In this era of privacy regulations, data breaches and consumer privacy concerns, your obligations to protect your customers’ data are more important than ever. Establishing a strong records management program is the first step toward ensuring that your company and employees handle your data properly.
In this article, we’ll run you through eight critical questions that have the potential to change the way you think about your records management policies. First and foremost, this Q&A will help you fill any gaps in your current policies.
Additionally, it has the potential to help your company save some serious money. If you’ve assumed in the past that outsourcing your records management was too expensive, this article is a “must” that’s sure to have a significant impact on your bottom line.
Let’s dive in!
#1: Are Your Employees Creating Records Without Knowing It?
You might be surprised what constitutes a record. Many businesses assume that a record doesn’t truly exist until, for example, a formal entry is created in your customer database.
However, let’s explore a potential scenario:
Let’s say your computer system is temporarily down, and a new client calls. One of your employees writes the new client’s information on a sheet of paper as a temporary measure until database access is restored.
Would that sheet of paper constitute a record? It’s possible! And if that piece of paper isn’t given the care of a formal record, it could result in problems that could create liability for your company.
This issue becomes even more critical if your company is subject to government regulations like the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act or the Fair and Accurate Credit Transactions Act (FACTA).
The American Records Management Association defines a record as: “recorded information, regardless of medium or characteristics, made or received by an organization in pursuance of legal obligations or in the transaction of business.”
As an organization, you need to create your own definition of a record. Include it within your records management policy. Additionally, all your employees who have the potential to create and receive records also need to be properly trained on this definition. That way, they’ll know exactly how to help your company secure and protect sensitive data.
#2: Is Your Records Filing and Maintenance System Costing You Money?
One of the biggest mistakes a business can make is not paying enough attention to creating an effective, organized records management and filing system. It might seem like a low-priority item, but it can end up costing your company big.
It can also expose your company to liability, which we’ll discuss further in question #3.
Ultimately, your system will be tailored to the type of business you run and the way it operates. However, in general, records management systems should include policies that:
- Classify records based on the type and content included.
- Implement a filing and retrieval system so your staff can easily access the records they require regularly.
- Establish both physical and procedural safeguarding rules to protect sensitive data and reduce liability.
- Define retention and destruction timelines, often based on mandated regulations to ensure compliance and avoid fines for non-compliance.
If your organization doesn’t take the time to create and enforce these policies, it can create significant problems, including:
- Difficulty locating records which wastes your employees’ time and your money.
- Delays in business operations when records can’t be located, causing customer complaints or costing your company revenue.
- Improper handling of sensitive data and data breaches, which can expose your company to liability and erode client trust. (More on that in a moment!)
Note: Your first stop for creating a records management system should be your legal counsel. He or she will have a strong grasp of the regulations you need to follow. Additionally, your lawyer will help you craft a cohesive set of policies that reduce your exposure to lawsuits, which are a real threat even to small businesses. We’ll explain more in the next question.
#3: Is Your Current Records Management Policy Exposing Your Company to Potential Lawsuits?
Some companies assume that data breaches and privacy violations are the kinds of things that only happen to larger organizations, as indicated by recent incidents at Google, Facebook and Experian, the consumer credit reporting company.
However, businesses with fewer than 100 employees account for nearly 2/3 of data breaches. In other words, small businesses are by no means immune breaches—and the liability exposure than comes with them.
Additionally, while you may trust your employees implicitly, major security companies estimate that employees are responsible for anywhere from 43-54% of data breaches. Consider all the sensitive data you have around your office. This includes payroll data for your employees and financial information about your company. Does your records management policy currently protect this critical information?
Storing this data off site in a facility that’s staffed with bonded professionals can add a layer of security that keeps this sensitive information from falling into the wrong hands.
#4: Are You Overlooking Potential Savings by Assuming That Outsourcing Will Be Too Expensive?
Outsourcing your records management can offer two main benefits to your company:
- It can help you increase the accuracy of your records keeping by turning it over to dedicated professionals.
- It can also help your organization save money.
When it comes to cost savings, just consider how much office space your records are currently taking up. Off-site storage could allow you to utilize that space more effectively or simply to give it up, reducing your overhead. Also, how much of your employees’ time is currently caught up in records management, as opposed to revenue generation activities? By outsourcing, you could return your team’s focus to responsibilities that directly affect your bottom line.
