When should compliance be a factor in your records program?
I think there are two times -
When the penalties for non-compliance outweigh the costs of compliance.
When the changes required to meet the compliance standard won't cause negative side effects that outweigh any gains made.
A core challenge for all of us working with government records, is that the records and archives acts are unenforceable - which is why they've never been enforced.
This means that they are just never going to provide a big enough stick to compel an agency to spend consistently, or fire for non-adherence.
If you needed a comparison point to understand what I mean, heads of agency pay lip service to records legislation, no bank will ever pay lip service to AUSTRAC ever again.
Without effective enforcement, compliance standards are mostly a problem without a benefit.
I personally think they've done more damage to government recordkeeping than any other aspect of records programs.
Archival institutions are acting like they agree.
They don't say it, but they have been busily lowering compliance bars and standards for the last few years - less metadata, fewer retention classes, self certification…etc.
The challenge is that they have 25+ years of saying "must meet these standards" - and haven't yet taken the step of saying "we don't want compliance, we want a continuous upward trajectory of information and record quality - with this as the thing to aim for, but only if getting there makes sense."
The challenge of using any metric (which is what compliance is), is that eventually people forget about why the thing that the metric measures is important, and just focus on hitting the metric.
This principle is well understood and even has a name - Goodharts law.
The other thing that Goodharts law says, is that when people just focus on the metric, they will optimise for hitting it, regardless of the consequences.
So is it any wonder that we have compliant records systems that mostly have very little usage? We focused on the compliance, not the usage - and arguably everything important is in the usage.
The real catastrophe, is that by focusing on compliance, we missed the opportunity to have nuanced and intelligent dialogues about appropriate levels of information quality, and the impact that different levels can have on performance and accountability.
By implementing the compliance standard at the start of the journey, all we've done is curse ourselves with many years dealing with the problems of having a system that is too mature for people to use.
The compliance standard would be fine if our regulator had AUSTRAC level powers and used them.
But they don't.
So by implementing the compliance standard, we aren't getting what we wanted, and neither are our regulators.
Instead of the steady upward trajectory of quality and results, we have a series of hopeless actions funded only when an agency has a crisis - a series of which are inevitable because funding is inevitably taken away after the crisis, inevitably leading to the next crisis.
The point is, that all the evidence points to compliance being a net bad for us.
So why do we keep focusing on it?
In government, finance management has compliance requirements that are strictly regulated, so does HR, risk, and now even data security - and records management has compliance requirements that are..... not regulated in the slightest. And, when something goes wrong (see recent grant management news articles ) all voices claim "they didn't follow the records management rules" (often, the rules about the very creation of the records). Some Australian jurisdictions may indeed be able to do more in the oversight/regulation space, but simply choose not to. Is this perhaps because Australia's archival institutions see themselves as cultural entities instead of having responsibilities to ensure the integrity of the evidence of government (records)? In organisations, when faced with the inevitable 'no one's going to do anything to us if we break records management laws, even if we get caught - focusing on compliance is indeed a wasted effort.