Who should own records management? Part 1

Compliance and data risks are hitting companies from all sides. New and expanded legal and regulatory recordkeeping regulations require more records to be retained and, in many cases, for longer periods. New and emerging privacy rules require that personal information needs to be protected and deleted when there is no longer a legitimate business need. Increasing overretention of paper—especially electronic information—places companies at risk during e-discovery. This occurrs in an environment where many employees spend the majority of their time working from home and seemingly want to save all their email, files, and other electronic information forever. This overretention increases data storage burdens and increases compliance risks. Worse, many companies have so much electronic information everywhere that they are not only noncompliant but so disorganized that employees can’t find information they need in the clutter.

Traditionally, document retention and disposition are handled by a records management function. Yet, these newer challenges are not limited to records retention and disposition. In response, many companies are launching comprehensive information governance programs. These initiatives combine previously siloed records management, e-discovery, privacy, and other data security programs into a coordinated program with single workstreams that address multiple compliance regimes.

While clearly compliance should be involved as organizations upgrade records management functions in information governance, the question is raised: Who should own it? And by the way, who pays?

This document is only available to members. Please log in or become a member.


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field