I disagree with your assessment that records retention policy is not the
responsibility of IT. More and more it is the CIO's job to manage
company records in compliance with government regulations and company
legal and audit needs. Check this article from Forbes:
http://www.forbes.com/2010/07/17/security-documents-symantec-technology-
cio-network-legal.html?boxes=Homepagechannels
Other departments may be responsible for defining the retention policy
but it is the IT office's job to "get'er done". I think IT should
participate in the defintion of the retention policy.
Gross negligence or disregard of retention requirements is likely to
land the CIO in jail if records, particularly eDiscovery documents,
can't be produced. Failure to comply with the spirit of a legal hold
order will result in expensive sanctions against the company that will
reflect on the CIO's performance.
Look for retention policy information at www.aiim.org. AIIM has done
lots of work in accumulating information. Most of the information is
available without creating an account. If you choose to create an
account, AIIM is very respectful of your eMail volume.
Dan Kimmel
midrange.com
