The MER Experience
The 25th Year of Delivering Premier Electronic Records Management Education

Stop in the Name of Policy!

By Nicole Lindenbaum | RSD on Twitter @RSDig

Stop in the Name of Policy!

Imagine a world without enforcement. Drivers see a sign posting the speed limit, but there’s no one to make them follow it. At intersections, they can see the traffic signals and stop signs, but there is no one to see if they don’t follow the rule. In shops, it is understood that patrons exchange money for goods, but no one will stop you if you walk out without paying. A standardized test room in a high school has a sign that says “No Cheating” but there is no proctor in the room. A world without enforcement devolves into chaos pretty quickly, huh?

We are a society of rule-breakers. It’s not that we are inherently evil or bad, nor am I suggesting that we even intend to break these rules. However, we often make exceptions for ourselves if no one is around to tell us otherwise. We cheat on diets because one extra cookie can’t hurt, right? I don’t see a cop on the road, and it would be REALLY great to get home 10 minutes earlier to start dinner. And your kids probably truly believe that staying up for an extra hour to watch TV won’t make them tired tomorrow.

This is why we have policy enforcers. Policemen, Weight Watchers groups, parents, the IRS, ticket-takers at concerts, security guards at sporting events, cashiers, referees, and the list goes on. While we don’t intend any harm, we are unlikely to follow policies to the letter without anyone to enforce the rules we set.

Applying this thought experiment to the workplace, how can you risk policy without enforcement at your organization?

Historically, retention schedules have been kept in spreadsheets, and it has been up to the employees to follow it. But how can you be certain the policies are being enforced? What if your team misses something, or they forget to apply a policy because something more important came up that day? What if the policy is complex to understand, so a mistake is made? As our electronically stored content grows- along with the types of repositories, amount of operating jurisdictions, number of regulations, and variety of information lifecycle events- this job becomes increasingly complex to manage. With all of this complexity, the chance of a mistake is amplified, and the repercussions could be devastating for an organization- not to mention the managers who are liable. As with an un-enforced speed limit, policy without enforcement puts you and your organization at great risk.

Organizations are liable for their content. Despite having an impeccable policy in place, if a document is not disposed of when it should be, the company is liable for the undisposed content. If they are sued, not only are they liable, but this is extra content that they will have to pay a legal team to sift through. However, if there is a mechanism to ensure active policy enforcement, the organization can rest at ease, knowing that anything deleted has been done so confidently and defensibly.

Enforcement goes beyond disposition, however; other policies must also be enforced. For example, organizations must be sure that the correct privacy controls are applied on all content, not just in one repository or another. Without a system that enforces the governance policies, companies are at great risk of private data leaking out. (No one wants to be the one that forgot to “lock up” the metaphorical Coca Cola recipe.) I have a friend who once accidentally accessed the payroll of all employees at her company. I’m sure that the company did not intend to give her access, but somewhere a policy had not been enforced. Furthermore, what happens when your legal holds are not enforced? Say you put some content on legal hold but it is deleted anyway. Evidence has shown that judges will not be sympathetic.

So I urge you to stop in the name of policy!

Your information governance platform must not only allow you to establish policies, but also (and more importantly) ensure the enforcement of those policies on all of your content. You wouldn’t want a world without policemen, and you don’t want policies without active enforcement.

Nicole Lindenbaum

Nicole Lindenbaum

Nicole Lindenbaum

Nicole Lindenbaum is a Marketing Specialist at RSD, where she promotes the benefits of information governance platforms. RSD is the leading provider of information governance solutions for the enterprise, helping companies to reduce operating costs and risk exposure through robust information governance programs. Nicole holds a Bachelor of Fine Arts from Syracuse University and a Master of Business Administration from Washington University in St. Louis.

Connect: Twitter:@RSDig | LinkedIn

Are you a blogger?

Please visit our Submissions page to find out how to submit an original article, or if you would like us to repost one of your best.


Bob Williams is the founder and president of Cohasset Associates, Inc. and founder of the National Conference on Managing Electronic Records, (MER).Mr. Williams is renowned for his leadership in addressing the legal, technical, and operational challenges associated with the life-cycle management of records, especially electronic records.  He has edited two definitive legal research studies: Legality of Microfilm and Legality of Optical Storage.  His also has overseen many industry white papers focused on compliance the SEC’s requirements for the storage of computer stored information (CSI).As a renowned speaker, Mr. Williams has given more than 1,000 presentations at briefings, seminars, and conferences throughout the United States as well as in Europe and South America.Mr. Williams’ primary focus now is organizing, running, and co-chairing the MER, Cohasset’s nationally renowned conference on managing electronic records