This is a message dating back to last April that I sent to about 30
colleagues inside and outside of the Federal Arena, primarily because
although the original article was addressed at the Federal Agencies (based
on OMB and NARA requirements) the issue was MUCH BIGGER than that, it was
policy issue on e-mail management overall.
I'm forwarding it here now because of the discussion about the article that
made it to the surface on today's ARMA Newsline, and it seems to simply be a
re-hashing of the same argument that has been going on for a couple of years
now... do we design retention based on the CONTAINER or the CONTENT???
Oh, and BTW, as much as I love and respect many of the 30+ I sent this to...
only 2 of them replied. I think it's because although many of us KNOW the
answer, we're tired of beating our heads against the wall trying to convince
others that we're right.
Larry
************************************************************************************************************
I'm sending this to a BROAD audience, all as BCCs because I don't want to
point any fingers or set off any bells ringing for anyone. Some of you are
in the Federal Arena, other are in Private Industry, but in some way, all of
you are involved in Records and Information Management. I'd appreciate
hearing from anyone who receives this and if any of you want to engage in a
wider exchange of thoughts with others, please let me know and I'd be
willing to setup some form of a discussion Forum, like a YAHOO Group for us.
If there are people you think might be good choices to include in this
discussion, PLEASE send a message back to me BEFORE FORWARDING THIS to
anyone and I'd be happy to contact them... they MAY have already been on the
distribution list!
Nothing new in this article than hasn't been said over the past 3-5 years by
everyone about E-mail... it's well known that organizations overall are
doing a poor job of managing it... either deleting way too much, or keeping
way too much, but nonetheless, doing a poor job of applying the best
practices associated with Records Management when it comes to E-mail.
I've "salted" some in-line comments to the article (in blue) to add some
personal perspective from what I know about systems and technologies being
used, and in part from speaking to organizations who've tried and failed or
tried and have had marginal successes.
Larry
Some advice on e-mail records policy
By Jason Miller
Government Computer News
04/05/05
When is an agency e-mail message an official federal record that must be
preserved? That is the question puzzling records managers as e-mail volume
among and within agencies continues to grow exponentially. (I don't think
it's puzzling RMs as much as some would think... RMs KNOW when it must be
preserved, they just don't have CONTROL over the decision making and e-mail
management process and aren't provided the opportunity to intervene)
Michael Kurtz, assistant archivist at the National Archives and Records
Administration, said 95 percent of all agency e-mail messages are considered
federal records, but only a small percentage need to be kept. (This 95%
number is WAY TOO HIGH... from what most studies have shown, less than 20%
of e-mail is "record" whether it's in the Federal arena or in Private
Industry. There are a few exceptions, such as in the financial services
sector and in intelligence (as the writer mentions below), but based on the
definition of a Federal Record, this number is VERY questionable. As a side
note, NARA has recently begun using a rules based approach on the front end
in some of their offices, but they're doing a pretty poor job of rollout and
training. I have an ARMA Chapter member that works for NARA and she told me
that she hadn't been receiving mesages from me for some time (my Chapter
uses a YAHOO e-mail address for communications). It turns out that they
elected to view all "bulk emailers" as SPAM and the messages had been
quarrantined and not delivered. She was supposed to be informed that
messages were being "filtered" and that she needed to periodically go into
the filtered messages, determine if any of them were legitimate, and if so,
place the sender's e-mail address on the "trusted sender list" so they would
be delivered in the future. When she finally found out about this (and it
was because I suggested that she check with their IT shop to see if they
were being filtered out, just as a suggestion) she found out that there were
over *500* messages in there that she needed to review... and over 120 of
them were business legitimate! Another case of using a "rules based" system,
but not involving users up front or providing adequate training.)
"Most e-mail is transitory in nature for setting up meetings or going to
lunch," Kurtz said today at a meeting of the Federal Information and Records
Managers' Council at the FOSE 2005 trade show in Washington. "This is an
area of some contention or concern because of the public interest groups
that want to save the records. We will work through it. Most e-mail should
disposed of quickly and not entered into the file system." (So, at first he
says 95% is Federal Record, then he says most is transitory, and based on
the descriptions provided, FAR from "record material"... I'm confused!!)
Kurtz said NARA issued a draft policy in November to help agencies quickly
dispose of e-mail records except for a small number that employees will
continue to print and file until NARA finishes developing the Electronic
Records Archive. (I'd like to see the comments they received and how fast
they're going to turn this around. We've been waiting over 7 months to see
the comments to 36CFR on Facilities Construction turned around and they're
STILL sitting on that. Also, the concept of Agencies (and their Contractors)
being required to "print and file" e-mail messages rather than manage them
within the e-mail application (or extract them and manage them in some other
electronic form until a decision is rendered) makes absolutely NO SENSE...
the current requirement for transitory records is 2 years, and if the
comments don't support the change to 60,90,180 days, then all of those
printed messages will need to be retained and searched for months on end in
paper form!)
NARA is reviewing comments on the rule, which would let agencies leave
short-term e-mail records on a live e-mail system as long as users do not
delete the messages before the expiration of the NARA-approved retention
period. Automatic deletion and retention rules would ensure preservation of
only the important records. (This again makes the gross assumption that
"automatic deletion and retention rules" will work... and they WILL, but not
without a lot of human intervention to tweak them and fit them to an
organizations business practices and policies. And this isn't done at the
high level of an organization (like an entire Federal Agency) but at the
department or lower level, based on the key areas of business and records
series handled by that "piece" of the organization. Another piece to this
puzzle is management of copies of e-mail... an example is the message sent
from an agency head to all employees. Only ONE COPY of that needs to be
retained as a "record", but everyone may need to be able to find or refer to
it... so how do you establish a "rule" to accomodate this?)
