Keeping records clean
- By Paul Korzeniowski
- Feb 04, 2001
Three years ago, Robert Horton, a state archivist at the Minnesota Historical
Society in Minneapolis, recognized an emerging problem. With the widespread
adoption of decentralized computing and the rapid rise of the Internet,
state employees were generating more electronic records (e-mail messages,
Web pages, online manuals) than ever before.
Agencies' reliance on such records grew despite the fact that little
consideration was given to their upkeep. In most instances, governments
simply archived all records for set periods of time and then purged them.
Little or no consideration was given to the accuracy of the data, its secure
keeping or the likelihood that it would be needed in the future.
So Horton took a close look at government information needs. His work
led to the creation of the "Trustworthy Information Systems Handbook," a
150-page manual that outlines issues agencies should consider and steps
they should take for sound electronic recordkeeping.
Minnesota agencies, local municipalities and even the state of Ohio
have turned to the document for guidance.
"We have found that [the handbook] does a nice job of raising awareness
about data presentation and preservation issues, as well as helping ensure
IT departments put sound procedures in place," said Steven Ring, manager
of data administration services at the Minnesota Department of Health.
Minnesota appears to be at the forefront of electronic recordkeeping;
Horton searched for a model but found none. "The state has had a long history
of being concerned about privacy issues," he said, "so there has always
been a keen awareness about the potential problems electronic records raise."
The manual begins by helping managers understand the importance of developing
trustworthy systems based on information that is accurate and up-to-date.
The manual recommends that agencies begin by encouraging collaboration
among a variety of people with diverse skills and expertise. Ideally, an
electronic documents team would include agency attorneys and auditors, who
have knowledge of agency and local government business, policy and procedures;
em-ployees, such as agency records managers and archivists, with knowledge
of information access and data practices; and information technology professionals
with skills in computing and information systems design.
The handbook focuses on an information system's ability to produce reliable
and authentic information. "Reliability" refers to a record's authority,
or the knowledge that empowered individuals are creating and storing the
information, and is established whenever a new record is created. "Authenticity"
ensures that a record will be available throughout its life, whether that
lifetime is six months, 10 years, 20 years or forever.
The guidelines then help managers evaluate the level of accountability
needed with different types of records and establish procedures for determining
the proper amount of documentation required for each. This step includes
determining which group or department is responsible for each information
Determining responsibilities can be difficult. Although information
systems can perform tasks quickly and efficiently, often it is unclear which
employees should be held accountable for the systems and information they
create. By following the handbook, agencies can establish procedures, system
documentation and information system descriptions to clarify these responsibilities.
The document also outlines statutory requirements, legal mandates and
policies related to recordkeeping, as well as the steps an agency can take
to ensure secure recordkeeping.
Next, the team should determine the value of its data, weigh that value
against the costs (time, money, etc.) of implementing each criterion, then
choose those criteria that support a determined level of risk.
Metadata and documentation are the foundations for building trustworthy
information systems because they enable proper data creation, storage, retrieval,
use, modification, retention and destruction.
Metadata — or "data about data" — typically includes items such as file
type, file name, creator name, date of creation and data classification.
"Documentation" has two meanings. At a high level, it is the process
of recording actions and decisions — basically outlining the processes that
lead to data creation. On the system level, it refers to information about
planning, development, specifications, implementation, modification and
maintenance of system components such as hardware, software and networks.
Such documentation includes policies, procedures, data models, user manuals
and program codes.
Documentation and metadata establish accountability for information
systems. "No matter where in the information system development life cycle
an agency starts, it must make a conscious effort to create comprehensive
documentation," Horton said. "This is key to any trustworthy information
Once agencies have developed the proper procedures, officials must reassess
their data security needs and risks on a regular basis.
Because the issue is complex, the Minnesota Historical Society needed
more than two years to complete the manual. When that process ended last
August, the organization began to promote its handbook via promotional brochures
and its Web site.
The Minnesota Department of Health closely tracked the handbook's development.
"Our agency works with sensitive personal information and wanted to make
sure it was properly protected," Ring said.
At the end of 2000, the agency used the historical society's manual
to develop an information security policy designed to protect data.
Officials for the city of Minneapolis were also looking for help dealing
with electronic records. "We had to put procedures in place to protect the
human resource data that various departments were using," City Clerk Merry
In the fall of 1999, city officials began to look for guidance from
other agencies. After examining the manual, they decided to use it for a
"The handbook illustrated areas, such as our security system, where
we had to tighten up our electronic recordkeeping," Keefe said. With that
work now complete, officials are looking to extend use of the handbook to
Other states have benefited from the Minnesota Historical Society's
work. Charlie Arp, assistant state archivist at the Ohio Historical Society,
met Horton at a trade show a few years ago and the two became friends, often
While work on the handbook was under way in 1998, the Ohio State Archives,
in conjunction with the Ohio Office of Information Systems Policy and Planning,
formed the Electronic Records Committee to draft policies for the creation,
maintenance, long-term preservation of and access to electronic records
created by the state government. Committee members were drawn from a variety
of organizations, including academic libraries, historical societies, state
agencies and universities.
The committee has been tailoring the handbook so it can be applied to
Ohio agencies. "We have been taking out references to Minnesota-specific
items like state statutes," said Arp, who expects to complete that process
and begin promoting use of the handbook this spring.
Although the handbook can be helpful, getting departments to follow
it can be difficult. "The biggest roadblock agencies present is a lack of
time and manpower," Horton said. "In order to complete the process, agencies
have to make a significant investment. With budgets under pressure and IT
personnel being pulled in a number of different directions, that can be
Inertia is another issue. "Initially, there were a few departments that
were resistant to adopting the system," said Minneapolis' Keefe. "We did
have to conduct a little prodding to get everyone on board."
Another issue is the disparity between how systems are designed and
the types of information they generate. For example, the Department of Health
has a complex database with more than one application, but Ring said the
handbook "isn't really clear about the best way to secure data used by a
variety of applications."
That problem may be unsolvable. "Because agencies' information needs
are so diverse, it didn't make sense for us to complete a one-size-fits-all
document," Horton said. "[The handbook] includes a lot of flexibility, and
it is up to individual departments to determine how to best use it."
Korzeniowski is a freelance writer in Sudbury, Mass., who specializes in
technology issues. His e-mail address is firstname.lastname@example.org.