Tuesday, 26 July 2011

Definitive articles

Stepping out of day-to-day tasks to review the latest research in the field can be a luxury for many records managers. Yet these journal articles can provide a good phrase or idea that can set you off on a new route or initiative to apply in your own organisation. Sometimes it can be simply the relief of recognising that your records management thoughts, hopes and fears are being shared by others, and those the leading minds in the field. 


The Emerald Literati Network Awards for Excellence highlighted some excellent articles published in the Records Management Journal last year. Here are two that I found useful.

Digital recordkeeping:
are we at a tipping point? 
Kate Cumming and Cassie Findlay


Austrailia has produced some of the most innovative and authoritiative work on records management in the last 15 years. This article comes from the State Records Authority of New South Wales, whose website and related 'FutureProof' blog is well worth a visit. Starting with Malcolm Gladwell's Tipping Point, the authors suggest that we are at a crossroads. On one side the sheer proliferation and volume of digital information is threatening to overwhelm us. On the other, RMs are increasingly being required to advise on the management and preservation of information in 'business systems'. The key conclusions for me were that 1) things are bad in terms of data volume and the general mismanagement of that old favourite, email and 2) Capping of storage space has to be the first step in forcing organisations to manage information more efficiently and 3) RMs can't rely on corporate EDRMS but need to get out there and integrate RM at the point the information is first produced and stored, usually in the Finance system or the HR system etc. 
A really useful article from an organisation which is clearly a hotbed of RM ideas.


The author is often to be found debating issues and prompting discussion on the Records Management Society email list and this article reflects the depth of thought and feel for the discipline that he clearly holds. My highlighter pen was fading by the end as there are many eminently quotable passages - 'storage does not replace memory' , 'Why should I delete anything if I can store it all?', 'for an organisation to be creative sometimes, some things need to be forgotten' - and the author pulls in Robert Frost, Google and the ancient Greeks to illustrate his case. Ultimately the argument is a vigorous defence of the 'management' aspect of records management. Managing documents and records effectively is not an esoteric specialism - everyone in an organisation needs to make the right decisions around records. Keeping everything is unproductive and ultimately wasteful. To quote another of Serewicz deft asides, 'We do not read every book in the library; we read what is essential to answer the questions on the exam'. When faced with making sense of the the current explosion of information, the RM is lucky to have such articulate defender of the importance of our discipline in a rapidly changing landscape.

Wednesday, 20 July 2011

Email - it's just one message after another

Email - you can't live with it, you can't live without it.

As a tool for communication, the impact of email has been so immense that it is difficult to imagine (or remember) the days when it wasn't around. It's brilliant - the instant transfer of a message or attached documents across global distances.

For records managers email is a huge problem, with both technological and cultural factors weighing against our mission to organise and capture important records.

The irony is that, within an age where the sharing of information is so abundantly possible, email records have become more closed and tied around the individual.

Whereas a copy of the formal letter correspondence would be added to a file of correspondence or a case file relating to the recipient, emails still revolve around the individual user. These emails will often sit in inboxes and 'sent mail' rather than being formally attached to an equivalent electronic case file. This is not likely to be just habit, as systems often have issues storing message formats in an acceptable way. Even SharePoint implementations, according to case study anecdotes I have heard about in the last few years, have had some issues with linking to Outlook. Email often remains at arms length from EDRMS systems because integration can be so tricky.

When the staff member leaves, the risk is that the email account presents firstly a handover challenge for the remaining members of the team and secondly a real challenge for the organisation in complying with requests for correspondence under FOI, DPA or legal discovery. Add into the mix the fact that IT departments, under pressure to effectively manage storage space and redundant user accounts, often have policies in place to delete accounts after a specific period. That's before I get started on .pst files, two words that wake records managers up at night in a cold sweat.

So what approach to take? With so many difficulties around the automation of managing emails we are back to the communicating with the users. We have to guide them to make the right decision sitting in front of their inboxes.

I heard that one legal firm had a policy of emails in an inbox being deleted at the end of the day if they had not been pulled into the appropriate case file. An approach that is draconian, but certainly applicable to a narrow, billable hours type organisation. The principle however - cutting down people's storage space forces them to make decisions about what emails are important - has its merits. If you have the sense that there is unlimited space, why organise it? Meanwhile in the background, servers are clogged up with data, perfomance suffers, more servers are bought just to process and back up information that must be 70/80% redundant.

I think as RMs we should be thinking how this overlaps with lots of the 'how to get on top of your inbox' ways of working literature on email use. A good example is this from the Microsoft website I believe that someone who is very organised in the way they use email will be easily able to identify the important records in their inbox. RMs should try and work with the HR and IT functions in their organisations to work out what guidance is being given on using email. The Open University has an excellent 'decision tree' to help determine if an email is a record, though users might find it onerous if faced with an inbox of 1000 plus.

RMs need to convey the basics to users. Emails belong to the organisation, not them. Some of them are very important records. Some of these may be required for FOI or DPA requests. You can't keep every message. Managing them effectively as records may also mean being more efficient in your overall time management, and vice-versa.

Whilst we are still struggling with managing emails as records, beware of the new spaces in which discussions play out and decisions are made. Instant messenger, blog comments fields and replies to Facebook status posts are all creating informal platforms for formal records. Until someone comes up with a 'silver bullet' solution, RMs need to influence and advise for all they're worth.

