Records Purge
In Canton, MA there is a very controversial trial underway.? One interesting aspect of the trial is the replacement/destruction/upgrade of the cell phones of those involved.? Party A trashed their phone days after the alleged crime, party B replaced their phone a few days before a scheduled deposition, party C upgraded their phone near the day of the indictment, and on and on it goes.? The optics seem to be shaky but admittedly not obvious since the trial is occurring 2 years after the alleged incident and phone upgrade within a 2-year span is pretty common.
A solid parallel to this is the broader realm of Records Management.? Hard or soft copy, records need to be managed through a full lifecycle from creation to use to destruction.? Destruction is a real challenge as everyone knows and as a result many organizations totally shy away from doing formal destruction of records (scary, but I get it as it is painful).? How many firms still have thousands of banker boxes at Iron Mountain or decade-old files with AWS with little understanding of what they contain (and more importantly, no internal ownership within the firm)??
Still, in the event that destruction is in the game plan it needs to be planned with a scope and a frequency that is predefined such that it is not only efficient and effective but also explainable and defensible.? Having a one (or more) time destruction event on an ad hoc basis creates real risk.? It begs the question: ”WHY NOW/THEN” and could easily be mapped back to a business activity or series of activities that have become suspect due to or aggravated by this one-time purge action; effectively an isolated ‘bonfire’ on a given day that you now have to explain.
Conducting a purge every Y period of all ABC records that are over X years old is defensible, explainable, and demonstrates solid diligence in the management of records (over-arched and supported by actual regulations in your industry).? Within that ongoing records management process certain records may in fact be kept in a quarantine state, outside of the purge process (e.g., Legal Hold), but in general the purge process should be business-event agnostic and all-encompassing.
Envision this dialogue during a court or regulatory deposition:
Q: Why did you conduct that one-time purge on April 10th, 2022?
A: Well, we thought it was time as we had not purged for years.
领英推荐
Q: Why not 3 or 6 months earlier or later as this destruction included records from the case filed shortly after that purge date?
A: Dunno, the case was not a factor; it just felt like the right time.
Q: Yet, you did not purge any records since and conducted no destruction for X years before? ?
Please explain.
Tough to credibly explain and any way you slice it, there will be unique events during the purge timeframe that could be (mis) construed as an attempt to reduce what material is available for discovery, whether it be recent or years old.? As innocent as the purge may be, circumstances will exist to cast a (fictional) pall on the action.? Further, the closer the purge is to the timing of an actual questionable event, the more suspicious the event becomes (e.g., destroying your phone the day after a crime).? A reasonable destruction schedule with a clear and regular cadence is defensible even if the frequency exceeds a full year.
Also, it is imperative to note that true records destruction means you cannot possibly get those records back; that all occurrences of those records whether they be hard copy, soft copy, transaction logs, etc. are destroyed.? From the traditional IT perspective this is totally counterintuitive but it is records reality.? That permanence also plays into the purge dialogue of why and what.
Those folks who destroyed their phones are either glad they did so based on incriminating information or sorry they did based on the noise and repercussions they are now dealing with due to the action timing(s).? A firm never should never want to put itself in that situation.? Make sure that the purge events and parameters (scope) are agreed, prescheduled, and communicated so as to preclude even the appearance of impropriety.
Risk Management Leader, YMCA Enterprise Shared Services (YESS) at YMCA of the USA
9 个月Maintaining a records retention schedule outlining proper lifespans for your organizations’ documents (hard or soft records) can provide consistency (and inherently education) and protection for your organization. Outlining, educating and implementing/maintaining the established schedule can mitigate any questions of the why now/then question should the organization’s integrity be called into question. It also applies any regulatory requirements for records retention and/or documents needed to protect against claims of liability. For large enterprises, it’s hard to establish and implement a schedule from nothing (hello, herding cats?) but is beneficial beyond measure once in motion.
Risk Management post grad with accomplished career in civil litigation and governance. More than a matrix, ERM is an art of diplomacy that navigates the complex stakeholder experience with integrative strategies.
9 个月Also a good reminder to not use personal phones for work… which so many of us are just routinely expected to do.