Interesting article on document retention issues

From a recent PinHawk Librarian digest:
By Daniel Braude

March 17, 2016 
At its most basic level, information governance (IG) is the management of data across the information lifecycle. Although traditionally thought to focus squarely on records management, IG includes data security, privacy, knowledge management and e-discovery, along with related compliance and risk management issues.

However, a significant factor in IG risk does relate directly to records management, specifically the failure to appropriately manage records while allowing a “keep everything” culture to exist. Promoting data minimization and disposition requires much more than merely adopting a records management policy and retention schedule. Employees must be provided the means to comply to avoid a “rules without tools” environment.

To achieve policy compliance, organizations must address the four key aspects of records management: people, process, technology and controls.


Poor records management gives rise to substantial risk. This includes adverse litigation consequences from preservation failures, regulatory fines deriving from compliance breaches, negative impact on business needs, loss of sensitive business information, and, in the event of a data breach, business continuity concerns and violation of privacy laws with related reputational damage. By some measures and as found in a recent study by the Ponemon Institute, the cost per lost or stolen record containing sensitive and confidential information exceeds $150. While there is no question that organizations should take steps to enhance their information security practices, the surefire method of avoiding unauthorized access to data and minimizing many of the above-mentioned risks, is to avoid storing data in the first place.


In the absence of a records management policy, or rather an enforced records management policy, a “keep everything” practice will naturally evolve. ... [read full article here]