Records management companies can assist with a wide variety of solutions, including:
- Document storage and retrieval: Although you may want to keep files you use on a day-to-day basis in your office, ones that you access less frequently could be stored offsite. This could save you significantly on administration and storage costs.
- Creating a records retention policy: Although your legal counsel should ultimately make the final recommendations, a records management company can offer you their recommendations based on what’s worked well in the past for other clients.
- Indexing: A records management company can help you establish a system to organize and index your files, either on-site, off-site or both. That way, you’ll always know exactly where any file is at any time, eliminating wasted time searching for a record.
- Destruction: Your records management company can manage your retention and destruction schedules to help ensure compliance, freeing up your employees for other tasks.
#5: Have You Created Policies That Are Difficult to Understand and Follow?
Once you’ve established records management policies and made a decision on outsourcing, you need to take another step to more fully protect your company and your customers’ data.
You need to ensure that your policies are:
- Easy for your employees to understand. If they’re confusing or unclear, your employees simply won’t be able to follow them.
- Not so complex that they place an undue burden on your employees’ day-to-day work, which can unwittingly cultivate corner-cutting.
Finally, if you find an employee violating your policies, it’s important to correct the mistake in the moment. That way, you’ll show your entire team how critical these rules are to your business.
#6: Are You Currently in Compliance with Your Retention Schedule?
If an auditor showed up at your office today, could you say that you’re 100% compliant with your records retention? (Or even close?)
Every record has a retention schedule, depending on the type of data contained and the regulations your organization is subject to. Once the record is past that date, it should be destroyed.
If your business is audited and you 1) haven’t kept to your retention schedule or 2) can’t provide certificates that show the proper destruction of its expired files, you may be subject to significant fines.
That’s why it’s so important to classify your files, organize them and establish proper retention and destruction schedules as part of your overall records management program.
#7: Are You Disposing of Your Records in Ways That Could Cause Problems?
In addition to making sure documents get destroyed on time, it’s also critical to destroy them in the right manner.
We encourage you to follow best practices that will help keep you compliant with government regulations. This means using a secure facility to properly destroy your records. The facility should produce a Certificate of Destruction for you to retain as proof, should your business get audited.
Some businesses may be tempted to dispose of records by placing them in the trash or burning them. In addition to the fact that you won’t be able to present a Certificate of Destruction, these methods don’t allow you to take advantage of recycling options a secure facility may offer.
Instead, to stay compliant with regulations, we suggest you:
- Contract with a facility who can help you shred your records securely.
- Additionally, look for a company who can offer more than just paper shredding, with services that extend to non-white-paper records, such as media cards, CDs, hard drives, data reels, floppy disks and X-rays.
The right facility can also assist with recycling options to contribute positively to Guam’s environmental future.
#8: Do You Have a Business Continuity Plan in Place in Case of Disaster?
With 23 named storms, the 2018 Pacific Ocean hurricane season was the fourth-most active season in history, tied with 1982. Additionally, in 2018, the eastern Pacific saw its most active hurricane season on record.
All this is to say that it’s smart planning to have a business continuity plan in place in case of a natural disaster. One of the provisions of this plan may include off-site storage for your records.
FEMA reports that, following a disaster, 90% of small businesses fail within a year unless they can resume operations within five days. If your records are stored on site and your office is destroyed by a typhoon, what’s the likelihood that you’ll be able to get up and running in five days?
If your records are destroyed, you’ll have to rebuild your business entirely, which is worse than starting from scratch. After all, your current customers will have expectations of your business and you’ll struggle to meet them if all your records are destroyed.
However, if you store your records off site in a location that offers strong protection against natural disasters, the likelihood is much greater that your records—and your business—will survive.
So in addition to looking for a company who can help you with off-site records storage, make sure you find one that can help you with creating a full Disaster Recovery plan. WIth this plan in place, your business can resume operations as quickly as possible following a catastrophe.
Often Overlooked, Yet Highly Critical
The way you currently manage your records could be costing your company money and exposing you to significant liability. However, when you consider your answers to these eight questions, you’ll put yourself on the path toward creating a stronger, more effective records management policy.
With a consistent policy in place, your company and employees will enjoy greater efficiency, potential cost savings from outsourcing and reduced liability, all of which contribute to the longevity of your organization.
Looking for assistance managing your records? DeWitt Records Management would be happy to help. We offer a wide variety of services, including records storage, delivery and retrieval; indexing; certified destruction; recycling and more. Just reach out to us. We’d be happy to put a proposal together for your business. We’re experts at finding ways to benefit your bottom line.