For over a year we’ve worked together to create a Information Governance program for your organization and its a beauty! We’ve created a place for everything and everything is in it’s place, right? Well, not necessarily. There’s still this hidden undercurrent of information swirling around out there. You know what I’m talking about – your organization’s email. Email is a bane of our existence because people hoard vast piles of the stuff in subfolders of project information, departmental directives, personal CYA files (c’mon, you know you have one) and just worthless junk. Now that we’ve got the program going it’s time to deal with this because there is some valuable information inside here that you need to get control of. So let’s get to it!
This issue is another one that will take a formal policy to deal with effectively, which means it’s time once again for the Steering Committee! Not only will you need a policy, but you are going to need to spend some money on technology and configuration because email can’t be left to people to sort through, categorize and dispose of efficiently. Remember the mantra; “It’s Process, People and Technology – in that order.” So lets talk policy! One of my favorite resources is the National Archives and records Administration (NARA) and their Capstone Approach to email management is well underway across Federal agencies. Capstone automates capture and categorization of incoming email as permanent or temporary based on roles.
There are some organizations that can easily identify email from certain individuals as Records regardless of the content. That’s great if that is the case, but those instances are few and far between and you still need to deal with everyone else. No matter what the case is, it is the content of the email that makes it a Record. It’s the job of the Steering Committee to figure out these rules and determine the best way to implement them. This is one good approach to consider as you build your own policy.
Another common approach is to allow Users to categorize email into retention-based folders. This has served us well over the years, but there’s a drawback in trusting the User to do the categorization — inconsistencies in how “The Rules” are applied. Technology has caught up to our needs in this area so that the system itself can analyze the content and categorize the message accordingly.
There’s lots of factors to deal with, which is where the Steering Committee comes in. The most critical point to stress is that it is the content of the message that defines it as a Record, what type of Record and how long you should keep it. That’s a tall order, but you already have everything you need to create the policy; the Access Control List and the Record and Retention Schedule. These are the key documents used to understand the scope of the policy you are creating. The Access Control List will give you insight into which role may need special attention and the Record and Retention Schedule tells you the content you need to preserve and for how long. Let’s start with Access Control List first.
The Steering Committee should review the Access Control List with an eye on those critical roles with the most responsibilities around creating your organization’s records. NARA’s Capstone singles out all Department head’s email for permanent retention.While this is certainly an easy way to deal with the policy, I wouldn’t recommend it for most organizations because this captures a lot of unnecessary messages unless you have the technology to sift through the each individual’s email flow to reduce what is retained.Remember it is the content of the message that matters.
This is where the Records and Retention Schedule comes in. It is the definitive resource when dealing with your organization’s Records. In many instances a Record will be found as an attachment to an email. Finding signed contracts in Outlook .pst (Personal Storage Table) files is a common occurrence and the reason we consider email such an issue. What is more challenging is when you have to determine an email is a Record by the content of the message itself. Generally speaking if the message is directive in nature or affects the course of business it should be considered a Record and handled as such.
Contrary to common practice, the email system is not a good document management system which means you need to move it to a System of Record. Fortunately technology has reached the point where rules can be configured so that much of the analysis and migration can be automated. Regardless of the method, you need to shift through the email system and migrate Records to the repository for safe keeping. Happy hunting!