ARK group Managing email within a recordkeeping framework
Download
Report
Transcript ARK group Managing email within a recordkeeping framework
Managing email as a record
Archives NZ Recordkeeping Forum
- Email Records Management
1
Definition of a record - PRA
‘A record or class of records, in any form, in
whole or in part, created or received (whether
before or after the commencement of this Act)
by a public office in the conduct of its affairs’
‘A record or a class of records, in any form, in
whole or in part, created or received (whether
before or after the commencement of this Act)
by a local authority in the conduct of its affairs’
Archives NZ Recordkeeping Forum
- Email Records Management
2
Definition of a record – PRA (2)
‘…information, whether in its original form or
otherwise, including (without limitation) a
document, a signature, a seal, text, images,
sound, speech, or data compiled, recorded, or
stored, as the case may be,—
(a) in written form on any material; or
(b) on film, negative, tape, or other medium so as
to be
capable of being reproduced; or
(c) by means of any recording device or process,
computer, or other electronic device or process’
Archives NZ Recordkeeping Forum
- Email Records Management
3
Email is a record
"All email messages created using Australian
government systems are Commonwealth
records and must be managed in accordance
with the Archives Act 1982” NAA
In United States context - records are only a
record when they are declared - but this
mindset is changing
In Australasian context - "guilty of being a
record until proven innocent" approach
Archives NZ Recordkeeping Forum
- Email Records Management
4
Subtle distinctions
What makes one particular email a record,
versus what makes emails as such a record
Defining information as a record doesn't confer
permanent retention status
Archives NZ Recordkeeping Forum
- Email Records Management
5
Types of email
GDA 3 – Emails that can be routinely disposed
of:
personal correspondence
circulated information received for
information only
trivial work related material (such as
reminder notes and room bookings)
copies of records already in the record
keeping system, and
copies of documents kept for reference
purposes only
Archives NZ Recordkeeping Forum
- Email Records Management
6
Types of email (NAA)
Records required for ongoing business:
Transactions that provide evidence of your
business activities, e.g. directives,
development of policy issues
Records of ephemeral value:
Information messages with a business context
but not part of a a business transaction, e.g.
notification of a meeting or a general notice to
staff, and persona or social messages
Archives NZ Recordkeeping Forum
- Email Records Management
7
Types of email (PROV)
Personal email – email which is of a personal
nature and which has no relevance to the
business of the agency
Ephemeral email – email which is used to
facilitate agency business but which does not
need to be retained for business purposes
Corporate email – email which relates to the
business of the agency and which must be
retained as a record
Archives NZ Recordkeeping Forum
- Email Records Management
8
Examples of records that happen to be
emails
Contract variation agreement
Decision to buy software
Clarification
Summary of a work phone conversation
Advice on legislation, policy...
Ministers of the Crown asking for policy
advice…
Archives NZ Recordkeeping Forum
- Email Records Management
9
So which type is your email?
Context may only become apparent over time
Your first decision may be the wrong decision
You might want to hang about a bit…
Archives NZ Recordkeeping Forum
- Email Records Management
10
Issues with maintaining email as a
record over time
Archives NZ Recordkeeping Forum
- Email Records Management
11
Where is that email?
Personal email folders
Shared email folders
EDRMS
Vault
ISP provider(s)
Yours
Theirs
Passing through routers, generating logs
Archives NZ Recordkeeping Forum
- Email Records Management
12
Who is managing the email as a record
in your organisation?
The owner(s)/recipient(s)
The Vault Manager
The Records Manager
None of the above ……
Archives NZ Recordkeeping Forum
- Email Records Management
13
What is the storage format of the email?
Native format
PST files
other?
non-proprietary?
Archives NZ Recordkeeping Forum
- Email Records Management
14
What stops people saving
emails into another system?
