A draft of a paper prepared for the Annual Meeting of the Society of American Archivists, Orlando, Florida, September 3, 1998. It is published here with the kind permission of the author.
by
David A. Wallace,
School of Information,
University of Michigan
INTRODUCTION
Along with the dizzyingly rapid rise of
the Internet and the World Wide Web, email has and continues to emerge
as a solid fixture of popular and professional culture. Forester Research
Inc., for example, has reported that between 1992 and 1997 the U.S. population
enjoyed a seven-fold increase in access to email -- from 2% to 15% -- and
that this number will jump to 50% shortly after the onset of the new millennium.
[1]
The claim that email is an increasingly pervasive technology touching many aspects of our professional and personal lives can be flippantly commented upon as a striking grasp of the obvious. Over the past decade we have seen email emerge as a plot and subplot element in both commercials, television shows, and the movies, not to mention in a raft of news stories documenting the legal, social, and ethical implications and challenges posed by this technology. What is not so obvious is the fact that email is rarely exhibited in the popular media as a recordkeeping concern that is profoundly shaping the nature of organizational documentation. On occasion we have seen discussion of email's recordkeeping dimension in the news media, most notably in the ongoing litigation associated with the "PROFS" and "GRS20" lawsuits against the U.S. federal government. Such articles, however, are clearly exceptions in the universe of email reportage.
The potential record status and management of email has been a persistent issue throughout the decade of the 1990's, both within and external to the recordkeeping professions. In 1993, Jean Samuel reported on an extended debate in the Records Management listserv over whether or not a hypothetical offer of employment conferred via email constituted a legally binding offer that was actionable if rescinded. Respondents divided themselves into two camps -- those who felt that the email had no legal record status and those who did. [2]
In 1994, the U.S. federal government launched its "Reengineering Through Government Technology" program as part of Vice President's Gore's National Performance Review initiative. In its discussion of the potential for government-wide email, the government recognized that there was a "lack of understanding about the various potential uses of email…[and that] messages created in the email environment are treated by senders and receivers in much the same way as telephone conversations -- privileged personal communications." However, "unlike telephone messages" email was "inherently archival," and thus introducing records management concerns. Recognizing that official government business would be conducted over email, the initiative realized that agencies would need to "take steps to ensure that the recordkeeping requirements of the [Federal Records Act" are met" and recognized that current guidance was not "adequate and should be strengthened and extended to reflect changes in records management, privacy, and computer security." [3]
As recently as February 1997, the North Dakota State Senate passed a concurrent resolution directing that its legislative council "study the development of an electronic mail and records management policy for governmental entities." [4] And, in June 1997 it was reported that National Aeronautics and Space Administration (NASA) policy mandated that its centers destroy all of its stored electronic mail after the passage of sixty days based on the convoluted rationale that its policy forbade agency employees from using email for official correspondence and that any official record material created via email be printed out and filed. [5]
Needless to say there has been no small degree of ambiguity over the status and interpretation of email in relation to formal recordkeeping principles and practices, and thus confusion over the scope of policies to address email.
Society's confusion in fully recognizing, and more significantly, establishing a recordkeeping dimension to email has, in the words of Michael Sutton, caused email to become a "'black hole" in many public and private sector organizations where valuable corporate records are doomed to the electronic dustbin of obscurity -- deleting official records of many transactions because of scarce server disk space." [6] More specifically to the issue of email policy, Rick Barry recently related his experiences consulting with organizations on their email use and their policies to oversee that use. Based on surveys and follow-up focus groups with organizational staff members, Barry found that: up to 80% of email creators stated that they did not "have a clue" as to when their email qualified as an official record; that there was "great inconsistency" as to what was actually classified as a record; that staff were "largely unaware" of the existence of organizational email policies and that they had an unwarranted fear that saved email would come back to haunt them; and, that despite claims that email was being routinely copied to the records center very few actually were. [7] The increasing use of email across all of society does cause one to give pause to the insights of Sutton and Barry and their implications for organizational accountability and memory.
While society at large continues to be
under-informed of the recordkeeping dimension of email, the recordkeeping
professions (archivists and records managers) have spent a decade discussing
and debating the impact of email on their work. Only recently, though,
have they begun in earnest to craft policies addressing the recordkeeping
challenges posed by email. A report from an electronic records seminar
at the Graduate School of Library and Information Science at the University
of Texas at Austin reported on the status of email policy thinking and
action as of the summer of 1997.[8] The research
team conducted interviews and reviewed the extant literature from the perspectives
of industry analysts, the private sector, the public sector, professional
associations, and university and research institutions. The team's report
found that industry analysts "agreed" that both organizations and individuals
generally failed to consider the "evidential nature of email and rarer
still ha[d] a policy in place relating to the management of electronic
messages." State of the art practice was found to be oriented towards a
simple recognition that there was a true need to "develop policies and
procedures for capturing email as records within an electronic environment."
Their analysis of the private sector found the perception that "user education,
awareness, and compliance" were serious obstacles in email policy enforcement
and that organizational-wide policy solutions required that policy address
a "specific set of problems at the workgroup level." Public sector initiatives
were found to be further along with excellent primers and guidelines for
policy development being produced by the Australian Archives and the New
York State Archives and Records Administration. [9]
The situation in the U.S. federal government was found to vary widely,
ranging from a complete absence of policy to the creation of policies shaped
largely as a result of the judicial determinations in the "PROFS" case
and the U.S. National Archives' response to them [10]
and the ongoing "GRS 20" follow-up lawsuit. In their review of eighteen
professional associations, the seminar participants found that just over
half of those that responded (seven out of twelve) reported that they had
explicitly began to address email records management. These initiatives
were wholly at the stage of either drafting a policy or were still in the
planning stage. As a consequence of these and other findings -- including
the finding that "[m]any organizations fail to recognize email as a potential
source of records requiring formal records management" -- the seminar participants
identified four "state of the art" approaches for email management, each
of which was found to possess both advantages and disadvantages for email
records management: printing to paper; using email software to manage email
and its native metadata electronically via folder and filters; transfer
of email records into a document management system; and, capturing email
records into a records management application.
Building on the above study, this paper reports on the current state of the practice of email policy as it relates to records and recordkeeping by providing a content analysis of thirty-eight email policies (nine from universities, twenty-six from government, and three from the private sector) that are consciously oriented towards the recordkeeping implications of email. These thirty-eight policies were derived from a solicitation for policies on several archives and records management listservs as well as a detailed search across the World Wide Web. While the sample thirty-eight policies are by no means comprehensive and are particularly weak for the private sector, they can be legitimately used to draw a characterization of records oriented email policies to determine the variance and convergence of where recordkeeping professionals current thinking stands in managing email -- at least the thinking of those professionals who have labored to craft a records conscious email policy.
Each policy is analyzed along the following dimensions and sub-dimensions as a means to develop comparative data:
Before moving on to an analysis of the thirty-eight policies under consideration, this paper will provide a discussion of the different way in which an email policy can be framed and the particularistic perspective offered by the recordkeeping professions in light of the literature on the subject.
FRAMES FOR ANALYZING ELECTRONIC MAIL
In order to specifically address records oriented email policies in depth it was decided here to ignore the vast majority of email policies that are focused on "appropriate use" policy orientations issued to organizational employees. This dominant email policy form is typically directed towards issues on the proper uses of email, employee expectations of privacy for their email, employer ownership of email, email etiquette, proper composition of messages, copyright, security, and the like.
The "Internet and E-mail Policy" for Washtenaw County government in Michigan provides a typical example of this policy genre. Employees are admonished to employ "good judgement" in their email usage. While the policy permits employees to use their account for personal email messaging they are reminded that they can only make personal uses on their own time. They are also informed that they have no rightful expectation of confidentiality for any message in their account and that all "information contained within the email system" was owned by the County and subject to the state's Freedom of Information Act. This policy also lists a series of "prohibited uses" of County email, including illegal activities, threats, harassment, slander, defamation, political activities, viewing sexually explicit materials, and the like. [11] What is missing, of course, is any recognition that email created or received by Washtenaw County employees may qualify as official County records subject to legally-binding records management controls [Freedom of information legislation normally applies to any information held by a government, well beyond the boundaries official records]. This absence is particularly glaring in light of the fact that the policy informs employees that they are only to use email for "County business only" when they are on County time, despite the fact that nowhere does the policy link "County business" to the production of official records.
The Cyberspace Law Institute's (CLI) web site provides another example of this genre through its interactive electronic form to assist companies in developing their own email policy. As with the Washtenaw County policy, it also suffers from the same absence of recordkeeping awareness. CLI's interactive policy form provides a template of considerations and options for a company email policy. Issues such as the purposes for which email may be used (Is incidental personal use permitted or is email to be used solely for company business?), encryption and labeling, the presence of systematic monitoring, and the role of employee consent in company access and disclosure to their email are addressed. [12] After picking the desired options the system compiles a draft email policy. While this has the benefit of surfacing some very significant issues for the electronically enabled workplace for consideration, it fails to address significant records management issues associated with the record/non-record status of email, proper filing protocols, and strategies for preservation.
Another significant perspective on email is the legal risks associated with poor management of the medium and the sentiment that email is more of a threat to stability than it is a valuable business tool to document organizational transactions and decisionmaking.
One 1994 commentary reported that, in general, managers seemed "unaware that email is being used in a variety of legal disputes, including sexual discrimination, unlawful discharge, sexual harassment, theft of company secrets, hazardous working conditions, and contract squabbles" and that few organizations had developed email "usage and storage policies that could protect them in legal battles." The threat of email was clear: "Email can and probably will be used against your company." [13] And the implication was that is was far better to destroy email as soon as possible than to save it.
More than anyone else, Electronic Evidence Discovery, Inc. (EED) has underscored the legal risks associated with poorly managed electronic data, including email. A 1996 article by EED's Jessen and Shear pointed out that the December 1993 revision of Rule 26 (a) of the Federal Rules of Civil Procedure mandated that litigants were now required to turn electronic data compilation over to each other, indicating that computerized data, including electronic mail, were likely to play an increasingly prominent role in litigation. In the absence of a sound organizational policy on the management and use of electronic data, the opposing side might be permitted to directly inspect an organization's electronic holdings, thus leading to increased legal risks. As a means of alleviating such risks, Jessen and Shear advise organizations, among other things, to develop policies and procedures, including formal retention policies, to "identify and preserve necessary business documents while keeping the number of necessary documents to a minimum." To underscore their points, Jessen and Shear report on a case EED was involved in which EED obtained, on behalf of a plaintiff who was suing his former company for wrongful dismissal, access to over 750,000 email messages drawn from backup tapes of the defendant company's email system that had not been recycled and which still held previously "erased" messages. These recovered messages demonstrated that the defendants claims that the employee had been dismissed for poor job performance were in fact untrue. [14]
While there is a clear recognition of the potential official recordness of email messages in Jessen and Shears' article, the overarching message is that email is more of a potential liability than as an organizational records creating asset. And while the lessons drawn by Jessen and Shear, namely that an organization needs to develop sound email retention policies, are extremely valuable and essential to recordkeeping concerns, they seem to get muted by the more prominent, and admittedly significant, message of legal risk. The Delaware Public Archives' 1998 draft electronic mail policy provides a more robust means for assessing electronic mail. While particular to government, its meaning is relatable to other contexts. This draft policy notes that the "management of email systems touches on nearly all functions which a government agency is dependent on record keeping for: privacy administration, vital records management, administrative security, auditing, access, and archives. The need to manage email systems properly, then, is the same for other records keeping systems: to ensure compliance with…statutes concerning the creation, retention, and access to public records." [15]
The broadness of scope entailed by the
quite recent Delaware policy provides a means through which to examine
the recordkeeping literature on email to review the evolution of thought
on email and recordkeeping.
