Get stuck in! A six part series on big bucket retention. Part five.

Part five

Herding cats: Dealing with "just in case"

Herding skills

Growing up in New Zealand a television favourite of mine was a local version of A Man and his Dog which was named with typical kiwi literal-mindedness The Dog Show. When designing retention schedules I often think back to the steeliness of dogs named Zip and Jess as they stared down particularly toey sheep to nudge them into their pens. Just like the pens on A Man and his Dog, you have to gently, but firmly, guide your users towards the right retention management decisions.

The dreaded “just in case” argument

“Just in case” is the kind of phrase most records managers dread hearing from their stakeholders. There are many perfectly legitimate reasons users give for wanting to hold on to records for a certain period of time. There may be a law or regulation to be adhered to, rights that are protected, or business processes which require the records to be referred to. 

But then there is the more nebulous reasons people give for holding on to records – just in case something happens and I need them. Just in case what? Well just about anything. And that’s the problem. With enough imagination you can dream up any worst case scenario where an obscure old record saves the day.

Isolated incidents

And what is even worse is when there has been a freak occurrence where this exact thing has happened. Someone has managed to save your organisation a great deal of money or embarrassment with an email they’ve had in their mailbox for nine years.  

Take a deep breath, hold your nerve and have some of these questions ready when talking to someone who presents you with a “just in case” argument:

1. Check they understand triggers

Check first that they understand things won’t be disposed of before they’re triggered. “Just in case” may arise from a misunderstanding of triggers and a fear that you’re going to delete records out from under people while they still have a legitimate need for them.

2. Consider the personal data and data subject rights

What personal data is held in this record and can you reasonably argue this is a legitimate business need that outweighs data subject rights? Remind people that your organisation does have to meet data protection requirements which does not accept “just in case” as a reason for retention.

3. Measure the risk

Ask your stakeholders “What is the likelihood of the just in case scenario happening (again)?” and “What is the actual risk? i.e. what does it cost the organisation?”

As an example, I’ve had a stakeholder tell me that a record type had to be kept to prevent the organisation incurring costs from complaints process, only for it come out that the actual total cost was £24. What’s more the likelihood of the risky event recurring was very low. It had only happened once and this was more than six years ago.

Ask how often, how likely, and how much – applying a risk management evaluation to your retention requirements.

4. Get the full story on that “save the day” scenario

In the case where a record saved the day don’t be afraid to probe (in a neutral way) to get some more information about the full scenario. It’s quite possible you are not getting the full story. For example:

  • Did the record in question only help because it was a proxy for something else that should be retained but was too difficult to  find in a time-critical situation?
  • How long ago did this happen? Did it happen so long ago, things have moved on and it’s no longer relevant?
  • Was the person telling you this story involved enough to understand what actually happened? Could it even be an urban legend?

Helping people find more appropriate retention rules

These are just some of the ways you can begin to unpick the requirement to keep things just in case. Getting to the bottom of the underlying concerns that drive such a requirement can then help you to guide your stakeholder to more appropriate retention rules. 

It can often feel like herding cats, but with patience and understanding it’s a rewarding result once it’s done. All that’s left to do is implement. We’ll be looking at implementation in the final of this series next time. 

If you need some help talking to your stakeholders about records management, or are looking for general advice about information management, please do use the contact form on the right, or get in touch today info@metataxis.com.

Sharing our knowledge with Information Managers of the future

Metataxis is pleased to be invited to contribute to the continuing development of knowledge and information leaders. The City, University of London Department of Library and Information Science (or CityLIS for short) provides one of the most well-regarded courses on library and information science in the UK and we are please to be given the opportunity to contribute. Our director Noeleen Schenk has donated her time to CityLIS in order to share her expertise on knowledge management. Noeleen will be in excellent company, delivering a joint lecture with Ian Rodwell, Head of Client Knowledge and Learning at Linklaters.

The delivery of the joint lecture has become something of an annual event. Metataxis have contributed to the information management course at CityLIS for a couple of years now, and it is something we look forward to each year. Making that connection between academic learning and practical application is important, ensuring graduates emerge from courses better prepared for real-life information management challenges. Noeleen and Ian will be delivering a lecture that focuses on knowledge management theory with a strong focus on practice and technique.

Noeleen’s understanding of knowledge management theory and practice has been extremely useful for us when working with clients. Having a knowledge management background can be helpful in many obvious, but sometimes unexpected ways.

If you want to know more about how you can leverage these methods to improve information management, or just want a general catch up about knowledge management use the contact form on the right.

Get stuck in! A six part series on big bucket retention. Part four.

Part four

Beautiful and unique snowflakes: dealing with complex requirements

The struggle against complexity

Trying to keep your retention schedule simple is an ongoing battle against the forces of complexity. And one of the major things that will hinder your plans to simplify your retention schedule will be your retention schedule stakeholders. People really do complicate things. Sometimes legitimately, sometimes not so much.

