Records and Information Management

advertisement
Records and Information
Management
Karen A. Perry
Records Analyst
Department of the Treasury
Division of Revenue and Enterprise Services
Records Management Services
Records Management Services
Records Management Services, Division of Revenue and
Enterprise Services, Department of the Treasury is the statutory
agency responsible for records management for State, County,
Local Government Agencies, School Districts, and State
Colleges/Universities.
The Division is composed of two (2) Bureaus:
• Records Management Services
• Imaging Services and Micrographics
Destruction of Public Records Act
(PL 1953, c. 410): State Records Committee
The Destruction of Public Records Act (PL 1953, c. 410) created the State
Records Committee (SRC) with having final authority over public records.
The SRC consists of representatives from:
•
•
•
•
State Attorney General
State Auditor
State Treasurer
Director of Local Government Services/Department of Community
Affairs
Destruction of Public Records Act
(PL 1953, c. 410): Public Record Defined
Public Record
Information, regardless of its Medium (hardcopy, microform,
optical, or electronic) that is made or received by an agency
receiving Tax Payer dollars and serves as evidence of the
Transactions of the normal course of business. This pertains to
State, County, Local Government Agencies, School Districts, and
State Colleges/Universities.
Destruction of Public Records Act
(PL 1953, c. 410): Records Retention and Disposition
• Records Retention Schedules must be created for all public records
maintained by State, County, Local Government Agencies, School
Districts, and State Colleges/Universities.
• Agencies must obtain prior written authorization from the Division for
disposal of public records by submitting a “Request and Authorization for
Records Disposal”.
Open Public Records Act (OPRA)
PL 2001, c. 404/NJSA 47:1A et seq.
In most instances, agencies are required to allow access to records under the Right-toKnow law. However, an agency may restrict access to records because of considerations
of privacy, confidentiality, or security.*
NOTE: The degree of a record’s accessibility does not determine whether a record is publicly or
privately owned. For instance, classified military records concerning the national defense are
public records, even though they are not publicly accessible for reasons of security.
Public Record Access Under OPRA:
• Replaced The Right to Know Law
• Public Records must be made accessible to the public in most cases.*
• Personal Financial & Legal accountability for intentional denial of public records access.
The Government Records Council (GRC) serves as the government entity for public records
grievance.
*Records Exempt from Access - Consult the GRC for a detailed list of exemptions
• Ongoing police investigation
• Personal information: Social Security Number, credit card number, etc.
• Records that may jeopardize security, etc.
Open Public Records Act (OPRA)
PL 2001, c. 404/NJSA 47:1A et seq. continued
Custodian of Public Record
The Municipal Clerk is designated by law as the Custodian of Public Record for Municipal
Government. All other Custodians of Public Record are designated accordingly for State,
County, Public School Districts, and State Colleges and Universities.
OPRA/Public Records Access Request – Verifies what documents have been requested
& that they have supplied within the specified time limits:
Immediate Access – Means Immediate Access!!!
• Budgets, Bills, Vouchers, Contracts, and Employee Salary & Overtime
Information
Seven (7) Business Days**
• Non-immediate access records and Offsite Stored Records must be supplied
within a 7 business day time period. The requestor must be informed in
writing if records are stored offsite and the 7 business day time period cannot
be met.
**NOTE: Extensions may be requested in writing if needed.
Open Public Records Act (OPRA)
PL 2001, c. 404/NJSA 47:1A et seq. continued
New Jersey Government Records Council
New Jersey Government Records Council
101 S. Broad Street P.O. Box 819
Trenton, NJ 08625-0819
Phone: (609) 292-6830 Fax: (609) 633-6337
Toll-Free 1-(866) 850-0511
E-Mail: grc@dca.state.nj.us
Website: http://www.nj.gov/grc
Records & Information Management
•
•
•
•
•
Documents an organization’s history
Provides Litigation and E-discovery support
Fiscal Audit Compliance
Demonstrates Regulatory Compliance
Enhances Public Records Access - OPRA
Records Inventory
• A complete and accurate listing of all records,
whether paper-based, microform, or electronic,
that indicates:
•
•
•
•
How and where it is physically stored
Volume
Classification
Retention period as listed in the records retention
schedule
• Disposition
Records Inventory
Records Retention Schedule
Records Retention Schedule - a detailed listing of the
records maintained by an agency and the minimum
legal and fiscal time periods they must be retained.
