There is a conversation going on at AOK, where someone asked about how to respond to their legal counsel's issues with collaboration software.*
The paranoid in the room look at the courts and are very afraid. Prosecuting attorneys can dive into any record archives, looking for damning evidence, such as statements like, "this product will not work" or "that strategy is wrong." The worst offender has been email, since people treat email much more like a hallway conversation than official record. Many companies are reminding their employees that e-mail is just as official as SOP's and other company documents. And companies are automated sweeps of email archives (records retention) to reduce the likelihood that old messages are not kept around too long. I talked about this with Jim McGee, and he blogged about it back in April with respect to blogs in corporations.
So, how do collaboration and social software proponents respond?
- As Jim suggested, some aspect of this is inevitable. People will use the software, and our corporations will need to figure out the best way to do so while still adhering to current legal and regulatory practice.
- Train people how to use the collaboration software and minimize this type of risk. Again, Jim suggests that the more public nature of blogs and collaboration environments helps to tame the less-precise nature of email practice. People tend to speak more carefully when they understand their comments can be viewed by a wider audience.
- Set up processes in the organization that ensure open discussion threads get closed out properly. If someone says, "this product doesn't perform" there had better be well-documented follow-up. And that follow-up had better stick to the original comment in some way or another, so that ten years down the line an investigator will see both the comment and the follow-up.
- Design retention policies on the information stored within the collaboration system that operate the same way your other records retention policies work. Typically, discussion threads can be removed without concern, while reports likely need to be retained for longer periods. This is an area where the records retention organization and legal counsel need to work closely together to understand the rules governing the organization (21 CFR Part 11, Sarbanes-Oxley, etc.). My company essentially did this with its eRoom implementation: all types of information had retention policies that fit exactly the paper record retention policies. Yes, there is the potential to lose interesting information, but I am fairly convinced that these threads are not referenced much after the community ceases using them.
- Help legal counsel become comfortable with the technology in question. Help people see there is more value in collaboration than there is cost associated with the risk.
Does anyone know of specific references to this kind of issue elsewhere? I couldn't track down anything with the terms I used in Google.
* The AOK discussion is happening in their members-only YahooGroup. Membership is free.