Industry analysis from Mitie Connect: What's in the box?
This article was originally featured as an industry analysis in the April issue of LPM. To read the issue in full, download LPM.
Schrödinger’s cat is a thoughtexperiment used to describe how two potential realities can exist at the same time. In the experiment, the cat is sealed inside a box with poison – there are two possible fates for the cat. The cat may be poisoned and is dead, or not. While the box remains sealed, the fate of the cat is unknown – and in terms of quantum physics it’s both alive and dead at the same time. It is only when the box is opened that one reality is set.
And so it goes for records held in boxes in offsite storage. The records you hold may be of little importance and due (or overdue) for destruction review, or they may be of long-term value. Both are true while you do not know the contents of the box. Poor or absent listings of legacy records are common problems for organisations attempting to apply retention rules to offsite holdings. Without basic information about the matter, record creator, age profile or business context of records held offsite, businesses struggle to identify the correct retention rules to apply. The scenario where a high proportion of boxes contain materials subject to legal discovery is enough to make most hesitate when planning destruction exercises for offsite records.
There are four ways in which companies can address this issue: retain the status quo, retrospective cataloguing, flip the lid, and destroy all unlisted boxes.
Herding quantum cats
Every organisation I’ve worked for has adopted the retain-the-status-quo approach, regardless of sector. Saying this approach is a strategy by design is perhaps a little too kind. In most cases this has not been by design, more because the problem has seemed too big and too difficult to tackle. That is, until someone notices the growing offsite storage bills and complains about costs.
If your firm is willing to adopt an approach of retaining unlisted items and take on the cost of that indefinitely, this is a legitimate strategy. However, you may be ignoring your responsibilities or legal obligations to provide full accountability to your clients or to external audit bodies.
The logical solution to the Schrödinger’s box question is, of course, to open the box to find out whether records need to be retained or destroyed. Retrospective cataloguing can be an answer to this problem.
But this approach isn’t always practical, for numerous reasons. There may be a large proportion of records that are uncatalogued, requiring a lot of resource to relist. The majority of records held may be of low value, leaving in question the value of committing so much resource to a retrospective cataloguing exercise. Costs may be exclusory relative to the benefits.
Finding out what is in each box may reduce risk by allowing retention rules to be applied and legal holds to be protected, but it may also increase the business’s exposure to risks. For example, it can expand the pool of records which must be managed in accordance with the EU’s General Data Protection Regulation. Businesses must be aware of both the increase and decrease of risk exposure when cataloguing.
Like retrospective cataloguing, an exercise may be undertaken to review box contents while carrying out an on-the-spot disposal and retention review. Records of long-term value would be identified and ring-fenced, and the remainder sent for bulk destruction. As with retrospective cataloguing, this is a resource intensive option which may not be practical if there are a large number of boxes to review.
Destroying all unlisted boxes seems like the easiest solution, but it is also the riskiest. There is an argument to be made that unlisted records aren’t easily discoverable, and depending on the rule of proportionality this may be true. This argument focuses more on the fact that if you don’t know a record is there it can neither help you nor harm you in a legal case.
The problem is that there’s always a risk that the boxes may contain documents relevant to cases, and destruction of paper is permanent. This is why most people are reluctant to authorise destruction, even with the correct due diligence and robust management in place.
The reality is that these approaches alone won’t necessarily resolve the problem. Instead, a riskbased approach must be adopted which employs a combination of these strategies.
Records management teams need to work closely with legal and compliance to design an approach appropriate to the firm. Records management teams need to provide the following: the number of records that are not catalogue, the number of years the records have been deposited in offsite storage, and the number of times the items have been requested. They also need to provide a due diligence report which demonstrates all known resources at the time of review have been checked for data pertaining to unlisted records, a sample of the contents of boxes, and a quote on the resource required to catalogue, destroy or store as unlisted records.
These factors will help you decide whether it would be practical to retrospectively catalogue all holdings, flip the lid, or carry out bulk destruction. Legal teams can support this by providing records teams with legal holds listings, and helping to define a robust process to apply legal holds.
Legal teams may also be able to help identify areas of the business which are subject to greater risk of legal challenge, and consider the cost and risk of losing cases because of lack of documentation.
Compliance can support addressing unlisted records by assessing the risk of destroying a proportion of or all unlisted records, and providing guidance of the risk undertaking.
Making a decision to deal with the unknown is a first step to resolving your unlisted legacy data. By gathering the right information from records, legal and compliance teams can help eliminate the element of quantum physics from records management, and hopefully make your reality a little easier.