Presentation is loading. Please wait.

Presentation is loading. Please wait.

and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906.

Published byMaya Garness Modified over 9 years ago

Similar presentations

Presentation on theme: "and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906."— Presentation transcript:

1 Email and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance dworak@unt.edu 565-4906

2 Records  Any document that is created or received in the course of State business  The medium of a record is irrelevant. Paper records, electronic files, emails, images, etc. are all state records

3 Objective of Records Management  To keep records for periods of time required by federal and state statutes, in order to demonstrate that proper business operations are being followed  To dispose of records in an organized manner to save space  To limit legal liability by disposing of records that no longer have business value  BUT, to hold records that are needed in litigation

4 Record Series  Record Series are groups of records related by their content  The Record Series Number determines the retention period  The retention period consists of an active period and a storage period The active period is the time during which a record is accessed frequently The storage period is the time when the record is accessed little or not at all

5 Archiving  In record management terms, archiving a record series means storing a permanent record

6 Vital Records  Vital records are those that need to be backed up so that they can be restored in the event that an agency has a disaster and must implement its business continuity plan  Only some records are defined in the Record Retention Schedule as being vital records

7 Important Record Series for this Presentation  Calendars [1.1.013]—retention period is 1 year following the end of the previous calendar year (2005 calendar entries can be deleted 1/1/2007)  Transitory Information [1.1.057]— retention period is “when the purpose of the record has been fulfilled”

8 Important Records Series (cont.)  Administrative Correspondence [1.1.007]—retention period is 3 years  General Correspondence [1.1.008]— retention period is 1 year

9 Other Record Series  The custodian of a document (the person who created it or received it) is responsible for determining the record series into which any other type of document falls  The retention period is determined by the record series  For emails, this is based on the content of the email and/or its attachments

10 Email

11 Email Records  All emails, regardless of content, that are created by a state agency, or that come into a state agency, are state records  However, the record retention schedule enables the custodian to determine the record series of any email

12 Email Record Series  Administrative Correspondence— email relating to policies, procedures, strategic planning, etc.  General Correspondence—email relating to general operations  Other Email Records—record series is determined by the content of the message and/or its attachments

13 Transitory Information  Identify transitory information Bulk mail Junk mail Spam  Delete “when the purpose has been served,” i. e., immediately or within a short period of time (e. g., 24 hours)  Free storage space

14 Transitory Information (cont.)  Recipient of an email can determine that other emails are transient Everyone emails referring to an event on a specific date, or an action that contains a deadline The email can be put into a “Transient” folder (i. e., the Trash) when the email has served its purpose  User can establish rules, or global rules can be developed if possible

15 Official Records  Some emails will require classification into record series based on their content  It may take time for the user to place emails into the proper folders  Ideally, the folder system should be standardized and not up to the user Users can create subfolders in the standardized folder system  The user is responsible for filing the emails appropriately

16 Work Space  Emails stay in this space until they can be filed as transient or official records  Work Space can have time or space limits that are established by policy or by written operating procedures  These limitations are imposed to handle users who do not dispose of transitory information

17 Issues  A written policy or procedure needs to define whether the sender of an email, the receiver, or both are custodians of the record  A written policy or procedure needs to identify the auto-delete time frames for transitory and work space emails  There is the potential for auto-deleting vital records inappropriately  The record custodian will be responsible for violating the law, not the IT staff

18 Backups  Vital records MUST be backed up  The number of backup tapes used before they are recycled is based on a written policy or operating procedure  Depends on the requirements of the business continuity plan—how many backups are needed to create a reliable image of business operations?  Generally no more than 30 days

19 Backups (cont.)  It is illegal to use backup tapes as a way of retaining records, in lieu of an established, effective records management system  It is illegal to keep records indefinitely  Any records that exist on backup tapes must be restored and retrieved in response to legal discovery or an open records request  Backup tapes cannot be recycled once a record hold is declared

20 Training  The success of any email retention system is user training  This training has a records retention component Responsibility of the Compliance Office  And an email use component Responsibility of the Groupwise staff and Network managers

21 Training (cont.)  We will need to collaborate to develop an efficient and cost effective way of delivering the training, whether it be Classroom Online Emails/websites One-on-one

22 Consequences for Users  State employees only have immunity if they operate in the course and scope of their duties  State employees may not have immunity in cases of federal prosecution  More courts are considering failure to manage records as failure to act in the course and scope of duties  Results are fines and prison sentences

