2017-2018 exchange Nov Dec 2017 Newsletter FINAL | Page 15

BS: That is not a records management issue. It is a supervisory issue
at that level. If the retention schedule is adopted as departmental poli-
cy, then it is up to the supervisor to determine that the appropriate ac-
tion is being taken for employees that are under their supervisory con-
trol. It’s got to filter down that way; I don’t know how else it can be
done.
A records manager is not going to start reading the files themselves.
That being said, you need to look at the reason for non-compliance if
it isn’t a supervisory issue or a lack of time. Is it the retention guid-
ance? Is there something wrong with that?
JB: Switching gears, it seems that there is conflicting needs between
getting rid of data, mainly focused on NPI, the right to be forgotten,
the right to be remembered and data analytics where the belief is
“more is more.” How do you see these competing interests?
BS: It’s complicated. The more information you have, the more likely
you are going to get in trouble with it, particularly if its personally iden-
tifiable information or protected health information or payment card in-
formation. Those are the types of data we are most concerned about
from a data breach standpoint. So the longer you keep it, the greater
the potential for a breach.
On the other hand, there is more and more interest in having huge
quantities of information that data science can work on. The risks
have to be identified an evaluated. Some of these things go beyond
records management to upper management who makes decisions
about this. All records management can do is indicate the nature of a
problem and the possible impact of particular courses of action. There
is never one solution to a problem.
JB: Taking into consideration this more is more mentality, do you think
there are any viable approaches to managing that? I know that people
talk about transformation and stripping of data, including pseudomiza-
tion and anonymization. Do you think one of these techniques is a via-
ble option in terms of managing compliance with records management
policy? From a records management perspective, you don’t want peo-
ple to have the ability to recreate the record.
BS: Big data wants more information. That is understandable and it
has proven its value. But anonymization is necessary. The key is to
15