The Ontario e-mail deletion scandal (part 9) – a portion of the e-mail account is found

The story so far:

Craig MacLennan was Chief of Staff to Ontario’s Minister of Energy when controversial decisions were made to cancel and relocate two gas plants.   In April 2013 he told a committee of the Ontario Parliament that the reason he had not provided any documents in response to a committee request for all correspondence relating to the gas plant decisions was on account of his habit of ‘keeping a clean inbox’.

MacLennan’s comment sparked an investigation by Ann Cavoukian,  Ontario’s  Information and Privacy Commissioner, as to whether or not this practice of e-mail deletion constituted a breach of Ontario’s Archives and Recordkeeping Act.

In June 2013 Cavoukian concluded that MacLennan’s e-mail account was not recoverable (Ontario’s policy was to delete e-mail accounts when staff leave) , and that a practice of routinely and indiscriminately deleting e-mails was indeed contrary to the Archives and Recordkeeping Act.


Ontario-pt9-2 1




Next episode:

Why had nobody mentioned the e-mail archive to the Information and Privacy Commissioner when she conducted her original investigation?

The new wave of information governance tools – what do they mean for records management?

A new wave of tools has hit the records management space over the past two or three years:

  • eDiscovery indexing engines that aim to index all of an organisation’s content across however many repositories/applications it uses
  • in-place records management tools that aim to apply classification and retention rules to content regardless of the repository/application in which it is kept
  • e-mail archive tools that are more ambitious than the previous generation of e-mail archives, and which, for example, offer features supporting the auto-classification of e-mail
  • plug-ins for SharePoint to bridge the gaps in records management functionality
  • clean-up tools for shared drives

All of these tools can be placed under the the collective description of ‘information governance tools’.  But they are very different from each other.

One way in which we can categorise these new tools is by the ambitions of the organisations deploying them:

  • An organisation with a big eDiscovery bill but little records management ambition will turn to indexing engines to give them the reassurance that they can identify material responsive to litigation cases even if individual staff continue to leave correspondence in their e-mail accounts and do nothing more with documents than stick them in a folder on a shared drive.
  • Organisations wanting to reduce the load of burden of maintaining (and reviewing when an eDiscovery/access to information request comes in) vast volumes of documentation on shared drives will deploy a shared drive plug in tool to protect and classify material of value, whilst identifying and getting rid of ROT (redundant, outdated and trivial) documentation.
  • Organisations concerned about e-mail volumes, and  with the potential existence of toxic comments and information within e-mails, will deploy e-mail archiving tools. They will either use auto-classification features to filter e-mails into categories and apply disposition rules,  or they will use analytics features aimed at identifying  high risk/trivial/private communications .  The auto-classification tools are indeed getting more and more sophisticated but the applications of  auto-classification tools are still crude.  You need to train an auto-classification tool how to recognise material relevant to every single category in whatever classification you are using.  The more granular the classification the more training you have to give the auto-classification tool.  For the time being at least you can only realistically auto-classify into ‘big buckets’.
  • Organisations with records management ambitions and with big investments in SharePoint will deploy SharePoint plugs ins.  The plug-ins will enable them to:  link retention rules to their records classification;  apply the classification and retention rules to different types of SharePoint objects:  (folders/content types/libraries/sites) ;  and better import and export content into and out of SharePoint.  The plug ins will also give them e-mail integration so that staff can drag and drop e-mail into SharePoint libraries.  The challenge here is that even a drag-and-drop facility does not on its own motivate end-users to consistently move significant material out of their e-mail accounts
  • Organisations wanting to manage records across several different environments (typically shared drive, e-mail SharePoint), without asking staff to move records into a separate electronic records management system, will deploy in-place records management tools.  In effect these tools will give you much of what a  SharePoint plug-in tool and a shared drive clean-up/governance tool will do, and some of the things an e-mail archive might do. They will also offer connectors to the major enterprise content management system/document management system products on the market.   So long as the vendor of the tool remains viable and keeps coming up with connectors for new repositories you in theory have an approach to managing records across your whole IT estate.   The success of in-place vendors will depend upon the extent to which they can convince organisations that the synergy of having one tool to manage records across many applications outweighs the option to pick best-of-breed solutions for each particular application/repository (e-mail/shared drive/SharePoint).     The challenge for organisations is that each repository/application that they are trying to govern has its own unique features, structure and functionality.   This means that the in-place tool has to work in a different way to govern content in each separate application. The deployment of an in-place tool to each different application/repository is a separate project in its own right.

In practice we are already seeing convergence between these products as vendors either move into each others territory, or ally with each other.  We are also seeing convergence between these products and the previous generation of  electronic records management systems

  • We are seeing vendors of indexing engines such as Zylab and Nuix moving more deeply into  information governance by adding functionality to  clean-up and apply rules to the repositories that they have indexed.
  • We are seeing the vendors of traditional electronic records management systems such as IBM and HP Autonomy use their electronic records management systems as repositories  behind their in-place records management  offerings.  Even when an organisation adopts an in-place records management approach they are still going to want to decommission applications at some point and hence need to be able to move content out of those applications into a repository.
  • We are seeing alliances between vendors of these different products – for example that between RSD and Nuix to offer both in-place records management and indexing/eDiscovery capabilities.

There are numerous  questions for us to explore concerning the implications of the rise of these tools are for records management.

  • Is records management being subsumed into information governance – or is it a separate discipline that will help to shape information governance but will retain its own distinct identity and purpose?
  • What are the fundamental differences between this wave of information governance tools, and the wave of ‘electronic document and records management systems’ that dominated the records management market between 1999 and 2009?
  • Does this new wave of information governance form part of a wider change in records management paradigm? Are we seeing a new model of how records management should be tackled?    If so to what extent is it a fully worked through paradigm?  What are the underpinning set of beliefs behind it?   Is there a body of theory behind it?
  • To what extent will such a new records management paradigm meet the aspirations of the profession?   Will it work in practice?  What would it need from organisations, from records managers, from end-users and from vendors in order to make it work?