Log In

Email Governance & Capstone

EMAIL GOVERNANCE AND CAPSTONE: EXPERTS ANSWER AUDIENCE QUESTIONS

On March 3, 2015, just as the Clinton email story was breaking, IGI and Charter Supporter, OpenText, held a previously scheduled webinar, What You Can Learn from the U.S. Federal Government’s “Capstone” Strategy to Solve Your Email Governance Headaches. Coverage and commentary about Clinton raised the importance of managing emails better—the very issues that the webinar was slated to discuss.

Watch the webinar in its entirety.

Participants had an opportunity to ask questions and have questions answered during the webinar, but several great questions came in that were not able to be addressed during the live discussion.

Panelists Greg Clark (Director, Program Management-ECM, OpenText), Mark Mandel (Records Management Solutions Architect, OpenText), and Carol Brock (Certified Records Manager & VP, IG IQ Business Group), took the time to respond to those questions, providing great, practical insight to audience questions.*

horizontal break

Q: What tool is the DOI using for auto-classification?

OpenText Auto-Classification is being used at DOI in conjunction with the Content Suite and Email Monitoring products.

Q: Can Ms. Brock provide more detail on what criterion, e.g., are being used to auto-classify, i.e. is it just sender/recipient criterion or is there a content based trigger for auto classification?

OpenText Auto-classification (AC) uses sample, exemplar sets of documents that represent the functions and tasks performed by the organization (e.g. HR related 7yrs, Legal 10 yrs, project related 10 yrs), rules and keywords to enhance the identification, and triggers that fire on new content being consumed. Statistical sampling is also used in the AC process. For enterprise-wide use, sample documents are gathered for each task of each function to build out the model which the content is run against.

Q: How long does it take to train the system to auto-classify content?

It’s dependent on the number of categories used, exemplar sets used, and the determination of “how good is good enough” – meaning the courts/auditors don’t expect perfection but organizational goals e.g. 80-85% should be set as targets to achieve over the first 3-6 months. The system can evolve and make further improvements over time as new content comes into the system. Records that are not classified are placed in a default category and are still retained.

Q: What is the NARA Job Number for the DOI big bucket schedules? It would be nice to see the wording in the SF115.
The NARA job numbers are:

Admin: DAA-0048-2013-0001
Policy: DAA-0048-2013-0008
Legal: DAA-0048-2014-0001. Mission is still being refined prior to submission. Only Admin. has been approved by NARA so far.

Q: Can you briefly explain how you implement journaling without duplicating email?

In essence journaled mail has never been distributed to users mailboxes (and DL lists, groups have yet to be expanded) so it is a single instance of the message already. Deduplication typically occurs when there is mailbox collection, PST ingestion, etc. where the mail has been distributed to users mailboxes. Journaling is the only legally defensible approach because it ensures that all email is captured and that users cannot delete email on their own.

Q: Did you consider the effectiveness of using userID functional descriptors (as opposed to content semantics) as perhaps a short-hand or interim, big-bucket strategy to link e-mails to schedules or policies based on functions?

As we mentioned, user/ group associations are dependent on a solid directory and may lead to over retention (e.g. keep everything approach). By using sample/ exemplar content, the system doesn’t rely solely on algorithms or a blackbox to determine retention policy. Exemplar content, statistical sampling, and quality assurance are highly defensible in proving how information has been managed (from ingestion to disposition).

That said, we have had customers deploy a big bucket strategy that allows end users to move business relevant email into a “managed classified” folder(s). In terms of automation, this could be used in conjunction with Auto-classification. Granularity of policy would be applied by auto-classification beyond the “bug bucket”. This approach may be acceptable in the private sector. However in government any approach that allows end users to make decisions about retention may be indefensible in a court case.

Q: Can you tell us about the cloud supplier and FISMA certification level? Does DOI have any FISMA High level information and how do you deal with it?

The cloud supplier is QTS (qtsdatacenters.com). For information on FISMA High level information, please contact John Montel (john_montel@ios.doi.gov).

Q: Are there best practices for dealing with attachments to email and obsolescence issues related to long term storage of attachments?