THE ARCHIVES & RECORDS MANAGEMENT FRAME
In 1995, John McDonald, highlighted the recordkeeping problems associated with computing technologies, including email. Likening the existing working environment as one without a firmly established set of rules, McDonald pointed out that:
"Office workers can create and send electronic messages and documents to whomever they wish. They can store them according to their own individual needs and then delete them without turning to anyone else for approval. There are no rules of the road…..[H]owever, the familiarity with which office workers are using information technology and growing concerns about what to do with the 'stuff' generated and received in the office environment have together spawned a number of questions. Is email a record? If it is a record, what should be done with it? Does everything need to be documented? Are there any rules to be followed concerning what should be kept and where it should be filed? Should everything be printed onto paper? What are my responsibilities? Who can provide me with advice and guidance? How can responsibilities for good documentation and recordkeeping be carried out in a way that does not become a burden or prevent me from getting my job done?" [16]The first real analysis of electronic mail from a recordkeeping perspective was Carol Nowicke's 1988 analysis of the "quality of information" in an email system as well as its usage and archival management at the office of the Director of Naval Laboratories. [17] Undertaken over the course of 11 months in 1985, the study was driven by three realizations: that email had and would continue to effect the composition of historical record that documented naval research and development; that email "met' the legal definitional threshold of official federal records; and, that email was being used in absence of "management control or accountability." [18] After developing a system that automatically copied all incoming and outgoing email from a sample volunteer population of roughly a dozen users, archives staff evaluated their suitability for long-term retention and deleted those that were not suitable for preservation. Roughly 90% of all routed messages were found by the archives staff to be immediately erasable. The remaining 10% were then loaded into a database that parsed out the following information, when available or appropriate, into separate fields: identification of the individual assigned action by the message; the action assigned; the deadline for the action; the message's date; its author; its subject as assigned by the creator; and, its recipient.
This process led to the identification of "Routine Mail" and "Executive Mail," to be assigned by the sender. "Executive Mail "required some type of action….[and] involved statements of official policy, official assignments, major commitments or personnel or funds, significant changes, etc." While both Routine and Executive mail was identified for retention, very few messages were actually classified by creators as Executive. The email that was selected for retention was found to be "extremely valuable in documenting the evolution of Navy laboratory management policy." [19] Hence, while the study's methodology would be an impractical labor intensive method for managing an organization's email, it appears to be the first unambiguous empirical evidence we have that email was being used to create many different types of official records (classified into categories such as inspections and investigation, personnel matters, research and program management, corporate planning, meetings and conferences, financial management, and routine office support). In addition, it also surfaced some of the key recordkeeping dilemmas posed by this then emerging technology: "many of these messages would have been printed out and saved by the senders, some would have been deleted, but never would the collective information have been gathered and organized." [20]
Shortly after the appearance of Nowicke's article, a World Bank study appeared in September 1989 that, in part, assessed the adequacy of the Bank's records management practices in relation to its email usage. It found that the Bank's email system was not "designed to address critical records management and archives concerns." [21] Mirroring McDonald's set of concerns from 1995, this study found that:
"Existing policies did not define the record status of electronic mail. That the user alone is responsible for making retention and deletion decisions during the first days or weeks after the message is created. After that the system establishes automatic retention periods and regularly erases the older records from email folders. No regular disposition decisions are ever made and no framework for making them has been provided to users. No one is held responsible for any disposition decisions that are made. No policies are in place to safeguard mail that has legal or operational value, including for instance, discussions regarding procurements with borrowing countries or for decisions or approval from senior managers on specific issues. No means exist to identify official files; no responsibility for transfer management has been assigned. No provisions are made for continuing and wide access to archived electronic mail, and no directory exists by which potential users can discover archival electronic mail files." [22]The analysis found that paper was used as the medium by which email was archived for continued access, mostly because no policy existed which governed electronic preservation and access. It additionally found that there existed no program to educate bank staff on how to appropriately use email in reference to records management concerns. Most significantly, though, this study concluded that email could not be managed in and of itself as email. Messages instead needed to be referenced to the "business functional areas" they dealt with and that this needed to be reflected in email use and retention policy instead of treating email as an undifferentiated mass or as a single documentary form that was called "email." [23]
As the above issues were percolating to
the surface, two sets of comparative data from 1988 and 1991 documented
the usage of electronic media at the United Nations (UN). They provide
a powerful empirical indication of the increasing importance of email as
an organizational communications channel, and as such underscore the burgeoning
records management dilemma uncovered in 1989 at the World Bank. In 1993,
Bikson and Law conducted a survey of the use of electronic information
and communication technologies at the UN in order to determine appropriate
policies and procedures for managing record material in electronic format.
[24] To do so they drew upon the comparative data to
evaluate changes in UN offices use of telex, fax, and email. Their analysis
uncovered that over this period there was a significant decrease in telex
use and dramatic increases in the UN's use of both fax and email. This
study also found that by 1991 there was an enormous variety in the kinds
of email software packages in use at UN agencies (some 27 different systems)
and that, contrary to opinions held in 1988, this heterogeneity helped
surface for the first time explicit concerns over the management of electronic
records. Another change between the years 1988 and 1991 was the recognition
that email could be and was being used in more substantive ways than as
a substitute for the telephone. By 1991, email was being used by 70% of
survey respondents to exchange spreadsheets and data files. Forty percent
of respondents stated that they were using email to send long memoranda
and 25% reported using email to transmit official documents. In terms of
formalized control of this media, the 1988 data show that very few respondents
(20% or less) had any rules or criteria in place for email communications
with respect to formal communication channels, controlled file copies,
or official material. And the 1991 data show that the originator of an
email message was overwhelmingly more likely to control file copies of
outgoing messages than were the unit head/program manager or records management
staff. This, again, lies in sharp contrast to the numbers exhibited for
telexes and faxes form the same period which were strongly centrally managed
and controlled. [25] A concentrated reading of
the 1991 survey data led Bikson and Law to conclude that while "UN organization
have become much more aware of and concerned about issues related to the
management of information that is prepared, communicated, and stored by
means of decentralized electronic media….few of these issues have been
resolved, and records management staff rarely are included in policy and
decisionmaking processes. For the most part, electronically transmitted
information…enters organizational records systems only if it is first converted
to paper and then handled by conventional methods." These findings led
the authors to conclude that "organizations in the UN system have yet to
bring computer-based technology to bear to solving the records management
problems it has helped to create….[and that] most organizations have not
developed methods for retaining and controlling their electronic information
sources in ways that will meet records management objectives." [26]
In terms of policy solutions to address these issues, the authors noted
the recognition by respondents that there existed a "policy vacuum" and
that most UN organizations had not yet implemented guidance on the 'identification,
capture, and subsequent management of electronic records in electronic
form." The need to develop such policies was seen as a "chief issue for
the 1990s." [27] While the UN data was restricted
to a sample drawn from a part of its vast bureaucracy, it likely mirrors
transformations that were then taking place in other sectors of society.
The first substantive writing addressing the policy and guidelines issues attendant to computer generated records, including electronic mail, can be found in a section of a 1989 UN report drafted by David Bearman. Asserting that electronic records policies needed to be created in cognizance of the "management requirements" of the organization they are created for, this publication argued that in order to be effective, policy needed to be based on life cycle management that evaluated records based on their function they perform and support and not on the media they are created and reside on. [28] "Organizational applications of electronic mail" for example, "may include its use for the dissemination of directives, policies, and procedures and its use for making personal lunch dates." The UN policy's point here was that what is relevant for the recordkeeping professions about email is not email in and of itself as a technology. Rather, it is the types of work that email enables and supports. The trick to managing individual email messages is linking it to its associated business function, a point reinforced by the 1989 World Bank study discussed above. At the time writing, the UN report asserted that email was "undergoing cultural definition" and one fear was that it could be socially defined as solely personal and non-records producing. One important role identified for policy was to establish that email was and could be used for producing official organization records that needed to be managed within a records management regime. Among the many policy recommendations made, the following continue the be among the most relevant to the struggle and confusion over email management:[29]
In this document's prescriptions for policy development and deployment, simply creating and issuing a policy is not nearly enough to ensure its successful implementation. Rather, it is the start. In order for policy to be embraced, the recordkeeping professions were advised on the need to communicate convincing rationales to their co-workers throughout the organization on why the policy is shaped as it is and have this meaning understood and adapted throughout the organization. [30]
In 1992, Tomer and Cox provided a sense
of the impact of email on communications flows within organizations and
its impact on policy. They pointed out how email led to the rise of "information
islands" and to the breakdown of hierarchy and formalized information flows.
In terms of the former, an individual worker using email could make "unilateral
decisions" about what will be saved and deleted. They also pointed to how
email directly challenged archivists and records managers methods for storing,
retrieving, accessing, and preserving records created on this technology,
as well as raising concerns over the identification and retention of "record"
copies of messages for evidentiary purposes. [31]
Tomer and Cox specifically pointed out the absence of organizational policies
which recognized these trends and a paucity of research into the "nature,
impact, and alternatives" for email management. They contend that this
absence has caused "some records managers to view electronic mail as a
form of non-record, similar to the telephone call." In absence of concrete
analysis and research into email from a recordkeeping perspective, Tomer
and Cox contended that archivists and records managers would only be capable
of developing stop-gap measures to deal with email. As a means for approaching
email, Tomer and Cox argued that email should be viewed as a "medium supporting
the creation of records," and not as a record type and called upon archivists
and records managers to establish an email policy for their parent institution
in recognition of this. Policy alternatives seen as deficient by Tomer
and Cox would establish that email messages are not records and leave it
at that, or demand that all email messages be saved for eventual human
or machine processing. In contrast, usable policy options would call for
the receiver or creator of an email message to "determine and designate"
whether a specific message is an official organizational record. This would
require that the organization issue a policy that defines what an official
organizational record is and how email relates to it. It would logically
follow from this recognition what was truly required was the development
of systems which would mandate a record determination before any message
could be sent or saved.
A more recent analysis by Barry, highlighted the deficiencies of non-records oriented email policy. [33] Reviewing the Computer Professionals for Social Responsibility's draft email policy suggestions for organizations, Barry found the draft woefully inadequate from a records management perspective. Based on personal experience with email policy development in organizations, Barry found that "the large percentage of employees do not have a clue what is and is not a record, least of all with respect to email….And they have little or no understanding of what their responsibilities are in this respect." As a consequence of the widening use of email, organizations are confronted with issues related to: identifying the party responsible for deciding whether an email is an official organizational record or not; determining how to capture official email records into organizational recordkeeping systems; how these messages will be associated with their generating business processes or their appropriate record series; what types of metadata will need to be captured about these messages and how it will be captured; and, how long term preservation of these messages will be assured. In Barry's eyes, the adoption of any email policy which ignores such issues will be incomplete and may in fact place the organization at serious risk.
