Note: This was originally posted on LinkedIn on April 2, 2015
Records managers as a lot are a serious sort. Logical, thoughtful,
and methodical, yes, and mostly not very excitable. But the entire
records management community should be incensed with the fact that
federal email records are being destroyed at an alarming rate. At the
State Department an Inspector General investigation found that 99.99% of their email communications were deleted in 2011! Only 61,000 of the 1 billion or more emails sent in 2011 were preserved. And it was worse in 2012!
This
is not a partisan thing. Both sides have been deleting email records
while they are in power. In 2007, the Bush Administration admitted it
may have lost 5 million emails, which by 2009 was revised to “as many as
22 million.” Hillary Clinton had her own private email server in her
basement and George W. Bush kept his private server at the Republican
National Committee headquarters.
THIS IS AN OUTRAGE! It must not go on.
These
capricious records management practices are an affront to the entire
records management profession. It makes a mockery of records management
and archival issues. It also makes a mockery of transparency and
accountability in government.
The recent Clinton email dust-up has
brought the issue to the fore of public discussion. It is time for an
organized campaign to change the law. Changes must be made to the
Federal Records Act (FRA) and Presidential Records Act (PRA). This was
suggested by the Society of American Archivists in a recent statement.
And they also recommended that the National Archives and Records
Administration (NARA) be given "the mandate and authority to capture and
preserve federal email messages across all agencies."
That's a
good start. But a press release is one thing and getting the laws
changed is quite another. SAA will need some help. Where is the
Association of Records Managers and Administrators (ARMA) International
on this? Where is the National Association of Government Archives and
Records Administrators (NAGARA)? Where is AIIM?
ARMA, NAGARA, and
AIIM need to follow SAA's lead and issue similar statements, but also
the four organizations should collaborate to develop a plan for action
to get the laws amended. They could start by having a conference call
next week and roughly outline a six-month social media strategy to raise
awareness of these critical records management and archiving issues. I
would be happy to moderate the call. Then the coalition should reach out
to other organizations that may be like-minded, such as ISACA (IT
auditors and IT governance professionals), the Institute of Internal
Auditors (IIA), and perhaps some legal trade associations would join in,
and also government watchdog groups. With a unified effort, some real
progress can be made and enough media and public pressure can be
generated to force the changes needed to be made.
Here is some suggested language that should be added to amend the laws:
"The
National Archives and Records Administration (NARA) shall be the
official and permanent custodian of email records, text messages,
telephone call metadata, video conference metadata, and other electronic
communications made by federal employees across all agencies."
"NARA shall have unfettered real-time access to email messages sent from federal agencies."
Federal
employees must use their assigned federal email account for all email
communications. Use of personal email accounts to conduct federal
business is forbidden and punishable by a fine of $50,000-$500,000 and a
prison term of one to five years. The only exception to this is if the
employee has been kidnapped, held hostage, or is in imminent physical
danger."
"Federal employees must use their
federally-issued desktop computer and federally-issued mobile computing
and communications devices to conduct all federal business. Use of
personal computing and communications devices to conduct federal
business is forbidden and punishable by a fine of $50,000-$500,000 and a
prison term of one to five years. The only exception to this is if the
employee has been kidnapped, held hostage, or is in imminent physical
danger."
That covers the basics. There will be more
clauses as well. No one interested in accountability and transparency in
government should be against these changes.
Implementing these
changes means a massive cultural change within our federal government.
That means that it will require a massive change management effort which
will necessarily include copious amount of training, and consistent
communications to reinforce adherence to the new changes in the laws.
Employees will need to be trained on basic records management principles
and the changes to the laws, risks of email and other electronic
communications, email security, email etiquette, and other related
issues.
Now, some have suggested that national security would be compromised if NARA uses its new secure cloud-based email archiving and records management platform to
ingest federal emails in real-time. So a robust and detailed security
and information risk mitigation plan needs to be in place. One idea
might be to have a secure connection to NARA's cloud application in each
agency which ingests messages in real-time, and then to physically
separate that data from all Internet and intra-governmental computing
and communications connections.
How?
Perhaps every hour
during the workday the collected email message archive could be detached
in the secure cloud facility and then attached to a separate,
standalone archive that would only be accessed by top level NARA
management personnel and those fulfilling Freedom of Information Act
(FOIA) requests. Also data scientists with security clearances should
have access to leverage analytics and business intelligence to find
value in the growing archive or "data lake." But in no case would the
federal email archive be connected to the Internet.
Here is a
suggested plan to get the changes to the law made; the first goal would
be to get the President of the United States to sign an executive order,
and then, to have congress pass the necessary changes. In summary, here
is my recommended five-point plan to change the laws:
1) SAA, ARMA, AIIM, NAGARA and other like-minded organizations band together
and pool their resources and fashion a plan for the campaign. The
initial goal is to leverage a community of 100,000 or more
professionals, and then to reach out to larger organizations until the
total coalition involves 500,000 or more professionals, all doing their
part. This means centralized, coordinated press releases and newsletter
announcements and dividing up the tasks of letter writing, phone calls,
and social media posts;
2) Social media campaign - planned, methodical, vigorous, widespread, with measured metrics;
3) Traditional media campaign -
TV, radio (coalition members should appear on local, regional, and
national political talk shows), print advertising (focused on the D.C.
market), and direct mail targeted to the president and all members of
congress;
4) Targeted campaign to meet with all 535 members of congress
on the issue. Beginning with a massive one million letters and
postcards, and at least 10,000 telephone calls to congressional offices
to raise awareness and request a meeting;
5) Protest march - I would be glad to lead one in Washington D.C. during the ARMA International Annual Conference & Expo Oct. 5-7, 2015.
I'd
love to continue the dialogue and debate. I invite all federal
employees and others who have an interest in records management issues
to come hear me speak at the D.C. Live Business Process Management & Records Management Conference & Expo on April 21, at the Capitol Hilton. I'll be giving the keynote address regarding these and other timely IG issues.
It
is a FREE event packed with informative sessions. It is open to the
public and private sector, with breakfast and lunch buffet provided, and
there will be a drawing for free signed copies of my books. Come join
us!
--------------------------------------------------------------------------------------------------------
Robert Smallwood is Managing Director of the Institute for IG at IMERGE Consulting, which can be found at www.IGTraining.com.
He teaches comprehensive courses on IG and E-records management for
corporate and public sector clients. He is the author of 3 leading books
on Information Governance: Information Governance: Concepts, Strategies. and Best Practices (Wiley, 2014); Managing Electronic Records: Methods, Best Practices, and Technologies (Wiley, 2013); and Safeguarding Critical E-Documents (Wiley, 2012).
Follow Robert on Twitter @RobertSmallwood and if we are not connected - please feel free to reach out!
#InfoSec #infogov #Smallwood #ClintonEmails #ElectronicRecordsManagement #InformationGovernance