OpenText stores attachments separately from the native email. For eDiscovery and FOIA purposes, the system may be configured to link the attachments to the email, as in the original.

Q: As companies are developing strategies to manage e-mail, what are the basic business requirements that we should consider (e.g. apply retention; ensure that e-mail is searchable for e-discovery purposes; metadata capture)? Also, do you have any thoughts on the "3 zone" approach (zone 1 - inbox.sent, 30/60/90 day, zone 2 - intermediate, 3 year; zone 3 - long-term, 7 or 10 years) as a way to segment e-mails?

When we sit down and talk strategy with customers it comes down to a couple of different approaches and it really depends on how your organization views end users and how comfortable senior management and legal are with technology being a part of the solution.

  1. Organization is looking to automate and remove end users from classification of email

    Email is still the most prolific source of unstructured data and it’s not going away. As organizations move the cloud (O365 and Gmail) the simplest approach for capture is journaling. Automation captures 100% of inbound, outbound and external mail (legal, unaltered copy) from the journal feed or routing rules on the mail server. 

    End user productivity is not impacted since it is transparent to users. Automation allows RM/ IM professionals to broaden their scope and look beyond official records and apply their Information Governance principles holistically across all content (business relevant content, records and transitory).

    eDiscovery, legal hold and export is available centrally on a single repository. Questions – Legal team’s comfort level with automated approach, accepting less than 100% accuracy (courts don’t expect it), if users are used to filing email there is alteration to user behavior. Without an additional level of classification, journaling can lead to over retention and the unintended consequences of keeping too much may lead to reputation loss, brand damage, sanctions, fines, etc. that could have been avoided if policy was applied on capture.

  2. Organizations are looking to engage end users to be a part of the solution to encourage best practices.

    3 zone approach or interactive classification is being used in the majority of our accounts historically. It requires the end user to be involved manually to file email appropriately and follow best practices. 3 zones represent official records (5% of email), business related mail (20%) and transitory email (75% of email with little or no business value). 

    Traditionally this approach has proven to be successful at reducing email, email storage and keeping Exchange lean and mean. However, with end user involvement you will see: inconsistency (b/c rely on end users to follow instructions), some impact on user productivity but we’ve seen reduction in email by 70%+ in some accounts due to the rolling off of transitory (non-business) mail. RM users are required to do some “mopping up” and reclassifying of email in this approach which is lower value work.  The three zone approach is therefore not recommended for government.

    Also, in your strategy to manage email, remember that email creates business record and records supporting the same business function should be grouped together with the other records that the function creates (i.e. case file concept).  With use of the big bucket, functional retention schedule concepts, the entire case file then has only one retention period applied to it – for all of its content.

Q: How seamless is the auto-classification and archiving to the end-user i.e. fully integrated into the outlook or notes email client?

Email is captured from the journal e.g. and unaltered copy before it hits the user’s inbox. As a result auto-classification is transparent to the end user. Any actions by the user to delete or file email do not affect the legal archive at all.

Q: Do the retention periods for email the same as their paper equivalent - according to record type.

Records Management best practice is to have a “big bucket” streamlined records schedule that is media independent. Therefore records policy is applied consistently to all content, including paper, email, PDF, video, MS Office, and so on.

horizontal break

On April 27, 2015 at 11:00 AM ET, the IGI and OpenText will host a follow up webinar, Moving Beyond “Capstone”—Leveraging Auto-Classification Technology to Address Email Governance, in which our panelists will build upon that discussion and delve deeper into the topic of auto-classification. During this follow up webinar we will:

  • Recap the Federal Government’s “Capstone” Approach.
  • Explain auto-classification of data, how it works, and what technologies are available.
  • Discuss how organizations can leverage advances in such technology to automate the process of email based on content as opposed to other automated approaches.

