LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Best Practices in destruction of off-site
From:	Patrick Cunningham <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Wed, 15 Jun 2005 17:35:23 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (82 lines)

I've been publicly taken to the Listserve woodshed in the past for
advocating the approaches I outline below, but they are other options,
provided that you have good controls and procedures in place.

Our policy is that the approved records retention schedule governs
destruction. The RRS is signed by the department and the General
Counsel. We return the RRSs to the departments on a regular basis for
review and updating, with a requirement that they sign the RRS, even
without any updates. At that time, they are also advised that we will
destroy records in accord with that schedule.

Annually, we run our destruction eligibility reports. We notify General
Counsel, Internal Audit, and Tax that we are about to proceed with
annual destruction and request that they submit any holds on records
that are required. In general, we'll get inquiries from them to send
them reports on specific records or specific departments to review.
Once we have heard from those areas, we proceed with destruction,
excepting any holds.

The exception to this process is records that we retain on behalf of
our outsourcing clients. Because these records do not belong to our
firm, we are following the client's RRS and the client must give us
approval before we destroy their records.

This process has worked well for our firm. It may or may not work for
your organization. What it avoids is chasing people who won't sign the
destruction notice, no matter what. It also avoids the instances where
people put holds on destruction "because". (I've been smacked around on
this on the List because people feel these are inadequate reasons. They
are not the sole reasons, but if you have chased people for six months
to get them to sign off on a destruction notice, or had to deal with
someone who continually holds everything with some vague reason -- say,
"potential audit" without any specifics -- you know what I'm talking
about. Yes, you can manage around these issues, but getting the
signoffs can be a major part of the process -- and, while the records
owner is supposed to know about litigation and audits, it is not
uncommon for them to be blissfully unaware.)

The risk is that we somehow miss a known hold. That is a particular
concern on my part, but firm policy requires all subpoenas to route
through General Counsel (under pain of termination), including any
litigation notices from clients. This process has been signed off by
our lawyers and they have confidence in the process. Again, in our
culture and our process controls, this works for us. It might not work
in a particularly decentralized organization.

In the past, I worked in a couple of organizations that required sign
off on the destruction notice. In one, we wouldn't destroy anything
without sign off -- which meant months of chasing some people to
destroy their four boxes. In the other organization, we sent our
destruction notices, but the notices only had to be returned if there
was a hold. This was where I got all sorts of reasons to hold stuff,
even though we specified that holds were permissible only for ongoing
or pending audits or litigation. In this instance, we also sent an
email with return receipt to each records owner. The email explained
that records would be destroyed if no hold was sent to us. We retained
the return receipts and would automatically hold records if no return
receipt was received. Otherwise, non-response was indication that
destruction could occur. (Again, I've been smacked around for this
process as well since there are a million reasons that someone would
open an email -- or a delegate open the email -- but not respond when
they intended to respond. But these went out "RESPONSE REQUESTED,
URGENT", yadda yadda yadda. In that organization, failure to carefully
read something like that was a major problem.). So that is another
approach, although one that many here would not advocate. You have to
understand how your organization works and where the particular issues
are. A key factor is communication and reinforcement of messages.
People need to know that you will, in fact, destroy the records, and
destruction is final. Furthermore, compliance is not optional and lame
excuses are not acceptable. That doesn't mean that you can reject a
hold out of hand, but you need an escalation process when something
doesn't smell right. And you need to make sure that the lawyers and
auditors are comfortable with your process and controls.

Since no one had responded suggesting these approaches, I felt that I
should speak to them.

Patrick Cunningham, CRM

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US