Email again: Capstone approaches and the risks of email deletion June 20, 2013

St Lythan's DolmenWe are continuing with our exploration of effective email management here on Future Proof.

Two excellent and thought-provoking publications have come out of North America in the last few weeks.

The first is a Bulletin from the National Archives and Records Administration (NARA) in the US that is calling for comment on NARA’s proposed ‘Capstone’ approach to email management.

The second is a report by Ann Cavoukian, the Information and Privacy Commissioner of Ontario Canada, ‘Deleting accountability: Records management practices of political staff – A special investigation report 5 June 2013’. In this report Dr Cavoukian identifies the centrality of email to decision making at the highest levels of government but also hightlights the significant accountability risks that can eventuate if email records are not appropriately managed.

Capstone

The capstone approach to email management is a strategic and risk based approach that prioritises email retention and management based on the functional role and responsibilities of the account holder.

Capstone is an architectural term, meaning the finishing stone of a structure. It also means the high point, or the crowning achievement. In reference to email management, the focus of a capstone approach would be the accounts of key senior staff. In a capstone approach, these accounts would be regularly harvested and all records in these accounts kept as official business records.

A capstone approach can be an efficient and effective  strategy because these high level accounts are where final business decisions are made and where ultimate corporate responsibilities are discharged. Staff in these positions also have minimal time to devote to recordkeeping so a unified and strategic approach to the management of the corporate information and decisions that flow through these accounts can be a significant risk mitigation strategy.

In NARA’s capstone approach, they are intending to allow agencies to develop retention and disposal coverage for specific email accounts. NARA recommends that agencies identify those email accounts that are most likely to contain long term value recordsas priorities for capstone management. NARA’s Bulletin asks the valid question as to whether the tradeoff of potentially capturing personal and low value records in capstone accounts is acceptable. It does not mandate specific approaches for the managment of capstone account emails but suggests that existing email archive tools, native email systems or other existing repositories may be appropriate.  With reference to the low value or non corporate records that may also be captured, NARA flags that ‘Evolving technologies, such as auto-categorisation and advanced search capabilities, may enable agencies to cull out transitory and personal email. In the absence of a technological solution, agencies must rely on policy, procedures, and training to fully implement Capstone.’

If it helps to simplify and standardise the recordkeeping of key business accounts and to mitigate the risk of records of key decisions being lost, from our point of view, a capstone approach is definitely an email management approach to consider. We will await further information and advice from NARA with interest, and commend them on testing innovative approaches in this challenging and high risk space.

Information and Privacy Commissioner of Ontario Special Investigation Report

 Next, a fascinating Canadian report that highlights the significant accountability risks that can eventuate if email records are not appropriately managed.

In April 2013, the Information and Privacy Commissioner of Ontario received a complaint alleging that the Chief of Staff to the former Minister of Energy had routinely, at the end of each day, deleted all his emails. This staffer was involved in the cancellation of gas plants in Ontario and the allegation was that it was inappropriate for the Chief of Staff to routinely delete all his emails in this way.

The Commissioner’s detailed and excellent report contains much interesting analysis and appropriate recommendations but the key points to note here relate to email.

A key issue through the report relates to a general lack of understanding as to the importance of email as a record.

Lack of understanding of recordkeeping as a core business process is also apparent. When the Chief of Staff MacLennan was asked whether he archived any of his emails, he responded: “I don’t know how to archive anything. I don’t know what that means.” [6]

The Commissioner notes the centrality of email to business decision making:

“Email is an integral part of doing business today and has replaced a large number of telephone calls, memos, and letters. While this may be obvious to most, it would appear that a large part of the problem in this investigation is that MacLennan claimed not to have understood that email is a form of communication that must be managed no differently than any other record. The responsibility of political staff to manage records remains the same regardless of whether they are in paper or electronic form. It is simply unbelievable that MacLennan would have no understanding of this. Similar to paper records, the retention responsibilities relating to emails depends on the content of the emails. Judgement must therefore be exercised in determining whether to retain or delete any particular email. The management of email records must be integrated with other information management practices for records in the custody or under the control of government.” [15]

At the end of her report Commissioner Cavoukian concludes:

“Having considered all of the evidence, I am satisfied that the Premier’s Office Records Retention Schedule and the ARA [Archives and Recordkeeping Act 2006] was not adhered to. The simple existence of a “delete all emails” policy is proof that no judgement was brought to bear on whether emails were business records subject to the retention policy, as compared to transitory records. Clearly, no system was put in place to ensure that the responsibilities laid out in the Premier’s Office Records Retention Schedule and the ARA were met.” [28]

Core business records representing key information, fundamental decision points and critical business accountability were never kept because they were based in email and could routinely be deleted and there was no applied and monitored approach for email management.

The Commissioner’s report is a useful reminder of the core information that resides in individual email accounts and the risks our organisations can face if it is not managed consistently and well.

No doubt we will have more email updates in coming weeks but remember, we would love to hear your views on any of the ideas we are posting and strategies you are deploying in your organisation.

photo by: JohnGreenaway
Leave a Reply

You must be logged in to post a comment.