Dealing with disciplinary records
The accumulation of electronic documents and files is reaching overwhelming volumes. Many businesses are simply over-retaining digital information, unsure what to keep, what to dispose of – and crucially, how and when to dispose of it. Failing to dispose of data in a legally defensible manner creates all sorts of problems and penalties that can easily be avoided.
Defensible disposition is part of your records management strategy and is about being able to defend your disposal policy as an organisation – a defensible dispositionstrategy therefore solves the problem of data over-retention by breaking the process down into five simple steps. Here’s how to build a defensible position and keep your business’ data disposition process on the right side of the law.
Determine the data for disposal
Before you can dispose of any data, you need to determine what information to target for disposition and why. Do a thorough assessment of your data, and make sure your disposition targets align with your objectives. Have a clear idea of what it is you are trying to accomplish and invite key stakeholders to participate in the process.
These key stakeholders from legal, compliance, IT and senior management play an important role in identifying the correct data for disposal. By working together, you can review and update various documents such as your disposition policy, record policy and retention schedule – before you target and dispose of information. This ensures that your data disposal process adheres to an agreed upon methodology.
Develop a document disposal strategy
To support your disposition strategy, establish a searchable, centrally managed and controlled repository that employees can use to store, save and access working documents with ease.
Working documents in this context are short-term transitory records that employees need to do their jobs and be productive. These documents should be deleted as soon as they are no longer needed. Alternatively, they may be automatically deleted after an established time period such as two or three years.
Work out your disposal tactics
Compliant data disposition is not as simple as just pressing delete and starting afresh. It’s important to give some thought to how you plan to dispose of your information – before you actually begin deleting data. Of course, with any approach you adopt, there will be benefits and risks. You need to select tactics that will support your defensible dispositionbest, serve your organisation and produce the results you want.
Outline the technologies
A technology plan is crucial as it will protect your business against spoliation of evidence for legal holds. Information governance technologies ensure that your defensible dispositionis secure and following due process.
This covers how to delete expired data as well as how to make responsible decisions that reflect the value of your organisation’s information. A good plan will enable you to make effective use of technology to assess and dispose of the information in your organisation effectively and legally.
Put your plan in action
Once you have reviewed your organisation’s data stores and understand how to retain the various types of information in terms of legal requirements, you can develop a disposition plan. Bring together your key stakeholders and knowledge of the relevant technologies to create an actionable roadmap that will create minimal disruption in your organisation.
It’s important when considering defensible disposition for your electronic data not to forget your hard copies – GDPR places an emphasis on organisations to responsibly dispose of paper records in a timely fashion. To find out more about document storage, speak to one of our experts today.
Related Posts
