Site icon Big Men On Content

Thoughts on the Ethics of Retention Policies

Several weeks ago Ron Miller wrote a piece about a potential smoking gun email in the Google/Oracle Java patent suit where he cites Cyrus Mistry’s 2010 AIIM keynote. As Ron recalls, Mistry declared “Everyone gets access to all data and keep it forever.”  I was at the same event and my reaction at the time was similar to Miller’s. I found the position quaint and condescendingly naive. While I don’t recall a specific conversation I am sure that at some point I said – “eventually this will come back to bite them” and it appears that is  what has happened.

There are several ordinary reasons why we implement records management and retention policies. Compliance with global privacy regulations for example. But in all cases we are trained in ECM that every piece of electronic data is potentially electronic evidence and you should purge it at the earliest opportunity. This is how I have advised customers for years and in the industry we build whole programs around it. The problem is this approach ignores one simple thing that is lost in the process. The truth.

Setting aside the specifics of the Google/Oracle suit, the principle that says if I delete the data it ceases to be a threat may not be entirely true. We forget that data itself is not always a real thing. Data often represents something else. The email is not often what the court is looking for in the first place. It is the intent of the senders reflected in the message. The only thing that changes when I remove the email is that I have now made it more difficult to prove or disprove guilt. Deleting the record does not make you innocent.

There was a time when we would suggest that we dispose of data because of constraints like storage cost and manageability. The cloud however offers the potential for theoretically infinite storage at affordable cost and minimal operational impact. Most organizations of any size will find it hard to justify the destruction of electronic records based on cost of retention alone. As a matter of policy then the only non-regulated reason that a company removes data then is to prevent wrong doing from coming to light.

Policy cannot establish character but it can promote damage to it. When protection from risk takes precedence over right and moral behavior we inevitably create an organization that will be less inclined to behave rightly in the first place.  The very character of an organization is eroded when the adherence to policy becomes the sole justification for any act but especially the act of destroying  potential evidence.

Ironically then, as Google is probably modifying their own email retention policies I am coming around to agreeing with the share and keep forever idea Mistry promoted.  Not because there is a lack of risk but because all else being equal – it is probably just the right thing to do.

Exit mobile version