Bob Johnson is the Chief Executive
Officer of NAID.
Reporting a record as being unavailable when a duplicate copy does
exist puts the organization at risk of contempt charges, perjury,
and withholding evidence. Courts have historically shown little
willingness to accept the excuse that an organization simply did not
know where to look. Additionally, even if the courts were tempted to
consider the unintentional nature of the deception, the fact remains
that once discovered, records that could have, and by policy should
have been legally undiscoverable are available for discovery. Once
their presence is known, they must be produced. The existence of
duplicate records undermines one of the most important purposes
of the organization’s records retention schedule.
To be fair, those in an organization who propagate or save duplicate
records usually have no idea they are putting their organization at
To minimize the risks created by the presence of duplicate records,
data controllers should instruct employees to refrain from creating
or hoarding them in the first place. This is accomplished by policy
development and training, by providing access to the information
on the controlled records (in order to minimize the temptation
or need for duplication), and by providing an annual amnesty or
disposition program for the collection and disposition of duplicate
records accumulated over the past year.
Not all duplicate records are created surreptitiously. Where there
are legitimate and unavoidable circumstances requiring their
creation and temporary retention, data controllers should provide
instructions for the appropriate labeling. This allows for easier
identification and destruction when the need for their use expires.
Due to the fact that duplicate records have no retention
requirement, authorization is not necessary for the disposition of
DISPOSITION OF INCIDENTAL RECORDS
As previously defined, incidental records are those with a lifespan
limited to their immediate usefulness. Common examples include
memos, reports, surveys, drafts of correspondence, and flawed
copies of forms. From a RIM perspective, the most important thing
to remember is that they are as much an official record as those
retained formally. Failure to identify incidental records and develop
written procedures for their proper disposition is inconsistent with
regulatory compliance and RIM best practices.
Due to their nature, no internal authorization is required for the
disposition of incidental records.
All information and all media will eventually be discarded. From a
records management perspective, data controllers should ensure
that it is done purposefully and in a manner that minimizes the
risks inherent in the process of disposition. Although disposition of
information marks the end of managed control by the organization,
the responsibility and repercussions may exist for many years and
in some cases in perpetuity.
Failure to identify incidental
records and develop written
procedures for their proper
disposition is inconsistent
with regulatory compliance
and RIM best practices.