The records retention schedule addresses:
•
•
•
•
•
Vital Record
Legal, Fiscal, & Administrative Value
How long to be maintained
Historical Record
Final Disposition: Permanent, Archives, or Disposal (Recycle or Shred)
Records Retention Schedule
Records Disposal
A “Request & Authorization for Records Disposal”
form must be submitted by the agency to Records
Management Services for prior legal, disposal
authorization before records can be destroyed.
•
•
•
•
•
Removes OPRA, Legal, and Fiscal Liabilities
Cost Effective
Safety
Disposition methods: Shred, Recycle, Erase
Identifies an Archival Record for Preservation
Request and Authorization for Records Disposal
Records Disposal: ARTEMIS
Records Retention and Disposition Management System
(ARTEMIS)
 Search and view retention schedules for County and
Municipal agencies only.
 Create, View, Update, and Submit Disposition Requests.
 Update Disposition Status for their agency
 Municipalities: Contact your Municipal Clerk
 Counties:
Contact County Clerk
Records Preservation and Conservation
• Preservation: preventative maintenance of active,
inactive, and historical records
• Conservation: “corrective surgery” to records should be performed by qualified conservationists.
• Damage Factors:
•
•
•
•
Handling
Environmental Conditions
Pests
Mold
Records Storage
• Active Records
On-site storage
• Inactive Records
Off-site storage in a State,
County, Municipal, or
Commercial Storage
• Historical Records
A Depository Agreement
should be established for the
protection of the Historical
Record.
Paper Alternatives
The Legal Alternatives to Paper are Microfilm and Optical Disk - both of
which must be State Certified and Renewed Annually (for optical disk).
Paper Alternatives: Imaging
Imaging
• State Standards (NJAC 15: 5-3)
• Longevity – Not Archival
Backups are needed to disk
with a routine recycle time
• Hardcopy or Microfilm
for records with retentions
10 yrs. + including Permanent
Paper Alternatives: Microfilm
Microfilm – State Standards (NJAC 15: 5-3)
• Microfilm
Archival Use
Jacketed
• Microfiche
• Aperture Cards
Microfilm/Microfiche Longevity – 500 years
Electronic Records: Storage: Fixed and Virtual Storage
Fixed (Stand Alone) Storage
•Tape backup – oldest, most reliable data storage/backup is
low-cost and portable and good for daily and weekly backups.
•Disk backup – quick access and can hold large amounts of data,
can be used for disaster recovery if the server is placed offsite.
Virtual Storage
•Cloud computing – Internet-base of shared resources, software, and data/information for immediate
access. Based on a common server site, inexpensive and mobile, low maintenance and internetbased and does not have to be installed per pc. The cloud structure consists of:
•Client –
•Application –
•Platform –
•Infrastructure –
•Server –
Hardware or software dependent upon the cloud to function
Software downloaded via the Internet to a pc
Cloud computing structure that houses the applications/software
Complete, packaged virtual platform environment per pc
Operating system from simple to complex per client
Due to the fluid and fragile nature of virtual storage and its data, precautions must be taken when
dealing with: Database & Metadata, Portable Data, Text Messages, and Email*
*NOTE: Morgan Stanley had to pay $1.45 Billion for failure to produce email evidence
(Coleman Holdings vs. Morgan Stanley 2005)
E-mail: Defined
e-mail
–noun 1. a system for sending messages from one
individual to another via telecommunications links
between computers or terminals.
2. a message sent by e-mail: Send me an e-mail on the
idea.
–verb (used with object) 3. to send a message by e-mail.
Also, E-mail, email.
E-mail messages are electronic documents (including content, metadata, and attachments) that
are created, sent, or received by a computer system.
These messages are similar to other forms of communicated messages, such as correspondence
and memoranda and they are Public Records with the same Records Retention, Disposition,
Access; Intellectual Property; and Legal Rules of Evidence and E-discovery concerns (which
includes E-mail, Instant Messaging, Blogs, Wikis, Pod Casts, and Social Media) similar to their
paper and microfilm counterparts.
E-mail: Retention and Disposition
Retention: E-mail is a Public Record and a Records Retention Schedule must be created
Reflecting the minimum retention time periods it must be maintained based on its content
and the record series it applies to. There are 3 basic Retention Categories of E-mails: Transient,
Intermediate, and Permanent.
