A Call to Arms: The Records Management Revolt of 2015

By Robert Smallwood posted 04-12-2015 12:50

  
Note: This was originally posted on LinkedIn on April 2, 2015

Records managers as a lot are a serious sort. Logical, thoughtful, and methodical, yes, and mostly not very excitable. But the entire records management community should be incensed with the fact that federal email records are being destroyed at an alarming rate. At the State Department an Inspector General investigation found that 99.99% of their email communications were deleted in 2011! Only 61,000 of the 1 billion or more emails sent in 2011 were preserved. And it was worse in 2012!

This is not a partisan thing. Both sides have been deleting email records while they are in power. In 2007, the Bush Administration admitted it may have lost 5 million emails, which by 2009 was revised to “as many as 22 million.” Hillary Clinton had her own private email server in her basement and George W. Bush kept his private server at the Republican National Committee headquarters.

THIS IS AN OUTRAGE! It must not go on.

These capricious records management practices are an affront to the entire records management profession. It makes a mockery of records management and archival issues. It also makes a mockery of transparency and accountability in government.

The recent Clinton email dust-up has brought the issue to the fore of public discussion. It is time for an organized campaign to change the law. Changes must be made to the Federal Records Act (FRA) and Presidential Records Act (PRA). This was suggested by the Society of American Archivists in a recent statement. And they also recommended that the National Archives and Records Administration (NARA) be given "the mandate and authority to capture and preserve federal email messages across all agencies."

That's a good start. But a press release is one thing and getting the laws changed is quite another. SAA will need some help. Where is the Association of Records Managers and Administrators (ARMA) International on this? Where is the National Association of Government Archives and Records Administrators (NAGARA)? Where is AIIM?

ARMA, NAGARA, and AIIM need to follow SAA's lead and issue similar statements, but also the four organizations should collaborate to develop a plan for action to get the laws amended. They could start by having a conference call next week and roughly outline a six-month social media strategy to raise awareness of these critical records management and archiving issues. I would be happy to moderate the call. Then the coalition should reach out to other organizations that may be like-minded, such as ISACA (IT auditors and IT governance professionals), the Institute of Internal Auditors (IIA), and perhaps some legal trade associations would join in, and also government watchdog groups. With a unified effort, some real progress can be made and enough media and public pressure can be generated to force the changes needed to be made.

Here is some suggested language that should be added to amend the laws:

"The National Archives and Records Administration (NARA) shall be the official and permanent custodian of email records, text messages, telephone call metadata, video conference metadata, and other electronic communications made by federal employees across all agencies."
"NARA shall have unfettered real-time access to email messages sent from federal agencies."
Federal employees must use their assigned federal email account for all email communications. Use of personal email accounts to conduct federal business is forbidden and punishable by a fine of $50,000-$500,000 and a prison term of one to five years. The only exception to this is if the employee has been kidnapped, held hostage, or is in imminent physical danger."
"Federal employees must use their federally-issued desktop computer and federally-issued mobile computing and communications devices to conduct all federal business. Use of personal computing and communications devices to conduct federal business is forbidden and punishable by a fine of $50,000-$500,000 and a prison term of one to five years. The only exception to this is if the employee has been kidnapped, held hostage, or is in imminent physical danger."

That covers the basics. There will be more clauses as well. No one interested in accountability and transparency in government should be against these changes.

Implementing these changes means a massive cultural change within our federal government. That means that it will require a massive change management effort which will necessarily include copious amount of training, and consistent communications to reinforce adherence to the new changes in the laws. Employees will need to be trained on basic records management principles and the changes to the laws, risks of email and other electronic communications, email security, email etiquette, and other related issues.

Now, some have suggested that national security would be compromised if NARA uses its new secure cloud-based email archiving and records management platform to ingest federal emails in real-time. So a robust and detailed security and information risk mitigation plan needs to be in place. One idea might be to have a secure connection to NARA's cloud application in each agency which ingests messages in real-time, and then to physically separate that data from all Internet and intra-governmental computing and communications connections.

How?

Perhaps every hour during the workday the collected email message archive could be detached in the secure cloud facility and then attached to a separate, standalone archive that would only be accessed by top level NARA management personnel and those fulfilling Freedom of Information Act (FOIA) requests. Also data scientists with security clearances should have access to leverage analytics and business intelligence to find value in the growing archive or "data lake." But in no case would the federal email archive be connected to the Internet.

Here is a suggested plan to get the changes to the law made; the first goal would be to get the President of the United States to sign an executive order, and then, to have congress pass the necessary changes. In summary, here is my recommended five-point plan to change the laws:

1) SAA, ARMA, AIIM, NAGARA and other like-minded organizations band together and pool their resources and fashion a plan for the campaign. The initial goal is to leverage a community of 100,000 or more professionals, and then to reach out to larger organizations until the total coalition involves 500,000 or more professionals, all doing their part. This means centralized, coordinated press releases and newsletter announcements and dividing up the tasks of letter writing, phone calls, and social media posts;

2) Social media campaign - planned, methodical, vigorous, widespread, with measured metrics;

3) Traditional media campaign - TV, radio (coalition members should appear on local, regional, and national political talk shows), print advertising (focused on the D.C. market), and direct mail targeted to the president and all members of congress;

4) Targeted campaign to meet with all 535 members of congress on the issue. Beginning with a massive one million letters and postcards, and at least 10,000 telephone calls to congressional offices to raise awareness and request a meeting;

5) Protest march - I would be glad to lead one in Washington D.C. during the ARMA International Annual Conference & Expo Oct. 5-7, 2015.

I'd love to continue the dialogue and debate. I invite all federal employees and others who have an interest in records management issues to come hear me speak at the D.C. Live Business Process Management & Records Management Conference & Expo on April 21, at the Capitol Hilton. I'll be giving the keynote address regarding these and other timely IG issues.

It is a FREE event packed with informative sessions. It is open to the public and private sector, with breakfast and lunch buffet provided, and there will be a drawing for free signed copies of my books. Come join us!

--------------------------------------------------------------------------------------------------------

Robert Smallwood is Managing Director of the Institute for IG at IMERGE Consulting, which can be found at www.IGTraining.com. He teaches comprehensive courses on IG and E-records management for corporate and public sector clients. He is the author of 3 leading books on Information Governance: Information Governance: Concepts, Strategies. and Best Practices (Wiley, 2014); Managing Electronic Records: Methods, Best Practices, and Technologies (Wiley, 2013); and Safeguarding Critical E-Documents (Wiley, 2012).

Follow Robert on Twitter @RobertSmallwood and if we are not connected - please feel free to reach out!

 



#InfoSec #infogov #Smallwood #ClintonEmails #ElectronicRecordsManagement #InformationGovernance
0 comments
78 views