Information Management: Stop the ROT
The University's two most important assets are its people and its information. We all use information in a variety of ways to do our jobs and conduct University business; to enable decisions to be made and actions to be taken.
The value of information as an asset is clearly shown when it's used as evidence of what has happened, what has been discovered or learned; what was decided in the past, and to demonstrate how legal obligations have been met.
Information can also become a liability when it is retained for longer than it's needed - keeping information that is Redundant, Obsolete or Trivial (ROT) can cause a range of compliance and operational issues for the University:
- Search tools produce less reliable results when they're applied to digital systems containing ROT information.
- Using the incorrect or obsolete versions of documents can lead to mistakes and decisions being taken on the basis of inaccurate information.
- Holding onto ROT information containing personal data could potentially breach several aspects of GDPR including the: lawfulness, accuracy, data minimisation and storage limitation principles. Any of which can lead to action by the ICO or potential claims by data subjects.
- This may mean a data subject exercises their right to access their personal data or to request it is erased, in instances where legitimately, some of that data should have already been deleted.
- This may oblige us to confirm or deny the existence of a record in response to a Freedom of Information Act request and potentially, to provide it.
- Good information management takes time and effort – but managing unnecessary material increases this work.
Reviewing the information you create, receive and store for the University on a regular basis can help increase our business efficiency and help lower information compliance-related risks.
How to identify ROT?
Redundant information exists when it is duplicated in different places and versions, whether in the same system or across multiple systems. This can create issues with multiple versions and confusion about which is the 'right' one. A key step in managing ROT is to define a 'Single Point of Truth' (SPOT) for each type of information. For example, sending a link to a document enables a single copy to be viewed (and edited, if required) by multiple recipients, without the creation of duplicates which then exist independently of the original document.
Obsolete information can mean ‘no longer in general use’ or ‘discarded’ or ‘replaced’ or ‘outdated’. Information can become obsolete for all these reasons or it can simply be incorrect or incomplete. In all these instances, obsolete information can create confusion as well as actions or outcomes based on bad information.
Trivial information is the material we create in our daily activities that does not meet the standards of a 'record' (meaning evidence of an activity with enduring business or historical research value and managed in line with the University Records Retention Schedule). Trivial information is the material stuff that does not matter and should be deleted when it is no longer needed.
Where can I find guidance that will help me manage information?
This is the first of a series of articles on managing information as part of the University’s ongoing Information Security and Information Management programme. The University’s Information and Records Management intranet page contains guidance that can assist you in identifying information that has value as an asset for a defined period of time, or perhaps permanently for historical research purposes. It will also help you identify the ROT. There is also guidance available to help you identify material which is not necessarily required for compliance purposes but helps “tell the story” of the University and forms part of the institutional memory.
Where can I find more information about managing Research data?
The University maintains a dedicated suite of guidance on the storage, curation, preservation and provision of research data which can be accessed on the Managing your research data intranet page.
Security & Information Management is Everyone's Responsibility
Help and support
If you think you detect any unusual online activity, please report it immediately.
Who needs to know this?
This information concerns us all. If you use a Warwick staff card, a Warwick email address, access one of our staff or student record systems or share your Warwick work with colleagues within or beyond the University, you are involved in activities that must be kept secure.
Data Protection Officerinfocompliance@warwick.ac.uk
The University of Warwick
Coventry CV4 8UW