IGI and OpenText email governance and Capstone

For more coverage of the Clinton email, including links to commentary by Jason R. Baron (IGI Co-Chair and former Director of Litigation at NARA), read IGI’s blogs on the topic:

BREAKING CLINTON EMAIL STORY UNDERSCORES NEED FOR BETTER IG FOR EMAILS
“BOMBSHELL REVELATIONS” ABOUT HILLARY CLINTON’S USE OF PERSONAL EMAIL ACCOUNT. WATCH TODAY’S IGI WEBINAR ON DEMAND
HILLARY & HISTORY: LESSONS TO IMPROVE OPEN GOVERNMENT UNDER THE RECORDS LAWS FROM CLINTON’S EMAIL RECORDS EPISODE
HILLARY & HISTORY: IGI PARTICIPATES IN NATIONAL PRESS CLUB NEWSMAKERS EVENT

 

* Note that the answers provided here were provided solely by the panelists as described above and do not necessarily represent the views or positions of the Information Governance Initiative. We work to actively encourage a variety of viewpoints on IG and bring them to our community, and we are providing this information as part of that work.

 
Jason R. Baron Hillary Emails C-Span

HILLARY & HISTORY: IGI PARTICIPATES IN NATIONAL PRESS CLUB NEWSMAKERS EVENT

On Thursday, April 16, Jason R. Baron, co-chair of the Information Governance Initiative, appeared at a National Press Club Newsmakers news conference entitled “Hillary & History: Lessons to Improve Open Government Under the Records Laws From Clinton’s Email Records Episode.” Jason R. Baron C-SpanThe panel discussion, covered live on C-SPAN, focused on the greater policy implications for government recordkeeping, openness, and accountability raised by former Secretary of State Hillary Clinton’s use of a private email server and personal email account when in office.

Baron, the former Director of Litigation for the U.S. National Archives and Records Administration (NARA), said that whatever Clinton’s motives were, they were “inconsistent with longstanding policies and practices under the Federal Records Act.”

Virtually all government employees implicitly understand that they must follow an agency’s recordkeeping rules, Baron said.

“It would be wrong to think that the policies in place during the first Obama administration allowed for any cabinet official to privately maintain tens of thousands of government records in his or her possession for months or years after exiting government.”

While he’s glad that at the State Department’s request some 30,000 odd emails were returned by the Clinton camp, he remains “mystified that the use of a private email account went unnoticed or unremarked upon” during her tenure at the State Department.Liz Icenogle C-Span

“It is unfathomable to me that this would not have been noticed and reported up the chain,” Baron said. “In my view, there has been an institutional failure here.”

But there’s a silver lining: The situation presents an opportunity for the nation to have a much-needed conversation about the importance of governmental recordkeeping and records management in today’s fast-paced digital world. The discussion largely was centered around the challenges that the Federal government faces in meeting the Archivist’s 2012 Managing Government Records Directive, which sets out a December 31, 2016, for federal agencies to manage -mail records in an accessible electronic form, and a deadline of December 31, 2019, for federal agencies to preserve all permanent electronic records of the US government in a digital or electronic form that for eventual accessioning into the National Archives. Panelists also discussed NARA’s Capstone policy for e-mail management.

Jason R. Baron C-span You can watch the National Press Club-sponsored panel discussion in full here. Other speakers at the event included Patrice McDermott, director of OpenTheGovernment.org; Liz Icenogle, government affairs director at ARMA International; and Thomas Blanton, director of the National Security Archive at George Washington University.

Organizations that are facing the management of email in the federal sector should view our March webinar recording where Jason R. Baron also discusses Capstone. Stay tuned for the release of our latest white paper on Capstone and managing email in the federal sector and our upcoming webinar, part two in the series, on the same topic -- where we will present a detailed case study on how one agency has successfully tackled email governance.

Visit our events page to learn more about upcoming events or join the IGI Community to be notified of the latest news and events.

Recent Coverage:

Adopter and adapter: The White House approach to technology

Pundit Facts: Mitt Romney said Hillary Clinton deleted emails that were subject to congressional review

 

BREAKING CLINTON EMAIL STORY UNDERSCORES NEED FOR BETTER IG FOR EMAILS

Amid incidents of data breaches, yet another headline-grabbing story demonstrates the immediate relevance of information governance (IG). This week’s breaking story that Hillary Clinton appears to have used only private email to conduct official business during her time as secretary of state underscores the need for better IG policies and more effective use of available technologies with respect to managing emails both in the public and private sectors.

