September 17, 2014
As an update to the previous post– yesterday, the Federal Government’s Office of Management and Budget (OMB) issued new Guidance on Managing Email (http://www.whitehouse.gov/sites/default/files/omb/memoranda/2014/m-14-16.pdf). It states that the OMB will begin to more actively enforce Government agency progress in implementing systems to ensure that email is being managed in an electronically accessible format to meet FOIA requirements.
Immediate actions outlined by the OMB require that agencies have made progress in initiated NARA Records Certifications and implemented training programs by December 31, 2014. Ultimately, agencies must have programs and processes in place to meet all legal and FOIA obligations by December 2016.
The bulletin also reiterates the importance of implementing automated approaches to records management given the limitations of user-dependent approaches. According to the newly issued NARA Bulletin 2014-06 attached to the guidance:
NARA recognizes that places the responsibility of making decisions on email-by-email basis can create a tremendous burden. NARA therefore recommends that agencies immediately begin to adopt automated or rule-based records management policies for email management.
While the guidance yesterday serves primarily as a reminder to Federal government agencies on the actions they should be taking now, it is also very timely given the recent auto delete missteps making the news.
However, a key point of emphasis from the guidance is the concept that information should be stored in manner to be electronically accessible for search and retrieval in accordance with FOIA and legal discovery requirements. - reinforcing points made in the previous post. Dependence on back-up tapes, restoration of computer hard drives, or on-going reliance on outdated systems operated on-premises provide neither the accessibility nor the automated policy management to deliver to this standard mandated by NARA.
Robert Cruz is Senior Director of eDiscovery and Information Governance, bringing 20+ years of Silicon Valley based subject matter expertise in the areas of eDiscovery and regulatory compliance. He works with Proofpoint customers via workshops, seminars, and industry conferences to share best practices and review changes in regulatory environments. He previously held similar posts within the ECM and eDiscovery markets, and holds an MBA from Stanford University.