Document Management Guide: Part 5 – Document Disposition
As the last post in this series, this post will cover the regulations around the proper disposition of records. In other words, the dos and don’ts of getting rid of the records you don’t need to retain any more.
As a reminder: this series is not intended to serve as official legal counsel, but to complement it by providing more accessible explications of official regulations. Ultimately, your organization and its leadership are responsible for understanding and adhering to relevant legislation. We hope that you find this series of posts helpful as a preview or complement to the Government of Canada’s official regulation guides, and/or legal counsel.
What does “Disposition” mean?
According to the Canadian General Standards Board: “[d]isposition refers to the actions taken on records after the expiration of the records retention period: destruction, transfer, or preservation,” (18.104.22.168) The last post covered the guidelines and specific regulations around records retention, as well as how to integrate them into your comprehensive records management program. Disposition is just whatever you decide to do with the records once the retention period is over, even if you decide to keep them.
Why is disposition important? (22.214.171.124)
Disposition is a critical part of maintaining the security of your records. Even if your security measures were perfect throughout the entire retention period, it would all be for naught if they become insecure the moment the period ends.
- If you decide to destroy an expired record, you have to ensure that the destruction is total and irreversible.
- If you decide to preserve the record, you have to ensure that the level of security the record had during the retention period remains.
- If you decide to transfer it, you have to make sure that the organization you choose to transfer it to meets all of the security and other standards that are required of you.
What does a compliant disposition process look like? (126.96.36.199-5)
Like with so many other things discussed in this series, the details of a compliant disposition process that meets the needs of your particular organization will depend on its operational, legal, and managerial idiosyncrasies. It will also depend on what you choose to do with your records: destroy them, transfer them, or preserve them.
Two aspects that won’t depend on anything specific to your circumstance, however, are comprehensive documentation, and functional authority. No matter what you plan to do with your records at the end of their retention periods, every policy you establish, every decision made, who made those decisions, and every procedure laid out, all of it needs to be documented in your RM manual. In addition to the policies, you must document, for every record, how it was disposed of, who authorized its disposition, and when it occurred.
In addition to documentation, the process and the RM program must have authority; and the RO, who oversees the program, must also have authority within your organization. How much authority? However much they need to put the disposition policies into effect in your organization’s regular course of business.
Finally, before any decisions are made about disposition, the RO must review the records at the end of their retention periods, and determine whether legal hold or any other factor which may extend the retention period applies.
Compliant Destruction. (188.8.131.52)
If you decide to destroy your records at the end of the decided retention period, you will need to do so in a way that does not compromise the security and confidentiality of the records and is completely irreversible.
This is not too difficult with physical records: you just need to find a secure way to physically damage the documents to the point where the information they contain can never be retrieved. An in-house paper shredder is the simplest option for paper records, and other shredders or disposal devices are also available for other forms of physical documentation. Note, however, that if you plan to destroy documents in bulk by giving them to a third-party destruction services vendor, this will also involve the regulations around transfer disposition (see “Compliant Transfer” in the next section).
Destruction of digital records is a little trickier, due to the deceptive ease of deleting files in digital systems. When you delete a file on your computer, the arrangement of magnetic charges that composes it usually isn’t totally scrambled or removed, it is merely set aside by the system as code that is no longer deemed important or presentable, and ready to be overwritten. Until that space is overwritten with new information, the ghost of the “deleted” information remains. This may sound like a rare problem, and relative to the total number of digital objects deleted every day it is rare, but it does happen and should be prepared for.
One way to ensure your digital files are irreversibly destroyed is to just physically destroy the drive or storage location they’re stored on. It’s the most certain way to make sure that no specialists, malware, or cybercriminals will ever be capable of recovering the information. This option can be quite expensive, however, not only because of the increased administrative costs of ensuring that the destruction is done securely and completely, but also because it requires you to discard hardware that, despite being common and accessible, is fairly expensive, and will need to be replaced.
More cost-effective options that don’t cost you your entire hard drive are also available. Some software can be used to make a deletion permanent by immediately overwriting the deleted storage space with useless code.
If one of your information systems or hard drives contains code that is frequently overwritten automatically, then the window of opportunity for cybercriminals to steal ghost data may be very short, making a successful theft highly unlikely. In this case, the normal digital deletion process should suffice.
Compliant Transfer. (184.108.40.206)
In previous posts, we discussed how regulations require you to enforce your own records management policies and standards on any third-party service providers through contractual obligations. When you transfer control of a record to another organization for destruction or preservation, you must ensure that all of your own RM program policies are enforced throughout the transfer process. You must also ensure that the organization receiving your records is secure and can be trusted to maintain the confidentiality of the records the whole time they are in their possession.
Furthermore, the new custodian needs to be designated in your own metadata, and the fact that they received your record(s) needs to be documented in theirs. Depending on the importance of the records or technical complications with them, you may also need to record the hardware and software that generated the records, as well as the format, file codes, file layout, and other technical details about the records system that the records were in prior to transfer.
Compliant Preservation. (220.127.116.11)
Preservation means continual accessibility and confidentiality. If you download a file onto a hard drive and it becomes corrupted or otherwise inaccessible, then it is no longer preserved. The importance of a record is the information it contains, and the ability to access that information when it is needed. On the other hand, if anyone can access a record, then its security has not been preserved. Preservation of records means doing whatever it takes to maintain accessibility to the right people and deny access to the wrong people. Simple concept, but the execution can be complex.
Though the pace of digital innovation has slowed down somewhat over the last few years as users and businesses congregate around a few platforms, software, and formats, changes in information technology are still difficult to predict, and some of those that have already occurred are not likely to reverse. What this means for the preservation of your records is that you need to be ready for technological updates to avoid loss of information to obsolete systems.
Our previous blogs on microfilm go into detail about its decline into obsolescence with the dawning of the digital age. Organizations that invested in microfilm technology before the age of the computers then had to go through the additional expense of converting their microfilm records to digital in order to keep up. While it is unlikely that any similar seismic shifts in the information technology industry will occur any time soon, industry standards do still change, and you need to ensure that you can maintain your records through them.
Specifically, policy requires that your RM program manual emphasize the importance of controlled creation and maintenance of preservable records formats. It also needs to require identity metadata to document the creation, reception, or storage of a record, its authenticity, and its proper maintenance.
When conversion to a new file format and/or migration to a new system is required to preserve the records from obsolescence, the organization has some special responsibilities. First, regarding conversion, in order to prepare for the potential risk of information loss, the utilities of the original file format (e.g. navigation and excerpting tools, compatibility with software and hardware systems) need to be documented, as well as the utilities of the new format.
In general, information loss is to be avoided as much as possible, by any means available. Any and all decisions about migration and conversion need to be documented, as well as who made them. Finally, if migration and conversion needs are common or expected, appropriate policies and procedures need to be integrated into the organization’s RM program as a normal course of business.
[faqs style=’toggle’ filter=’document-destruction-faqs’]