Valuing subject matter expertise…

Generally your stakeholders are the best people to talk to about how long records should be kept, especially for those record types whose retention is determined by business need over legal or regulatory requirements. Stakeholders are a great source of information about how the business works and what records are produced. But their insights shouldn’t be taken as law when it comes to the retention schedule. Stakeholders  are not records managers and do not have the expertise to classify and manage records – that is where we add value.  

…and records management.

When consulting with your organisation on the retention schedule you will encounter users who are keen to press upon you the vital importance of their records. They will explain the, to their minds, dire consequences if incorrect retention is applied to the records they produce. You can trust stakeholder direction a lot of the time, they will often identify those exceptional record types that need to be kept longer because their early destruction will significantly impact the organisation. But occasionally people make distinctions that don’t really matter from a retention management perspective.

Challenging conversations about values

When responding to the above concerns there’s a need to tread carefully. This is a challenging conversation to have. No one will respond well to the argument that they are not beautiful and unique snowflakes.  Everyone needs to know that their contribution to an organisation is important. But the difference is that the retention value you place on the outputs of the activity is not a reflection of the value of the activity to the organisation.

Dealing with complex requests

For some, simply acknowledging the complexity of business functions and activities is enough. This can be done verbally or incorporated into documentation. Appropriate places to capture this knowledge might be Retention Schedule class descriptions, Information Asset Registers, user guides or retention implementation plans. 

Some things you can counteract, some you have to accept. There’s are some common concerns or misconceptions you can head off at the pass if you’re prepared for them. Here’s a list of some common issues I have encountered:

  1. Over-retention of records arising from poor internal processes which need to be amended
  2. Concerns about technical or practical application of retention, for example where records have insufficient metadata
  3. An over-estimation of the importance of their function and the records they produce within the organisation as a whole;
  4. Lack of understanding of evidential requirements and/or personal data requirements; or even
  5. Belief that retention will prevent uncommon or unlikely events which would cause problems for the organisation 

A matter of perspective

The small differences that people see in their work are important to ensure the job is done well. However it’s not always important from a retention perspective, your job is to weight user expectations within the broader context for the organisation so you can create a simpler retention schedule.

Next time we look at the dreaded “just in case” requirement that often arises when having these conversations with stakeholders. 

If you want to know more about how to develop and manage retention schedules, or have any questions about records management, use the contact form on the right, or contact us via email info@metataxis.com.

Get stuck in! A six part series on big bucket retention. Part three.

Part Three

Big Buckets: It's not just about class

Not just about class

Organising your Retention Schedule into big buckets is not just about trying to create large all-encompassing retention classes. While this is of course a really important step, there are a number of other parts to your retention schedule that you will want to simplify. Simplifying all aspects of your Schedule reduces the number of factors, which in turn reduces complexity.  

When talking to your stakeholders you should have at the back of your mind the following things that you want to nudge into a shape of your choosing:

Retention periods

If you can, try to corral your stakeholders to agree to a small number of retention period types in your schedule. There are common regulatory time periods that can help you choose which ones you want to use. For example Financial records are usually kept for 7 years, as is the catch all retention mechanism the Limitation Act. So try to nudge people towards choose 7 years as a retention period for records that need to be kept for a moderately long period of time. Try to  avoid having a  retention periods of 7 years, 8 years,  or 9 years. These will involve much more effort to implement.

Triggers

If you ask a stakeholder when the business process is over they can be very specific for example “the Quality Review of the inspection process is completed once the B488 form has had its second review by the fourth tier quality reviewer”. When really a trigger such as “end of quality review” would suffice.

Specific triggers like this will make your retention schedule very complex, and extremely difficult when you try to apply this to systems. We can trust that the people doing the work would know when and how to mark something is closed. But we don’t need to know the exact detail of the process to execute retention.

Having more general triggers, say “end of programme/project” or “contract closure” can be really useful as they can be used in a number of different contexts. So try to have as few triggers as you can, and try to make them broad

Disposal authorisers

This is by far this most challenging aspect of any schedule, identifying an appropriate and reasonable number of people to be responsible for disposal review at the end of lifecycle for records. The challenge arises from needing someone with a sufficiently senior role to make a decision, while being operational enough to understand the content of the records to be disposed of.

Unless your organisation is really small, this is really unlikely to be the same person. This is because, say,  the head of HR is concerned with governance and strategy and not likely to know the operational ins and outs of say, recruitment campaigns and applicants.

Traditionally this has meant that there is some form of delegation of decision making to the subject matter experts. Or conversely some sign off of decisions are made by the head of department. This is a frustratingly difficult aspect of a retention schedule to simplify. Setting up workflows to incorporate a lot of people is really difficult and costly, so it is important to try to keep the number of authorisers low even though this is challenging.