Decision about whether this
email has value
Save what?
email + attachments as one item
- if you want to preserve the full context
save only the attachment if want to edit the
document
do both if you want to both preserve and edit
Timing - when is the best time to save "it" especially with threads
Changes of subject in the middle of a thread
Several different subjects in the same email
Archives NZ Recordkeeping Forum
- Email Records Management
15
What stops people saving emails (2)
Time taken save emails
Vs time (probably someone else’s) to retrieve and sift
through all of them later
Format change so can't re-use it
Not knowing if you are the person who should
be saving it
Wondering if it is already in there
Print and file? Yeah, right…
Archives NZ Recordkeeping Forum
- Email Records Management
16
One problem…
People treat email (and instant messaging) as
if it is a conversational tool
They overlook that they have put something in
writing and sent it to someone else, who may…
Forward it
Save it
Print it
Archives NZ Recordkeeping Forum
- Email Records Management
17
All email is discoverable
What level of understanding do you/your users
have to have?
Internal to your organisation, the technology
can find it
On back up tapes
On the server hard drives
On your hard drive - depending on your set up
On your PST files if you have been creating them
In the email boxes of the people you sent it to…..
Archives NZ Recordkeeping Forum
- Email Records Management
18
AND/OR it has escaped into the universe
Your ISP's server/your organisation's server
The recipients ISP servers/organisations
servers
Routers
Server logs, router logs
US intelligence agencies are fighting in the
American courts to force ISPs to keep records
of emails (but not YET the content)
Archives NZ Recordkeeping Forum
- Email Records Management
19
Legislative and litigation environment
United States
Companies in the United States are subject to
punitive penalties in the region of millions of dollars
where the courts suspect them of spoliation, e.g.
destruction of all emails >60 days old
Australia
Victoria Australia Crimes (Document Destruction) Act
2006 which covers both “willful and negligent”
destruction
New Zealand
Commerce Commission vs.. Telecom NZ Ltd - costs
of discovery are significant and can be shared, US
approach is precedent setting
Archives NZ Recordkeeping Forum
- Email Records Management
20
US litigants are interested in "everything"
Sixth Circuit to Review Order Striking Warrantless
Examination of E-Mail Messages
The Sixth Circuit will soon hear oral arguments on the
constitutionality of a federal law that allows the
government to access and review stored e-mail
messages without a warrant or notice to the account
holder. Warshak v. United States, No. 06-4092 (6th Cir,
2006).
NCCUSL Promulgates Uniform E-Discovery Rules for State
Courts (The National Conference of Commissioners of
Uniform State Laws)
Source: Pike and Fischer Digital Discovery and e-Evidence:
"News and Analysis" newsletter December 13, 2006
Archives NZ Recordkeeping Forum
- Email Records Management
21
How email ‘archiving’ systems
fit into your organisation-wide records
management programme
OR
Archives NZ Recordkeeping Forum
- Email Records Management
22
The Vaults
Archives NZ Recordkeeping Forum
- Email Records Management
23
Vaults - a "simple" solution
Let's keep the lot!
Every email in/out of mail server
What problem(s) are you trying to solve?
Not a RK solution, a risk management solution
A solution for the organisation,
not for users, not for record keepers
Can users search for theirs? For other people's?
Eliminates “PEBKAC” from decision to retain
Definitive proof that you did/didn’t send/receive
something
Archives NZ Recordkeeping Forum
- Email Records Management
24
In solving the first problem, it creates
another HUGE problem
The RETRIEVAL problem
You find too much and it takes too long - and lawyers
are very expensive
If you've got n lawyers
excavating a midden…
Archives NZ Recordkeeping Forum
- Email Records Management
25
Midden:
a deposit of
occupational debris,
garbage, or other
by-products of
human activity
Archives NZ Recordkeeping Forum
- Email Records Management
26
Archives NZ Recordkeeping Forum
- Email Records Management
27
Recordkeeping issues
Usability
Accessibility
Authenticity
Detect duplicates
Prevent tampering
Detect real sender identity vs. spoof
Preserve metadata: Dates, recipients, read status etc
Completeness
Comprehensiveness
Retention…
Archives NZ Recordkeeping Forum
- Email Records Management
28
What's wrong with keeping all the emails
forever?
Privacy legislation
Personal emails caught up
Emails separated from rest of the
organisation's records, so the other records are
destroyed but the emails are kept…
Burden of retention
Burden of retrievability
The bigger the basement.....