A 1995 publication of the New York State Archives and Records Administration scoped out a specific set of concerns regarding the establishment of an email policy. It contended that policy "should establish general guidance on the use of e-mail to conduct official business, on access and privacy protection of e-mail messages, and on management and retention of e-mail." Such policies also needed to establish the "roles and responsibilities" of the various stakeholders such as end users, managers, technical staff, records management staff, and support staff. A well-crafted policy would assist staff in the proper use of email as well as increasing the "quality and value of agency records." [34]
Finally, another recent effort to prescriptively address some of the thorny record keeping issues attendant with email can be found in a May 1998 draft report from the Association of Records Managers and Administrators (ARMA) Electronic Mail Task Force. Adopting a strong sense of the legal risk perspective, the draft contends that its use will enable any organization "to formulate an email policy that is responsive to its unique environment" and which is relatable to broader records management concerns raised by the technology: the need to distinguish records form non-records and the continued preservation of needed email records alongside the prompt erasure of those which have outlived their organizational utility via approved records retention and disposition schedules. [35]
As with other writings, ARMA's draft recognizes that the drafting and implementation of an effective records-oriented email policy requires the participation of many organizational members (such as upper management, legal counsel, records and information management, information technology management, and end-users) and organizational functions (such as records management, information systems, legal, financial, and regulatory) as well as development of a "consistent understanding" throughout the organization of "staff responsibilities and the potential consequences of…misuse." [36]
One section of the Task Force's draft explicitly
discusses the "records management foundations for an email policy. Reminiscent
of the writings already reviewed above the draft recommends that records
managers consider the following factors in order to substantively contribute
to the policy development process: [37]
The most prominent public discussion over the issues attendant with email policy and management have been associated with the famous "PROFS" and "GRS 20" lawsuits. The rocky road traveled by this decade-long series of litigation provides a concrete assessment of the impact and shaping of chronologically parallel policy analyses and prescriptions enumerated in the above section.
Initiated in the waning days of the Reagan
administration in January 1989, a group of private citizens and public
interest organizations -- naming the U.S. National Security Council, the
Executive Office of the President, and the Archivist of the United States
as co-defendants -- challenged the U.S. government's proposed wholesale
destruction of electronic versions of email records on the rationale that
any true record material created by email would have been printed out and
filed into official recordkeeping systems. Remarkably, it took four full
years of litigation before the court ruled on the adequacy of the defendants’
recordkeeping guidelines and the Archivist’s performance of his/her statutory
obligations. In the interim the government argued that both their oral
and written recordkeeping guidances amply demonstrated that their recordkeeping
practices were in accord with the requirements of the Federal Records Act
(FRA). They pointed out that since 1987 the NSC had provided oral guidance
to employees on their recordkeeping responsibilities both when they started
working for the NSC and again when they departed. Employees were explicitly
instructed that when an email message was a "record" it was to be printed
out and logged into the formal paper recordkeeping system. They also pointed
out that since February 1990, departing NSC employees were required to
read and sign a certification that they had "met their recordkeeping obligations
and [had] handled their electronic mail in accordance with the prescribed
requirements." And in May 1992, the NSC modified the PROFS software so
that when a user wanted to send a message they first had to assign a record
status – presidential record, federal record, or non-record – before the
system would route it. If a message was assigned the status of either "presidential
record" or "federal record" a copy of it was automatically transmitted
to the NSC’s records management office for printing out and filing in to
a recordkeeping system. [38] In their response
to defendants’ claims of proper behavior, the plaintiffs argued that the
FRA required that all records, regardless of medium, had to be preserved
unless the National Archives and Records Administration (NARA) had first
authorized their disposal. They claimed that in this instance the defendants
had "arbitrarily" deemed email as non-records without first making any
effort to evaluate their content in order to justify such a determination,
and that employees were not provided adequate guidance on how to identify
a federal record generated by an email system and how to distinguish record
from non-record material. The plaintiffs also rejected the government’s
claims that the electronic versions of email messages were merely extra
copies and not official government records. By declaring them to be extra
copies and not records under the FRA, the plaintiffs contended that the
defendants had "erroneously instructed" staff of their legally binding
recordkeeping responsibilities. The plaintiffs asserted that electronic
records were not extra copies because their "form and content are unique"
and printouts did not necessarily capture all of the information associated
with a particular document. Items such as the identity of the sender and
the recipient, acknowledgement receipts which provide the sender with a
confirmation that their message was received, as well as the date and time
of receipt and system usage statistics such a user logon/logoff and connect
times were some of the types of electronically stored metadata that appeared
nowhere on printouts. The plaintiffs further contended that the existence
of a paper printout did not invalidate the record status of the electronic
record version and that instead of being an extra copy the electronic version
continued to be a record in its own right. [39]
In a counter-reply, the defendants criticized the plaintiffs for asserting
that the government was "somehow affirmatively obligated under existing
law to do more than simply preserve ‘records’ contained on the PROFS system
in hard copy paper format." The government argued that the defendant agencies
had consistently employed a "paper system as its primary means of maintaining
agency files." As such, the defendants had been totally within their legal
discretion to not designate the PROFS system as a recordkeeping system
for filing and managing records. They claimed that they had always treated
PROFS as a communications system which sometimes was used to transmit records,
but which for the most part communicated non-record material. Regarding
the plaintiffs’ contention that the electronic versions of PROFS materials
contained information not available on the printouts, the defendants countered
that when a PROFS note, calendar, or document is printed out the resulting
paper copy contains, with the exception of function keys, all the information
that had appeared on the user’s computer screen. The defendants stated
that they were "unaware of any authority…for the proposition that defendants
[we]re obligated to do more….[T]here is certainly no requirement that individuals
spell out abbreviations in their paper letters and memoranda, or track
down the times of receipt of the documents they create[d] or note when
acknowledgements in the form of return notes were received, all prior to
‘archiving’ such letters or memoranda in traditional agency files." [40]
Taking into account all of the above arguments,
U.S. District Judge Charles Richey issued his ruling on the matter in January
1993. In brief, Judge Richey determined that the defendants had violated
the FRA and that their recordkeeping practices were "arbitrary and capricious"
under the Administrative Procedures Act (APA) because they permitted the
improper destruction of federal records. He also ruled that the Archivist
had failed to fulfill his statutory duties as mandated by the FRA and directed
the Archivist to take immediate action to preserve the "electronic federal
records" that had been the subject of the case and develop new guidelines
for managing email. Richey specifically faulted the Archivist for not preventing
the destruction of federal records. On the issue of the record status of
the electronic versions of the email messages, Richey ruled that despite
the fact that not all information stored on the defendants email systems
were records, he could not "read the FRA to exclude computer systems such
as those at issue here." To buttress this contention he noted that the
FRA had been designed to include materials regardless of physical format.
On this issue of the adequacy of paper printouts as surrogate records to
the electronic versions, Richey determined that paper printouts did not
reproduce information that existed in electronic versions. He specifically
referred here to information about who received a message and when it was
received as well as distribution lists, lists of individual senders and
recipients, times of acknowledgement, and logon/logoff times. Richey rejected
the defendants argument that such items do not rise to the level of a record
by noting that "[d]efendants’ argument misses the point because this information
does not stand alone. This information must be saved because, in combination
with the substantive information contained in the electronic material,
it will convey information about who knew what information and when they
knew it." Since the electronic versions could be federal records in their
own right, he ruled that they must be saved, regardless of whether or not
a paper copy was made. This determination made obsolete the defendants’
continuing contention that the electronic version was merely an extra copy
of the paper printout. Richey also ruled here that the defendants recordkeeping
procedures and recordkeeping guidelines violated the Administrative Procedures
Act because they provided an inadequate records management program for
supervision of staff decisions on the record and non-record status of their
email messages and that they also allowed the improper destruction of federal
records. [41]
Upon receiving the above decision, the defendants immediately appealed and sought relief at the next higher level of the judiciary. [The plaintiffs also appealed a portion of Richey’s decision, however, their appeal dealt with issues which are not of direct concern here.] In August 1993, the U.S. Appeals Court ruled. They affirmed Judge Richey’s January 1993 decision that the defendants electronic records management guidelines were in violation of the FRA, that paper printouts of electronic versions of records are not acceptable substitutes for the electronic versions as they strip off relevant contextual information, and that the existence of a paper printout did not invalidate the record status of the electronic version. In specific reference to the defendants recordkeeping guidelines, the Appeals Court found that the instruction to print hard copy paper versions of electronic records was "flawed because the hard copy printouts that the agencies preserve may omit fundamental pieces of information which are an integral part of the original electronic records, such as the identity of the sender and/or recipient and the time of receipt." In exploring this issue in more detail, the Appeals Court reasoned that by 1993, nearly 1,000 federal employees had access to Executive Office of the President (EOP) and NSC email systems and apparently used them to "relay lengthy substantive – even classified ‘notes’ that, in content, are often indistinguishable from letters and memoranda." The paper printouts made from an email message would not necessarily contain all of the information associated with the same document that resided on a computer system. "Directories [for deciphering oftentimes cryptic user ID’s and nicknames], distribution lists [which provide simple aliases that might include many users], acknowledgement of receipts and similar materials do not appear on the computer screen – and thus are not reproduced when users print out the information that appears on the screen." Hence, a subsequent reader of the hard copy version may have trouble distinguishing "basic facts" about the document such as its sender, recipient, and time of transmission. And if the electronic version was erased then such contextualizing information would be forever unavailable. In addition, the fact that the electronic version was reduced to a paper copy did "not affect the record status" of the electronic version and render it an extra non-record copy unless the printout "include[d] all significant material contained in the electronic records." The record compiled as a result of the case demonstrated to the Appeals Court that, as currently constructed, a printout and electronic version of a message could not appropriately be called copies of one another and, consequently, the electronic version continued to retain its federal record status even after it had been printed out. As such, "all of the FRA obligations concerning the management and preservation of records" still applied to the electronic version. To the Appeals Court mind, since the defendants’ agencies employees had never been instructed up to the time of the Judge Richey’s January 1993 order to include "integral parts of the electronic record in any paper printout, there is no way [they] could conclude that the original records are mere ‘extra copies’ of the paper printouts." The Appeals Court therefore found that the District Court’s January 1993 ruling was "fully justified in concluding that [the government’s] recordkeeping guidance was not in conformity with the [FRA]." [42] With this ruling the parties entered in settlement negotiations regarding the development of a government-wide email recordkeeping guideline. While at the time this may have appeared to have led all concerned to see the light at the end of the tunnel, new controversies would emerge that would lead to new litigation.
The government's "final rule" on email
was issued in August 1995. By that time the original lawsuit had effectively
run its course and with the issuance of the final guideline Judge Richey
dismissed the case from his court. An earlier draft that was seen to be
more electronic records -- as opposed to paper -- friendly was heavily
criticized by federal agencies causing the final draft to mute references
to electronic recordkeeping. The final rule required agencies to provide
adequate training to staff, instructing them on distinguishing between
records types and on how to transfer electronic mail messages into agency
recordkeeping systems, be they electronic or paper. It also contained the
following stipulations specific to the management of electronic mail. Transmission
data (identification of sender, recipient(s), date sent) had to be preserved
if the message’s context was to be decipherable in the future. Agencies
needed to determine what, if any, other transmission data should be linked
to messages. Lists of nicknames in directories and/or distribution lists
needed to be retained so that the identity of individuals on the system
could be known. And for systems that provided them, read receipts needed
to be preserved as well. Agencies were specifically instructed to not store
copies of federal record email on an email system unless the system: enabled
grouping of related records into relevant categories; permitted "easy and
timely retrieval" of both individual items and groupings; was accessible
to individuals who required access to them; was maintained in a usable
format as specified by a NARA-approved records retention schedule; preserved
transmission and receipt data; and, provided for the transfer of permanent
records to NARA. Agencies whose electronic management of their email did
not meet these standards were required to transfer electronic federal record
email messages to a proper recordkeeping system. Transfers to a paper-based
recordkeeping system required that proper transmission data be attached
to individual messages. The final rule also forbade the destruction of
electronic versions of email messages, whether they were records or not,
without "prior disposition authority from NARA." Once an electronic mail
message was transferred to a recordkeeping system, "identical versions"
such as the remaining electronic copy could be disposed of under General
Records Schedule 20 (GRS 20), which dealt with the disposition of electronic
records. [43] The lesson taken by the government
from the January and August 1993 court rulings was not how to enable electronic
recordkeeping. Rather, it was how to link email to paper recordkeeping
systems by making better paper printouts of email messages that included
the types of transmission data highlighted by the courts.