Tim Sprehe, president of Sprehe Information Management Associates Inc. of
Chevy Chase, Md., said only the intelligence agencies are managing e-mail
well, because they spend money on training. (An excellent point... and I'd
expect nothing less from Tim, because he knows what he's talking about. It's
critical and organizations should carefully determine what type/level of
training needs to be provided and how it's intended to be rolled out. Also,
when instituting the use of a new system like this, you need committment
high enough within the organization that the training will be mandatory for
everyone to comply with, and that everyone at all levels will be required to
use the system once it's instituted.)
"Agencies should take e-mail out of the hands of users," he said. "Records
managers and IT workers should devise a solution that determines what a
record is. They could do sampling and quality control and develop business
rules, but you can't ask the end user to make a record manager's
decision." (Well,
this advice is all well and good, BUT... given the reality of things, it's a
case of "Pandora's Box" and if you simply take away what they've had control
of without setting the stage properly, there will be A LOT OF RESISTANCE. As
mentioned before, this is something that requires a cultural change and you
need to properly frame the way you sell the change. A policy needs to be
developed that comes from VERY HIGH within the organization and it has to be
based on business reasons... Training needs to be developed that can reach
all levels of the organization and funding has to be made available to
provide ongoing training... Adequate support for the system has to exist to
ensure it is successful when it's implemented, or the user community will
push back. The concept of sampling and QC that Tim spoke of is a good idea,
but I think it needs to be done using a parallel instance of the e-mail
system on a "testbed basis" prior to rolling out the enterprise wide
implementation to vet out any glaring inconsistencies and poorly designed
functions. Select a number of individuals e-mail accounts across the
enterprise and subject their accounts to the "automatic deletion and
retention rules" to see how well it works, then make whatever modifications
are needed and test it again prior to implementation.)
Sprehe spent 10 years with the Office of Management and Budget, where he
worked in the information policy office and authored OMB Circular A-130, the
governmentwide policy directive on management of federal information
resources. (While OMB Circular A-130 is a document that addresses policy, a
better reference document is attached for review by those who choose to
spend the time [GAO Report: Exemplary Practices in ERM]. This report was
never formally issued by the GAO, but one of the most important things in it
is it chronicles the DOE E-mail project, and it speaks of it as though it
was fully implemented and the ENTIRE AGENCY is using it today. I think we
know better... Of all the GAO reports that exist, this one is the one I wish
they would have issued formally, and short of this copy I'm sending you,
it's VERY DIFFICULT to come by. This is without a doubt a keynote piece in
ERM though, it provides some of the best insights into what needs to be done
tomake things work, based on why things HAVEN'T worked. I'd encourage
everyone to AT LEAST scan the contents.)
Chris O'Donnell, the records manager for the Environmental Protection
Agency, said agencies should look into auto-categorization software to
improve their records management. (However, EPA hasn't shared with anyone
how well the "auto-categorization" process is working for them... and I
think we need to see a lessons learned to see what we can all gain from
their experience with it. Also, it would be interesting to see if they're
using it on E-mail... the comment doesn't say that's where they're using it
or what level of success they're having.)
Sprehe said that type of software applies business rules to text and decides
whether a record needs to be kept. He added, however, "This type of
technology is not ready for prime time. If you use it for 30 million pieces
of e-mail, the software may decide that 90 percent is not records, and the
other 10 percent would be up the records manager. It can't be 100 percent
accurate." (Okay... one glaring concern I have about this comment is it says
"...applies business rules to text and decides whether a record needs to be
kept" but what it fails to say is it DOESN'T look across a population of
infomation objects [documents, e-mail, textual reports, images] and
determine WHICH IS A RECORD. Before we're concerned if it needs to be kept,
we need to deterimine if it's a record... then we determine HOW LONG it
needs to be kept. And I'm *REALLY* glad to see he says it's not ready for
prime time, because once we're able to accept that, then we need to
determine what level of inaccuracy we're willing to accept if we decide to
implement it as a part of whatever "solution" we implement for ERMS and
E-mail management. Given the 90% number (if we accept is as reasonably
accurate) I'd ask everyone to evaluate the volume of E-mail your
organization receives on a daily basis and determine how many objects the
10% that it CAN'T classify amounts to and then ask yourself does your RIM
function have the staff required to make the "manual" determination on that
many object as day?)
Chris Olson, the CIA's records manager, said the government should set up a
center of excellence for records handling so agencies do not explore the
same technologies over and over. (Chris Olson presented to us at the DOE
AIMC event in Charlotte... a very enjoyable presentation, but they are
spending a LOT OF MONEY to achieve their goals... and they're funded to do
so. How does everyone else achieve this? And while Chris suggest the
establishment of a "center of excellence" to minimize duplication of effort,
I don't think the CIA is going to be very willing to share what they've
learned =) The FBI told us about their situation, but what came out in the
Trade Journals a week later painted a SERIOUSLY different picture. No one
wants to make public their failed attempts, the attached GAO report even
goes as far as to label something we know didn't succeed as a MAJOR
success.)
I've been very interested in this topic for a number of years, more so
recently... as there is a push to delve much deeper into it here. There is
no question that it's something that needs to be done and we need to succeed
when we do it, but all of the reports coming out of the real world suggest
that we go slow, approach areas where there are higher opportunities for
success and then build on those. Everyone is doing SOMETHING , but it's not
being done consistently and it can't be seamlessly integrated. There will be
a requirement for substantial investments in software, hardware, training
and integration to make this succeed and most importantly, it will require
some major cultural changes relate to managing information as an
organizational asset.
It seems it's one of those "How to Eat an Elephant" things... it can be done
one bite at a time, once you get past the taste =)
Larry
--
Larry Medina
Danville, CA
RIM Professional since 1972
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|
