Transcript ARK group Managing email within a recordkeeping framework

Managing email as a record
Archives NZ Recordkeeping Forum
- Email Records Management
1
Definition of a record - PRA
 ‘A record or class of records, in any form, in
whole or in part, created or received (whether
before or after the commencement of this Act)
by a public office in the conduct of its affairs’
 ‘A record or a class of records, in any form, in
whole or in part, created or received (whether
before or after the commencement of this Act)
by a local authority in the conduct of its affairs’
Archives NZ Recordkeeping Forum
- Email Records Management
2
Definition of a record – PRA (2)
 ‘…information, whether in its original form or
otherwise, including (without limitation) a
document, a signature, a seal, text, images,
sound, speech, or data compiled, recorded, or
stored, as the case may be,—
(a) in written form on any material; or
(b) on film, negative, tape, or other medium so as
to be
capable of being reproduced; or
(c) by means of any recording device or process,
computer, or other electronic device or process’
Archives NZ Recordkeeping Forum
- Email Records Management
3
Email is a record
 "All email messages created using Australian
government systems are Commonwealth
records and must be managed in accordance
with the Archives Act 1982” NAA
 In United States context - records are only a
record when they are declared - but this
mindset is changing
 In Australasian context - "guilty of being a
record until proven innocent" approach
Archives NZ Recordkeeping Forum
- Email Records Management
4
Subtle distinctions
 What makes one particular email a record,
versus what makes emails as such a record
 Defining information as a record doesn't confer
permanent retention status
Archives NZ Recordkeeping Forum
- Email Records Management
5
Types of email
 GDA 3 – Emails that can be routinely disposed
of:
 personal correspondence
 circulated information received for
information only
 trivial work related material (such as
reminder notes and room bookings)
 copies of records already in the record
keeping system, and
 copies of documents kept for reference
purposes only
Archives NZ Recordkeeping Forum
- Email Records Management
6
Types of email (NAA)
 Records required for ongoing business:
Transactions that provide evidence of your
business activities, e.g. directives,
development of policy issues
 Records of ephemeral value:
Information messages with a business context
but not part of a a business transaction, e.g.
notification of a meeting or a general notice to
staff, and persona or social messages
Archives NZ Recordkeeping Forum
- Email Records Management
7
Types of email (PROV)
 Personal email – email which is of a personal
nature and which has no relevance to the
business of the agency
 Ephemeral email – email which is used to
facilitate agency business but which does not
need to be retained for business purposes
 Corporate email – email which relates to the
business of the agency and which must be
retained as a record
Archives NZ Recordkeeping Forum
- Email Records Management
8
Examples of records that happen to be
emails






Contract variation agreement
Decision to buy software
Clarification
Summary of a work phone conversation
Advice on legislation, policy...
Ministers of the Crown asking for policy
advice…
Archives NZ Recordkeeping Forum
- Email Records Management
9
So which type is your email?
 Context may only become apparent over time
 Your first decision may be the wrong decision
 You might want to hang about a bit…
Archives NZ Recordkeeping Forum
- Email Records Management
10
Issues with maintaining email as a
record over time
Archives NZ Recordkeeping Forum
- Email Records Management
11
Where is that email?





Personal email folders
Shared email folders
EDRMS
Vault
ISP provider(s)
 Yours
 Theirs
 Passing through routers, generating logs
Archives NZ Recordkeeping Forum
- Email Records Management
12
Who is managing the email as a record
in your organisation?




The owner(s)/recipient(s)
The Vault Manager
The Records Manager
None of the above ……
Archives NZ Recordkeeping Forum
- Email Records Management
13
What is the storage format of the email?




Native format
PST files
other?
non-proprietary?
Archives NZ Recordkeeping Forum
- Email Records Management
14
What stops people saving
emails into another system?
 Decision about whether this
email has value
 Save what?
 email + attachments as one item
- if you want to preserve the full context
 save only the attachment if want to edit the
document
 do both if you want to both preserve and edit
 Timing - when is the best time to save "it" especially with threads
 Changes of subject in the middle of a thread
 Several different subjects in the same email
Archives NZ Recordkeeping Forum
- Email Records Management
15
What stops people saving emails (2)
 Time taken save emails
 Vs time (probably someone else’s) to retrieve and sift
through all of them later
 Format change so can't re-use it
 Not knowing if you are the person who should
be saving it
 Wondering if it is already in there
 Print and file? Yeah, right…
Archives NZ Recordkeeping Forum
- Email Records Management
16
One problem…
 People treat email (and instant messaging) as
if it is a conversational tool
 They overlook that they have put something in
writing and sent it to someone else, who may…
 Forward it
 Save it
 Print it
Archives NZ Recordkeeping Forum
- Email Records Management
17
All email is discoverable
 What level of understanding do you/your users
have to have?
 Internal to your organisation, the technology
can find it





On back up tapes
On the server hard drives
On your hard drive - depending on your set up
On your PST files if you have been creating them
In the email boxes of the people you sent it to…..
Archives NZ Recordkeeping Forum
- Email Records Management
18
AND/OR it has escaped into the universe
 Your ISP's server/your organisation's server
 The recipients ISP servers/organisations
servers
 Routers
 Server logs, router logs
 US intelligence agencies are fighting in the
American courts to force ISPs to keep records
of emails (but not YET the content)
Archives NZ Recordkeeping Forum
- Email Records Management
19
Legislative and litigation environment
 United States
 Companies in the United States are subject to
punitive penalties in the region of millions of dollars
where the courts suspect them of spoliation, e.g.
destruction of all emails >60 days old
 Australia
 Victoria Australia Crimes (Document Destruction) Act
2006 which covers both “willful and negligent”
destruction
 New Zealand
 Commerce Commission vs.. Telecom NZ Ltd - costs
of discovery are significant and can be shared, US
approach is precedent setting
Archives NZ Recordkeeping Forum
- Email Records Management
20
US litigants are interested in "everything"
 Sixth Circuit to Review Order Striking Warrantless
Examination of E-Mail Messages
The Sixth Circuit will soon hear oral arguments on the
constitutionality of a federal law that allows the
government to access and review stored e-mail
messages without a warrant or notice to the account
holder. Warshak v. United States, No. 06-4092 (6th Cir,
2006).

NCCUSL Promulgates Uniform E-Discovery Rules for State
Courts (The National Conference of Commissioners of
Uniform State Laws)

Source: Pike and Fischer Digital Discovery and e-Evidence:
"News and Analysis" newsletter December 13, 2006
Archives NZ Recordkeeping Forum
- Email Records Management
21
How email ‘archiving’ systems
fit into your organisation-wide records
management programme
OR
Archives NZ Recordkeeping Forum
- Email Records Management
22
The Vaults
Archives NZ Recordkeeping Forum
- Email Records Management
23
Vaults - a "simple" solution
 Let's keep the lot!
 Every email in/out of mail server
 What problem(s) are you trying to solve?
 Not a RK solution, a risk management solution
 A solution for the organisation,
 not for users, not for record keepers
 Can users search for theirs? For other people's?
 Eliminates “PEBKAC” from decision to retain
 Definitive proof that you did/didn’t send/receive
something
Archives NZ Recordkeeping Forum
- Email Records Management
24
In solving the first problem, it creates
another HUGE problem
 The RETRIEVAL problem
 You find too much and it takes too long - and lawyers
are very expensive
 If you've got n lawyers
excavating a midden…
Archives NZ Recordkeeping Forum
- Email Records Management
25
Midden:
a deposit of
occupational debris,
garbage, or other
by-products of
human activity
Archives NZ Recordkeeping Forum
- Email Records Management
26
Archives NZ Recordkeeping Forum
- Email Records Management
27
Recordkeeping issues
 Usability
 Accessibility
 Authenticity