At roughly the same time that the new final email rules were issued, NARA released a final rule on GRS 20. This new rule provided, in part, for the deletion of electronic versions of records created on word processing and electronic mail systems once a recordkeeping copy had been made and filed into either an electronic or paper-based recordkeeping system. This new GRS 20 was applied for the first time to office automation systems. Previously, General Records Schedule 23 – Records Common to Most Offices within Agencies -- covered such records. [44]
The new reliance on GRS 20 to dispose of "identical versions" of printed messages would lead to a second lawsuit in December 1996, initiated by roughly the same group of plaintiffs who had pursued the PROFS case. [45] The plaintiffs objection to the government’s reliance on a General Records Schedule for disposal of electronic records was that it classified all electronic records as a uniform type of record based on their format, whereas General Records Schedules were supposed to deal with classes of information based on their function.
On October 22, 1997, U.S. District Judge Paul Friedman ruled against the government and declared GRS 20 to be "null and void" and ordered the defendants to "not destroy electronic records created, received or stored on electronic mail or word processing systems pursuant to General Records Schedule 20." Judge Friedman determined that in issuing GRS 20 the Archivist had exceeded his authority under the Records Disposal Act [46] section of the FRA in three ways. First, he inappropriately authorized the destruction of federal agency "program" records under GRS 20 while General Records Schedules were "unequivocally limited…to administrative records." Second, he found that the Archivist "abdicated to the various departments and agencies of the federal government his statutory responsibility under the Records Disposal Act to ensure that records with administrative, legal, research or other value were preserved by federal agencies." And third, he determined that the Archivist was remiss in identifying, as required by the Act, a specified retention period for the electronic records scheduled under GRS20. Friedman, like the District and Appeals Courts before him in the initial PROFS case, underscored the unique value of electronic versions of documents that are not converted to paper printouts. To Friedman’s mind, such electronic records "do not become valueless duplicates or lose their character as ‘program records’ once they have been printed on paper; rather, they retain features unique to their medium." Friedman went on to call the Archivist’s actions in this case:
"... irrational … and one that is necessarily premised on the illogical notion that a paper copy adequately preserves the value of an electronic record. While, in some cases, paper copies may in fact adequately preserve the administrative, legal, research or historical value of an electronic record, there is no rational basis for the Archivist's conclusion that a paper copy invariably adequately preserves such value in all cases and that electronic records never retain any administrative, legal, research or other value once such records have been copied to paper … By categorically determining that electronic records possess no administrative, legal, research or historical value beyond paper print-outs of the same document or record, the Archivist has absolved both himself and the federal agencies he is supposed to oversee of their statutory duties to evaluate specific electronic records as to their value. The Archivist has also given agencies carte blanche to destroy electronic versions without the Archivist's approval when the agency believes they are no longer needed by the agency. Because GRS 20 leaves the destruction of electronic versions of records unchecked by the Archivist, it fails to meet the requirements of Section 3303a(d) [of the Disposal of Records Act]." [47]In December 1997, the government filed an appeal challenging Friedman’s order. As of this writing that court has yet to render an opinion. In April 1998, nearly six months after issuing his rather scathing opinion and order, Judge Friedman answered a motion for action by the plaintiffs and found that the defendants had "flagrantly violated" the above order. At issue were post-October 1997 published issuances by the Archivist in the Federal Register that agencies could continue to rely on GRS 20 to dispose of electronic records despite an order to the contrary that "could have not been more clear." In an order striking the Archivist’s issuances down, Judge Friedman ordered the Archivist to issue a new statement to federal agencies that GRS 20 has been rendered null and void. [48] This order has also been appealed by the government and is set for oral arguments before the Appeals Court on October 20, 1998. [49]
As a means to placate the Judge and develop a resolution for the issues raised by the case, the Archivist of the United States convened an "Electronic Records Work Group" in November 1997 and tasked it with assisting the National Archives in developing a strategy to respond to the Judge Friedman’s October 1997 ruling. It was specifically charged to: review the current version of GRS 20; identify appropriate areas for revision; explore alternatives for authorizing disposition of electronic records; identify methods and techniques that are available with current technology to manage and provide access to electronic records; and, recommend practical solutions for the scheduling and disposition of electronic records. This working group is composed of NARA staff, federal agency records officers, and outside experts. [50]
On July 21, 1998, the ERWG published its draft report. [51] The group's final report and implementation plan is scheduled to be delivered to the Archivist of the United States for his review and approval by the end of September 1998. Given its truncated timescale, the ERWG decided to forego developing guidance for creating, using, and managing electronic recordkeeping systems, though it has recommended to the Archivist that he convene a follow-up expert group to address this issue. The ERWG's draft plan concluded, in part, that the one "feasible alternative approach to GRS 20" was to "schedule…records at the series level." Based on this cornerstone principle the ERWG recommended that the Archivist employ a three-part strategy for scheduling what are now called "electronic source records" -- the actual electronically created originals. [52] According to the draft report, electronic source records are created via software tools -- such as word processing and electronic mail packages -- and are stored on the end-user's computer or on agency servers and not in agency recordkeeping systems that are accessible to other authorized employees. In absence of storage in agency recordkeeping systems, electronic source records "result in files which are incomplete or unreliable." Once these electronic source records are transferred to an agency recordkeeping system, be it paper or electronic, the ERWG proposes that the remaining record on the "originating system" be authorized for destruction by NARA either under a General Records Schedule for administrative records or an agency submitted series-based schedule for program records, as appropriate.
The draft report offers the following three recommendations to replace the voided GRS 20:
GRS 20 lawsuit plaintiffs attorney Michael Tankersley has criticized this options paper. While gratified that the ERWG recommended that program records be separated from administrative records, Tankersley criticized the draft for not providing agency employees with the tools and knowledge to make the "value judgments" as to what exactly should be transferred to a recordkeeping system and what can be safely disposed of. [55]
A careful reading of the decade long litigation synopsized above is that the government's initial argument form a decade ago is, fundamentally, still standing policy -- that, in the absence of electronic recordkeeping systems, "federal record' electronic mail messages need to be printed onto paper and filed into agency recordkeeping systems. The significance of the past and ongoing litigation has been and continues to be, as we shall see, the major driver behind the state of the practice in the email policies evaluated below. The decade-long recognition for electronic recordkeeping systems that are based on the function served by an email message and not its creating technology still presents the recordkeeping professions with its primary challenge. In the words of John McDonald:
"We lack defined business applications that support work processes that are entirely automated, as well as rules and procedures that guide office workers in carrying out their responsibilities for keeping records in the context of these applications. We are restricted to providing them with repositories in which they can file documents of 'records.' The identification or selection of the 'record' and its storage somewhere is addressed as an afterthought and is not a natural result of the transactions associated with the work activity. In the absence of real work process applications, it becomes extremely difficult to make recordkeeping rules, practices, and technologies transparent to the user." [56]
As indicated by the discussion above, there has been a generally recognized policy vacuum for managing email from a recordkeeping perspective even though the significant policy concerns and considerations have been fairly well articulated in the archival and records management writings on the subject for nearly a decade.
Before moving on the analysis it is important to highlight one caveat. It is a bit off the mark to assess email policy without a recognition that email is not often completely dealt with by a single policy. Rather, it is not uncommon for email to be addressed by a series of interlocking policies. Organizations can have several independent yet linked types of policies for dealing with email -- usage policy, backup policy, retention policy, and as a part of a broader electronic records policy. The driver behind this analysis is more oriented towards obtaining a flavor of where the state of the practice by identifying areas of professional consensus and dissensus and to gauge how extant policies address some thorny recordkeeping issues.
As noted in the introduction, this paper
provides a content analysis of thirty-eight records-oriented email policies
(nine from universities, twenty-six from government, and three from the
private sector). [57] And while the sample
thirty-eight policies are by no means comprehensive and provide a mix of
broad policies and recommendations and specific guidances and are particularly
weak for the private sector, they are evaluated in order to draw a preliminary
characterization of records oriented email policies in order to gauge the
variance and convergence of thought on records conscious email policy.
Each policy is analyzed along the following dimensions and sub-dimensions
as a means to develop comparative data:
Filing and Maintaining Records
IDENTIFYING RECORDS
Addresses record status of email?
Not surprisingly, given the records-oriented scope of the policies collected for analysis, there is a universal agreement that email can in fact be used to create and transfer official records, be they the records of a university, government and business. What is less obvious is the degree to which this sentiment is articulated by policy.
Several policies are quite explicit on this point and cite the conditions under which an email can achieve "record" status while others merely indicate that, yes, in fact, email can be an official organizational record. Under the best of circumstances, several policies go so far as cite specific legal mandates that explicitly link email with official records. The University of West Florida, for example, points out that the determination that email is a record is based on a decision by the state's Attorney General and the Wisconsin's state-wide policy directs readers to a specific citation in the state's statutory code to underscore under what circumstances email may qualify as a public record.
Common points made in policies are that the technology/format of email is inconsequential to its potential recordness and that the decision process of whether or not an email is a record should be the same as for other more familiar paper-based technologies. Several policies point out that what is significant for the record status of email is whether or not it is "work related" or made in the course of a "business transaction." This last contention is forcefully stated by the Archives Authority of New South Wales: "An electronic message is a form of business communication. The sending of an electronic message is a business transaction and therefore a record….Records sent or received by a government employee in the course of official duties are to be treated as official records."
In the best of circumstances an email policy should not only claim that an email message can be a record, but provides the end-user with the legal rationale -- the recordkeeping warrant -- and the specific circumstances under which an email can be an organizational record.
Distinguished records from non-records?
While there was universal agreement that, under certain circumstances, email can be an official organizational record, roughly 60% of the policies examined went so far as to provide some form of assistance of varying value for making this determination. Some merely stated that it was up to the end-user to make sure that they distinguished records from non-records without providing any criteria for arriving at a determination, while others provided detailed distinctions between the two [Normally, governmental policies were far more likely to provide this type of advice.]. And yet others provided defining criteria for either records or non-records but not both, thus leaving it up to the end-user to base their determination on negative evidence for what something wasn't as opposed to what is actually was.
Of the more robust guidances for distinguishing between records and non-records some polices provided areas of activity that would create records while others listed documentary forms that would qualify as records. The following are examples of the types of activities and documentary forms provided for identifying records: formulations and executions of policy; approvals for a course of action; documents that initiate, authorize, or complete business transactions; preparation of position papers and reports; policies; directives; decisions; work schedules; drafts circulated for comments or approval; final reports or recommendations; correspondence, memos, or messages about agency business; and, agendas and minutes of meetings.
