Friday, September 22, 2006

Are blogs and wikis records?

In my post a couple of days back I suggested a list of records management topics I was thinking of covering in an exciting ;) records management presentation. Standard disclaimer: there is no original thinking in here, just a regurgitation of public ideas, none of which should be considered a substitute for good legal counsel.

The topic from the list I have selected today is: Are blogs and wikis records?

To start with I need to define what a 'record' is. There are a range of definitions out there, so I'm going with one from a pamphlet on records, by ARMA, typically a good authority on Records Management:
A record is recorded information that supports the activity of the business or organization that created it. It can take the form of
  • paper documents such as a hand-written memo or a hardcopy
  • report
  • electronic records such as databases or e-mail
  • graphic images such as drawings or maps; these may be in
  • photographic, electronic, or hard-copy formats

The ARMA pamphlet has an interesting take on records that I haven't often seen elsewhere; the importance of the document preparation and its content. Many sources that focus on records are more interested in their retention and eventual destruction, which is also important but does not actually ensure that you are retaining information that is actually 'record-worthy'.

The ARMA pamphlet has an interesting section, "How do I write for the record?", which has some standard rules for writing business documents:
The creation of or writing for the record begins the life cycle for recorded information. The purpose for writing is to:
  • communicate information for use immediately
  • transfer or convey information for reference
  • document or record an event, decision, or process
When writing, ask yourself these questions:
  • Am I the right person to author this?
  • Would I cringe if my mother read it?
  • Would I be embarrassed if it were published in a newspaper or put on a bulletin board?
  • Would I be comfortable if senior management read it?
  • Do I have any hesitation signing my name to it?

I think many people would agree that these rules should also be applied to professional blogs and wikis. Maybe the author will apply them with some latitude, since he or she wants people to read something interesting and not just another dull business document.

Since a professional blog hosted within a corporate website will feel the need to follow these writing rules, this implies that the content being published is important enough to represent the views of the company and something that customers might act on (disclaimers accepted). This in itself puts the blog posts in the realm of business records, that should be appropriately written, retained and destroyed according to the records policies of the company.

Wikis need to be treated more stringently than blogs. Since the point of a wiki is typically to convey information in a form that appears reasonably authoritative, the apparent value of the information presented is further inflated. The fact that anyone (within the bounds of your organization) can potentially edit the information again makes the first half of the lifecycle uncontrolled and therefore uncomfortable for companies.

Companies are still adapting to how they deal with the seamingly uncontrolled authorship of content, the first stage in the records lifecycle. Standard records management policies can still be applied to published information while they are deciding, handling the second half of the records lifecycle, and providing an essential historical record of information, enabling the company to react and respond to questions down the line.


While it sounds like I'm proposing professional blogs and wikis should be highly controlled, I don't believe that their underlying value as collaborative and distributed authoring and publishing tools should be diluted. I'm not proposing formalized review and approval processes. It is important though, for the protection of everybody, that companies publish concise policies on the use and content of these collaborative tools. The more restrictive the policies, the less value the tools will likely have, since they will be relegated to being a new view onto an outdated information publishing policy.

From a control perspective I am proposing that corporately hosted blogs and wikis should be treated as formal business records at the point of publishing. Every post or wiki entry should be captured and stored on publishing or subsequent editing, complete with details of the user performing the actions. This gives companies the audit history needed to respond to questions about information that was made publicly available on their site.


Corporate blogs and wikis are tools that are valuable for communicating with a company's customers and prospects. Given that value, companies must treat these tools as another
source of records. Although the authorship policies around the first half of the record lifecycle are being developed, the traditional second half of the lifecycle including retention and disposition should still be applied. This may require organizations to look at how they can integrate their current tools into a records management system, or select from the more corporately focused tools that are coming on to the market.

Technorati tags:

No comments: