A practical approach to email records management

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Tim Shinkle and Marty Heinrich
 

Connecting state and local government leaders

By Tim Shinkle and Marty Heinrich

|

With the right strategy, agencies can leverage technology they already own for a cost-effective and scalable email records management solution that ensures compliance with federal records policies.

Recent headlines regarding Hillary Clinton’s use of private email at the State Department, Lois Lerner’s missing emails at the IRS, along with looming deadlines for the implementation of electronic email recordkeeping from the Office of Management and Budget highlight urgency surrounding the management of federal email records. 

The Federal Records Act (FRA) and National Archives and Records Administration (NARA) regulations  require that government employees treat email messages created or received in the course of official business as federal records and manage them accordingly (regardless of how and where they are created).  And email represents the highest content volume and greatest challenge to agencies facilitating  eDiscovery, FOIA requests and inquiries. 

The recent headlines surrounding email records and OMB’s Managing Government Records Directive  (MGRD) deadlines are prompting agencies to develop solutions to preserve email messages in a compliant manner.  NARA’s “Capstone” proposal is a simplified approach that allows agencies to designate the email accounts of senior officials as permanent records, while all other email accounts are designated as temporary for a set time.   The implementation of Capstone becomes a technical challenge when officials use personal email accounts, and this is a one good reason to limit the use of personal email accounts to conduct government business. 

A major challenge for agencies is ensuring that all email records are preserved and managed in a manner that provides accountability, transparency and complies with the FRA.  With the right strategy, federal agencies can leverage technology they already own for a cost effective and scalable email records management solution that ensures compliance with federal records policies. This can be achieved without major investments in new technology, or worse, attempting to implement an impractical solution based on a misinterpretation of OMB’s Managing Government Records Directive (MGRD) mandates.

The biggest misunderstandings of the MGRD requirements in the federal records space are as follows:

1. All information (e.g., emails and documents) needs to be managed in an electronic records management system from creation through disposition. Most agencies have a policy in place that defines a record, and the FRA also provides the basic definition to help agencies develop their records management policy. The mistake that is often made is not that everything is a record – the mistake is in believing that because everything is a record (or discoverable) that radical changes are required in how information is managed from creation through disposition. The truth is that if an agency concludes that everything is a record, then the document should be secured, accessible and disposed in accordance with policy at the appropriate point in its lifecycle.

2. Capstone is a solution for all agency employees. Capstone is a worthy method to capture all emails for senior officials and key individuals who set policy and precedent for the agency, but due to the sheer volume and characteristics of email, it is not a good approach for all agency employees. 

3. MGRD requires a large investment in new technology. Most agencies have already made a significant investment in technology, including Exchange and SharePoint that, if properly used, is quite capable of providing basic lifecycle management of records. Agencies should assess how these technology investments can be leveraged to effectively manage records rather than trying acquire a silver bullet technology that may not exist. Furthermore, if an existing technology provides the essential functionality required to manage email records effectively, there is no need to spend money to integrate or migrate records into a new records management system.

4. Duplicates are a big problem. There is a lot of email duplication and there always will be with the volumes of email that are sent daily. However, as long as there are standard policies and procedures in place to remove emails that are no longer needed and preserve those that are valuable, the duplicate emails will be eliminated. There is no need to spend a lot of time and effort trying to identify and eliminate duplicates if there is a good system and procedures in place for managing information over its lifecycle.  Email records can be copied to the desired records repository – and as long as there is a retention policy and procedure for all email, the remaining transient copies will be removed, without a significant burden to the agency.

Three-tiered approach

A sound approach for managing email records is to divide them into two record types, permanent and transitory, and two major lifecycle states, active (being used, developed or referenced) and inactive (not being used or developed and infrequently accessed if at all).

This allows an organization to define policies that manage all information throughout its entire lifecycle, removing any confusion on what is a record or when it is a record, and focusing more on what to do with the records at different states in their lifecycle.  If the NARA’s Capstone approach is adopted, the email accounts of senior officials are automatically preserved as permanent.

Another good approach is to leverage pre-existing human behavior for managing records. For example most employees identify relevant emails and move or copy them to a personal or shared folder already. By simply changing the location of the folder to a controlled work-in-progress (active) location for transient records, and a controlled records repository for non-temporary (inactive) records, IT managers have an improved chance of capturing records that are needed by the organization without creating an extra burden for the end user.

These two approaches can be combined for meeting the 2016 MGRD mandates for email records.  Accordingly, there are three potential paths for email:

  1. Email is received and is determined to be transitory in nature and can be deleted after 180 days (or less) because it has no further value. 
  2. Certain email is needed to document activity at least for a period of time.  These emails are copied or moved to a work-in-progress (active) location for collaboration during a business process.
  3. At some point, email is determined to be needed as part of agency official records for long-term documentation of business activity.  Email is copied or moved to a controlled records repository for formal records management.  Under Capstone, senior official email is preserved as permanent records.

This three-tiered approach is relatively easy to implement with the right policies and processes, and with technology that most agencies already own. The results will be that the vast majority of email (e.g., 95 percent or more) will end up being eliminated over time from the archive, while the most relevant email records (the less-than 5 percent made up of signed contracts and other highly relevant content) will be formally managed and accessible.  Permanent records will be retained for a set period of time and then transferred to NARA.

This groundwork that is established for addressing the 2016 MGRD email directive can be extended to meet the 2019 mandate for all records – where transient records are cleaned up and relevant records are managed  in a formal records repository according to agency policy and disposition schedules.

NEXT STORY: GSA seeks .gov TLD management solutions

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.