Records Management

Email management deadline looms

file folders on a background with binary code 

Back in 2012, the Obama administration laid down a marker for records management that is coming due in a matter of days. By the end of 2016, federal agencies are required to manage email records in electronic format.

This means agencies are supposed to abandon outdated practices, like printing out and filing emails for federal records management purposes, and come up with ways to retain electronic copies of emails, associated metadata and attachments in such a way that records can be searched, identified and retrieved.

According to self-reporting by government records officers, about 92 percent of agencies are on track to meet the goal, but there is a significant lag in the data. Agencies last filed annual self-assessments in January 2016. Agencies are next due to file progress reports in January 2017 and these will be publicly released in March or April. So it will take some time before it is known how many agencies hit the deadline, and if they hit it completely or only in part.

On the other hand, the National Archives and Records Administration, which is superintending the governmentwide push toward this goal, isn't treating Dec. 31 as a hard deadline so much as a stop along the way to a holistic rethink of records management practices.

"There really isn't a finish line," said Laurence Brewer, the federal chief records officer based at NARA, told FCW in a November interview at the agency's headquarters. "It's one of those targets where agencies will continue to work on it, and we're going to continue to work with agencies."

Lisa Haralampus, NARA's director of records management policy and outreach, told FCW she thinks that very few agencies will report in 2017 that they are printing and filing emails. On the other hand, end-to-end electronic management won't be the rule either.

"We do expect them to be in some middle ground," she said, where agencies have systems and policies in place but aren't quite where they want to be.

"We recognize that email management is a continuing ongoing activity. Agencies are always acquiring new systems," she said. "But [Dec. 31, 2016] was our target, and we think many agencies will hit it."

NARA tried to smooth the road by putting out a template for agencies to use to identify email accounts to target for preservation for records purposes. About half of all federal agencies intend to use this guidance, dubbed Capstone, although to date NARA has approved only about a dozen agency Capstone plans.

The passage of the 2016 deadline also opens the door for oversight. It will soon be apparent that there are multiple actors watching what agencies are doing to meet the directive's goals.

There aren't many compliance mechanisms in the world of records management. The federal records laws were updated in 2014 – before the Hillary Clinton email story hit the front pages – to put limits on the conduct of official business via private or personal email systems, and to give NARA some rulemaking authority over what is and what is not a record.

But the passage of the 2016 deadline in the presidential directive opens the door for oversight, said Jason R. Baron, formerly NARA's director of litigation and currently an attorney at Drinker Biddle.

"It will soon be apparent that there are multiple actors watching what agencies are doing to meet the directive's goals," Baron told FCW. "Inspectors general and the [Government Accountability Office] will likely conduct audits.  Congress may also ask questions of agencies and perform its oversight role through hearings. OMB, which issued the Directive jointly with the Archivist, may weigh in as well."

Congress has shown a willingness to take a strong hand in matters of email management, but typically in cases where there are political points to be scored. The case of Hillary Clinton's use of a personal email server for official business while serving as secretary of State dominated the 2016 presidential campaign for long stretches. On a lesser scale, email management practices played a part in a long-running scandal at the IRS, when thousands of emails from an employee accused of playing politics in tax-exemption determinations were mysteriously lost for a time before being recovered at a cost of millions of dollars.

Brewer said that while such episodes are regrettable, they can serve to focus senior leaders on records management issues.

"You never want to have bad things happen, but they do become object lessons for the rest of government," Brewer said. "Those kinds of things become great training tools for us."

On the tech side, automation is an important piece of making electronic records management happen. Agencies that abandon the print-to-file system might upgrade only by manually dragging and dropping copies of relevant emails into records folders -- a tedious task that is apt to be neglected.

"The more that you can make it so that the system takes care of those processes, the easier it will be for the employee to do the right thing," said April Chen, senior project manager at information management vendor Iron Mountain.

But technology cuts two ways. When the policy was first being drawn up in 2011, email management was a resource issue as well as a records issue. Many legacy email systems were being squeezed by the demands of storing emails and attachments, and employees were routinely deleting email to stay within their individual storage limits. While emails in such systems can be archived to backup tapes, retrieving the contents and associated metadata can be expensive.

In the intervening years, however, many government users have switched to cloud-based email systems, or are finding that the costs associated with storage are declining, which means that it is easier to defer hard records management decisions.

"A lot of agencies may say, 'I've saved everything, but I haven't been able to figure out what I want to be able to keep and send to the National Archives," Haralampus said.

Outdated records management standards may hinder agencies from moving to the technology they need to automate their records management processes, said Don Lueders, a longtime federal records management consultant who is currently with IBM's Global Business Services.

Lueders worries that the Department of Defense 5015.2 Records Management Standard, which is in wide use across the whole of government, is rooted in paper-based records management practices. "The standard contains dozens of unique requirements for managing federal email records, all of which pose a tremendous burden on the individual agency end user," he said.

"It's virtually impossible" to comply with the standard "and simultaneously manage the enormous volume of email records that pass through an agency every day" as required by the 2012 presidential directive, Lueders said.

The 2016 email deadline is in many ways just a warmup for the more ambitious goal of the 2012 directive -- to have all electronic records archived in electronic format. This could include disparate forms of content from documents to financial management database content to records in case management systems to social media content.

While the agencies have been asked to handle the email deadline without new funds, it remains to be seen if the 2019 goal can work as an unfunded mandate.

"Email has been relatively manageable, "Brewer said. "Agencies are doing a really good job making progress." But when you get into the 2019 goal, with records coming from such a wide range of systems, including legacy systems that perhaps were not designed with exporting records in mind, the effort could be more resource intensive, Brewer said.

"That's where the money and the resources and the coordination needs to happen," he said.

Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 

Featured

Reader comments

Thu, Jan 5, 2017 Mark Mandel

I strongly disagree with Mr. Leuders comments about DoD 5015.02-STD. Virtually all vendors in the ECM/RM space are 5015.2 certified and there are many certified solutions that meet the objectives of both the 2016 and 2019 deadline. Also, a "holistic" solution for 2019 is consistent with already funded programs such as cyber security, audit readiness, open government, future ready workforce, and so on. Funding is readily available as long as this program is aligned properly with agency priorities. Records compliance is a byproduct of a properly architected ECM/RM solution.

Tue, Dec 27, 2016 Tim Shinkle

Good article, it brings attention to an important subject. We at Millican & Associates have had success implementing email management solutions in Office 365 Exchange Online for some of our customers, meeting the PRMD deadline for 2016 and we hope to continue the success for 2019 directive as well.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group