Archives NZ Recordkeeping Forum
- Email Records Management
29
What's wrong with keeping all the emails
forever? (2)
The disposal problem
No, you can't delete them all after 60 days - spoliation
It's back and it's worse
because it's all just email separated from other business
records
Needs a better model
Archives NZ Recordkeeping Forum
- Email Records Management
30
Applying a recordkeeping framework to
email
Get there
one “step” at a time
Archives NZ Recordkeeping Forum
- Email Records Management
31
Best approach to records management
Be explicit about
What is created/received
How it should be managed
Be deliberate in what you do
Best approach
Have clear policies
Follow them
Worst approach
Have clear policies
But don’t follow them
Archives NZ Recordkeeping Forum
- Email Records Management
32
Key elements
"Create and maintain" mantra
Have explicit policies and procedures
Yes, something else
for staff to pay attention to…
What problems is
your email policy
intended to solve?
Develop rules for saving
threads and emails
with/without attachments
The role of good practice/etiquette
Archives NZ Recordkeeping Forum
- Email Records Management
33
Classifying email
What is the most important thing in
recordkeeping?
Context, context, context
"Best efforts approach“
Archives NZ Recordkeeping Forum
- Email Records Management
34
If you have an EDRMS….
And you have the time, and you have the
inclination then there's no problem
EDRMS are recordkeeping systems
Save an email into the correct folder with all the
other electronic stuff in there - documents, photos,
voice recordings, text messages etc
You can still reply to/forward the email etc
The folder probably sets the retention
For emails you probably can't use document type to
set retention
For attachments, you might be able to use document
type for retention, e.g. Contract
Archives NZ Recordkeeping Forum
- Email Records Management
35
If you have only a directory structure, you
probably won't save the email into it
Archives NZ Recordkeeping Forum
- Email Records Management
36
How can you classify email
in personal email folders?
Set up a standard folder pattern
to match other classification structures…….
Run email rules to auto move into standard folders
If from x organisation, put into x folder "drag and drop"
Put Job/project numbers into subject, use rules to move
emails containing job number into preset folder
External system could harvest/copy
from those standard folders
Ideally it would mark them as copied
User can tag all emails in a folder and manually put
them into the EDRMS/directory in a batch
Archives NZ Recordkeeping Forum
- Email Records Management
37
Applying retention and disposal rules
to email stored in email systems
Archives NZ Recordkeeping Forum
- Email Records Management
38
Musts
Be able to link to a disposal authority
Show that normal business processes were
applied
Be able to show how destruction is done
Do you keep a record of the destruction? And where
do you keep that?
Have a documented backup regime, with
implications for disposal spelled out clearly
Must be rules based, ‘if, then…’
Archives NZ Recordkeeping Forum
- Email Records Management
39
Transfer emails of archival value
Out of the email system?
No safe place for a record.....
E-transfer equivalent to "print and file"
Have you destroyed/retained the context?
Copy, not move?
All relevant emails moved
to another context-holding repository,
e.g. EDRMS or a data warehouse
Permanent storage
Retrievable, non-proprietary format
VERS compliant/metadata?
Archives NZ Recordkeeping Forum
- Email Records Management
40
Summary/key themes
Email is a transmission tool, not a document type
Usual RK rules & tools apply
Not all emails are worth keeping, some must be
destroyed
Assume your email is both public & distributed, and
make sure everyone is aware of this
Have explicit policies and procedures
Context is the key to applying rules
Email vaults are not archiving/recordkeeping
systems
Email systems are not recordkeeping systems
Archives NZ Recordkeeping Forum
- Email Records Management
41
Summary/key themes (2)
Recordkeeping systems preserve the structure,
context and content
Context-rich
Standard formats, retrievable/usable
Tamper-proof
Retention is rules-based
Destruction is itself a record and is rules-based
Hope (and pray) for improved
auto-classification - in the public arena
Archives NZ Recordkeeping Forum
- Email Records Management
42
Thank you…
Susan Skudder
Director
SWIM Ltd
[email protected]
www.swim.co.nz
Archives NZ Recordkeeping Forum
- Email Records Management
43