Detect duplicates
Prevent tampering
Detect real sender identity vs. spoof
Preserve metadata: Dates, recipients, read status etc
 Completeness
 Comprehensiveness
 Retention…
Archives NZ Recordkeeping Forum
- Email Records Management
28
What's wrong with keeping all the emails
forever?
 Privacy legislation
 Personal emails caught up
 Emails separated from rest of the
organisation's records, so the other records are
destroyed but the emails are kept…
 Burden of retention
 Burden of retrievability
 The bigger the basement.....
Archives NZ Recordkeeping Forum
- Email Records Management
29
What's wrong with keeping all the emails
forever? (2)
 The disposal problem
 No, you can't delete them all after 60 days - spoliation
 It's back and it's worse
 because it's all just email separated from other business
records
 Needs a better model
Archives NZ Recordkeeping Forum
- Email Records Management
30
Applying a recordkeeping framework to
email
Get there
one “step” at a time
Archives NZ Recordkeeping Forum
- Email Records Management
31
Best approach to records management
 Be explicit about
 What is created/received
 How it should be managed
 Be deliberate in what you do
 Best approach
Have clear policies
Follow them
 Worst approach
Have clear policies
But don’t follow them
Archives NZ Recordkeeping Forum
- Email Records Management
32
Key elements
 "Create and maintain" mantra
 Have explicit policies and procedures

Yes, something else
for staff to pay attention to…
 What problems is
your email policy
intended to solve?
 Develop rules for saving
threads and emails
with/without attachments
 The role of good practice/etiquette
Archives NZ Recordkeeping Forum
- Email Records Management
33
Classifying email
 What is the most important thing in
recordkeeping?
 Context, context, context
 "Best efforts approach“
Archives NZ Recordkeeping Forum
- Email Records Management
34
If you have an EDRMS….
 And you have the time, and you have the
inclination then there's no problem
 EDRMS are recordkeeping systems
 Save an email into the correct folder with all the
other electronic stuff in there - documents, photos,
voice recordings, text messages etc
 You can still reply to/forward the email etc
 The folder probably sets the retention
 For emails you probably can't use document type to
set retention
 For attachments, you might be able to use document
type for retention, e.g. Contract
Archives NZ Recordkeeping Forum
- Email Records Management
35
If you have only a directory structure, you
probably won't save the email into it
Archives NZ Recordkeeping Forum
- Email Records Management
36
How can you classify email
in personal email folders?
 Set up a standard folder pattern

to match other classification structures…….
 Run email rules to auto move into standard folders


If from x organisation, put into x folder "drag and drop"
Put Job/project numbers into subject, use rules to move
emails containing job number into preset folder
 External system could harvest/copy


from those standard folders
Ideally it would mark them as copied
 User can tag all emails in a folder and manually put
them into the EDRMS/directory in a batch
Archives NZ Recordkeeping Forum
- Email Records Management
37
Applying retention and disposal rules
to email stored in email systems
Archives NZ Recordkeeping Forum
- Email Records Management
38
Musts
 Be able to link to a disposal authority
 Show that normal business processes were
applied
 Be able to show how destruction is done
 Do you keep a record of the destruction? And where
do you keep that?
 Have a documented backup regime, with
implications for disposal spelled out clearly
 Must be rules based, ‘if, then…’
Archives NZ Recordkeeping Forum
- Email Records Management
39
Transfer emails of archival value
 Out of the email system?





No safe place for a record.....
E-transfer equivalent to "print and file"
Have you destroyed/retained the context?
Copy, not move?
All relevant emails moved
to another context-holding repository,
e.g. EDRMS or a data warehouse
 Permanent storage
 Retrievable, non-proprietary format
 VERS compliant/metadata?
Archives NZ Recordkeeping Forum
- Email Records Management
40
Summary/key themes
 Email is a transmission tool, not a document type
 Usual RK rules & tools apply
 Not all emails are worth keeping, some must be
destroyed
 Assume your email is both public & distributed, and
make sure everyone is aware of this
 Have explicit policies and procedures
 Context is the key to applying rules
 Email vaults are not archiving/recordkeeping
systems
 Email systems are not recordkeeping systems
Archives NZ Recordkeeping Forum
- Email Records Management
41
Summary/key themes (2)
 Recordkeeping systems preserve the structure,
context and content





Context-rich
Standard formats, retrievable/usable
Tamper-proof
Retention is rules-based
Destruction is itself a record and is rules-based
 Hope (and pray) for improved
auto-classification - in the public arena
Archives NZ Recordkeeping Forum
- Email Records Management
42
Thank you…
Susan Skudder
Director
SWIM Ltd
[email protected]
www.swim.co.nz
Archives NZ Recordkeeping Forum
- Email Records Management
43