Records and Information Management Karen A. Perry Records Analyst Department of the Treasury Division of Revenue and Enterprise Services Records Management Services Records Management Services Records Management Services, Division of Revenue and Enterprise Services, Department of the Treasury is the statutory agency responsible for records management for State, County, Local Government Agencies, School Districts, and State Colleges/Universities. The Division is composed of two (2) Bureaus: • Records Management Services • Imaging Services and Micrographics Destruction of Public Records Act (PL 1953, c. 410): State Records Committee The Destruction of Public Records Act (PL 1953, c. 410) created the State Records Committee (SRC) with having final authority over public records. The SRC consists of representatives from: • • • • State Attorney General State Auditor State Treasurer Director of Local Government Services/Department of Community Affairs Destruction of Public Records Act (PL 1953, c. 410): Public Record Defined Public Record Information, regardless of its Medium (hardcopy, microform, optical, or electronic) that is made or received by an agency receiving Tax Payer dollars and serves as evidence of the Transactions of the normal course of business. This pertains to State, County, Local Government Agencies, School Districts, and State Colleges/Universities. Destruction of Public Records Act (PL 1953, c. 410): Records Retention and Disposition • Records Retention Schedules must be created for all public records maintained by State, County, Local Government Agencies, School Districts, and State Colleges/Universities. • Agencies must obtain prior written authorization from the Division for disposal of public records by submitting a “Request and Authorization for Records Disposal”. Open Public Records Act (OPRA) PL 2001, c. 404/NJSA 47:1A et seq. In most instances, agencies are required to allow access to records under the Right-toKnow law. However, an agency may restrict access to records because of considerations of privacy, confidentiality, or security.* NOTE: The degree of a record’s accessibility does not determine whether a record is publicly or privately owned. For instance, classified military records concerning the national defense are public records, even though they are not publicly accessible for reasons of security. Public Record Access Under OPRA: • Replaced The Right to Know Law • Public Records must be made accessible to the public in most cases.* • Personal Financial & Legal accountability for intentional denial of public records access. The Government Records Council (GRC) serves as the government entity for public records grievance. *Records Exempt from Access - Consult the GRC for a detailed list of exemptions • Ongoing police investigation • Personal information: Social Security Number, credit card number, etc. • Records that may jeopardize security, etc. Open Public Records Act (OPRA) PL 2001, c. 404/NJSA 47:1A et seq. continued Custodian of Public Record The Municipal Clerk is designated by law as the Custodian of Public Record for Municipal Government. All other Custodians of Public Record are designated accordingly for State, County, Public School Districts, and State Colleges and Universities. OPRA/Public Records Access Request – Verifies what documents have been requested & that they have supplied within the specified time limits: Immediate Access – Means Immediate Access!!! • Budgets, Bills, Vouchers, Contracts, and Employee Salary & Overtime Information Seven (7) Business Days** • Non-immediate access records and Offsite Stored Records must be supplied within a 7 business day time period. The requestor must be informed in writing if records are stored offsite and the 7 business day time period cannot be met. **NOTE: Extensions may be requested in writing if needed. Open Public Records Act (OPRA) PL 2001, c. 404/NJSA 47:1A et seq. continued New Jersey Government Records Council New Jersey Government Records Council 101 S. Broad Street P.O. Box 819 Trenton, NJ 08625-0819 Phone: (609) 292-6830 Fax: (609) 633-6337 Toll-Free 1-(866) 850-0511 E-Mail: grc@dca.state.nj.us Website: http://www.nj.gov/grc Records & Information Management • • • • • Documents an organization’s history Provides Litigation and E-discovery support Fiscal Audit Compliance Demonstrates Regulatory Compliance Enhances Public Records Access - OPRA Records Inventory • A complete and accurate listing of all records, whether paper-based, microform, or electronic, that indicates: • • • • How and where it is physically stored Volume Classification Retention period as listed in the records retention schedule • Disposition Records Inventory Records Retention Schedule Records Retention Schedule - a detailed listing of the records maintained by an agency and the minimum legal and fiscal time periods they must be retained. The records retention schedule addresses: • • • • • Vital Record Legal, Fiscal, & Administrative Value How long to be maintained Historical Record Final Disposition: Permanent, Archives, or Disposal (Recycle or Shred) Records Retention Schedule Records Disposal A “Request & Authorization for Records Disposal” form must be submitted by the agency to Records Management Services for prior legal, disposal authorization before records can be destroyed. • • • • • Removes OPRA, Legal, and Fiscal Liabilities Cost Effective Safety Disposition methods: Shred, Recycle, Erase Identifies an Archival Record for Preservation Request and Authorization for Records Disposal Records Disposal: ARTEMIS Records Retention and Disposition Management System (ARTEMIS) Search and view retention schedules for County and Municipal agencies only. Create, View, Update, and Submit Disposition Requests. Update Disposition Status for their agency Municipalities: Contact your Municipal Clerk Counties: Contact County Clerk Records Preservation and Conservation • Preservation: preventative maintenance of active, inactive, and historical records • Conservation: “corrective surgery” to records should be performed by qualified conservationists. • Damage Factors: • • • • Handling Environmental Conditions Pests Mold Records Storage • Active Records On-site storage • Inactive Records Off-site storage in a State, County, Municipal, or Commercial Storage • Historical Records A Depository Agreement should be established for the protection of the Historical Record. Paper Alternatives The Legal Alternatives to Paper are Microfilm and Optical Disk - both of which must be State Certified and Renewed Annually (for optical disk). Paper Alternatives: Imaging Imaging • State Standards (NJAC 15: 5-3) • Longevity – Not Archival Backups are needed to disk with a routine recycle time • Hardcopy or Microfilm for records with retentions 10 yrs. + including Permanent Paper Alternatives: Microfilm Microfilm – State Standards (NJAC 15: 5-3) • Microfilm Archival Use Jacketed • Microfiche • Aperture Cards Microfilm/Microfiche Longevity – 500 years Electronic Records: Storage: Fixed and Virtual Storage Fixed (Stand Alone) Storage •Tape backup – oldest, most reliable data storage/backup is low-cost and portable and good for daily and weekly backups. •Disk backup – quick access and can hold large amounts of data, can be used for disaster recovery if the server is placed offsite. Virtual Storage •Cloud computing – Internet-base of shared resources, software, and data/information for immediate access. Based on a common server site, inexpensive and mobile, low maintenance and internetbased and does not have to be installed per pc. The cloud structure consists of: •Client – •Application – •Platform – •Infrastructure – •Server – Hardware or software dependent upon the cloud to function Software downloaded via the Internet to a pc Cloud computing structure that houses the applications/software Complete, packaged virtual platform environment per pc Operating system from simple to complex per client Due to the fluid and fragile nature of virtual storage and its data, precautions must be taken when dealing with: Database & Metadata, Portable Data, Text Messages, and Email* *NOTE: Morgan Stanley had to pay $1.45 Billion for failure to produce email evidence (Coleman Holdings vs. Morgan Stanley 2005) E-mail: Defined e-mail –noun 1. a system for sending messages from one individual to another via telecommunications links between computers or terminals. 2. a message sent by e-mail: Send me an e-mail on the idea. –verb (used with object) 3. to send a message by e-mail. Also, E-mail, email. E-mail messages are electronic documents (including content, metadata, and attachments) that are created, sent, or received by a computer system. These messages are similar to other forms of communicated messages, such as correspondence and memoranda and they are Public Records with the same Records Retention, Disposition, Access; Intellectual Property; and Legal Rules of Evidence and E-discovery concerns (which includes E-mail, Instant Messaging, Blogs, Wikis, Pod Casts, and Social Media) similar to their paper and microfilm counterparts. E-mail: Retention and Disposition Retention: E-mail is a Public Record and a Records Retention Schedule must be created Reflecting the minimum retention time periods it must be maintained based on its content and the record series it applies to. There are 3 basic Retention Categories of E-mails: Transient, Intermediate, and Permanent. Transient E-mail: information of short term value that does not establish policy, certify a transaction, or serve as receipt. Example: Correspondence – Routine External – 3 years Correspondence – Routine Internal – Administrative – Periodic review Intermediate E-mail: information that has more significant value - such as legal and financial. Example: Correspondence – Routine Financial (Not General Ledger or