Defensible disposition addresses the problem of over-retention: Organizations have been over-retaining electronic information and failing to dispose of it in a legally defensible manner when business and law will allow.
The best way to address this monster problem is to break it into more tractable sub-problems: disposition of day-forward information and disposition of historical information. I won’t go into day-forward information disposition here, because it is an easier problem to solve. Let’s stipulate that it’s taken care of and focus here on historical information disposition.
First, note that you may have hundreds of TBs lying around, just waiting to cause you problems. It may take you years to fully address that pile of information. However, you should start soon and plan to take many smaller steps rather than just a few big steps.
Second, note that here I’m going to focus on just the methodology that’s specific to defensible disposition. I’m going to talk about four specific steps in the defensible disposition methodology, but these four steps should be embedded in a larger program for enterprise content management (ECM) program and project methodology.
Here then, is how to do defensible disposition. It primarily consists of developing and then executing four pieces:
- The Defensible Disposition Policy
- The Technology Plan
- The Assessment Plan
- The Disposition Plan
1. Develop Your Defensible Disposition Policy
The first step is to develop your Defensible Disposition Policy. This is the design specification that states very clearly the objectives that your methodology will fulfill. You should be able to defend your actions by pointing at your policy for defensible disposition, which shows what you intend to do, and then showing that you are following it. The good news is that you don’t need to be perfect; you don’t have to perfectly satisfy your retention demands. You do need to use the Principle of Reasonableness and act In Good Faith.
2. Develop Your Technology Plan
Using technology for the heavy lifting in the file assessing and disposing processes is absolutely necessary. But there are two sources of complexity in finding and using the right tools that make it a challenge: First, the “analysis, classification, and disposition” market is young (i.e. immature), and it’s a mess. Second, to efficiently assess a pile of files, you typically have to use a variety of different techniques and thus tools, since the tools have different sweet spots. There is no universal assessment technique and thus no universal assessment tool.
This means that you need a Technology Plan that fits the right tools to your Assessment Plan and Disposition Plan, both of which are discussed below.
3. Develop Your Assessment Plan
The Assessment Plan specifies which information and systems you’re investigating and the particular processing rules you’re going to use. The first step in developing the Assessment Plan is to do the legwork and get a picture of what repositories the information is in and anything else that will help you create a plan of attack. You then create processing rules, based on the different types of file attributes.
4. Develop Your Disposition Plan
The Disposition Plan evaluates your assessment results against your Defensible Disposition Policy and lays out a roadmap for disposing of the various kinds of files you found. Then you start executing the Disposition Plan. This may require one or more FTEs managing the purges and cleanup over months, or even years.
And finally, as you go through your first disposition cycle, you’ll probably want to refine your Defensible Disposition Policy, as you’ve now got a much more realistic picture.