On the other side of the balance sheet, it was generally noted that "non-records," sometimes also termed "transitory records," were associated with "non-business related" information and strictly personal messages. These were characterized by the New York State Archives and Records Administration's guide, which served as a general template for some of the other policies analyzed, as "extra copies of documents used for convenience of reference, library and museum material preserved for reference or exhibition purposes, and stocks of publications or blank forms; personal messages and announcements not related to official business; copies or extracts of documents distributed for convenience of reference; phone message slips; announcements of social events, such as retirement parties or holiday celebrations…" and by the University of Florida as messages "created primarily for the informal communication of information, as opposed to communications designed for the perpetuation or formalization of knowledge….[Such non-records] do not set policy, establish guidelines or procedures, certify a transaction, or become a receipt." (For a discussion of records and non-records issues see particularly the policies of the Australian Government, the states of Wyoming, South Carolina, New York, and the U.S. State Department and Centers for Disease Control).
Clearly, provisions for distinguishing between records and non-records are more compelling and understandable to end-users when they not only identify such items in reference to types of business activities undertaken by the organization, but also provide examples, when appropriate, linked to particular documentary forms. Both will be crucial for educating users on this issue.
Defines what a record is?
About sixty percent of the policies examined provided either: a specific definition of what a record is; a specific pointer to such a definition; or, characterized the attributes as to what makes a record a record beyond the confines of a particular statutory context.
Citations to formal definitions can be seen in the University of Arizona policy which refers end-users to an specific section in an online manual that provides records related definitions.
The provision of actual definitions drawn from the law was found to be particularly common in U.S. federal government policies that cited verbatim the definition of record contained in the Federal Records Act: "all books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the United States Government under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, function, policies, decisions, procedures, operations, or other activities of the Government or because of the informational value of data in them." This definition has served as the model employed by various states throughout the U.S. and is evident in several U.S. state-based policies and state educational institutions in the University domain. For example, the University of Florida, citing Chapter 119 of the Florida Statutes, defines public records as: "All documents, papers, letters, maps, books, tapes, photographs, films, sound recordings, data processing software or other material, regardless of physical form, or characteristics, or means of transmission, made or received pursuant to law or ordinance or in connection with the transaction of official business by any agency."
The third and last category of records definitions in the policies examined is the characterization of the attributes -- the content, structure, and context -- that enable an email message to "function effectively as a record." This type of clarification was found to exist solely in policies from Australian governments. Australia's Archives Authority of New South Wales, for example, states that electronic mail records "require the preservation of their structure, context, and content. Structure refers to the software instructions for the layout (format) of the message and the links to attachments and related documents for a particular transaction. Content refers to the content of the message as received. Context refers to the information documenting the source and destination of the message meaning." Context can be derived in part from the header information of an email message. In its email regulations, the U.S. National Archives states that it will "continue to work with agencies" to ensure that their use of office automation systems preserves the content, context, and structure of records produced on them, implying that these attributes are essential for understanding records.
Another type of records definition that extends beyond a particular legal context is also witnessed in the definition provided by the International Monetary Fund: "Official records are those created or received by the Fund in the transaction of official business, or in pursuance of legal obligations, and which provide a basis for individual or institutional accountability, ensure operational continuity, or protect legal interests." Since private businesses do not have legislatively produced definitions for records, the IMF policy is likely indicative of the rationale in this domain for identifying what is and is not a company record. However, given the paucity of private sector email policies examined this is merely a conjecture.
A clear and precise definition for records is essential for end-users. Email policies will be more effective if they can define records within the specific legal framework in which the organization operates. The explanation and illustration that records require preservation of their content, structure, and context will serve as additional clarification of the constituent elements of an email message that help it signify and retain it record value.
FILING AND MAINTAINING RECORDS
Print or electronic?
Nearly 90% of all the policies examined discussed the issue of the appropriate format for retaining and managing email messages. These broke down into two broad categories: those that told end-users to print out their record email onto hard copy; those that listed options for email records management, including hard copy and electronic storage. No assistance, though, is provided on enabling electronic recordkeeping systems other than listing their necessary attributes.
The primary rationale cited for directing users to print out and file their record email was the absence of actual tools for electronic recordkeeping and the inherent instability of the electronic medium. In the words of the U.S. National Archives: "the lack of commercial off-the-shelf technology and the expense of custom developed solutions make electronic preservation of all e-mail records of the volume produced by the Federal Government impossible at the present time. For many agencies to fulfill their responsibilities immediately under the Federal Records Act they must print their e-mail records because no alternative currently exists."
While, it was asserted by the Smithsonian Institution's policy that "advances in electronic document management systems soon will provide a basis for preferring electronic rather than paper retention of email messages," clearly the state of the practice is to reduce electronic messages to hard copy for filing into paper-based recordkeeping systems. (This sentiment was expressed in a number of policies, including: Eastern Washington University; the University of California; Oregon State University; Alaska's Fairbanks North Star Borough, the National Archives or New Zealand; the Reserve Bank of Australia; the state of Wyoming; and the U.S. Department of State.)
Several U.S. federal policies provided more specific guidance that in printing out a message for retention, it was critical that 'transmission data" such as the message date, the sender, the addressee(s) and the recipient(s), be part of the printout. (See particularly the policies of the U.S. National Archives, Centers for Disease Control, Departments of Commerce and Interior, and the Panama Canal Commission).
A second set of policies provided a more agnostic perspective on the appropriate format for preserving email records. For example, the British Columbia Archives and Records Service directs users to convert record email to the "most suitable storage medium for retention (e.g., bond paper, microform or electronic format)," while the policies of the University of Florida, University of West Florida, Australia Commonwealth Government, and the state of Oregon, provides users with more specific instruction on the print to file and the electronic storage options. The University of Florida policy states:
"While methods for reviewing, storing or deleting e-mail vary, you can comply with the retention requirements of the public records law by doing one of the following:1.Print the e-mail and store the hard copy in the relevant subject matter file as you would any other hard-copy communication. Printing the e-mail permits you to keep all information on a particular subject matter in one central location, enhancing its historical and archival value. If you choose this method, you may wish to set up your e-mail account so that it does not log outgoing e-mail by default. This will require you to not only print each public record message you send but also determine when you send the e-mail whether it must be saved under the public records law. You must also determine if incoming e-mail must also be printed before being deleted from your system. 2.Electronically store your public record e-mail according to the conventions of your e- mail system and retain it electronically pursuant to the university's retention schedules….The technical details and methods of storing, retrieving and printing your e-mail depend on the e-mail system you use. Consult with your LAN administrator, or departmental computer support personnel, for details."South Carolina adds another option to this mix. It informs users that they can also employ a combination of paper and electronic storage.
While the above policies do not stipulate a preferred storage format they also do not provide details on how exactly one would go about creating an electronic recordkeeping system. As a result, these organizations will likely adopt a paper-oriented system by default.
The Archives Authority of New South Wales was the only policy reviewed which pushed the electronic recordkeeping system option as the preferred means for retaining email. However, it also permitted agencies to print out record email if they were unable to implement electronic recordkeeping.
South Carolina's policy provided a bit more detail on the advantages and disadvantages of an electronic system for email retention, with the disadvantages seemingly outweighing the advantages. Advantages included the "consistently easy access to organizational records," while disadvantages included the need to "design a filing structure that can support both operational and recordkeeping requirements," the requirement to "coordinate filing systems for records in paper and electronic formats," the need to adopt "standard practices to define documents, establish directories, and develop naming conventions for files," and planning for " the possibility of conversion and migration as hardware and software become obsolete."
Finally, the Panama Canal Commission has provided a detailed listing of the attributes and requirements for an electronic recordkeeping system which would enable users to "control the creation, identification, storage, accessibility, retrievability, integrity, security, and disposition of the records in the system:"
As is obvious from the discussion for this section, the recordkeeping professions appear to be nowhere close to enabling electronic recordkeeping systems for email management. The print and file option is, by default, the state of the practice, though unstated in all of the policies examined is the requirement
that enough printers be available to all employees creating email records. The print to file option becomes a true disincentive if the end-user has to travel any distance to retrieve their printout and then travel again to file it into an organizational email system. The need to develop electronic recordkeeping systems is the single most important electronic records priority for the recordkeeping professions.
Filing suggestions?
Roughly three-quarters of the policies examined provide some discussion for filing email messages. Such polices have been found to be concentrated primarily with the government domain.
As discussed in the previous section on print versus electronic retention of email records, several policies commented on the explicit need to ensure that transmission data are filed with the specific email records they belong to (see the U.S. National Archives and Wyoming state policies on this point), and that to ensure their proper management, email records need to be filed within recordkeeping systems which provide for the "grouping of related records into classifications according to their business purposes, permits easy and timely retrieval in a usable format for varying periods of time, and can be accessed by individuals who have a need for them." (Smithsonian Institution) On this issue, the Panama Canal Commission points out that an "email system is designed for convenient and efficient agency communication and not as a system for storing agency records for their entire life cycle (creation, maintenance, and disposition). Before deleting from the email system, email records must be copied or moved to an appropriate recordkeeping system for maintenance and disposition." (Panama Canal Commission). The U.S. National Archives suggests that federal agencies factor in the following when "developing procedures for the maintenance of electronic mail records in appropriate recordkeeping systems, regardless of format:"
Provide for the grouping of related records into classifications according to the nature of the business purposes the records serve;
Mirroring the discussion on electronic vs. paper management of email, the Delaware Public Archives provides three options for filing email records: on-line storage permits the retention of email messages directly within the email application; near line storage provides for the retention of email messages into an electronic recordkeeping system; and, off-line storage for maintaining email messages in the paper environment. Regardless of the option selected, the policy notes that for "records created by email systems [to] be located and retrieved when required" they must be managed via "standardized naming conventions and filing rules….Email messages should be indexed in an organized and consistent pattern reflecting the ways in which records are used and referenced." This was one of the few policies underscoring the importance of naming conventions for file management.
Several policies examined required that once a "recordkeeping " copy of an email record has been filed the remaining version can and should be deleted. The Illinois, New York State Governor's Task Force on Information Resources Management, and the U.S Department of the Interior policy speaks directly to this point. As a means of ensuring timely deletion and retention into recordkeeping systems, the state of Wisconsin suggests that agencies "advise users at the end of each calendar quarter that any e-mail messages aged older than…90 days will be deleted from the system on a given date."
A couple of policies provided criteria or suggestions for email filing systems. Wisconsin argues that setting up email folders which "mirror" paper filing systems is one way to manage email. Canada's Alberta Community Development policy recommends the creation of "parallel electronic filing systems" on institutional servers and the Australian Commonwealth Government suggests encouraging users to store their messages on "client servers rather than hard disks" as one means for controlling email management. The British Columbia Archives and Records Service suggests to users that record email be categorized according to its pre-established classification system, and the University of Kentucky, Lexington directs users to arrange their email folders into three simple categories: 1.personal folders for non-work-related messages; 2.non-permanent work folders; and, 3.permanent work folders. Finally, the International Monetary Fund and Australian Archives provide quite specific rules for email folder management that are tailored to their specific technological context.
While the discussion of email filing trod
over some similar territory as the paper versus electronic management discussion,
it too underscored the problems associated with email retention in absence
of electronic recordkeeping systems.
Discusses how to handle attachments?
Surprisingly, less than one third of the policies examined had any substantive commentary on the management of attachments to email messages. These ranged from the admonition to not use attachments, to the need to print out and file attachments if they meet the definition of a record or to delete them if they do not.
The U.S. Centers for Disease Control (CDC) suggests to its employees to "avoid" sending attachments. If an attachment is "necessary" the CDC suggests the following options in order of preference, along with suggestions for file naming conventions for each option: send the attachment as an ASCII file; send it as a Word Perfect file; send it in its original format but avoid sending "graphics, images, pictures that don't convey unique and necessary information."