Payroll History) – 6 years after… Correspondence – HIPPA Related – 7 years Correspondence – Pertaining to Litigation– 20 years after final settlement Correspondence – Policy –Non-Statutory/Non-Regulatory – 25 years Permanent E-mail: information that has significant, permanent value. Example: Correspondence – Pertaining to Minutes – Permanent E-mail Disposition: For E-mail to be legally destroyed, a Request and Authorization for Records Disposal form must also be submitted by an agency to Records Management Services for written authorization before disposal can occur. E-mail: Storage Record Copy: messages are often widely distributed to a number of recipients. Determining which individual maintains the record copy of the message (i.e. the original message that must be retained per the retention schedule) is vital to e-mail management Inbox Subfolders: E-mail messages should be filed in a way that enhances their accessibility and that facilitates records management tasks. E-mail in boxes should have subfolders based on business and retention requirements. Provisions should be made for migration of any documents with long-term retention periods to other systems to ensure continued access. There are 3 types of e-mail storage systems: on-line storage, near-line storage, and off-line storage. On-line Storage: e-mail messages, metadata, and attachments in an online system in use by agency. Near-line Storage: e-mail messages, metadata, and attachments are backed-up in an electronic record keeping system on a server. Off-line Storage: e-mail messages, metadata, and attachments maintained of an electronic recordkeeping environment, such as storage on disk – commonly referred to as Archiving. Social Media Social Media: interactive communication via web-based and mobile technology. • The Plus Side: it is global, immediate, and accessible. • The Negative Side: it is not private. Directives should be established regarding content - language, subject matter, etc. Also, it can be altered which presents a real concern for an agency to release public information via Social Media which can be altered. Because of this, Social Media is subject to the same Records Retention, Disposition, Access; Intellectual Property; OPRA, and Legal Rules of Evidence and E-discovery concerns like e-mail, instant messaging, blogs, wikis, pod casts, metadata, or website content. • An agency should develop a Social Media Policy with centralized oversight within the agency. Social Media is similar to digitally-borne or website records. On your own website, you have control and can print hardcopy and protect it. With Social Media, you cannot control it and it can be altered or removed . • A Disclaimer should accompany the data being placed on a Social Media site and hardcopy should be printed as an audit trail in the event of an OPRA Request, E-discovery, litigation, etc. NOTE: As of June 2011, Facebook© had 750 Million users (techcrunch.com) Agency Website & Internet Retention Due to its ever-changing content and structure, documentation should be maintained regarding an agency’s website. These records reflect hardware, software, metadata and content and their respective areas of concern: • IT Perspective - reflects website creation, maintenance, and growth • Intellectual Property & Historical Perspective - digitally-born documents if not printed to hardcopy could be lost forever • Legal Perspective - records may be needed for Litigation, Legal Rules of Evidence, and E-discovery • Financial Perspective - records may be needed for an Audit • Records Management & Access Perspective - verify Legal retention & disposition & in the event of an OPRA Request Agency Website & Internet Retention Records associated with website development and maintenance include: • Agency Website/Internet Access Log – Internal (Employee ) and External Users • Agency Website Creation and Update File – Content Agency Website Creation and Update File - Operation Contains: graphic files, source code, operation and application software documents, user logs, statistical data, records verifying copyrighted documentation, website governance policies and procedures, input documents, testing reports, screen copies, and supporting documentation. • Agency Website Creation and Update File – Structure Contains: website diagnostics, website mapping data, source code, testing reports, screen copies, configuration data, and supporting documentation. Note: Upon the revision or discontinuance of the website, for preservation purposes it is advised that hardcopy be maintained for agency-generated and supported documents that were solely created and maintained in an electronic format. Vital Records Vital Records: records essential to meet operational responsibilities under emergency or disaster conditions. Typically, only 3% to 5% of an organization’s records are deemed to be Vital Records. An organization needs to ask: What