The fiction of sentencing on creation, and why the model is broken.

It think “sentencing on creation” creates a problem for records management. It creates a fiction that a sentence is applied that we can actually follow through on. The end result is quite different, and the economics of sentencing don’t change – and the economics of storage have, so sentencing has to as well.

The idea of sentencing on creation is fairly simple.

We apply sentences when a file is created based on the function and activity.

This means sentencing on creation is actually a prediction about what the file content will be.

And we know the prediction isn’t accurate.

So when we actually come to the point where we need to destroy, we can’t rely on the sentence, and we don’t press the button.

So if we end up destroying anything, it’s because we’ve sentenced at the content level.

In a paper world, there was a business case and it made sense to spend time appraising content for destruction or archival.

In the electronic world, that business case just doesn’t exist.

The hundred year cost of storing a document is below the cost of getting an appropriately skilled person to sentence it.

So we don’t do it.

Ultimately, the economics of sentencing and retention have to change if we’re going to keep doing it.

It’s already changing for consumer focused organisations with the consumer data right.

Outside that though, I have had many conversations with regulated organisations that have previously had destruction programs, but are now questioning whether they need to. They know that they can stay in compliance with the law as it stands by retaining indefinitely.

When I discuss this with people in the community, the conversation naturally switches to risks associated with retention. So far though, they’re fairly toothless in Australia. They’re also set to remain fairly toothless outside of a few consumer focused areas.

One of two things needs to happen.

We either need to rethink the model of retention and destruction altogether, or the economics needs to improve.

I think a foundational re-thinking is necessary.

When retention rules were established, the focus was very much on ensuring that evidence was retained for a suitable period. It’s understandable because it’s cheaper and easier to throw paper in a bin than to hire a team of people to catalogue and manage it. The economics of retaining were very much in favour of destruction.

The economics of storage have improved dramatically though, and are improving still. While the costs of sentencing have dropped marginally because there is less manual handling, in the end, there is still a person appraising a document.

Fundamentally, I think that at an organisational level, we all need to recognise that sentencing is an economically heavy activity, and reserve it for classes of record that are actually high risk.

Without a rethink, there are only really two viable options to continue destruction practices:

  1. Apply a “legal fiction” that the content reflects the file sentence – and hit destroy.
  2. Use technology to bring down the cost of sentencing at the content level to a point at which it becomes feasible.

The report missing from every records management system

Is the report about what’s not there.

Why can’t the records system have place holders for the documents that we know will appear as part of routing business processes? Then we could report on when they’ve been filled.

Yes, this won’t work in every case, and email is the hole in the entire information management universe, but when we get right down to it, business processes all exhibit some form of reliability.

There is initiating information, information generated during the process, and then some form of output.

So why doesn’t the records system give us a place to put each of them, and tell us when it’s missing? 

Every freedom of information request has an initiating request document and decision about whether the request is valid.

Every development application has an application document, and a determination.

Every investigation has an initiating event, an investigative log, and a report.

Why doesn’t the records system tell us when these things are missing?

Do you have a plan for the most important part of Records?

The most important part of records, is records culture.

I’ve seen organisations with ten year old, poorly performing records systems keep immaculate records because it was just “how we do things here”. 

When great record keeping is “how we do things here”, staff just do it, and records managers get to spend time on projects that matter to the organisation. 

So what’s your plan for culture?

What every records system specification gets wrong.

Is that it doesn’t focus enough on quantitative analysis of tasks based on their frequency and time taken.

Think of the following two functional requirements:

  1. Must provide for storage of records.
  2. Must provide role based access.

Equal weight.

Here’s the problem.

If it takes 30 seconds to store a record.

And 4 hours to configure a users access permissions.

The cost to the organisation of storing records will still be tens of thousands of times higher over the life of the system.

So we give equal weight to factors of unequal cost and value.

And we’ll give a system that takes 30 seconds, and a system that takes 10 seconds the same score.

And then wonder about user adoption.

Thinking strategically about records and being underestimated.

Are your records good enough?

Good enough for what?

The good news, is that we all get to decide.

If our strategic goal is to tick a compliance box, “good enough” should be relatively easy to answer.

If our strategic goal is to ensure that information is only captured once and then reused, findability matters a lot.

If our strategic goal is to beat litigation, evidentiality is going to be our number one focus.

If our strategy is to use records as the foundation of competitive advantage, “good enough” will be harder still to define. Quality will matter a lot, and it’s likely that structure, placement and a hundred other things will too. 

And if we don’t have a strategy, and we haven’t made sure our organisation knows about it, whether our records are good enough will be determined by every Tom, Dick and Harriet who make unreasonable demands of us. 

And the worst case scenario is probably that they chronically underestimate us, and always get what they want because we didn’t show them a strategy that made us reach for whatever is next.