Federal records officials say agencies can do more to strengthen the “backbone of open government.”
The National Archives and Records Administration recently published federal agency records management reports, including for the first time, reports on how agencies manage their emails.
“This year we added an email management report to our annual reporting requirements, to help us learn how successful agencies were at meeting that target,” said Laurence Brewer, chief records officer for the federal government. “Overall, at this point, the results are trending positive. Most agencies have taken action, but there is still a way’s to go in many areas, including policy promulgation, systems implementation, and — important for NARA — transferring email to our agency for permanent preservation.”
Email records are part of the 2011 memo signed by President Barack Obama on managing government records.
Insight by Micro Focus Government Solutions: Learn from agency and industry executives as they explore why protecting data requires a comprehensive approach involving every part of the IT chain – people, policy, infrastructure and applications in this exclusive executive briefing.
Another memo issued a year later directed agencies by Dec. 31, 2016 to “manage all email records in an electronic format.”
“Email records must be retained in an appropriate electronic system that supports records management and litigation requirements (which may include preservation-in-place models), including the capability to identify, retrieve and retain the records for as long as they are needed,” the memo stated. “Beginning one year after issuance of this directive, each agency must report annually to [the Office of Management and Budget] and NARA the status of its progress toward this goal.”
Agencies answered four questions when reporting their email management. Those questions included information about usability and retrievability of emails, establishment of retention schedules, categorization of emails, and the general state of an agency’s email policies.
The highest number of points for these four questions is 16.
For example, NARA scored 16 out of 16 because according to its records officer, emails are easily and fully retrievable for requests, and employees are trained to manage emails.
Agencies also received a maturity model score, based on a 0-4 point scale, that determined whether the agency is at low, moderate, or high risk for not managing email effectively.
ICE has one of the lowest scores with 3 total points and a 0.75 maturity model — meaning it has a high risk of not managing email effectively.
In the agency’s comments, the ICE respondent said that the questions “were poorly worded and did not allow for a proper response, forcing us to answer inaccurately regarding our agency’s email management efforts.”
Not every report included agency comments, but some agencies who did comment include the IRS, which responded that all employees, including senior and appointed officials, are “required to complete an annual, mandatory records management briefing course which addresses email recordkeeping responsibilities.”
The Justice Department wrote that “all department email is retained electronically, and email is managed such that it can be produced, managed, and preserved in an acceptable electronic format until disposition. Because the department is a large cabinet agency with multiple components and lines of business, there are a variety of approaches to email management that consist of the needed combination of policy and systems necessary to manage email consistent with components’ missions.”
Justice scored 12 out of 16 points, and ranked 3 out of 4 points for its maturity model, meaning it has a low risk of not managing email effectively.
The State Department has a 2.75 maturity model score and 11 out of 16 points. State, which was under the spotlight for former investigations into Secretary Hillary Clinton‘s private email server, wrote in its comments that it created a help desk “to answer all concerns related to email management.”
State is evaluating email systems not part of its centralized email system.
“The department notes that the executive secretariat maintains the email records of the secretary and other department principles in an archive that can produce, manage, and preserve email records in an acceptable electronic format until disposition,” State said in its comments.
State’s score was not lost on the Sunlight Foundation’s deputy director Alex Howard. In an email to Federal News Radio, Howard said the foundation is “not convinced that [the] reports fully acknowledge the challenges agencies have faced or continue to confront around archiving and management.”
“The State Department’s positive self-assessment has some stark differences from the inspector general’s report in May 2016,” Howard said. “The full list of 2016 email management reports by federal agencies and departments published online is notable for the absence of reports for major departments, like the [Bureau of Alcohol, Tobacco, Firearms and Explosives], or entire agencies, like the [Federal Election Commission] and [Federal Deposit Insurance Corporation], despite the mandate to submit them by the White House. When agencies do not complete self-assessments, something is awry. On that count, it’s unfortunately notable that OMB itself does not have a report online, despite the importance of leadership on IT modernization.”
Self-reporting does have its issues, said Sean Moulton, open government program manager at the Project On Government Oversight, but it’s an important part of the process.
While there are inspectors general offices and the Government Accountability Office to give oversight, “agencies really do need to take some ownership,” Moulton said.
“I don’t know what particular challenges [agencies] are facing, I don’t know what it is might be holding an agency back,” Moulton said, but his advice “would be to look at these reports and talk to NARA and go find agencies that are doing much better than you, who have similar problems. Talk to agencies like you, but who are further down the road. Ask them how they solve the problems they’re having.”
If you’re wondering why it’s taken until 2017 for government to start reporting on email management, there’s no one reason.
“Government always lags behind technologically, compared to the private sector, so they’re sort of late adopters of what many people would consider standard approach,” Moulton said. “Then they’ve got other difficulties to wrestle with, lots of different systems and trying to bring them together; concerns about privacy, national security, confidential business information, sometimes it’s their information, sometimes it’s others’ information. There are challenges.”
But the government has also been guilty of kicking the can down the road on this, Moulton said. Thanks to more frequent use of email, the volume of email records goes up, and coupled with established bad records management practices, “it really did become a tougher and tougher problem.”
“It’s really great to see that NARA seems to be taking this very seriously now to say we really have to start making progress on this in a significant, measurable way,” Moulton said.
Not every agency issued a report, either because it is not required to submit a report or because it is included as part of their overarching department’s report. Some examples include the departments of Defenese and Interior and the Office of Personnel Management.
NARA also released agencies’ Senior Agency Official for Records Management reports, which include the perspective of a “high-level official” and their opinion on how the agency is working to meet the records directive.
Agencies’ Records Management Self Assessment, which is an internal evaluation, is not made public, NARA said, but an analysis from the Archives will be available later this year.
“There is no justification provided by NARA for why these are not open and available to the public,” Howard said. “I hope NARA reconsiders and proactively discloses the self-assessments, given the likelihood that they will become the subject of FOIA requests otherwise.”