records are absolutely crucial to operations, and can they be recreated from hardcopy , electronic or microfilmed backup copies if the originals are lost in a disaster? Conduct a Risk Analysis by evaluating potential hazards to records: • Natural & Environmental • Human inflicted • Facility related Determine records protection methods: • Appropriate protection measures • Measures may vary by type of record • Inclusive of paper-based, microform and electronic Identify Vital Records: • For emergency operations • To resume normal business • Comply with Legal and Fiscal obligations Disaster Prevention & Business Continuity In the event of a disaster, a contingency plan that identifies essential personnel, equipment, and alternate space if a closing of a facility is deemed necessary in order to resume information technology services to an agency. Plan to be used in conjunction with an agency’s Disaster Prevention and Recovery Plan. Disaster Prevention & Recovery • Mitigates Loss of Records -Water is the single most significant culprit in a records disaster • Protects Vital and Historical Records • Protects Electronic Records, Hardware, & Software Business Continuity • To resume operations quickly and efficiently • To ensure the normal flow of business Coney Island, Brooklyn, New York May 7, 2011 Disaster Prevention & Business Continuity: Information Technology Information Technology The objective is to mitigate the amount of damage and associated costs (ex., lost revenue, wages, labor, employee morale, customer goodwill, marketing opportunities; incurred bank fees and legal penalties; and bad publicity from Planned and/or Unplanned Downtime) and to protect information and resume information technology services to agencies after a disaster. • Planned Downtime – ex., hardware/software installation and upgrades and batch-related jobs • Unplanned Downtime – ex., security violation, data corruption, power outages, human error, natural disasters, theft, computer viruses, sabotage, and hardware & software unsuccessful implementation & upgrade. Contains: Disaster Prevention and Recovery Plan, Standards, and Guidelines; Security Policy and Procedures; Client Network Installation and De-installation data; and supporting documentation. The Disaster Prevention and Recover Plan is to be used in conjunction with an agency’s Business Continuity Plan. Disaster Prevention & Business Continuity: Plan What do you do when something goes wrong? Establish procedures: • • • • • • • • Chain of command with Disaster Plan Copies Communications Procedures Alternate Operations Site – People, PCs, Records Records Management & OIS Officials Designated Emergency Supplies on hand Keep ALL Plans Current Identify Hardware, Software (models and versions), & Data Identify Data Center Hot & Cold Sites - Never try to reboot hardware unless it is absolelutely dry and structurally safe • • • Identify Information Technology Staff List necessary Information Technology Supplies Address Potential Recovery Costs – Hardware, Software, Supplies, etc. • Vendors (Supplies & Disaster Recovery Services) • • • System Hardware and Software Vendor List Electronic Disaster Recovery Vendor List Distribute the plan to Information Technology & Records Management staff and retain a copy in a safe and accessible, offsite location TEST! REVISE! TEST AGAIN!! TEST! REVISE! TEST AGAIN!! … Department of the Treasury Division of Revenue and Enterprise Services Records Management Services Department of the Treasury Division of Revenue and Enterprise Services Records Management Services PO Box 661 Trenton, NJ 08625 Phone: 609-530-3200 Fax: 609-530-6121 Website: http://nj.gov/treasury/revenue/rms/recman.shtml Records Retention Schedules, Records Disposition Requests, & ARTEMIS Karen A. Perry, Records Analyst 1 E-mail: karen.perry@treas.state.nj.us Phone: 609-530-3212 John J. Berry, Records Analyst 1 E-mail: john.berry@treas.state.nj.us Phone: 609-530-3216 Vilirie D. Perry, Records Analyst 1 E-mail: vilirie.perry@treas.state.nj.us Phone: 609-530-7487 Department of the Treasury Division of Revenue and Enterprise Services Records Management Services Department of the Treasury Division of Revenue and Enterprise Services Records Management Services PO Box 661 Trenton, NJ 08625 Phone: 609-530-3200 Fax: 609-530-6121 Website: http://nj.gov/treasury/revenue/rms/recman.shtml Records Management/Records Destruction/ARTEMIS Imaging Services and Micrographics Howard Schwartz, Supervisor E-mail: howard.schwartz@treas.state.nj.us Phone: 609-530-7491 Barbara Goszka, Acting Deputy Director E-mail: babara.goszka@trea.state.nj.us Phone: 609-530-3234 Imaging Certification: Initial & Renewal Argean Cook, Records Analyst 2 E-mail: argean.cook@treas.state.nj.us Phone: 609-530-5874 Department of the Treasury Division of Revenue and Enterprise Services Records Management Services PO Box 661 Trenton, NJ 08625 Phone 609-530-3200 Fax 609-530-6121