23 Consequences for Management  In Danis v. USN Communications, the federal judge fined the CEO for failure to maintain oversight of the company’s record management program  CEO’s are considered responsible for the actions of all their employees, UNLESS there is an effective system for records management that an employee flagrantly violates after being trained

24 Views of IT Staff  They control the hardware and applications so much that they determine the records management paradigm  They provide a service to management and employees, who are responsible for determining the records management implementation

25 Consequences for IT Staff  The objective is to be viewed as a service component, which implements the policies and operating procedures approved by management In this case, IT has no legal responsibility for failures, unless they are malicious IT must have input in the development of policies and procedures, since IT acquisitions flow from defined business processes and needs  If IT is viewed as determining the records management paradigm, it could be assigned responsibility for mismanagement of records and bear the legal consequences

26 Immediate Objectives

27 Compliance Status  No organization is currently in compliance  Organizations decrease their liability by articulating and implementing a plan to get into compliance  At some unknown future time, organizations without evidence of planning will be highly vulnerable

28 Implementation Steps  Compliance Office will conduct an inventory of electronic records (where are they stored, by whom, etc.) Will take one year for vital records, three years for all records  Will enable departments to establish a standardized filing structure for electronic records  Policies—other than for a brief overarching policy, policies should NOT be developed for getting into compliance

29 Implementation Steps  Operating procedures should be developed that are approved by Associate VP for Computing and CIO Vice President for Finance and Business Affairs Records Manager (Compliance Officer) [President]

30 Operating Procedures  Define custodian for emails (sender, receiver, both) Establishes responsibility for management  Define categories of storage (transitory, official records, work space)  Determine rules for auto-deleting transitory and work space emails  Determine how backups will be done and how many tapes will be used

31 Operating Procedures  Define records management roles for users  Define how vital records will be identified by the user  Define how record holds will be implemented  Define communication responsibilities for procedures that are implemented  Establish consequences for violation of procedures

32 Other Tasks  Determine what training is needed  Define applications needs for email retention  Determine if any vendors can meet these needs  Determine if funds are available or can be acquired

33 Thank you!! Questions and Suggestions...

Download ppt "and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906."

Similar presentations

2009 Data Protection Seminar

2009 Data Protection Seminar
B ASICS OF E- MAIL R ETENTION. Plano ISD Records Retention Schedule.

B ASICS OF E- MAIL R ETENTION. Plano ISD Records Retention Schedule.
Introduction to Records Management Policy

Introduction to Records Management Policy
 Replace Information in () & underlined with Agency Specific Information  Replace Decision Tree & Category/Folder Examples with Agency Developed Ones.

 Replace Information in () & underlined with Agency Specific Information  Replace Decision Tree & Category/Folder Examples with Agency Developed Ones.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Review Questions Business 205

Review Questions Business 205
UT Tyler Records Management Training

UT Tyler Records Management Training
Records and Information Management: An Overview. What are Records? Records - Any recorded information regardless of physical form/characteristics or storage.

Records and Information Management: An Overview. What are Records? Records - Any recorded information regardless of physical form/characteristics or storage.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Litigation Holds: Don’t Live in Fear of Spoliation Jason CISO – University of Connecticut October 30, 2014 Information Security Office.

Litigation Holds: Don’t Live in Fear of Spoliation Jason CISO – University of Connecticut October 30, 2014 Information Security Office.
Clean-up Days!.

Clean-up Days!.
John L. Baines OIT Security and Compliance E-mail Retention: Preserving Public Records.

John L. Baines OIT Security and Compliance Retention: Preserving Public Records.
Records Management What to Keep and What to Toss.

Records Management What to Keep and What to Toss.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
RECORDS RETENTION AND DISPOSITION October 30, 2013.

RECORDS RETENTION AND DISPOSITION October 30, 2013.
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
1 ELECTRONIC MAIL RETENTION & DISPOSITION D. Dawson, CRM State Records Manager Dept. of Education & Early Development.

1 ELECTRONIC MAIL RETENTION & DISPOSITION D. Dawson, CRM State Records Manager Dept. of Education & Early Development.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
NDSU RECORDS MANAGEMENT INITIATIVE 2007

NDSU RECORDS MANAGEMENT INITIATIVE 2007
1 From Filing Cabinet to Desktop and Network: Records Management in N.C. State Government Ed Southern Government Records Branch N.C. Office of Archives.

1 From Filing Cabinet to Desktop and Network: Records Management in N.C. State Government Ed Southern Government Records Branch N.C. Office of Archives.

Similar presentations

Ads by Google