Tuesday, 12 July 2011

Decisions Decisions

You could say I should get out more but I'm always excited when my RSS feed delivers me a batch of new ICO decision notices (DNs). I think that the publication of these DNs is one of the most useful outputs from the ICO website. Whilst not formally legal precedent, the DNs show how the FOI is a living, evolving, contested entity embracing a huge array of information. If you want to demonstrate that FOI is not just journalists and prospective suppliers, read some Decision Notices.

The Decision Notices show how a case can be made effectively by an authority to explain why an exemption is engaged. They can show the tenacity and commitment of a requester trying to access information. And they show the ICO as a body trying to be flexible and fair in its rulings. As last week's annual report demonstrated, the ICO is getting quicker and more efficient at reaching decisions on these cases.

The 'big' ICO DNs and tribunal decisions are covered in depth across the web and twitter. I like to try and look at some of the DNs that cover interesting areas of process or procedure. Recent ones that interested me are as follows:

FS50344505

This decision once again re-iterates that Whatdotheyknow.com is considered by the ICO to be a perfectly valid platform for making information requests and responding to them.

FS50321036

The authority had a issued Section 12 'exceeding appropriate limits' response and been been rigorous in providing a minutes-per-file calculation of the time it would take. The requester then asked the public authority to conduct a random sampling of the records in order to come in under the limit. The ICO concurred with the authority that the request could be refused 'on the grounds that the Freedom of Information Act provides a right of access to information, it does not entitle an applicant to require a public authority to perform specified tasks'. I think this covers an interesting area which shows the limits of both what constitutes 'extraction', 'creation of new information' and 'advice and assistance'.

FS50319503
and 
FS50344341

This is two ICO Decision Notices on responses to what I think is the same 'round robin' request for the same information. Two different approaches by the public authorities and two quite different outcomes. A good example of the ICO treating each case according to its individual circumstances.

Wednesday, 6 July 2011

All about the training

You can implement all the systems and policies you want, but the vast majority of records or information management decisions are made at the member of staff's desk. Things go wrong there; many of the high profile data breaches in recent months have come from simple errors - emailing the wrong name from a contact list, faxing to the wrong number. Training staff directly, and building awareness of records management and information compliance, is as important a part of the RM job as any and there are many ways of doing it.

Classroom training
If you get a chance to do this, maybe as part of the standard induction for staff, then leap at it. You'll never get a better chance to let new staff know who you are and why your subject is important. The mix of staff from different departments and different grades will help you learn more about your organisation too. The timeslots you have to work with will vary, but try to avoid going through this policy or that policy or the fact the DPA 1998 was preceded by the 1984 Act etc. Use powerpoint, it is a great tool for putting points across, but don't just read out a series of slides. Get them involved. Ask them what data they are used to dealing with in their work, what FOI requests they may have dealt with before. They will start to ask questions and your answers will be directly engaging with what they do day-to-day.

Knowledge of the legislation is important. But always suggest to them that DPA and FOI is their act too, not just fuelling some perceived hostile public gathered at the gates. With records management you are unlikely, in this sort of training, to be taking them through how to use the local EDRMS or listing retention periods. Get them to think about what records they use at work, or at home, and how they do it. Signpost the policies and the systems and just make sure they leave the room knowing you are the person to ask about these things. I've often ended up starting a dialogue with staff at an induction session that has led to some really productive records management work further down the line. Or maybe, following your training, a member of staff picks up that stray FOI request and actions it immediately. Learn from your experiences from training courses you've attended. Identify the things that really helped you grasp the subject being taught.

Online training
It is unlikely that you or your team will have the time and resources to train every member of staff face-to-face. Online training is a way to get people to learn at their desks when they are available to do it and there is lots of good online training software available. The 'bottom line' is that this approach can help cover your organisation better if you can demonstrate how many people took this training, read the policy and ticked the box. But of course it's much more than that, a chance to reach many more people in your organisation than through an induction session. Whilst it's different from the 'classroom training' in many ways the objectives are similar. You have to get key messages across and they have to be practical and useful for the member of staff. Give them options to find out more if they want to go beyond the basics. Aim for 20/30 minutes at the most and include a quiz to test how much they've taken in. The advantage of reporting on training like this is that you can set up department vs. department stats (60% of the HR division have taken the training, only 30% in legal etc.) to drive uptake with senior management.

Intranets
Intranets are used in many different ways, from simple staff directories and internal web pages to collaborative wikis and 'spaces'. You can never guarantee that all staff will be regular users but this is an important place to put all the up-to-date policy documents, guidance and presentations. If you have a news feed on the intranet, submit regular items. The ‘it could have been us' sort of story - 'records left in a skip' or 'the wrong fax number' - are good opportunities to take real incidents in the news and link them to your policies and advice.

Advice
Not strictly training, but a case of being there if someone has a question. If you can give a quick and helpful response, they'll hopefully a) come back again b) think about these issues in other areas or their work and c) tell others 'why don't you try asking the RM about this...'

A lot of records management is an influencing role, making people aware of why it's important and what they can do. In terms of compliance, staff need at least to know the basics - how to recognise a request or an issue - and to know who to contact. Training is therefore as important an area as any in the record manager / information compliance officer objectives. Take every opportunity you can to get the message across to staff because they are creating, storing and managing records and information every day. You can't stand over their shoulder every time but hopefully you can make them think: 'oh yeah, I remember that guy at the induction, talking about storing important messages, now where do I put this...'