included in an email, produced from a computer, or remains in digital format throughout its life, the compliance requirements apply.
This reality can most vividly be seen in charges and counter-charges made in corporate litigation. For example, Intel and AMD are currently litigating an anti-trust case in U.S. District Court in Delaware. Both companies filed motions with the court in March 2010, seeking sanctions against the other company, based on claims of improper records retention.
AMD claims that Intel’s “auto-delete shredder” and policy that records would be automatically deleted unless manually saved resulted in the destruction of “hundreds of thousands of relevant documents.” Intel’s response is that they have spent “tens of millions of dollars” to remediate their document preservation problems and have subsequently delivered nearly 200 million pages of documents to AMD.
While the court has not yet ruled on either of these motions, one thing is clear: electronic documents are at the heart of conducting business, and are therefore, at the heart of litigation and compliance issues related to that business.
Electronic Records – The Long-term Reality
It is also clear that the trend toward electronic records will continue as younger generations join the workforce. A study recently released by Accenture provides insight to the challenges facing corporations as more and more Millennials (individuals aged 14-27) enter a workplace currently dominated by the baby boom generation. While the Millennials are likely ignoring or violating IT policies, using non-standard applications and improvising, they are also interacting with customers, vendors, and partners in new ways. Using technology is already second nature to this generation. And, creative uses of technology in the conduct of work can only increase as Millennials begin to dominate the workplace.
As the study points out: “The demographic shift can be either frightening or exhilarating – maybe a bit of both. But it can’t be ignored.” (Jumping the Boundaries of Corporate IT: Accenture Global Research on Millennial’ Use of IT, February 2010) Competing effectively in the next decade’s global environment is going to demand new behaviors, concepts, and working methods.
Accenture’s chief technology strategist, Gary Curtis, said in a phone interview with Information Week magazine, “For CIOs, it’s critical that they recognize that the great majority of all the people they’ll be hiring from here on out are Millennials, and they all think this way. So companies need to look at their policies and first figure out how to make them intelligible and meaningful to all employees, especially these new ones. “
Though not specifically defined in the study, it is clear that the same dynamics affect corporate information governance. Both IT and records and information (RIM) management represent another series of procedures and controls that may seem like unnecessary constraint to Millennials. Achieving effective information governance is already a challenge in today’s business environment, and is likely to become ever more challenging. Since IT and RIM have similar goals in information governance, it will be beneficial to partner together in addressing this need.
Internet Business Models on the Rise
A recent study by the Pew Internet and American Life Project (a project of the Pew Research Center) and Elon University indicates that 72 percent of technology experts and stakeholders believe that use of the internet will result in more efficient and responsive for-profit firms, non-profit organizations, and government agencies by the year 2020.
If this prediction proves true, IT and RIM stakeholders will face an even more diverse and complicated set of challenges. Organizations must continue to meet their legal/regulatory and compliance requirements even while their business model changes dramatically. We have already seen that “early adopter” consumers frequently expand their use of new technologies from their private lives to the business environment.
At first a personal cell phone is used for the occasional business call. Soon, other employees catch on to using a cell phone to increase their productivity and mobility. Suddenly (it seems), companies are providing cell phones to key employees and sometimes even picking up the expense. And the cell phone becomes institutionalized into business processes.
Yet, a technological change such as this introduces new information governance issues that must be addressed in order to protect the organization’s overall interests. Confidential and proprietary data must still be protected. Information residing on new devices must still be managed according to the retention and disposition policy and is still subject to collection for litigation. RIM and IT must come together to find the appropriate balance of constraints that provide corporate protection without unnecessarily restricting use(s) of the new technology.
It’s an easy bet that electronic information governance is going to be an issue in all sectors of the economy for the foreseeable future. And, each organization has a great deal at stake in how they handle their information governance challenges.
The Stakes
The trends above are daunting enough – the sheer quantities of data, devices and applications can overwhelm any of the key stakeholders (IT, RIM, legal, business units, compliance). But the reality is even more grim, when one looks at the mounting negative impact of ineffective information governance.
ARMA International and Forrester Research conducted an online survey in Q3, 2009 which gives good insight into what’s at stake. Survey respondents were largely in North America (95%) and identified themselves as “technology and strategy decision-makers with responsibility for RIM.” The key issues they identified were:
- Mitigating legal risks is a key business driver, yet barely 20% of respondents report they are “very confident” they could demonstrate that their electronically stored information (ESI) is accurate, accessible and trustworthy.
- Technology to support legal hold processes is under-utilized. In relation to the legal hold capabilities of existing technology, more than 50% of the respondents report that they “don’t know if they have the capability” or they “don’t know how to use the capability.”
The importance of effective legal hold management has received additional attention due to recent rulings by U.S. District Court Judge Shira Scheindlin in The Pension Committee of the University of Montreal Pension Plan, et al. v. Banc of America Securities LLC, etc. al. Amended Order. This is the same judge who made rulings in the famous Zubulake v. UBS Warburg litigation. These rulings established guidelines for litigation holds, e-discovery obligations on all parties, and expectations for proper conduct by attorneys regarding proper preservation of electronically stored information (ESI).
Though a number of issues are addressed in The Pension Committee opinion, one of the opinion’s most direct impacts on RIM and IT falls in the area of properly preserving ESI and proper notification of legal hold obligations. To quote the opinion, “By now, it should be abundantly clear that the duty to preserve means what it says and that a failure to preserve records – paper or electronic – and to search in the right places for those records, will inevitably result in the spolation of evidence.”