The most prominent attachment option in policies that included one called for printing and filing the attachment in hard copy if it qualified as an official record. The U.S. Department of Commerce requires that the "record documentation" associated with the attachment include the email message it is attached to along with "essential transmission data" such as its sender, recipient(s) and an indication of when it was sent. This sentiment is also expressed in the policies issued by the U.S. National Archives (which originated this policy requirement for the government), and the U.S Departments of Interior and State.
The Delaware Public Archives and the state of Oregon have provided more precise filing instructions for attachments. Delaware suggests that end-users "[e]nsure that all attachments and associated files are referenced in the text of the message, and that the files are stored in the same directory as the text of the message," while Oregon requires that "attached records…be filed according to their function and content…" So doing will ensure that attachments "will assume the retention of the records they are filed with." Finally, the state of Wisconsin suggests that agencies take special precautions against viruses when dealing with attachments, such as submitting them to virus detectors before opening them.
Despite the fact that attachments have
become a standard feature in email software packages, most extant records-oriented
email policies have failed to recognize and account for them. All email
policies should have a standardized means for associating "record" attachments
with their originating message to establish essential contextual knowledge
about them as well as provide guidelines on filing and managing them.
Discusses how to handle encryption?
Only about 15% of the thirty-eight policies examined had anything to say about encryption. Interestingly, of the four of the six policies that do discuss this technology come from the University domain.
Both Eastern Washington University and the University of California note that the issues raised by use of encryption are not well enough understood at the present time to necessitate the creation of a specific policy statement on encryption. The University of Arizona policy suggests to its employees that they not use encryption to store University email since encryption is "not in widespread use" as of the date of the policy -- March 1998. The University also requests that encryption not be used since its email is subject to public records law, seemingly indicating that encrypted email can create records management and access complications. The University of West Florida also addresses the relationship between encryption and public records law. Instead of forbidding its use outright, this policy strongly reminds users that if encrypted information meets the criteria of a public record it must be made available in accordance to the state's sunshine law and that this would necessitate providing the requester "with the software and key to read such data." Such a stipulation would seem to provide a real disincentive for employing encryption.
Only the Wisconsin state policy links the potential use of encrypted digital signatures as a means of ensuring a document's authenticity by powerfully limiting the ability of a third party, or even the recipient, from massaging the text of the original.
While the discussion of encryption is rather sparse in the policies examined, they do raise quite significant and potentially conflicting issues of ensuring access over time while preserving the integrity of the original. The impact of encryption on email, and electronic records in general, is clearly an avenue needing further thought and illumination.
Link to records schedule?
Roughly 80% of the policies examined provide some discussion of scheduling records created via email, though most of these did not refer to a specific schedule. Several policies informed users that no email record could be destroyed unless destruction was covered by a previously approved records schedule (See for example, New York State Archives and Records Administration, Canada. Alberta Community Development U.S Department of the Interior). Several other policies also articulated the fact that email retention should not be based on the format upon which email is created but rather upon whether or not email created records are of an administrative or program nature. Administrative records were generally found to be deletable after their administrative value expired, while program records needed to be scheduled based upon what series they were part of. (For example, see the policies of the Oregon State University, University of Washington, University of West Florida, South Carolina, Wisconsin, Australia's Commonwealth Government, and the Delaware Public Archives) In the words of South Carolina's policy: "Generally, records transmitted through email systems will have the same retention periods as the same records in other formats. Email letters and memos, for example, will be retained and disposed of according to the retention periods established for various types of correspondence. Many email messages, especially those that include attachments, will be part of a distinct records series and will be retained and disposed of according to the retention period established for that series."
Several policies provided general disposition instructions or pointers while relatively few provided for specific guidance to end-users.
General statements appear to exist so prominently due to the wide variety of records and non-records uses email can be employed for. Since email is not a record type that can be uniformly scheduled, most statements referred end-users to the body of potential records schedules that could apply without highlighting specific ones. General instructions/pointers can be found in the following kinds of statements:
Agencies subject to the Archives Act, 1960 should dispose of electronic messages as records in accordance with the provisions of the Act. (Archives Authority of New South Wales)
While the Delaware Public Archives' email policy reiterates what as been said previously, that it is "record and its content and function, not the media, which drive retention and disposition decisions," it also informs its users that "the same record created in both paper and electronic format may have a different retention requirement for each format," underscoring the tensions evident in the GRS 20 lawsuit discussed above.
Three of the policies examined -- University of Arizona, Oregon State University and the University of Washington -- are actual email retention policies.
The University of Arizona policy identifies the components which must be included in retention and disposition schedules applicable to email systems and services when official email records are maintained in electronic format: name of the recordkeeping system; hardware upon which the system resides; operating system used; user interface employed; application software used; external environment interface employed; external environment used; purging criteria; and reports or other internal documents output from the system.
Again, the degree to which scheduling is discussed is partly a reflection of the myriad of purposes to which email can be put and the assorted records retention values they can exhibit.
Discusses long-term preservation and archiving?
Just under half of the policies examined provided any discussion on the issues associated with long term preservation and archiving of email. These policies generally dealt with the preservation problem from three perspectives: identifying the problems associated with longevity; mandating that archival value email be printed out and filed; and, the underscoring the unsuitability of backup tapes as an archiving strategy.
On the issues of longevity, Eastern Washington University, the University of Arizona, and the Australian Commonwealth Government note that, in general, it is impossible to ensure the longevity of electronic mail records due to the rapid rate hardware and software obsolescence. The University of Arizona provides the following strategy options for mediating these difficulties: "migrating all official email records to the next generation of hardware or software;…migrating only current official email records to new hardware or software; or converting official email records not migrated to other media (e.g. optical disk, COM) for short term storage or to eye readable form (i.e., paper or microform) for long term storage and preservation." The Australian policy underscores the need to organizations to establish archiving strategies for email such as media "refreshing" and migration as "[a]rchived records are critical and significant to the business operations of agencies and the community generally, in the short and the long term…" To their mind, archival records "must be managed pro-actively" in order to remain "accessible and authentic over time…." The New York State Archives and Records Administration policy points out an extremely valuable position for archiving email -- namely that it is something that has to be considered as part of the design of any recordkeeping system and is not something that can be approached after the fact in a suitable manner.
A handful of the policies examined indicated that only by printing to paper will email be preservable over the long term. The Universities of Arizona and California point out that, to their thinking, electronic versions are more susceptible to intentional or inadvertent alteration that are paper printouts. More significantly, they both comment that their state requirements "mandate transferring (if possible) official e-mail records to a more lasting medium/format, such as acid-free paper or microform, where long-term retention and preservation is required." Oregon State University states that its University Archives "cannot accession or provide reference services to records in electronic format" and thus commands that archival value email be printed out. The U.S. State Department likewise expresses the same sentiment, pointing to the underdeveloped nature of electronic preservation technology. And the Alaska Fairbanks North Star Borough asserts that the "best way to ensure long term retention" is to print out email and file it with other paper-based files."
At least four of the policies examined pointed out that while backups are valuable from a disaster recovery perspective, they are quite ill-suited for archiving email. MCI's corporate email retention policy points out that "e-mail is a tool to facilitate daily communications between employees for current business, not an archival storehouse for noncurrent communications."
The prominence of the print to paper policy for archival purposes reinforces the point made earlier that the recordkeeping professions primary electronic records objective should be developing and testing electronic recordkeeping systems.
GENERAL
Identifies entity responsible for the policy?
Roughly one-third of the policies examined had specific and explicit assignment of the party responsible for their email policy. In many of the other policies examined the responsibility can be implied based on corporate authorship or its Web address if it resides on the Internet. However, from the perspective of a user a clear unambiguous statement of responsibility provides a reference point for contact to resolve any questions or confusions of meaning.
Strong and clear statements of responsibility can be found in the policies of Eastern Washington University, the University of California, and the University of West Florida, and the Archives Authority of New South Wales:
"Vice Provost for Information Resources is responsible for the development, maintenance, and publication of this policy, through the proper University governance and policy formulation mechanisms." (Eastern Washington University)Other, broader policy guides, such as those from the New York State Archives and Records Administration (NYSARA), the New York State Governor's Task Force on Information Resources Management, and the state of Wisconsin, have tasked specific parties to be responsible for policy:"The Associate Vice President, Information Resources and Communications (IR&C) in the Office of the President is responsible for development and maintenance of this Policy for issuance by the President." (University of California)
"The University's Information Resources Manager (IRM) is responsible for the maintenance and publication of this policy and for periodic reviews to assess its continued effectiveness and viability." (University of West Florida)
"Enquiries regarding this policy should, in the first instance, be directed to: Government Recordkeeping, Archives Authority of New South Wales." (Archives Authority of New South Wales)
"[To] prevent conflicting directives and confusion about responsibilities, written policies should identify the individual or office responsible for each element of e-mail policies and services." (NYSARA)"Program unit managers and supervisors will develop and/or publicize record keeping practices in their area of responsibility including the routing, format, and filing of records communicated via e-mail." (New York State Governor's Task Force on Information Resources Management)
"Agencies are responsible for assisting users to manage their records by providing technical means and advice to implement records management policies. Such implementation should involve agency-level management activities designed to assist all workers, as well as specific techniques for end users. (Wisconsin)
Clearly, the identification of a responsible party, with contact information, for developing and overseeing policy should be a clearly articulated component of any email policy.
Identifies sanctions for non-compliance?
Very few of the policies examined -- roughly a handful -- indicated that there were consequences for violating policy. These were primarily based in the University domain. Violations here could result in the "restriction of access to University information technology resources" and could lead even to dismissal depending on the seriousness of the violation (Eastern Washington University and the University of California). The strongest and clearest indication of consequences for violation -- in this case illegal records destruction -- can be found in the U.S. Department of Interior's policy, which alerts users "who willfully and unlawfully conceal, remove, mutilate, obliterate, falsify, or destroy Federal records [that they] shall be fined not more than $2000, and/or imprisoned not more than 3 years, and forfeit Federal office, and be disqualified from holding Federal office."
Several other policies, while not identifying explicit sanctions for inappropriate usage, either listed actions that could be considered violations of policy or provided for the periodic review of organizational compliance with the policy.
Canada's Alberta Community Development's policy informs users that it would be an offense "under the Freedom of Information and Protection of Privacy Act, Section 86(1)(e) to willfully destroy any records, including e-mail and back-up tapes, with the intent to evade a request for access to the records of a public body." Likewise, Delaware's Public Archives' policy reminds users that destruction of a public record "without a formal retention period being established for the record through an authorized records retention schedule, and without following records disposition procedures" is an illegal act, though the consequences remain unknown.
Several U.S. federal government-based policies provide detailed information on the means by which policy implementation will be reviewed, but again, no indication is given as to what the consequences of a poor review would be, if any. The U.S. National Archives guidance directs agencies to "periodically evaluate" their "records management programs relating to records creation and recordkeeping requirements, maintenance and use of records, and records disposition" in order to judge how well staff are implementing policy and adhering to regulations governing email usage. The U.S. Centers for Disease Control policy provides for an "internal control review" every three years "to assure overall compliance with the agency email policy for storing and recording emails which meet the definition of an [federal] record, to test management controls for training and knowledge of personnel, and for the development and maintenance of documentation." The review consists of interviews with employees to evaluate the adequacy of user training and knowledge of their obligations as well as the physical examination of files to ensure that federal records are properly identified and stored.
