It is common across organisations for duplicate records to be created, stored and used. Analysis, decision making and communications can all result in duplicate records being created, but mostly these are temporary with short-lived usefulness. However, duplicate records can be inefficient and cause problems if they are not properly identified and managed.
What are duplicate records?
Duplicate records quite simply replicate, in whole or in part, master records held elsewhere. They may not even be created by the University and be used for reference only. They are:
- Transitory in nature
- Not an official record
- Used for a discrete, short-term purpose
- Circulated in meetings or by email
- Not significantly altered or annotated.
Why do we need them and where are they kept?
Duplicates are held for many reasons and different time periods, e.g.
- Working copies
- Back-up copies
- Auditing purposes
- Related but independent functions.
Information may also be held for reference or personal need, e.g.
- Future research or planning on a related topic
- Log of action on areas of work
- Work cultures that support use 'just in case' or 'to cover your back'.
Duplicates are usually somewhere close to hand and easily accessible, either at or near the desk for hard copies or in local file storage for digital copies.
What risks are associated with duplicate records?
Several primary risks exist in relation to duplicate records:
- Confidentiality. Information security controls may not be consistently applied to the duplicate records and may not be appropriate to the sensitivity of the information. This may result in inappropriate access or sharing of the information. Compromised accounts arising from malware or phishing activities may result in data breaches that would not have been possible from the master records. Controls:
- Use duplicates for specific purposes
- Destroy when the purpose ends or its use ceases
- Do not keep duplicates longer than masters
- Do not maintain ‘local archives’ of information you did not create.
- Integrity. Although master data may be updated, the duplicate records may not be, resulting in out-of-date information being circulated, edited or acted upon. Alternatively, local duplicate records may be updated but those updates never reach the master record. Controls:
- Clearly identify and minimise duplicate records
- Update all instances of the record when changes are required. Notify owners if you cannot make the change yourself
- Choose either paper or electronic to file master copies. Hybrid filing systems can cause confusion over time.
- Availability. Location of master and duplicate records should be known or discoverable. Controls:
- Know who holds the official/master records
- Do not transfer duplicates to inactive storage
- Do not keep just because you think no one else will.
- Compliance. The University needs to know what is held and where it is. Information Asset Registers assist with this. Information may be required to support contractual claims, internal work or to address individual rights exercised under data protection legislation. Individual rights exercised need to address all instances, hence it is easier to address just one master record. Controls:
- Use Information Asset Registers to document the data processing that is carried out and where data is stored
- Support information requests and data subject requests under applicable legislation as quickly and as fully as possible.
- Inefficiency. More information requires more space to keep it. Increased physical storage adds cost for cabinets, reduces potential working space, creates clutter and redundant information, and presents health and safety risks associate with managing it. Increased digital information can reduce system performance or make it more difficult to find all of the information (or the right information) needed. Both can result in confusion in identifying the correct or latest version. Controls:
- Minimise paper copies to reduce physical storage space and associated costs. Retain where necessary, e.g. for regulatory or legislative purposes
- Use version control
- Dispose of duplicate information as soon as possible
- Recipient and sender of internal university correspondence keep their version for their own relevant purposes. The master record is determined as that which requires the longer retention period.
How do we reduce the need to duplicate documents?
Use the University Records Retention Schedule to determine when and how to dispose of information.
- Know which retention periods apply to records you hold
- Weed your files of unnecessary out-of-date information.
Use shared storage areas for digital and paper files. This makes information easier to find and avoids duplication by reducing local copies with multiple individuals.
- Shared departmental or function folder, e.g. on network (S: drive) or team site (SharePoint).
- Use shared cabinets for team storage rather than personal cabinets or pedestal units.
Use document naming conventions, version controls and document labelling to convey contents accurately
- Refer to the Records Management Manual.
Minimise email circulation to only those appropriate
- Delete email you are copied into if not needed
- Provide links to attachments where possible, using correct links and local permissions to restrict access, e.g. to files in network drives or Office 365 (OneDrive, SharePoint).