A parent can continually warn their child to keep away from a hot stove, but sometimes the child can't appreciate how dangerous the stove is until they touch it and get burned. It seems like many businesses are playing the part of the child in this scenario, when it comes to managing their electronic records to align with compliance requirements. Despite notable organizations like Morgan Stanley, UBS Securities, and even the White House, being slapped with fines and lawsuits for failure to preserve e-mail and other electronic documentation, most corporations have yet to modify their own ERM (electronic records management) policies and procedures — putting them in a position to be burned themselves.
According to a recent ERM survey by Cohasset Associates, ARMA (The Association of Records Managers and Administrators), and AIIM (The Enterprise Content Management Association), 40% of the 1,600 organizations surveyed don't include electronic records in their current record retention schedules. Even more disconcerting is the fact that 44% of respondents reported that electronic records are not included in their organization's records holds — policies where established retention schedules for records that impact legislation and regulatory inquiries are suspended, ensuring the records are held indefinitely and always available. With base-level practices such as these being overlooked, it stands to reason that the overwhelming majority (85%) of respondents have yet to develop retention policies for instant messaging, blogs, voice mail, and other new forms of electronic information deemed subject to e-discovery procedures by new amendments to the Federal Rules of Civil Procedure.
Why have so many organizations left themselves exposed to the monetary costs and damaged reputations that often accompany failure to comply with e-discovery requirements? Is it possible these organizations don't view electronic records management policies as vital to their business operations? Not likely. According to the Cohasset/ARMA/AIIM survey, 99% of respondents believe the process by which electronic records are managed is important.
REASONS BEHIND ERM LATENCY
It's clear that corporations understand the importance of effective ERM. Therefore, other factors must be preventing businesses from adopting sound ERM strategies. I believe one of the biggest reasons organizations are stalling in this regard is confusion — confusion about who within the organization is ultimately responsible for developing and maintaining an ERM strategy and confusion regarding the details of the regulations with which they need to comply. This point is amplified by the Cohasset/ARMA/AIIM survey. According to the survey, the majority (56%) of ERM retention schedules are still defined and maintained by IT personnel — employees with numerous other responsibilities aside from records management. These employees often don't possess the knowledge of the regulations or time to execute these initiatives effectively. In these instances, it is advisable to seek guidance for your ERM strategy from an independent records management consultant.
Whatever your reasons for failing to implement an ERM strategy, my advice is don't put it off any longer. Not only are you exposing your organization and its executives to potential fines and jail time, but you are also tempting fate from a business continuity perspective. In this day and age, the threat of data loss due to terrorist attack or natural disaster is all too real. It's time for the business community to wake up and make the investments necessary to ensure their electronic records are not only secure, but also quickly retrievable. By doing so, you'll ensure not only compliance, but also the continued existence and success of your business. For those of you interested in other ERM trends uncovered by the Cohasset/ARMA/AIIM study, a full copy of the survey can be downloaded at www.MERresource.com/whitepapers/survey.htm.