While it can certainly be debated as to the effectiveness of the carrot and stick approach to email policy compliance, all users should be clearly informed of potentially illegal uses of email as well as any sanctions that could result. And periodic reviews can provide a clear means for evaluating whether policy is just empty words or if organizational employees are actually following it. The goal of a review could help assess particular strengths and weaknesses in existing policy as well as highlight potential legal risks placed on the organization if crucial components are not being complied with.
Defines terms used in the policy?
Only about one-third of the policies examined provided precise definitions of some of the relevant terms used in the policy. What was surprisingly quite rare was a separate glossary for terms employed in individual policies.
Many policies simply provided definitions for understanding the distinctions between records and non-records (University of California, University of West Florida, World Bank) while other provided descriptions of other essential aspects of email management. For example the Australian Commonwealth Government and the Archives Authority of New South Wales provide definitions for terms such as recordkeeping and recordkeeping systems. The U.S. National Archives includes, among other terms, definitions for electronic mail system, electronic recordkeeping system, transmission data, and receipt data, as a means of identifying the attributes of recordness. And the U.S. Department of Interior policy goes so far as to extend the definitions into broader and probably not widely understood records management concepts and tools as agency records schedules, disposition, general records schedules, recordkeeping requirements, retention period, and scheduled records.
While individual institutions need to determine
what is an appropriate depth and scope for terms definitions, including
a wide range of recordkeeping terms will provide for a clearer policy from
the reader's perspective as well as providing a succinct education to users
on key recordkeeping functions and tools.
CONCLUSION
While the above discussion provides much food for thought and rich detail as to where the recordkeeping professions state of thinking is in crafting email policy, it does not address the issue of compliance -- it merely evaluates what policies are saying and not whether they are being followed. It is only hoped that policy creators are conducting reviews and policy audits to determine how well their email policies are being implemented at the desktop level.
The effectiveness of the dominant practice of printing to paper of email records is highly contingent upon the easy and wide availability of printers to end-users. A print to paper policy can be a road to disaster if it too is not being carefully monitored and regularly audited and there is no indication that it is in fact a successful strategy for the profession.
Finally, the one clear message that rings across the literature and the extant policies is the glaring absence of electronic recordkeeping systems. While its need has been recognized for over a decade there is no evidence that any fundamental progress has been truly made. It would appear that everyone recognizes and calls for their need while they wait for someone else to come up the solution. Such an absence underscores the value of research, analysis, development, and professional communication for our field. When electronic recordkeeping systems are developed and deployed they will have to do so in specific reference to the recordkeeping context in which they reside. It is quite unlikely that such systems will be easily integrated into organizations in absence of customizations accounting for the various functions, terminologies, and series evident in organizations across society. There are no magic bullets, only context-sensitive desktop and system level implementations.
ENDNOTES
[1] Forrester Research, Inc., "The E-Mail Explosion" (Forrester Research, Inc., 1997). Press release statistics cited in: Managing E-mail as Records. Managing Electronic Records Seminar at the University of Texas at Austin's Graduate School of Library and Information Science, Technology Summer Camp, 1997. Available July 14, 1998 at: http://www.gslis.utexas.edu/~scisco/lis389c.5/email/index.html
[2] Jean Samuel, "Electronic Mail: Information Exchange or Information Loss?" In Seamus Ross and Edward Higgs (eds.) Electronic Information Resources and Historians: European Perspectives (St. Katharinen, Germany: Max-Planck-Institut für Geschichte, 1993), pp. 62-63.
[3] U.S. Executive Office of the President. Office of the Vice President, Reengineering Through Information Technology -- Part I, May 27, 1994.
[4] North Dakota. Senate, Senate Concurrent Resolution 4024, (1997 ND S.C.R. 4024), February 26, 1997. Available July 14, 1998 at: http://www.state.nd.us/lr/memos/99041.html.
[5] Heather Harreld, "NASA Orders All E-mail Destroyed," Federal Computer Week, June 2, 1997. Available March 5, 1998 at: http://www.fcw.com/pubs/fcw/1997/0602/fcw-nasa-6-2-1997.html. NASA's policy might very well have been in direct contradiction to five years of federal court rulings on U.S. government email records if its guidelines to employees did not adequately inform staff of their recordkeeping obligations and if their printouts did not suitably represent the electronic versions. An indication that inadequate policy guidance was given to NASA employees is seemingly evident in NASA's statement that: "Because all official email can be the target of a number of public and legal disclosure instruments, and as the government's definition of 'records' is difficult to interpret…the agency has...stipulated that all email files (central store only) [that] are older than 60 days must be erased automatically."
[6] Michael J.D. Sutton, Document Management for the Enterprise: Principles, Techniques, and Applications (New York: John Wiley & Sons, Inc., 1996), p. 100.
[7] Rick Barry, "Email Legal Status." Message posted to the Australian Archivists (aus-archivists) listserv on March 31, 1998.
[8] Managing E-mail as Records. Managing Electronic Records Seminar at the University of Texas at Austin's Graduate School of Library and Information Science, Technology Summer Camp, 1997. Available July 14, 1998 at: http://www.gslis.utexas.edu/~scisco/lis389c.5/email/index.html.
[9] Australia. Commonwealth Government, Managing Electronic Messages as Records. Available July 1, 1998 at: http://www.aa.gov.au/AA_WWW/AA_Issues/EMcontents.htm; New York State Archives and Records Administration, Managing Records in E-Mail Systems, (New York: New York State Archives and Records Administration, 1995). Available July, 1, 1998 at: ftp://ftp.sara.nysed.gov/pub/rec-pub/state-rec-pub/.
[10] U.S. National Archives and Records Administration, Email Systems -- Final Rule, August 14, 1995. Available July 1, 998 at: gopher://gopher.nara.gov:70/00/managers/federal/emailreg.txt.
[11] Michigan. Washtenaw County, Internet and E-mail Policy, Resolution 96-0159, August 7, 1996.
[12] Cyberspace Law Institute, Company Email Policy: Assemble a Policy. Available July 15, 1998 at: http://www.cli.org/emailpolicy/assemble.html.
[13] Stephanie Stahl, Dangerous E-Mail -- Companies Are Finding That E-mail Indiscretions Can Leave Them Legally Vulnerable. August 12, 1994 Available July 1, 1995 at: http://www.gsia.cmu.edu/bb26/70-456/projects/email/link_e.html. The threats posed by email are also addressed in: Frances Lynch, "Why Your Company Needs Written Email Policy," The Boulder County Business Report, 15 (No. 6, June 1996). Available June 25, 1998 at: http://www.bcbr.com/jun96/mailcol2.htm; and, Samuel A. Thumma and Patricia A. Hubbard, "Why Every Company Should Have a Written Electronic Mail Policy," Excerpted from the Arizona Business Gazette, October 17, 1996. Available June 30, 1998 at: http://www.brownbain.com/new/email_policy.html.
[14] John H. Jessen and Kenneth R. Shear, The Impact of Electronic Discovery on the Corporation. (Electronic Evidence Discovery, Incorporated, 1996).
[15] Delaware Public Archives, [Electronic Mail Policy Guidelines], Draft, February 1998. It should be pointed out that despite its public government orientation, the cited quote can be equally applied to any organization by replacing "public records" with "official organizational records."
[16] John McDonald, "Managing Records in the Modern Office: Taming the Wild Frontier," Archivaria 39 (Spring 1995), pp. 70-72.
[17] Carol Elizabeth Nowicke, "Managing Tomorrow's Records Today: An Experiment in Archival Preservation of Electronic Mail," The Midwestern Archivist XIII (No. 2, 1988), pp. 67-75.
[21] World Bank. Information Technology and Facilities Department. Task Force on Electronic Records Management Information, "Developing Guidelines for Electronic Records," September 1989. In: United Nations. Advisory Committee for the Co-ordination of Information Systems (ACCIS), Management of Electronic Records: Curriculum Materials (New York: United Nations, 1989), pp. 138-146.
[24] T. K. Bikson and S.A. Law, "Electronic Information Media and Records Management Methods: A Survey of Practices in UN Organizations," The Information Society 9 (No. 2, 1993), pp. 125-144.
[28] United Nations. Advisory Committee for the Coordination of Information Systems, Management of Electronic Records: Issues and Guidelines (New York: United Nations, 1989), pp. 17-34. A short version of this policy report can be found in: David Bearman, Electronic Evidence; Strategies for Managing Records in Contemporary Organizations (Pittsburgh, PA: Archives and Museum Informatics, 1994), pp. 72-116. Page citations to this text are drawn from the Electronic Evidence version.
[30] Ibid., pp. 112-113. In a later article, Bearman again reiterated the significant role policy can play for managing electronic mail, underscoring many of the key insights derived in the UN report and integrating them into the analytical frame deployed in the University of Pittsburgh's project on functional requirements for evidence in recordkeeping. See: David Bearman, "Managing Electronic Mail," Archives and Manuscripts 22 (No. 1, May 1994), pp. 28-50.
[31] Christinger Tomer and Richard J. Cox, "Electronic Mail: Implications and Challenges for Records Managers and Archivists," The Records and Retrieval Report 8 (No. 9, November 1992), pp. 3-4.
[33] Rick Barry, "Email messages ARE Organizational Records!" Undated. Available July 14, 1998 at: http://www.cpsr.org/program/emailpolicy.html.
[34] New York State Archives and Records Administration, Managing Records in E-Mail Systems, (New York: New York State Archives and Records Administration, 1995). Available July 1, 1998 at: ftp://ftp.sara.nysed.gov/pub/rec-pub/state-rec-pub/.
[35] ARMA International. Electronic Mail Guideline Task Force, Electronic Mail Guideline, Draft (May 1998), p. 6. Michael J.D. Sutton, Document Management for the Enterprise: Principles, Techniques, and Applications (New York: John Wiley & Sons, Inc., 1996), also recognizes these concerns and adds that "policy must also cover how email attachments are added or expunged from the corporate repository." See page 100.
[38] Armstrong, et al. v. Executive Office of the President, et al. (Civil Action No. 89-0142), Supplemental Brief in Support of Defendants’ Motion for Summary Judgment, June 12, 1992.
[39] Armstrong, et al. v. Executive Office of the President, et al. (Civil Action No. 89-0142), Plaintiffs Opposition to Defendants’ Motion for Summary Judgment and Memorandum in Support of Cross-Motion for Summary Judgment on the Adequacy of Defendants’ Recordkeeping Guidelines and the Archivist’s Failure to Perform His Statutory Duties, July 6, 1992.
[40] Armstrong, et al. v. Executive Office of the President, et al. (Civil Action No. 89-0142), Reply Memorandum in Support of Defendants’ Motion for Summary Judgment and in Opposition to Plaintiffs’ Cross-Motion for Summary Judgment on Counts II and IV (Recordkeeping and Archivist’s Duties), August 8, 1992.
[41] Armstrong, et al. v. Executive Office of the President, et al. (Civil Action No. 89-0142), Opinion, January 6, 1993. (810 F.Supp. 335).
[42] Armstrong et al., v. Executive Office of the President, Office of Administration et al., (Civil Action Nos. 93-5002, 93-5048, 93-5156, 93-5177), Opinion, August 13, 1993. (1 F.3d 1274). A strong critique of the government's actions in the case can be found in: David Bearman, " The Implications of Armstrong v. the Executive Office of the President for the Archival Management of Electronic Records," American Archivist 56 (Fall 1993), pp. 674-679.
