From: Jim Lewis [mailto:JimL@county

advertisement
From: Jim Lewis [mailto:JimL@county.org]
Sent: Tuesday, August 21, 2007 5:08 PM
To: hpumford@agrip.org
Cc: Jim Jean
Subject: Here's the article you wish to reprint
Our normal attribution is "Originally published in County Magazine, the bi-monthly publication of
the Texas Association of Counties."
Email retention policies becoming more and more necessary / By Maria Sprow
In the course of one day, a county employee may get dozens of emails, pertaining to any
number of topics, events, discussions, non-discussions.
If email were paper, there are days when it seems like cyberspace must have a bigger
landfill of garbage than the real world could ever possibly imagine. If all the “gone for
the day” “out to lunch” “meeting’s been postponed” “read this study” “what do you
think?” and “help me please” emails actually took up space, or had to be saved
somewhere, oh, what a mess it would be.
Many people don’t consciously think of email as something that takes up space or needs
to be filed, sorted, saved and deleted – at least, not until getting an Inbox IS Full error
message. They delete emails according to their own preferences and habits. But when it
comes to county emails – meaning any email that is sent to a county address – by law,
they are not emails, but records, which should be retained and deleted according to
approved records management and retention schedules based on what is inside the record
and its level of importance.
There are various methods of doing this, both correctly and incorrectly, say records
retention experts. Whichever method is selected, counties should have a policy for email
retention, whether that policy is separate or within an acceptable email usage policy or a
larger records retention policy.
Method # 1: Pack Rat
The first method of retaining emails is to simply archive all emails without deleting them.
This can be set up to be done independent of an employee’s email box, meaning that even
if a county employee were to follow the recommended records retention schedule and
delete emails accordingly, the emails would still be archived by the county and would
still be subject to public information requests and lawsuits. Th e downside, besides
having to go through more documents when responding to the requests or a lawsuit, is
that it quickly gets costly to save every email.
Mary Ann Bridges, the manager of the Records Management Assistance program at the
Texas State Library and Archives Commission, said that there are 9500 governments in
Texas, about 10 percent of which are choosing to retain all their email records
permanently. “They do not have the authority to delete anything, at all, ever,” Bridges
said, unless the government decides to change its policy. “Thousands upon thousands of
D:\533563940.doc
email messages are retained that have met their retention period and could have been
deleted, but since they are still retained, they would have to be made available for open
records requests or lawsuits. you still have to search through those messages.”
Method #2: Automatic Deletion
A second method, in which employees or counties delete all emails a certain number of
days after they are sent – usually 90 days – is problematic for the opposite reason;
important emails that could protect the county from a lawsuit or could serve in the
public’s best interest if kept could wind up prematurely deleted.
“Some agencies have an email policy that says, when your email comes in, it will be
there for only 60 or 90 days and it will be automatically deleted. The at forces the
employee to make a decision about every email, whether that email is important enough
to be retained,” said Sheila Fries, the records manager of the Archives and Information
Services Division at the Texas State Library and Archives Commission, adding that
agencies that do adhere to that type of policy also normally keep the deleted emails in the
trash bin for an additional 120 days in case they need to be recovered.
Jack Lydick, the records retention manager for the Texas Association of Counties, said he
does not believe local governments should use this type of policy any longer, since public
information laws now specify that it’s not the format of a record that matters, it’s the
content. Bridges said the TSLAC is currently re-looking at whether such a policy is
acceptable, since parts of the Code of Federal Regulations have been revised. Th e
commission is currently waiting for any resulting case law to play out.
“The retention times for email vary, so you can’t just assign one or two retention periods”
and not expect to get hit by a lawsuit or information request, Lydick said, adding that
more and more, emails are becoming a hot discovery item during the litigation process –
the legal community even coined the name ediscovery for the process – as evidenced by
several lawsuits involving Microsoft, one by the Department of Justice and one in which
a 4-year-old email from one of the company’s vice presidents telling employees to delete
emails after 30 days (contrary to the company’s official policy) came to light during a
patent infringement and anti-trust case.
Bridges said many attorneys are using email as evidence in their cases and that laws have
just recently caught up to the popularity of ediscovery and email in general.
“In litigation, it was basically a free for all, attorneys would ask to have all emails for
ever so that they could look through all emails to find the smoking gun,” she said, adding
that federal codes regarding email were most recently amended in December 2006, which
means TSLAC is still determining the effects of the rule changes on local governments.
She added that ediscovery has become so complex that it is no longer acceptable to retain
the email as a paper document, since information from the original email would be lost.
D:\533563940.doc
“Litigants can ask for information in its native format, and that’s what attorneys are
latching onto,” she said. “your printout of an email is not going to give the same
information that the original message in your system is going to show. It doesn’t show
your blind cc’s, it doesn’t show how the forwarded message was changed, or the
conversation trail, you know how it is when you forward an email to 12 people and then
they respond and they respond to the responses. That’s what lawyers are looking for.”
