Records management is wanted – dead or alive

I attended the Information Governance and eDiscovery summit in London last week.

Two friends,  both  stalwarts of the records management world in the UK, separately came up to me and said ‘you know what I think Records management is dead now James’

Records management isn’t dead.  It is a contestable space at the heart of information governance.

In the e-Discovery stream of the summit there was no mention of any type of document management or records  system (whether that be an electronic records management system, or SharePoint).  This is because these systems are often not relevant to the preparation of lawsuits, where the lawyers go straight to the e-mail record and/or text messages to establish the chain of events and discussions pertinent to the case.

In effect organisations are operating two parallel spheres of recordkeeping.

  • the communications/correspondence sphere that consists mainly of their e-mail servers/e-mail archive,   but also any capture of instant messaging and/or text messages
  • the document sphere that consists of whatever combination of electronic records management (ERM) system/SharePoint/line of business system/fileshare applications they deploy

The key difference between the correspondence/communication sphere and the document sphere is that:

  • an e-mail server/archive can be set up to capture all the traffic going to and from a particular e-mail account on a particular server.  Similar arrangements can be set up for text messages on company devices and for instant messaging systems.
  • an organisation wide ERM system/SharePoint implementation captures only those documents/communications that an individual chooses to declare to that application.

The paradoxical relationship between the two spheres of recordkeeping

This split between e-mail servers/archives on the one hand and corporate ERM systems/SharePoint implementations on the other creates the following paradoxes:

  • Organisations fear the contents of their e-mail archive/servers but lack confidence in the completeness of their designated record repository (ERM/SharePoint etc.)
  • An implementation of an ERM system/SharePoint or similar has an advantage over an e-mail server/archive in that  the information in it poses a lower risk to the organisation.  Sensitive personal information is likely to be confined to predictable places within the system, and unguarded comments are less likely to find their way onto the system.      
  • an e-mail server/archive  is more effective than an ERM system/SharePoint in enabling an organisation to account for itself in difficult or controversial circumstances.  For example in situations such as litigation, investigation, or hostile freedom of information requests.   However an e-mail server/archive is not useful for non- contentious, day to day internal usage, because the undifferentiated presence of sensitive personal communications means we cannot allow colleagues to access/search each other’s email accounts.
  • An ERM system/SharePoint is good for non-contentious day to day internal usage but is weak in times of dispute, litigation and investigation.
  • Some organisations configure their e-mail server/archive so that it retains a copy of every message even after an individual has deleted that message from their e-mail client.   This best ensures they have have a complete record of e-mail correspondence and thus best supports accountability.  However it also means that they are more likely to hold unguarded, trivial and sensitive personal e-mails because the individual account holders will not be able to delete them
  • The weakness of corporate ERM systems/SharePoint  implementations is that they are incomplete.  They do not contain relevant documents or correspondence if the individuals who handled them lack the time, motivation and/or awareness to put them onto the system.
  • Organisations are operating two separate sets of governance arrangements for these spheres    Records managers might typically set  the retention rules for the ERM/SharePoint sphere.    IT managers and/or legal managers might set the rules for the retention of communications/correspondence stored in e-mail accounts and for instant messages and text messages.
  • Most records management retention schedules are written as though they are universal and format neutral.   They often make provision for relatively long retention periods for certain types of correspondence (ministerial correspondence, correspondence with regulators, correspondence with foreign powers etc.).   And yet these retention schedules are rarely applied to the e-mail accounts which hold most of that correspondence, and which are often deleted after a relatively short time period.   Note that NARA’s recently issued retention schedule for e-mail accounts of US Federal agencies is an exception to this rule (NARA, 2015)

The task of information governance

Information governance is often described as an umbrella term covering the separate disciplines of eDiscovery, records management, access to information and privacy.    

The inclusion of both eDiscovery and records management under this umbrella means that information governance spans both:

  • the communications/correspondence sphere (e-mail archives/servers and any other communications tools deployed)  AND
  • the document management sphere (ERM systems, SharePoint and other collaboration systems,  shared drives)

One of two things could happen here.

