Know the legal requirements and ethical principles involved in records management and the role the recordkeeper plays in institutional compliance and risk management.
An institution or organization does not keep records of their activity solely because it’s the ethical right thing to do (more on that later), but in the eyes of federal, state, and local laws, the recordkeeper is responsible for institutional compliance and risk management, in the events that records have to be handed over for litigation purposes or that user trust is breached. In the creation of recordkeeping policies for any given organization, one should consider the records that are mandatory to be kept for future use and how they are to be secured with a reassurance of certainty to those who are using the information in the records.
This is where the concept of information assurance comes in, particularly with the increasing management in digital-born records: “The greater opportunities (and risks) deriving from new technologies have changed irrevocably business structures, but the fundamental issues affecting businesses remain: jurisdiction, validity and enforceability of agreements, and rights and obligations in transactions. These issues arise in litigation, and the records of the business or individual tell the tale. But jurisprudence, whether considering the authority of legislation or the evolution of common law, is challenged by the very nature of these records created, maintained and used in digital form. It is not the substance of business conducted electronically that raises new questions, but the process, and it is in the creation, management and preservation of the records that this is realized” (Duranti 2011, 374, emphasis added). That is why recordkeeping policies are created and carried out with recordkeeping laws as a sturdy influence, because not having the records readily available to “tell the tale” could result in a legal and reliability perception disaster for an organization. Therefore, it is up to the recordkeeper to establish an easily navigable information recordkeeping system in order to properly locate potentially litigated records, and to uphold records security policies while continually being aware of attacks and threats to the storage of said records.
Ethically, the recordkeeper should be a leader in the institutional compliance and risk management actions of records management, as records are designated to be kept to be used, whether it is by an external user (such as records pertaining to the activity of an online shopper) or by an internal user (a worker of an organization being able to access raw data generated by a coworker for uploading into a database). For understanding the ethics behind records management, one need look no further than the Generally Accepted Recordkeeping Principles as published by ARMA International. The Principles of Accountability, Integrity, Protection, Compliance, Availability, Retention, Disposition, and Transparency all discuss the importance of information governance, and dictate that an organization and their information governance program should do the following:
- (Accountability) “Assign a senior executive to oversee the information governance program, delegate program responsibility to appropriate individuals, adopt policies and processes to guide staff, and ensure program auditability”, so recordkeeping duties can be traced back to a more singular source and determinations of whether those duties were carried out as per policy.
- (Integrity) “The records and information generated or managed by or for the organization have a reasonable and suitable guarantee of authenticity and reliability”, especially for users.
- (Protection) “To ensure a reasonable level of protection to information that is personal or otherwise requires protection”, especially with sensitive information that could cause personal or financial distress.
- (Compliance) “To comply with applicable laws and other binding authorities, as well as the organizations policies”, to further build on the idea that organizational recordkeeping policy should be built on existing laws in the area of the organization (or recordkeeping standards, especially if the organization is in multiple international locales).
- (Availability) “Maintain its information in a manner that ensures timely, efficient, and accurate retrieval of its information”, as per for user and litigation purposes.
- (Retention) “Retain information for an appropriate time, taking into account all operational, legal, regulatory, and fiscal requirements, and those of all relevant binding authorities”, whereas an appropriate time is the length of its functional use as defined by a schedule, but otherwise if it has cultural or historical significance, then that appropriate time is permanent.
- (Disposition) “Provide secure and appropriate disposition of information in accordance with its policies, and, applicable laws, regulations, and other binding authorities”, which is likely to have plans in place for disposition when the organization and functionality of the record is being decided.
- (Transparency) “Document its policies, processes, and activities, including its information governance program, in a manner that is available to and understood by staff and appropriate interested parties”, which is quite possibly the most ethical of the Principles, given that open access to information is an ideal that should be available to as many people as possible.
These ethics all point to the notion that accessibility is the main drive behind records management being done correctly. As Dikopoulou and Mihiotis state in the context of accessibility being a human right: “Transparency exists when all actions and decisions are prepared, legalized and executed under the rule of law, through democratic processes and with respect of human rights. The addressees of these actions should have free and direct access to the information related to the decisions executed for them. Only through effective management the records carrying the above information could be integrated, accurate, authentic and accessible” (2012, 135).
Evidence for submission
Functional Analysis & Records Survey for the Runnemede Public Library – Records Creation, Appraisal, and Retention (MARA 210)
This document includes both the functional classification analysis and records survey for records created by the Runnemede Public Library. The functional classification analysis is a method to sort the records by series by establishing what various functions of the library are documented, kept for use, and why. By completing a functional analysis, we were able to determine what records might have sensitive information for protection and be further secured in compliance with the federal Freedom of Information Act. The records survey detailed the records in question by determining what important descriptive information was allotted to classifications in order to ensure accountability, integrity, and availability of the records to the staff.
Records Retention Schedule for the Runnemede Public Library – Records Creation, Appraisal, and Retention (MARA 210)
In relation to the above functional analysis and records survey, this retention schedule is the result of following the ethical principles of retention, disposition, and transparency. The records schedule pertains to the records created as of April 2014 and as organized in the functional analysis and records survey. It schedules a total of eight records series and lists the legal and standard resources that define why the series were scheduled as they were.
How to Lose 22 Million Emails: the Thrilling Story of the Missing White House Emails and GWB43.com – Electronic Recordkeeping Systems and Issues in Electronic Recordkeeping (MARA 249)
This Powerpoint presentation discusses a recordkeeping incident at the highest level of the United States government, the executive branch, in which it lost up to 22 million emails created by the White House staff. The presentation discusses what legal acts the mismanagement could have violated, the trust issues with not being able to provide records for litigation, the consequences of improper use and disposition, and how the scandal resulted in Executive Order 13489, which granted more power to the Archivist of the United States in the management of presidential emails and emails created by the executive branch.
What was learned and how it will be applied
The extended records scheduling project for the Runnemede Public Library was an application in itself as it allowed the student to consider all the legal and ethically-guiding recordkeeping resources in order to formulate an easily definable organization of the records collection as well as make the appropriate decisions for outlining how and how long to keep certain records in the collection. It allowed the student to also consider institutional compliance should these records ever need to be litigated. As for applying risk management to records management, there is an exercise to that in the keeping of all records, and that is to know who do and do not have access to a record, in the present or future, and to take the security and privacy measures necessary to protect the record from improper use and disposition. The best way to do that is to learn the policies of an organization and the recordkeeping laws that govern them, and assess what steps need to be taken for proper records management and who is responsible for taking certain steps.
ARMA International. (2011). Generally Accepted Recordkeeping Principles. Retrieved from http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles
Dikopoulou, A., Mihiotis, A. (2012). The contribution of records management to good governance. The TQM Journal, 24(2), 123-141. doi:10.1108/17542731211215071
Duranti, L., & Rogers, C. (2011). Educating for trust. Archival Science, 11(3-4), 373-390. doi:10.1007/s10502-011-9152-3