Disposal actions

As with the above, keep these as simple as possible. Delete or Archive may be sufficient for most organisations.

The question of what an archive is  whole other conversation. Some organisations will deposit to a national repository such as TNA, some will have their own in-house archive. Some will have records that have long-term value and need to be kept permanently even if the organisation does not have an archive.

Minimisation leads to simplification

Now. When your retention periods, triggers, actions and authorisers are simplified something beautiful happens. With a smaller number of factors in play, it makes it much easier to lump record types into much larger retention classes. This makes big bucket retention that much more possible! 

So don’t just go straight for classes when simplifying your Schedule. Think about minimising all the moving parts as well. It will make things much easier in the long run.

Next time I will talk about dealing with the complexity that people will inevitably want to introduce to your schedule and how to deal with “snowflake” requests.

If you want to talk to us at Metataxis about retention management get in touch using the contact form on the right or email us today info@metataxis.com

Get stuck in! A six part series on big bucket retention. Part two.

Part two

Demystifying retention for your stakeholders

Records classification

A lesson in transparency

Early in my career a project manager I worked with on a retention project said she found me to be mercurial when it came to advising stakeholders on retention. Flattering as it was to be referred to as “the oracle” on retention I was rather mortified to learn I was seen as something akin to a cold and unpredictable power dispensing mystical advice. 

Over the next few months I introduced greater transparency to my approach, explaining why I was making the recommendations I made. Three months later the same colleague proudly told me she could always pick what sort of advice I would give users and even felt confident giving advice on retention herself. Result!

Demystifying retention and is really important to our colleagues and stakeholders. Demystifying how we arrive at the retention periods we advise for our users is probably one of the biggest things you can do to make retention much more approachable. Here are some tips on making your process for retention management much easier for colleagues to understand.

Explain the different drivers for retention

Explain to your colleagues that retention schedules are shaped by what the law requires and what the business requires. This may be disappointing news to some stakeholders who would prefer a hard and fast answer on how long things should be kept encoded in law. But business value is the biggest conversation to have with stakeholders. If people understand the basic principle of assigning a business value up front, the rest of the conversation will got a lot easier.

Talk to stakeholder about their business processes

One of stakeholders’ top concerns about retention management is that retention rules will mean records get deleted before the end of a business process. Projects are a classic example of this. Stakeholders might see a retention period of, say 6 years, and fear that records related to projects that run for decades will be deleted before the project has ended. This is the perfect opportunity to put stakeholders straight about retention triggers and the need to identify when the business process ends. This can be followed up with a discussion about how long records are needed after the business process ends.

Balance organisational interests with data subject rights

If stakeholders are managing personal data they may already have an awareness they need to manage this in line with GDPR.  This stakeholder group is probably the most frustrated to learn that the GDPR doesn’t tell us exactly how long we can keep personal data, but uses slightly evasive legal terms like “legitimate purpose” and “reasonable” which can be somewhat subjective. 

Sometimes you may have to tell stakeholders that the period of time they propose to keep personal data is unreasonable e.g. 20 years for former customers. It may be unreasonable because they can’t point to a legitimate business reason to keep things that long, because it’s a real outlier in terms of industry practice, or because if you asked the person on the street what they thought of the retention practices they might find it unacceptable.

Conversely, sometimes you need to reassure a stakeholder that it is perfectly acceptable to retain certain types of personal data for a long time because it protects the rights of the organisation, and more importantly it protects the rights of the data subjects themselves (for examples records which provide proof of ownership, benefits conferred or qualifications conferred).

Remember “we’re the professionals”

Counter to the idea records management is a dark art, there are standards for retention management.  I’m constantly heartened by the fact that the more records managers I work with, the more consistent I find the advice and guidance we all give on retention. Making our stakeholders aware of the fact there are some industry standards records retention rules helps.

Many senior managers will ask what their competitors or equivalent agencies do for retention and this is where any review of retention schedules you have done for the your industry comes in handy.

Consistency is key

Like with parenting consistency is key. Of course you will be consistent in the retention advice you give, no matter who asks. However, situations sometimes arise where retention decisions are made through politics, not process. That’s life. Occasionally records managers have to accept decisions that are made much higher up the chain which aren’t necessarily what’s best for the organisation. 

Of course I would not advise getting bogged down in a battle you’re not going to win. But it’s important to voice your recommendations and concerns about risks. It means your organisation is making an informed decision. And it shows you to be consistent in your approach. There’s nothing wrong with being predictable!

We want to be transparent and fair in our construction of retention schedules. Doing things openly and being consistent helps build better relationships with our stakeholders. And goes some of the way to winning hearts and minds along the way.

But there is also an opportunity here to nudge the shape of your retention schedule in a direction of your choosing. I will talk about this more in my next post. 

If you have any questions or comments you want to share please use the contact form on the right or email us info@metataxis.com.