One possibility is that each of the component disciplines of information governance stay entirely separate.   Records management carries on asking people to move important correspondence to an ERM/SharePoint or whatever tool they designate as their main repository.   Lawyers perfect their eDiscovery/analytics tools which allow them (and only them) to search across the email server/archive and across all repositories in the organisation.

The other possibility is that information governance acts to influence these disciplines, to create synergies and to enable them to become more than the sum of their parts.  To an extent this is happening already as analytics tools honed on eDiscovery cases cross over into the records management space to enable organisations to apply disposition decisions to hitherto intractable repositories such as shared drives.

Information Governance should work towards becoming the arena in which the tensions and contradictions between accountability, risk, and privacy can be resolved or managed in relation to both the main correspondence system (which at the time of writing happens to be e-mail) and the main document management applications and repositories.

The task of records management

I would like to see records management use information governance to blur the  boundaries between the systems they designate as records systems, and the other repositories in the organisation including, but not limited to, e-mail servers/archives.    Lawyers use their eDiscovery tools to search across all repositories in the organisations.     As records managers we should be seeking to stretch their retention remit to cover all repositories.  We should be seeking to establish relationships between content held in whatever we designate as our main records repository and related content held on shared drives, in e-mail accounts etc.

Cutting through the e-mail paradoxes

Organisations would like to be in a position where they can dispense with the complete record of e-mail communications after as small a time interval as possible, and rely instead on the  filtered, lower risk records that exists in their document management sphere.   However the swift deletion of e-mails from their email server/archive adversely impacts their ability to account for their actions.

The irony is that external stakeholders/litigants/regulators/hostile FOI requesters are not  interested in trivial e-mails, and they are not interested in personal e-mails. External stakeholders would be happy for organisations to delete or redact them.

The problem is that organisations cannot currently defend or explain how they got from the complete correspondence record on the e-mail server/archive, to the filtered record on a corporate electronic records management system/SharePoint/shared drive.

Records management should work towards providing organisations with a defensible consistent, routine and transparent way of distinguishing trivial, sensitive and personal e-mails from typical business correspondence, with a view to enabling organisations to have a record of each individual’s business correspondence that is both filtered and comprehensive;  defensible and accessible; to which defensible retention rules can be applied, and which can be linked to related collections of documents and communications  held in other applications/repositories, including the designated records repository (ERM/SharePoint or similar).

References

NARA (2015),   GRS 6.1 Email Managed Under a Capstone Approach http://blogs.archives.gov/records-express/files/2015/04/FINAL-GRS-6.1-Review-Package-FR-Posting-03.30.15.pdf (accessed 19 May 2015)

Ravanbakhsh, Arian (2015) DRAFT Capstone GRS Available  http://blogs.archives.gov/records-express/2015/04/02/draft-capstone-grs-available/ (accesssed 20 May 2015)

Advertisements

An attorney advises clients against the routine deletion of e-mail

The view that a legal team takes on how long emails/ email accounts  should be retained varies from organisation to organisation.  Here are two examples I have come across in the past couple of years:

  • In one organisation the legal team wanted the e-mails in the e-mail archive kept indefinitely because whenever there was any legal dispute it was the e-mail archive that they relied upon to build their case.  The records manager was concerned about this on the grounds that a significant proportion of the e-mail was trivial and/or personal.    The records manager asked for a two year retention period.  In the end they compromised and went for a seven year period.
  • In one organisation the legal team want the organisation to destroy e-mail after a year in order to reduce the chances of them having to disclose them in response to Freedom of Information requests.  The records managers support the legal team because they expect that the deletions will lead to more correspondence going into the electronic records management system

So which legal team is correct?  And should records managers be pressing for short or long retention periods on e-mail?

From a lawyer’s point of view it boils down to a simple equation:

  • Does the value to an organisation of keeping an e-mail account in terms of helping them to account for their actions and in helping them prepare their case to prosecute or defend a lawsuit outweigh the risk of being obliged to make damaging revelations to litigation opponents or in response to freedom of information requests?