Transient E-mail: information of short term value that does not establish policy, certify a transaction,
or serve as receipt. Example:
Correspondence – Routine External – 3 years
Correspondence – Routine Internal – Administrative – Periodic review
Intermediate E-mail: information that has more significant value - such as legal and financial. Example:
Correspondence – Routine Financial (Not General Ledger or Payroll History) – 6 years after…
Correspondence – HIPPA Related – 7 years
Correspondence – Pertaining to Litigation– 20 years after final settlement
Correspondence – Policy –Non-Statutory/Non-Regulatory – 25 years
Permanent E-mail: information that has significant, permanent value. Example:
Correspondence – Pertaining to Minutes – Permanent
E-mail Disposition: For E-mail to be legally destroyed, a Request and Authorization for Records
Disposal form must also be submitted by an agency to Records Management Services for written
authorization before disposal can occur.
E-mail: Storage
Record Copy: messages are often widely distributed to a number of recipients. Determining which
individual maintains the record copy of the message (i.e. the original message that must be retained
per the retention schedule) is vital to e-mail management
Inbox Subfolders: E-mail messages should be filed in a way that enhances their accessibility and
that facilitates records management tasks. E-mail in boxes should have subfolders based on
business and retention requirements. Provisions should be made for migration of any documents with
long-term retention periods to other systems to ensure continued access.
There are 3 types of e-mail storage systems: on-line storage, near-line storage, and off-line storage.
On-line Storage: e-mail messages, metadata, and attachments in an online system in use by agency.
Near-line Storage: e-mail messages, metadata, and attachments are backed-up in an electronic
record keeping system on a server.
Off-line Storage: e-mail messages, metadata, and attachments maintained of an electronic recordkeeping environment, such as storage on disk – commonly referred to as
Archiving.
Social Media
Social Media: interactive communication via web-based and mobile technology.
•
The Plus Side: it is global, immediate, and accessible.
•
The Negative Side: it is not private. Directives should be established regarding content - language,
subject matter, etc. Also, it can be altered which presents a real concern for an agency to release
public information via Social Media which can be altered. Because of this, Social Media is subject to
the same Records Retention, Disposition, Access; Intellectual Property; OPRA, and Legal Rules of
Evidence and E-discovery concerns like e-mail, instant messaging, blogs, wikis, pod casts, metadata,
or website content.
•
An agency should develop a Social Media Policy with centralized oversight within the agency.
Social Media is similar to digitally-borne or website records. On your own website, you have control
and can print hardcopy and protect it. With Social Media, you cannot control it and it can be altered
or removed .
•
A Disclaimer should accompany the data being placed on a Social Media site and hardcopy should
be printed as an audit trail in the event of an OPRA Request, E-discovery, litigation, etc.
NOTE: As of June 2011, Facebook© had 750 Million users (techcrunch.com)
Agency Website & Internet Retention
Due to its ever-changing content and structure, documentation
should be maintained regarding an agency’s website. These
records reflect hardware, software, metadata and content and
their respective areas of concern:
•
IT Perspective - reflects website creation, maintenance, and growth
•
Intellectual Property & Historical Perspective - digitally-born documents if not printed to
hardcopy could be lost forever
•
Legal Perspective - records may be needed for Litigation, Legal Rules of Evidence, and
E-discovery
•
Financial Perspective - records may be needed for an Audit
•
Records Management & Access Perspective - verify Legal retention & disposition & in
the event of an OPRA Request
Agency Website & Internet Retention
Records associated with website development and maintenance include:
•
Agency Website/Internet Access Log – Internal (Employee ) and External Users
•
Agency Website Creation and Update File – Content
Agency Website Creation and Update File - Operation
Contains: graphic files, source code, operation and application software
documents, user logs, statistical data, records verifying copyrighted
documentation, website governance policies and procedures, input
documents, testing reports, screen copies, and supporting documentation.
•
Agency Website Creation and Update File – Structure
Contains: website diagnostics, website mapping data, source code, testing
reports, screen copies, configuration data, and supporting documentation.
Note: Upon the revision or discontinuance of the website, for preservation purposes it is advised that
hardcopy be maintained for agency-generated and supported documents that were solely created and
maintained in an electronic format.
Vital Records
Vital Records: records essential to meet operational responsibilities under emergency or disaster conditions.
Typically, only 3% to 5% of an organization’s records are deemed to be Vital Records.
An organization needs to ask:
What records are absolutely crucial to operations,
and can they be recreated from hardcopy , electronic
or microfilmed backup copies if the originals
are lost in a disaster?
