If you're part of an organization of any kind, that organization probably has records. These records can exist in a variety of forms, from paper to Word documents to e-mail. And if you have records, you probably have some way of managing them. They may be in a pile on a desk, in a file cabinet, or stored on a computer or in a more complex filing system.
At a high level, records management is the way in which an organization handles their stored information. This information carries with it a vast amount of intellectual property and to be productive workers need to have access to what's important to them. Organizations need to develop a system to manage what is kept and what isn't, control what is accessible and to whom, and make sure that workers can find why they need quickly while preventing information overload. In addition to that, thousands of points of law and regulation exist governing the management of records.
None of this is new information, so why is everyone talking about it now? There have been some big changes over the last few years that have sparked a strong interest in records management:
There's a lot more data now than there used to be: University of California at Berkley researchers estimating that 5 exabytes of new data were created and stored in 2002, 92% of which was on hard drives (link). That's 37,000 US Libraries of Congress and the number is growing each year. Figuring out what to do all with all this data has become complex problem given its scale and accelerating growth.
Managing records has become more expensive. You may be wondering what I mean by that, given that the storage costs per gigabyte of data have been plummeting over the last few years. As storage costs drop, the legal penalties for mismanaging information have gone up dramatically. Here are a few examples:
In December of 2002, The Securities and Exchange Commission, levied a fine of $8.25 million for failing to follow rules pertaining to electronic communications. This fine was split amongst Deutsche Bank Securities Inc., Goldman, Sachs & Co., Morgan Stanley & Co. Incorporated, and Salomon Smith Barney Inc, (link).
In March of 2004, the SEC penalized Banc of America Securities for "Repeated Document Production Failures During a Pending Investigation" because they" "failed promptly to produce electronic mail" pertaining to ongoing litigation. The fine this time was $10 million and it was levied against one company alone. (link).
In May of 2005, Morgan Stanley was ordered to pay $1.45 billion in a civil lawsuit, due in large part to failure to properly produce electronic documents. The judge ruled that Morgan Stanley had committed "willful and gross abuse of its discovery obligations" and reversed the standard burden of proof, requiring Morgan Stanley to prove that it had not committed the infractions of which it was accused of instead of requiring the plaintiff to prove that it had (link).
New laws and court judgments have made records management downright scary. Individuals are increasingly being held liable for mistakes and negligence.
In July of 2002, the Sarbanes-Oxley Act became law in the U.S. Unless you've been living under a rock, you've probably heard of this one. Among other things, it specifies jail time for executives who knowingly sign off on inaccurate financial statements. (link)
In April of 2003, former investment banker Frank Quattrone of Credit Suisse First Boston was indicted for obstruction of justice. He sent an e-mail instructing some of his colleagues to "clean up those files" while some of them are being sought by regulators and a grand jury (link).
Understanding these trends, the Exchange team has made some significant investments in Exchange Server 2007 to provide tools to help you better manage your e-mail. Over the next few weeks, we'll be providing some further posts that give you more insight into how this works.
-Julian Zbogar-Smith
Program Manager