Method # 3: Retention Software
A third option is to purchase email retention software. According to the Website Emailpolicy.com, most of this software works by capturing copies of email, analyzing stored
emails and checking those emails for identifying information, such as keywords,
attachment names and sizes and deleting relevant documents after a set period of time
But Bridges said much of the software is still not where it needs to be in order to fully
support a government’s retention needs.
Lydick said retention software is mostly utilized by larger counties, though he said most
counties could benefit by utilizing one of the several Microsoft Exchange add-ons that
create searchable centrally-managed archives in which the program determines how long
an email should be retained for.
“If you’re spending too much time out of your day looking for records, you need to have
a full electronic records management system,” he said. “The longer they go without an
email management program in place, the longer they are exposed to potential lawsuits
and could get into trouble for not properly managing their information.”
Method #4: Educate, Educate, Educate
Finally, the fourth solution is to educate county employees on how to sort, retain and
delete messages according to their importance and retention schedule, as laid out by the
Texas State Library and Archives Commission. That is TSLAC’s own internal method of
retaining records and emails.
The retention schedule is complicated, but basically sorts each document into one of six
schedules:
• Documents/emails that must be retained “as long as administratively valuable”;
• Documents/emails that must be retained until the end of a calendar year;
• Documents/emails that must be retained according to the Code of Federal Regulations
requirements;
• Documents/emails that must be retained until the end of a fiscal year;
• Documents/emails that must be retained according to Texas Administrative Code
requirements; and
• Documents/emails that must be retained until they have been superseded by an updating
email.
According to the schedule:
• Emails containing documents or information submitted to a governing body for
consideration, approval or other action should be kept for 2 years;
D:\533563940.doc
• Emails regarding an employee grievance relating to personnel policies or working
conditions should be kept for 2 years;
• Emails containing a complaint made by the public to a government employee,
department or body should be retained for 2 years after the complaint has been resolved;
• Emails containing correspondence or internal memos regarding the development of a
policy, program, service or project by the local government should be retained for 5
years;
• Emails containing correspondence or internal memos regarding routine administrative
matters involved with a policy, program, service or project by the local government
should be retained for 2 years; and
• Emails containing correspondence or internal memos with routine information such as
requests for publications, meeting notices or event planning can be deleted as soon as
they are no longer administratively significant.
So a person sorting through the faux inbox could delete the news clippings after reading
them, assuming they weren’t relevant to a county project. The next five emails could also
all be deleted whenever the employee stopped needing the information, as could the
emails about the baby shower, the surprise birthday party, the mandatory training, and the
risks of ovarian cancer.
But what about the others? Most of them should be kept either two or five years; the
surest way to do that correctly is to provide employees training on the retention schedule
and have them create folders to separate emails according to the schedule.
Having an email retention policy is critical to the fourth option. Bill Tolson, of
SearchStorage.com, which boasts of being the Internet’s “best storage-specific
information resource for enterprise IT professionals,” wrote in a column that a model
email retention policy should include a section outlining responsibilities, what to do with
duplicate email copies, and which person or department is responsible for making sure
the policy is being followed.
“The mistake most companies make when creating an email retention policy is not
involving all areas of the company in the construction/ review process,” Tolson advises.
“It is important that you understand how employees use the email system. Do they create
their own personal archives? How often do they reference old emails? Understanding
these things will ensure you don’t put in place procedures that will adversely affect
employee productivity.”
According to a model email retention policy provided by the SANS Institute, which
specializes in computer security training, certification and research, the policy should
have several parts:
• Purpose, which would be to “help employees determine what information sent or
received by email should be retained and for how long,” according to the model policy;
• Scope, which can list the types of categories that emails can fit into, including for
example, routine correspondence, administratively significant correspondence,
D:\533563940.doc
developmentally significant correspondence and fiscal correspondence;
• Policy, which further defines the categories and gives examples of which categories
different email topics would fit into;
• Enforcement, which would state the consequences for failing to comply with the policy;
and
• Definitions, for any technical terms used within the policy.
Within the internal TSLAC retention policy, the various categories of email include
administrative correspondence, defined as “pertaining to the formulation, planning,
implementation, interpretation, modification or redefinition of the programs, services, or
projects of an agency,” which must be retained for 3 years; general correspondence,
defined as correspondence regarding the “routine operations of the policies, programs,
services or projects of an agency,” which TSLAC employees must keep for one year;
directives correspondence, defined as “any document that officially initiates, rescinds, or
amends general office procedures,” which must be retained for one year after the email is
no longer relevant; and transitory information, defined as “records of temporary
usefulness,” which do not have a retention period.
The TSLAC policy also states that “employees who voluntarily terminate employment,
retire, transfer, or are demoted will be required to review their email accounts with their
immediate supervisors. The employee’s immediate supervisor is responsible for ensuring
that the email records are properly classified, stored and that working or convenience
copies are disposed of in the correct manner.”
Jim Lewis
Editor, County Magazine
Texas Association of Counties
jiml@county.org
512-478-8753
D:\533563940.doc
Download