Attitudinal shifts fostered by technological advancements pose the greatest challenges to the disposition of records and information today. Some believe, and advocate, that we should keep everything because storage is cheap and we never know when we might need it. Google encourages us with statements like this: ‘Never delete anything, always use data – it's what Google does’ (Kershaw, quoted in Hardy, 2015). However, others believe that ‘even in this world of “never delete anything”, secure, compliant information disposition has its place!’ (Franks, 2017).
If you are a supporter of this second premise, you understand that records cannot be disposed of unless the reasons for creating them in the first place are understood. Disposition can be defined as ‘The destruction or transfer of records as specified by a retention schedule’ (Pearce-Moses, 2018, s.v. disposition).
Retention is the responsibility of the organization to maintain ‘records for a period of time until their authorized disposition by destruction or transfer’ (Pearce-Moses, 2018, s.v. retention). The retention schedule provides a comprehensive list of each group of related records treated as a unit for retention purposes (records series) and the length of time each is to be maintained – regardless of their format (e.g. electronic and physical) and location (e.g. on premises and in the cloud). This holds true, as well, whether the records and information are in the physical custody of the organization or a third party.
In this chapter, we call upon the findings of four studies that explore the principles of records retention and disposition in a cloud environment and identify ten best practices based on those principles.
The first study, Policies for Government Records Produced by a Community Cloud (Barnard, 2018), addressed transparency, access to information and responsibility for records management in the cloud, including the topics of appraisal, retention schedules and disposition. The second study, Preserving Records and Managing their Life-cycle in a Multi-provenance Digital Government Environment – a case study on a government electronic system: SIGEPE (Lacombe Rocha et al., 2017), considered retention and disposition in the context of controlling records in the physical custody of a cloud service provider.