Conduct a Risk Analysis by evaluating potential hazards to records:
• Natural & Environmental
• Human inflicted
• Facility related
Determine records protection methods:
• Appropriate protection measures
• Measures may vary by type of record
• Inclusive of paper-based, microform and electronic
Identify Vital Records:
• For emergency operations
• To resume normal business
• Comply with Legal and Fiscal obligations
Disaster Prevention & Business Continuity
In the event of a disaster, a contingency plan that identifies essential personnel,
equipment, and alternate space if a closing of a facility is deemed necessary in order
to resume information technology services to an agency. Plan to be used in
conjunction with an agency’s Disaster Prevention and Recovery Plan.
Disaster Prevention & Recovery
• Mitigates Loss of Records -Water is the single most
significant culprit in a records disaster
• Protects Vital and Historical Records
• Protects Electronic Records, Hardware, & Software
Business Continuity
• To resume operations quickly and efficiently
• To ensure the normal flow of business
Coney Island, Brooklyn, New York May 7, 2011
Disaster Prevention & Business Continuity:
Information Technology
Information Technology
The objective is to mitigate the amount of damage and associated costs (ex., lost revenue,
wages, labor, employee morale, customer goodwill, marketing opportunities; incurred
bank fees and legal penalties; and bad publicity from Planned and/or Unplanned
Downtime) and to protect information and resume information technology services to
agencies after a disaster.
• Planned Downtime – ex., hardware/software installation and upgrades and
batch-related jobs
• Unplanned Downtime – ex., security violation, data corruption, power outages,
human error, natural disasters, theft, computer viruses, sabotage, and hardware &
software unsuccessful implementation & upgrade.
Contains: Disaster Prevention and Recovery Plan, Standards, and Guidelines; Security
Policy and Procedures; Client Network Installation and De-installation data; and
supporting documentation. The Disaster Prevention and Recover Plan is to be used in
conjunction with an agency’s Business Continuity Plan.
Disaster Prevention & Business Continuity: Plan
What do you do when something goes wrong?
Establish procedures:
•
•
•
•
•
•
•
•
Chain of command with Disaster Plan Copies
Communications Procedures
Alternate Operations Site – People, PCs, Records
Records Management & OIS Officials Designated
Emergency Supplies on hand
Keep ALL Plans Current
Identify Hardware, Software (models and versions), & Data
Identify Data Center Hot & Cold Sites - Never try to reboot hardware unless it is absolelutely dry and
structurally safe
•
•
•
Identify Information Technology Staff
List necessary Information Technology Supplies
Address Potential Recovery Costs – Hardware, Software, Supplies, etc.
•
Vendors (Supplies & Disaster Recovery Services)
•
•
•
System Hardware and Software Vendor List
Electronic Disaster Recovery Vendor List
Distribute the plan to Information Technology & Records Management staff and retain a
copy in a safe and accessible, offsite location
TEST! REVISE! TEST AGAIN!! TEST! REVISE! TEST AGAIN!! …
Department of the Treasury
Division of Revenue and Enterprise Services
Records Management Services
Department of the Treasury
Division of Revenue and Enterprise Services
Records Management Services
PO Box 661
Trenton, NJ 08625
Phone: 609-530-3200
Fax:
609-530-6121
Website: http://nj.gov/treasury/revenue/rms/recman.shtml
Records Retention Schedules, Records Disposition Requests, & ARTEMIS
Karen A. Perry, Records Analyst 1
E-mail: karen.perry@treas.state.nj.us
Phone: 609-530-3212
John J. Berry, Records Analyst 1
E-mail: john.berry@treas.state.nj.us
Phone: 609-530-3216
Vilirie D. Perry, Records Analyst 1
E-mail: vilirie.perry@treas.state.nj.us
Phone: 609-530-7487
Department of the Treasury
Division of Revenue and Enterprise Services
Records Management Services
Department of the Treasury
Division of Revenue and Enterprise Services
Records Management Services
PO Box 661
Trenton, NJ 08625
Phone: 609-530-3200
Fax:
609-530-6121
Website: http://nj.gov/treasury/revenue/rms/recman.shtml
Records Management/Records Destruction/ARTEMIS
Imaging Services and Micrographics
Howard Schwartz, Supervisor
E-mail: howard.schwartz@treas.state.nj.us
Phone: 609-530-7491
Barbara Goszka, Acting Deputy Director
E-mail: babara.goszka@trea.state.nj.us
Phone: 609-530-3234
Imaging Certification: Initial & Renewal
Argean Cook, Records Analyst 2
E-mail: argean.cook@treas.state.nj.us
Phone: 609-530-5874
Department of the Treasury
Division of Revenue and Enterprise Services
Records Management Services
PO Box 661 Trenton, NJ 08625
Phone 609-530-3200 Fax 609-530-6121
Download