Information Governance | Intelligent Information Management (IIM)
In this series, we've been exploring the intersection of IIM policy and the law. The idea here is to help IIM practitioners and legal specialists work together more effectively by gaining a better understanding of the relationship between the two.
In my first post, where we explored the principle of hearsay, we left off asking about the relationship between IIM policies and the "ordinary course of business." So, let's take a look.
What's the Relationship Between IIM Policies and the "Ordinary Course of Business"?
A witness in a trial can try to introduce business records into evidence. The documents will be admitted if they meet the very strict conditions attached to business records under the hearsay rules. It's not uncommon for someone to challenge the admission of those records on the grounds that they don't meet the requirements.*
The party seeking to introduce the records has the burden of proving that they were made in the ordinary course of business. To prove that, the witness gives evidence of what the "ordinary course of business" means for that organization.
In the best of all worlds, the practices in the ordinary course of business would be a 100% match to the organization's written policies and procedures. If the business unit's policy says, for example, that information is captured through a form on the web site and from there is funneled to a database, and that, in fact, is what actually happens, then that piece is a slam-dunk.
The written policies and procedures also include those created by various administrative support areas, including IIM. If, for example, your policy prescribes that workers store correspondence in a specific corporate records management system, and people actually do that, then that, too, is a slam-dunk.
It gets tricky when the policy says one thing, yet people do another. Here's where the person introducing the records has a bit of explaining to do. The cross-examiner will ask why the witness is trying to rely on copies of invoices taken from someone's e-mail account when the office policy says that the authoritative financial records are kept in the accounting system? Why is the office claiming that they dispose of their complaint files four years following the resolution of the complaint when the Records Retention Schedule says the prescribed period is six years? And why are we looking at original paper applications for services when the official procedure dictates that all applications are scanned and the paper destroyed?
It is possible, of course, to claim that all your written policies and procedures are totally out of date and should be ignored completely, but that kind of defeats the purpose of having them in the first place, doesn't it?
Other Legal Implications for Your IIM Policies to Consider
Helping to categorize information as "business records" under the hearsay rule is just one way that your IIM policies end up having implications for the legal system. They also form part of the legal documentation in the employment contract.
Whenever an employee is hired by an organization, that employee agrees to follow all policies present and future. Ordinarily, an employee cannot escape disciplinary action for non-compliance on the grounds that the policy wasn't put into effect until after the employee was hired. Those policies, therefore, become part of the ongoing employment contract as they are approved.
If your organization has an internal audit function (many corporations and virtually all government offices do), those policies also act as one of the yardsticks the auditors use to evaluate the effectiveness and compliance of different arms of the business.
How Do Policies and Contracts differ?
Given that there are so many legal implications of IIM policies, it's fair to ask how policies and contracts actually differ. We'll look at that question in Part 3.
*Like Part 1, this article cannot be taken as legal advice; it is for educational purposes only. Again, please forgive any over-simplification.
