Event-based retention – the struggle is real. In the latest 2016|2017 Cohasset Information Governance Benchmarking Survey, 65% of the respondents reported that their organization would benefit from fewer event or trigger-based retention rules.
Contrary to the Rolling Stones’ belief that time is on your side, the volume, velocity, and variety of information that is accumulating in your electronically stored information and paper storage environments demands you do something about it sooner than later. With 81% of survey respondents reporting that a “keep everything” culture is a major impediment to their evolution from RIM to Information Governance, action must be taken now.
The call to action for defensible disposition is complicated by the challenges of managing event-based retention rules. Every Records Retention Schedule contains rules that require an event to occur before the retention clock starts. For example: an employee is separated from the organization or a contract is terminated or a particular model of appliance is no longer in production. Depending on your industry, up to 50 percent – or more – of your rules may fall into this category. And, if you are like most organizations, you continue to struggle with an effective way to flip the switch that begins the destruction eligibility count down.
Get some satisfaction!
The following approaches to coming to terms with event-based retention are proven practices adopted by a variety of organizations. In many instances, recommendations were made to the RIM or Information Governance Steering Committee (typically comprised of representatives from IT, Legal, Compliance, Business Units, and RIM) who ultimately made the decision to proceed.
Convert Event-Based Rules to Fixed or Create Date
This is an approach that must weigh risk, meet compliance requirements, and comply with the objectives of your organization’s overall RIM strategy. A review of your Records Retention Schedule will reveal certain event-based record classes or series that are habitually involved in litigation or experience a high degree of regulator or customer scrutiny, which can never be converted to a create date rule. But there are others that have a low risk profile and are suitable candidates. For example, if a purchase order is valid for one year, convert the “keep while active + 6 years” rule to 7 years: this equals the active life of the policy plus the 6 year retention requirement.
In determining the pre-trigger event life span of a record class, you can use the typical number of years a record is active or, more conservatively, the longest expected period of time. Other record classes may prove impossible to agree on an amount of active years given the unique nature of the life of a product or insurance policy. Key stakeholders, including business units, have to settle on which number to add to the retention rule to establish the create date rule – and the decision-making process must be documented.
Build Connectors to Systems of Record
If a record resides in a system of record other than that in which it was created, build a connector or application programming interface (API) between it and the business application. For example, if a contract is moved into an electronic content management (ECM) system from a contract creation application, create a mechanism by which the conclusion of the contract can be communicated from the application to the ECM. Of course, this still requires a human to “flip the switch.”
Periodic Review of Content
Another approach is to schedule consistent, periodic reviews of records that fall within the event-based classification set. Business unit personnel will need to keep track of events, such as the termination of an employee, completion of a program or project, closure of a facility, termination of a contract, etc. in order to trawl applications or repositories in which the record is stored. Ideally, this activity can be supported by the use of technology in the form of search terms or more sophisticated methods of identification and classification.
Time Waits for No One
While these alternative solutions to time-based retention rules are perhaps not ideal, they can provide a practical approach to the very real problem of destruction inaction and consequent non-compliance with policy. Until a better approach becomes available, most likely through enhanced tools, if there is consensus amongst key stakeholders and a commitment to consistent practice, then some progress can be made to better manage the life cycle of a sub-set of the organization’s information assets.
Read more about this tough topic in the Event-Based Records Retention Guide.