Defensible Disposition: An early step in controlling documents
Basically, to take control of information you want to break it into day forward activities and historical review.
For day forward, make sure everyone has a personal network drive; make shared drives read only for relevant departments; use ECM -- non-records for 3 years; non-records with value for 7 years; official records, as per retention schedule. Social? No document storage with appropriate retention (e.g., 3 years).
Dealing with historical information requires some attention to your approach for defensible disposal. In particular, you must identify:
1. regulatory retention reqs.
2. hold retention reqs.
3. business retention reqs.
4. cost implications
It's always a tradeoff between requirements and cost, particularly for information that is low-value and low-risk. It's important that the defensible procedure process is documented. Courts don't expect you to be perfect but they do expect some rigour.
Rich provides some interesting numbers noting that manual classification requires about 10 seconds of premium labour per document while automatic classification tools require less than one second, work around the clock, and can route the 5-10% of classifiable docs to offshore labour!
When reviewing files consider:
1. Environmental attributes around the file (location, department, etc.) Use access controls for ownership; location via file path.
2. File attributes about the file (file type, age, author). duplicates, file types, document properties, file name character strings.
3. Attributes within the file (keywords, character strings, word proximity, word density). Specific strings (e.g., client names, works like "guarantee", or "privileged", or CCN
Audits: unnecessary file types 13-15%; duplicates 15-20%; near duplicates 9-30%. Files with PII 10-16%; keywords 3-5%; 10 years or older 7-11%; accessed within the last 18 months 25-35%.