Some companies are taking a short cut to drive compliance with electronic record retention, and this could get them in trouble.
According to ARMA, 90 percent of all business records are in electronic format. These electronic records have been described by some as “inventory resistant” because unlike paper records where compliance can be measured by counting the number of boxes going into a warehouse, most electronic records accumulate on employees’ computer hard drives and are not as easily inspected. How can a company be sure employees are saving the right electronic records for the right period of time, and deleting older records when they expire?
One approach is to send regular notices to employees instructing them to save or delete specific records. “Compliance” is achieved by having employees “check the box” acknowledging they have followed the policy. No real effort is made to ensure that the right records have been saved or older records deleted other than disciplinary action for employees who do not check the box. Some companies don’t even specify where electronic records should be saved. Although easier to execute, this employee self-reporting is really faux compliance. Telling employees to do something without any real enforcement or audit doesn’t cut it.
Proponents of this approach will argue that most employees do follow corporate policies and the penalties for noncompliance will compel the rest. Unfortunately, in our assessments of employee self-reported record retention programs– most of which had penalties for noncompliance– we have seen a significant gap between reported and actual record retention practices. Many employees who said they were following the policy were not.
Why the noncompliance? Employees send, receive and create hundreds of electronic documents every week, and the sheer amount of time it takes to manually categorize and delete these records encourages many to “fudge” on their monthly reporting. Employees justify this by saying “I’ll get to it later” but they almost never do. Some companies require employees to save e-mails, but do not tell them where or how to save them. Finally, employees often are loathe to delete older e-mails and documents both for productivity and “CYA” reasons; many create their own “underground archives.” Companies need to be careful as, increasingly, the courts frown upon companies with record retention strategies that do not include “accountability to third parties.”
Don’t give up on getting employees to comply. Many companies have been able to achieve real, measurable and defensible enterprise-wide record retention and deletion. Instead of depending on faux compliance, these organizations have developed programs combining real-world policies, clear processes, effective technology and training and audit programs. They make it easier for their employees to follow the policy, centralize control of record deletion and monitor employee compliance with technology. They trust, but also verify.