Based on those classifications, records can then be scheduled according to their required or desired retention periods, and their recommended method of disposition. In addition, certain classes of records may only be appropriate for access by certain members of a community. Almost all records are subject to discovery discovery.
The entire process by which an organization creates, classifies, controls, and authorizes access to electronic records is known as Electronic Records Management.
- Know what records you have & where they are (data or records inventory).
- Decide how sensitive or valuable those records are (data classification & records retention/disposition scheduling).
- Prioritize (start with the most sensitive or valuable stuff first).
- Understand the alphabet-soup-of-regulations (e.g., HIPAA, FERPA, FOIA, GLBA, PCI-DSS, ISO, COBIT).
- Find out what others in your region are doing (collaborate, don't reinvent).
- Form partnerships with state & national organizations addressing this issue.