Keep it or kill it? Information governance and the art of document retention

Part one in a four-post series on information governance.

The transition to digital-first, always-on, mobile-friendly ways of working has done wonders for productivity. But there’s a tricky downside to this. All our information needs careful attention, or bad things can happen.

Sensitive information can wind up in the wrong hands. Important data can get lost or scattered. The streams of information flowing through an organization can get messy.

Thankfully, there’s a safeguard that solves this: information governance.

Information governance is defined as all the rules, regulations, legislation, standards, and policies your company complies with when you create, share, and use information.

As you can see, there’s a lot to it. It’s no wonder most organizations don’t think they’re doing it very well. A survey by AIIM found that 73% of organizations don’t have information governance policies at all, and of those that do, 23% report that their information governance processes are chaotic.

That hurts. But it doesn’t have to.

At Box, we’ve found that good information governance can be simpler than it seems. We like to boil it down to three basic facets: document retention, defensible discovery, and security classification.

We’re going to devote later posts to defensible discovery and security classification. But we’d like to get started with a closer look at document retention.

Document retention includes the systems and policies for keeping and deleting documents. To get this right, you need to think holistically about your document’s lifecycle. There are three-stages:

  • Stage one: active Content is being actively used. It’s usually stored in local hard drives and/or network shares and repositories.
  • Stage two: semi-active Content is no longer needed on a regular basis, but it’s kept. This is a great time to look into lower-cost storage.
  • Stage three: end of life/disposal Content has reached the end of its life. If it has historical value it’s archived, if not it’s deleted.

Sounds pretty simple, right? In reality, document retention can be a complicated morass, for many reasons. Here are just a few:

  • Today’s workers are mobile and hop across firewalls as easily as a garden fence. Clunky legacy systems weren’t built for that type of dynamism.
  • In many cases (especially for older organizations), document retention means warehousing boxes of paper, which is expensive and ponderous.
  • A lot of smaller organizations keep their files on shared drives and use Excel to manually track their documents. That gets unwieldy fast. And it’s a huge time waster.
  • For larger organizations it may be even more complex – with content spread across file servers and records management systems in multiple locations. That’s even worse.
  • Most of the time, retention is only applied to records and email - which ignores other types of content that are worth hanging on to.

The simplest way to get retention right is to build it into the way that people actually work by automating controls and storing data in the cloud.

With cloud-based systems, there’s no more need for manual archiving, restructuring, deleting or destroying. All you need to know and configure is how long to keep content until it’s deleted automatically or by users.

For content that is no longer useful for day-to-day work, but cannot be destroyed, you can leverage metadata and workflow to keep it tucked away, but still available when you need it.

Sound good? Sound simple? Sound way better? Yes, yes and yes. For more about document retention and other facets of information governance, check out our eBook, The Life-Changing Magic of Information Governance.

Free 14-day trial.
No risk.

Box free trial includes native e‑signatures, let's you securely manage, share and access your content from anywhere.

Try for free