The risks of relying on ‘making a record’

In August 2020, The Register reported that due to human error,145,000 KPMG Microsoft Teams user chats were deleted and can’t be recovered.

KMPG was using retention policies in Teams, which have someĀ broader limitations and risks for compliance. Unfortunately, in attempting to modify the policy for one user, they modified it for all, and deleted chat threads across the whole environment.

This came after KPMG CIOs had already made a point of telling users that information on crucial business decisions should not be stored in chats, because of risks like this. But how realistic is that approach? When chat is available, it becomes a key and integrated communication method. Chat threads document the story of a decision making process, not just the outcome. Even if users had been diligent in making sure important content was duplicated in another system, that content would have been stored there without its full context. It’s the context that tells the story, and telling stories is the purpose of recordkeeping.

In a model where we ask users to operate in one system, and put records in another, we break the continuity and lose the context. We also double the threat surface, as now we have two copies of sensitive or high-value content, and we halve the discoverability, as we now have multiple versions to interpret.

A better approach, and the only compliant one in a continuum model under the international Standards, is to manage the source system content in-place. Once content is records-managed in-place, there is no need to make working or archival copies of it, and no need to use retention policies and other system configurations that can result in permanent destruction of an entire data set.

If we just records-manage the source systems (instead of asking users to manually copy over their important content piecemeal in another application), we make those source systems more stable, more secure, and more robust. Once we treat every operational system as a compliance system, we back it up properly, and change-manage its configuration properly, and we are much less likely to make catastrophic mistakes. As long as we keep treating enterprise-wide systems as less important because ‘all the important records should have been copied out anyway’, we will keep seeing irreversible data loss that seriously harms productivity, reputation, and the bottom line.