In other poorly timed news, the US State Department’s Office of Inspector General (OIG) released a report this week detailing the agency’s poor email management practices and general State of Departmental Confusion regarding business records.
The report highlights that in 2013, only 41,749 items were declared as business records out of the billions of emails sent by the department–down from 61,156 declared in 2011. Both numbers reflect a tiny fraction of overall communications–and very inconsistent for an agency that has often been criticized for over classification of documents.
The Microsoft Outlook-based system, implemented in 2009 and called SMART (State Messaging and Archive Retrieval Toolset), requires users decipher the following as they send or receive email:
“If an employee puts in electronic form information about “the organization, functions, policies, decisions, procedures, operations, or other activities of the Government,” the information may be appropriate for preservation and therefore a record according to law, whether or not the author recognizes this fact. Whether the written information creates a record is a matter of content, not form. Federal statutes, regulations, presidential executive orders, the Foreign Affairs Manual (FAM), Department notices, cables, and the SMART Messaging Guidebook contain the criteria for creating and maintaining official records and associated employee responsibilities.”
So, what could go wrong? Several items, according to the report, including:
- The lack of central oversight of the program to account for differences across bureaus and missions;
- A lack of understanding amongst users regarding record-keeping policies;
- A reluctance to classify items as records because of potential consequences on pending decisions;
- System designers lack understanding and knowledge of the needs of their customers to make the system more useful.
Additionally, the system also permitted senior level principals to maintain entirely separate systems (yep, now we know…).
While providing a set of recommendations to address the issues, the report itself falls short in failing to recognize the heart of the issue–any records program that depends entirely upon the actions of individual employees is doomed to fail. Yes, individuals understand the context of the conversation, but they are hired for their skills in accomplishing a task–not to be records managers. And programs that allow for optional participation, in particular from stakeholders more likely to be in contact to official (or simply, business) records, would have a difficult time arguing that its policies are being effectively enforced.
The cases of the US State Department, along with the other recent mishaps involving the State of Pennsylvania, State of NY, IRS and Veterans Administration, might lead one to the conclusion that this is an issue unique to the public sector, but the issue is clearly as prevalent amongst corporations.
So, what actions you take today to ensure that critical business records are preserved in accordance with your internal policies and external regulatory requirements? Here’s a start:
- Explore archiving technology that automatically assigns specific retention periods to individual items so that dependence on users to understand unwieldy retention procedures is reduced.
- Examine cloud-based archival solutions that removes system design and storage costs as variables in retention strategy and program decisions.
- Understand the performance capabilities of these archival systems to know which are suitable to address broad, time-sensitive FOIA requests.
- Ensure that a specific authorized individual retains the responsibility to hit the dispose - based upon their knowledge of whether that information has potential value in satisfying an investigative or public right to know.
Subscribe to the Proofpoint Blog