[43] U.S. National Archives and Records Administration, “Electronic Mail Systems, Final Rule,” Federal Register, August 25, 1995, pp. 44633-44642.
[44] United States. National Archives and Records Administration, “General Records Schedule 20 -- Disposition of Electronic Records,” August 14, 1995. Available June 1, 1998 at: gopher://gopher.nara.gov:70/00/managers/federal/grsfr.txt. NARA rationale for their position is captured in the following passage: “For records to be useful they must be accessible to all authorized staff, and must be maintained in recordkeeping systems that have the capability to group similar records and provide the necessary context to connect the record with the relevant agency function or transaction. Storage of electronic mail or word processing records on electronic information systems that do not have these attributes will not satisfy the needs of the agency or the needs of future researchers….Search capability and context would be severely limited if records are stored in disparate electronic files maintained by individuals rather than in agency-controlled recordkeeping systems. Furthermore, if electronic records are stored in electronic information systems without records management functionality, permanent records may not be readily accessible for research. Unless the records are adequately indexed, searches, even full-text searches, may fail to find all documents relevant to the subject of the query. In addition, numerous irrelevant temporary records, that would be segregable in systems with records management functionality, may be found. Agency records can be managed only if they are in agency recordkeeping systems….The respondents who [criticized GRS 20] mistakenly concluded that the proposed GRS 20 authorized the deletion of valuable records. On the contrary, GRS 20 requires the preservation of valuable records by instructing agencies to transfer them to an appropriate recordkeeping system. Only after the records have been properly preserved in a recordkeeping system will agencies be authorized by GRS 20 to delete the versions on the electronic mail and word processing systems. As indicated, most agencies have no viable alternative at the present time but to use their current paper files as their recordkeeping system. As the technology progresses, however, agencies will be able to consider converting to electronic recordkeeping systems for their records….The critical point is that the revised GRS does not authorize the destruction of the recordkeeping copy of the electronic mail and word processing records. The unique program records that are produced with office automation will be maintained in organized, managed office recordkeeping systems. Federal agencies must have the authority to delete the original version from the "live" electronic information system to avoid system overload and to ensure effective records management.”
[45] Public Citizen, Inc., et al. v. Carlin et al. (Civil Action No. 96-2840). General Records Schedules provide for “disposal authorization for temporary records common to several or all agencies of the federal government. They include records relating to civilian personnel, fiscal accounting, procurement, communications, printing, and other common functions, and certain nontextual records.” Agencies are permitted to dispose of records covered under a General Records Schedule without additional approval by NARA and without public notice. Such records are believed to constitute one-third of all records created by federal agencies. The remaining two-thirds of federal agency records – substantive program records – need to be covered by General Records Schedules specifically created for such program records. See: U.S. National Archives and Records Administration, “Introduction to General Records Schedules,” Transmittal No. 7, August 1995.
[46] 44 United States Code §§ 3301-3324. Friedman specifically pointed to section 3303(a)d which authorizes the Archivist to “promulgate schedules authorizing the disposal, after the lapse of specified periods of time, of records of a specified form or character common to several or all agencies if such records will not, at the end of the periods specified, have sufficient administrative, legal, research, or other value to warrant their further preservation….”
[47] Public Citizen, Inc., et al. v. Carlin et al. (Civil Action No. 96-2840), Opinion and Order, October 22, 1997.
[48] Public Citizen, Inc., et al. v. Carlin et al. (Civil Action No. 96-2840), Memorandum Opinion and Order, April 9, 1998.
[49] Public Citizen, Inc., et al. v. Carlin et al. (Civil Action No. 96-2840), Brief for the Appellants, July 8, 1998. Available August 1, 1998 at: http://www.nara.gov/records/grs20/briefapp.html.
[50] U.S. National Archives and Records Administration. Electronic Records Work Group, “Public Meeting of May 18, 1998. Available June 1, 1998 at: http://www.nara.gov/records/grs20/minutes4.html.
[51] U.S. National Archives and Records Administration, Electronic Records Work Group Draft Report Federal Register, July 21, 1998, pp. 39185-39207. Available July 31, 1998 at: http://www.nara.gov/records/grs20/index.html.
[52] This term
refers to "describe the electronic record that resides on an agency's
electronic mail, word processing, or other
office automation systems, i.e., the ``copy'' that formerly was authorized
for disposal by GRS 20 after a recordkeeping copy was produced. Records
identified as "electronic source records" can be disposed "only when copies
of these records have been captured in a recordkeeping system."
[53] In a qualifying statement to this recommendation, the ERWG suggests that it is not necessary "at this time, for agencies to submit individual schedule items for these electronic source records series by series. As agency records schedules are revised or amended, the disposition authorities for these electronic source records will be integrated into the agency disposition manual at the series level." This is a potentially enormous loophole if agencies wait lengthy periods of time to revise or amend their schedules.
[54] GRS 1 - Civilian
Personnel Records; GRS 2 - Payrolling and Pay Administration Records; GRS
2 - Conversion Guide; GRS 3 - Procurement, Supply and Grant Records; GRS
4 - Property Disposal Records; GRS 5 - Budget Preparation, Presentation,
and Appointment Records; GRS 6 - Accountable Officers' Accounts Records;
GRS 7 - Expenditure Accounting Records; GRS 8 - Stores, Plant and Cost
Accounting Records; GRS 9 - Travel and Transportation Records; GRS 10 -
Motor Vehicle Maintenance and Operation; GRS 11 - Space and Maintenance
Records; GRS 12 - Communications Records; GRS 13 - Printing, Binding, Duplication,
and Distribution Records; GRS 14 - Informational Services Records; GRS
15 - Housing Records; GRS 16 - Administrative Management Records; GRS 18
- Security and Protective Services Records; and
GRS 23 - Records Common to Most Offices
Within Agencies.
[55] Elana Varon, "NARA Proposes Records Policy," Federal Computer Week, July 27, 1998. Available August 1, 1998 at: http://www.fcw.com/pubs/fcw/1998/0727/fcw-polnara-7-27-98.htm.
[56] John McDonald, "Managing Records in the Modern Office: Taming the Wild Frontier," Archivaria 39 (Spring 1995), p. 75.
University Domain:
Eastern Washington University, Draft Electronic Mail Policy. http://www.ewu.edu/TechRes/irinfo/emailpolicy.html.
Oregon State University, Electronic Mail Retention Guidelines. http://osu.orst.edu/Dept/archives/ARMH/rma63c.html.
University of Arizona, Electronic Mail Policy, March 1, 1998. http://fsosvr.arizona.edu/records/EFINAL.htm.
University of Arizona, 17.71 E-Mail Records Retention and Disposal. http://w3.arizona.edu/~fso/deptman/17/1771email.html.
University of California. Office of the President, Electronic Mail Policy, March 23, 1998. http://www.ucop.edu/ucophome/policies/email/email.html.
University of Florida, UF Policy on E-Mail as Public Records, June 1995. http://www.ufcn.ufl.edu/email.htm.
University of Kentucky, Lexington. V. Electronic Records, B. Electronic Mail.http://www.uky.edu/Libraries/Special/uarp/4erecs.html.
University of Washington, Electronic Mail (EMAIL), UW-GS5, January 1998. http://www.washington.edu/admin/recmgt/uw.gs5.html.
University of West Florida. E-mail Task Force, Policy on Electronic Mail. http://nautical.uwf.edu/org/dispOrg.cfm?OrgUnitID=EMAIL.
Government Domain:
Australia. Commonwealth Government, Managing Electronic Messages as Records. http://www.aa.gov.au/AA_WWW/AA_Issues/EMcontents.HTM.
Australia. Australian Archives, Using Electronic Mail at the Australian Archives, Revised May 1998.
Australia. Archives Authority of New South Wales, Policy on Electronic Messages as Records, April 1998. http://www.records.nsw.gov.au/erk/polem/messag.htm.
Australia. Reserve Bank of Australia, Guidelines for the Use of Electronic Mail.
Canada. Alberta Community Development, Methods and Standards - Maintenance of Electronic Mail Records, July 14, 1998.
Canada. British Columbia Archives and Records Service, Records and Information Management Policy, Electronic Mail Policy. http://osu.orst.edu/Dept/archives/misc/wvbc.html.
Canada. Government of British Columbia, General Management Operating Policy, Chapter 3.5, Government Records and Recorded Information, February 1994, Section 3.5.13, Electronic Mail and Facsimile Transmissions. gopher://142.36.5.25:70/00/rim/gmop_35.txt.
New Zealand. National Archives of New Zealand. Electronic Records Policy. http://www.archives.dia.govt.nz/services/to_government/er_policy/introduction.html.
United States. Centers for Disease Control and Prevention, E-Mail Use and Procedures, Information Management Memorandum No. 94-1/97. http://www.cdc.gov/od/foia/policies/emailuse.htm.
United States. Department of Commerce, E-Mail Policy. http://www.wasc.noaa.gov/wasc/SD/e-mail.htm.
United States. Department of Energy, Electronic Records Management Guide, December 6, 1996. http://www-it.hr.doe.gov/records/rmguide.html.
United States. Department of the Interior, Office of the Secretary, IRM Bulletin No. 96-06, Policy and Guidance for Managing the Creation, Retention, and Disposition of Electronic Mail Documents, July 25, 1996. http://www.ios.doi.gov/oirm/oirm/9606irm.html.
United States. Department of State, Department of State Electronic Mail Policy, May 24, 1995.
United States. National Archives and Records Administration, Email Systems -- Final Rule, August 14, 1995. gopher://gopher.nara.gov:70/00/managers/federal/emailreg.txt.
United States. Panama Canal Commission, Electronic Mail (E-Mail) System Policy, Revised 4/22/97.
United States. Smithsonian Institution,
Email and Recordkeeping, Smithsonian Announcement 97-10,
September 30, 1997.
United States. Alaska. Fairbanks North Star Borough, Borough Electronic Mail (E-Mail) Policy, (Draft).
United States. Delaware Public Archives, [Electronic Mail Policy Guidelines], Draft, February 1998.
United States. Illinois. Secretary of State, , Draft. Electronic Mail Purging and Retention Policy, Draft.
United States. Louisiana. City of Shreveport. Records Management, Electronic (E-) Mail Policy.
United States. New York State Archives and Records Administration, Managing Records in E-Mail Systems, 1995. ftp://ftp.sara.nysed.gov/pub/rec-pub/state-rec-pub/.
United States. New York State. Governor's Task Force on Information Resources Management, Technology Policy 96-14, New York State Use of Electronic Mail, June 11, 1996. http://www.irm.state.ny.us/policy/tp_9614.htm.
United States. Oregon. Secretary of State, Personnel Policies, Electronic Mail, PRS 10.015, May 1, 1996. http://arcweb.sos.state.or.us/recmgmt/E-mailpolicy.html.
United States. South Carolina Department of Archives and History. Archives and Records Management Division, Managing Email, Public Records Information Leaflet no. 21, 1998. http://www.state.sc.us/scdah/21.pdf.
United States. Wisconsin. Department of Administration. Division of Technology Management, Statewide Enterprise E-Mail Policy & Guidance, November 24, 1997.
Wyoming State Archives, Agency Electronic (E-Mail) Retention Requirements, Draft, June 12, 1998.
International Nonprofit Domain:
International Monetary Fund, Management of Electronic Mail Communications, April 2, 1996.
World Bank, Administrative Manual -- Electronic Mail, February 1994.
Private For Profit Domain:
MCI, Retention of E-Mail.