Ralph Losey publishes the e-Discovery team blog.  He is over in London this week for the Information Governance and e-Discovery summit.   He is Chair of the Electronic Discovery Practice Group for the US law firm Jackson Lewis P.C.

Jackson Lewis is a firm that specialises in employment law.   Ralph is unequivocal that he wants his clients to retain their e-mail.  He told me that most of the employment claims his company defends against are spurious, and that it is easier for him to prove that the claim is spurious if his client has retained their e-mail correspondence from the period in question.

Ralph pointed out that most employees in most companies act legally.  The e-mail record is going to defend them more often than it will incriminate them.

This is what he said about email deletion in this recent  blogpost (Losey, 2015)

My understanding and experiences with Big Data analytics over the last few years have led me to understand that more data can mean more intelligence, that it does not necessarily mean more trouble and expense. I understand that more and bigger data has its own unique values, so long as it can be analyzed and searched effectively.

This change of position was reinforced by my observing many litigated cases where companies no longer had the documents they needed to prove their case. The documents had short retention spans. They had all been destroyed in the normal course of business before litigation was ever anticipated. I have seen first hand that yesterday’s trash can be tomorrow’s treasure. I will not even go into the other kind of problems that very short retention policies can place upon a company to immediately implement a lit-hold. The time pressures to get a hold in place can be enormous and thus errors become more likely.

There is a definite dark side to data destruction that many do not like to face. No one knows for sure when data has lost its value. The meaningless email of yesterday about lunch at a certain restaurant could well have a surprise value in the future. For instance, a time-line of what happened when, and to whom, is sometimes an important issue in litigation. These stupid lunch emails could help prove where a witness was and when. They could show that a witness was at lunch, out of the office, and not at a meeting as someone else alleges.

For what its worth I think we as records managers should press for e-mails to be kept for as long as we would keep the correspondence of the individual role holder if they kept a correspondence file.

Reference

Losey, 2005, Information Governance v Search: The Battle Lines Are Redrawn, e-Discovery team blog,  http://e-discoveryteam.com/2015/02/08/information-governance-v-search-the-battle-lines-are-redrawn/ , 8 February 2005 [accessed 13 May 2015]

Managing e-mail in its native environment

The main differences between the e-mail policy of the US National Archives (NARA) and those of the national archives of Australia, Canada and the UK, are that:

  • NARA would rather accession and permanently preserve the contents of the e-mail accounts of senior federal civil servants than have those e-mail accounts routinely deleted.
  •  NARA does not insist US federal agencies move significant correspondence out of their e-mail environment into a separate records system

This is an important development.   Not because it solves the challenge of e-mail.  It doesn’t.  E-mail accounts are still hard to manage because of the undifferentiated presence of sensitive personal data about the account holder and/or the people they correspondence  with and/or third parties.

It is important because it gives a green light for  archivists and records managers to explore ways of managing e-mail correspondence within an e-mail environment.

Over the past fifteen years the main ambition of records management practice has been to move significant e-mails out of the e-mail environment (typically Microsoft Outlook/Exchange) into a separate  ‘record system’ ( paper files/shared drives/electronic records management systems/SharePoint etc.).

The problem with this approach is that an e-mail environment is optimised for people to navigate, browse, sort and read e-mail.   In contrast a document environment such as  SharePoint is not optimised for e-mail.

SharePoint is a system that is designed to be so flexible that an organisation could, if it so wished,  define a different set of metadata columns for every document library in every different SharePoint site.     E-mail on the other hand has a fixed set of metadata fields that are common to every e-mail.

We are accustomed to browsing e-mail in a completely different way to browsing documents.  We browse e-mails by date, sender or recipient.  We browse documents by activity or subject.

Basing the practice of an entire profession (records management) on moving content (e-mail) from an environment that  is optimised for it to an  environment that is not optimised for it is not a recipe for long term success.   

As a profession and as individual practitioners we cannot change this approach overnight.  But we can start to explore what policy provisions we would need, and what alterations/additions to e-mail environments and their ecosytsems we would need,  in order for e-mails to be manageable over time, and shareable over time, within an e-mail environment.

Notes

See this previous post for extracts from the email policies of the four national archives mentioned in this post