Recent headlines regarding Hillary Clinton’s use of private email at the State Department, Lois Lerner’s missing emails at the IRS, along with looming deadlines for the implementation of electronic email recordkeeping from the Office of Management and Budget highlight urgency surrounding the management of federal email records.
The Federal Records Act (FRA) and National Archives and Records Administration (NARA) regulations require that government employees treat email messages created or received in the course of official business as federal records and manage them accordingly (regardless of how and where they are created). And email represents the highest content volume and greatest challenge to agencies facilitating eDiscovery, FOIA requests and inquiries.
The recent headlines surrounding email records and OMB’s Managing Government Records Directive (MGRD) deadlines are prompting agencies to develop solutions to preserve email messages in a compliant manner. NARA’s “Capstone” proposal is a simplified approach that allows agencies to designate the email accounts of senior officials as permanent records, while all other email accounts are designated as temporary for a set time. The implementation of Capstone becomes a technical challenge when officials use personal email accounts, and this is a one good reason to limit the use of personal email accounts to conduct government business.
A major challenge for agencies is ensuring that all email records are preserved and managed in a manner that provides accountability, transparency and complies with the FRA. With the right strategy, federal agencies can leverage technology they already own for a cost effective and scalable email records management solution that ensures compliance with federal records policies. This can be achieved without major investments in new technology, or worse, attempting to implement an impractical solution based on a misinterpretation of OMB’s Managing Government Records Directive (MGRD) mandates.
The biggest misunderstandings of the MGRD requirements in the federal records space are as follows:
1. All information (e.g., emails and documents) needs to be managed in an electronic records management system from creation through disposition. Most agencies have a policy in place that defines a record, and the FRA also provides the basic definition to help agencies develop their records management policy. The mistake that is often made is not that everything is a record – the mistake is in believing that because everything is a record (or discoverable) that radical changes are required in how information is managed from creation through disposition. The truth is that if an agency concludes that everything is a record, then the document should be secured, accessible and disposed in accordance with policy at the appropriate point in its lifecycle.
2. Capstone is a solution for all agency employees. Capstone is a worthy method to capture all emails for senior officials and key individuals who set policy and precedent for the agency, but due to the sheer volume and characteristics of email, it is not a good approach for all agency employees.
3. MGRD requires a large investment in new technology. Most agencies have already made a significant investment in technology, including Exchange and SharePoint that, if properly used, is quite capable of providing basic lifecycle management of records. Agencies should assess how these technology investments can be leveraged to effectively manage records rather than trying acquire a silver bullet technology that may not exist. Furthermore, if an existing technology provides the essential functionality required to manage email records effectively, there is no need to spend money to integrate or migrate records into a new records management system.
4. Duplicates are a big problem. There is a lot of email duplication and there always will be with the volumes of email that are sent daily. However, as long as there are standard policies and procedures in place to remove emails that are no longer needed and preserve those that are valuable, the duplicate emails will be eliminated. There is no need to spend a lot of time and effort trying to identify and eliminate duplicates if there is a good system and procedures in place for managing information over its lifecycle. Email records can be copied to the desired records repository – and as long as there is a retention policy and procedure for all email, the remaining transient copies will be removed, without a significant burden to the agency.
A sound approach for managing email records is to divide them into two record types, permanent and transitory, and two major lifecycle states, active (being used, developed or referenced) and inactive (not being used or developed and infrequently accessed if at all).
This allows an organization to define policies that manage all information throughout its entire lifecycle, removing any confusion on what is a record or when it is a record, and focusing more on what to do with the records at different states in their lifecycle. If the NARA’s Capstone approach is adopted, the email accounts of senior officials are automatically preserved as permanent.
Another good approach is to leverage pre-existing human behavior for managing records. For example most employees identify relevant emails and move or copy them to a personal or shared folder already. By simply changing the location of the folder to a controlled work-in-progress (active) location for transient records, and a controlled records repository for non-temporary (inactive) records, IT managers have an improved chance of capturing records that are needed by the organization without creating an extra burden for the end user.
These two approaches can be combined for meeting the 2016 MGRD mandates for email records. Accordingly, there are three potential paths for email:
- Email is received and is determined to be transitory in nature and can be deleted after 180 days (or less) because it has no further value.
- Certain email is needed to document activity at least for a period of time. These emails are copied or moved to a work-in-progress (active) location for collaboration during a business process.
- At some point, email is determined to be needed as part of agency official records for long-term documentation of business activity. Email is copied or moved to a controlled records repository for formal records management. Under Capstone, senior official email is preserved as permanent records.
This three-tiered approach is relatively easy to implement with the right policies and processes, and with technology that most agencies already own. The results will be that the vast majority of email (e.g., 95 percent or more) will end up being eliminated over time from the archive, while the most relevant email records (the less-than 5 percent made up of signed contracts and other highly relevant content) will be formally managed and accessible. Permanent records will be retained for a set period of time and then transferred to NARA.
This groundwork that is established for addressing the 2016 MGRD email directive can be extended to meet the 2019 mandate for all records – where transient records are cleaned up and relevant records are managed in a formal records repository according to agency policy and disposition schedules.