RM—the changing role of technology
Records management (RM) has many pain points-the volume and diversity of information, complex regulations and concerns about risk, to name a few. Management of e-mail is one place that all those pain points converge into a particularly challenging scenario. Even the legal department at Microsoft is not immune. "My first day on the job I had 300 e-mails," says Anne Kelley, associate general counsel in Microsoft's Legal and Corporate Affairs (LCA) group. "We are an e-mail culture, and in our department, many of those e-mail messages are records."
LCA is also highly sensitive about issues such as confidentiality, attorney/client privilege and document security. "We wanted to use SharePoint for managing our e-mails because it is a collaborative environment and can also provide the level of security we were seeking. However, the lawyers in our department were most comfortable working in their familiar Outlook environment," Kelley explains.
Works hand in hand
One of Kelley's colleagues recommended Contributor Pro, a software product from Colligo that allows e-mails to be put into SharePoint by dragging and dropping them into a set of Outlook folders that are for records management. "This was a great breakthrough moment for us," she says. "The product was a real change agent and has had a tremendous impact."
Each SharePoint site used by LCA has a content type or classification scheme that accommodates the e-mails (and any associated attachments) delivered from Colligo. Behind the scenes is a records center in SharePoint. "That is where the policies are programmed and where the long-term retention takes place," Kelley says. "So we have a business process at the front end and compliance at the back end, with collaboration in between."
The taxonomy on which the classification scheme is based also supports security measures. "A team of three people maintains the taxonomy," says Nishan deSilva, director of information management and compliance at Microsoft, "and the taxonomy maps to security so that documents are appropriately protected if they are confidential, or if access should be limited to a subset of individuals. Taxonomy, security and retention work hand in hand."
Adoption of Colligo has been voluntary, but the response has been very enthusiastic so the target goals have been exceeded. "We were hoping for 100 associates to begin using Colligo in the first wave of participation, and we have reached 300 already," deSilva says. "We have a legal summit coming up, and hope for about 75 percent participation, at which point we have a critical mass." The integrated approach is working for both the users and for the IT department.
Colligo's most compelling feature is that it operates from within the user's normal working environment, yet brings control to content that is often unmanaged. "Many organizations don't have a good e-mail records management system in place," says Bill England, director of strategic alliances at Colligo. "Some save everything, some put them in public folders, and some have a routine deletion policy that does not take records management into account at all." Using SharePoint Records Manager as the repository allows organizations to apply retention schedules while Colligo provides access from the Outlook interface.
A study conducted in 2010 by AIIM confirms that management of e-mails shows considerable inconsistency. About one-fourth of the responding organizations reported that they maintain everything, nearly one-third have either no policies or non-enforced policies, and another fourth have deletion policies that do not discriminate among e-mails. In 26 percent of organizations surveyed, records maintained beyond their retention period affected a court case, and the effect was usually adverse. More broadly across records in general (although respondents showed an increasing awareness of risk and the importance of records management), 37 percent were not confident that their records were protected from deletion or inappropriate access.
Human judgment or automation?
Many records management programs rely on judgment by employees about whether a document is a record. Generally, a document is a record if it reflects a significant policy, procedure, decision or transaction. The individual making the judgment might be the content creator or a manager. The argument can be made that only someone close to the content is in a position to judge its importance.
Given the increasing volume of information, however, and human error, the role of technology in records declaration is likely to increase. "What if the employee simply forgets to declare the record or selects the wrong folder?" asks Jason R. Baron, director of litigation at the National Archives and Records Administration.
Documents that should have been declared records-but were not-can accumulate rapidly, and can come back to haunt an organization during e-discovery, in part because they may not be deleted. Similarly, a misclassified document may not have the proper retention schedule applied. Over the next few years, Baron expects more sophisticated techniques to emerge for automated declaration and classification of records that will help address those problems.