Coverage of the Clinton email story has continued. IGI Co-Chair and former Director of Litigation for the U.S. National Archives and Records Administration (NARA), Jason R. Baron, has been tapped by numerous news outlets to provide his unique insights into these revelations.

On March 3rd, Baron was interviewed on MSNBC’s The Last Word with Lawrence O’Donnell. Of the recent Clinton email story, he
remarked, “It is extremely unusual for a high level official to solely use a personal email account for their entire time in office in an agency.”

Baron commented that there are reasons why officials might want to use personal email systems from time to time—ease of use and efficiency when working in a fast-paced work environment, for example, but went on to add:

JRB on Last Word

“But the fact that it is understandable and that we live in a fast paced world and that we need to communicate doesn’t change the fact that officials that are in the position of the secretary of state, and frankly all federal employees, are doing the nation’s business. They are held to be accountable. The citizens have the right to ask in Freedom of Information Act Requests for records responsive to those requests. Congress has the right to ask for records that are created or received as a matter of public business.”

Watch the full MSNBC interview, here.

Baron was also interviewed on Federal News Radio about the Clinton email story. Again, he described the apparent sole use by Clinton of private email to conduct official business as surprising and “highly unusual.” According to Baron, a key concern is that the emails are likely to contain historically interesting documents that should be preserved and that use of private email instead of official accounts provides little assurance that the records will find their way into those officials systems. Baron also notes that the practice raises numerous other concerns, too.

“It raises a number of questions including the security of those communications, whether they are classified or not, and ultimately whether the agency involved could meet its FOIA obligations, even apart from the fact that the historical record is rendered incomplete,” remarked Baron.

Listen to the full Federal News Radio program, here. Coverage continued last night, and Baron was interviewed on NPR’s All Things Considered. Listen to his remarks below.

But the Clinton email story raises bigger issues about government (and private sector) management of emails beyond security concerns and an incomplete historical record. As one New York Times op-ed written by two professors of history points out, even if Clinton had used official systems and the record had been fully preserved, the contents might still be as good as lost. The editorial, “What Hillary Clinton’s Emails Really Reveal,” discusses the staggering rate at which the government is currently producing records, including emails. The piece notes that the public won’t be able to access those records unless they are able to be both preserved and processed, and the system is currently overwhelmed.

“According to the nonpartisan Public Interest Declassification Board, a single intelligence agency is producing a petabyte of classified data every 18 months, or the equivalent of 20 million four-drawer file cabinets. The National Archives estimates that, without new technology to accelerate the process, that information would take two million employees a year to review for declassification. Instead, there are just 41 archivists working in College Park, Md., to review records from across the entire federal government — one page at a time.”-Matthew Connelly & Richard H. Immerman, “What Hillary Clinton’s Emails Really Reveal”

Read the full editorial, here.

The breaking Clinton email story and the coverage and commentary it has generated raise the importance of managing our emails better. Prior to the story’s breaking, an IGI webinar with Charter Supporter, OpenText, was slated to discuss these very issues. During “What You Can Learn from the U.S. Federal Government’s ‘Capstone’ Strategy to Solve Your Email Governance Headaches,” held March 3, 2015, a panel of experts discussed the government’s “Capstone” approach for preserving government records found in email as well as the Clinton email revelations.

“We can see from today’s events that the email problem has not been solved at all. We have been living with email communications since the late 1980’s and early 1990’s especially in the Federal government and elsewhere in the world. With network systems after 1995, it has become ubiquitous as a means of communication, and yet, we have been struggling in both the public sector and the private sector to sort of get our arms around the email problem. It has only grown in volume. We all get hundreds of emails a day, and the management of that is vexing. We all feel overwhelmed both in our professional lives and in our personal lives,” said Baron, one of the webinar panelists.

The webinar discussed that early approaches to managing email, like mailbox quotas or arbitrary deletion schedules have led to numerous problems, including premature or accidental deletion, problematic employee work-arounds, and labor-intensive, manual classification. The Capstone approach, developed by NARA to help federal agencies comply with the Managing Government Records Directive, is an attempt to relieve much of the burden on end-users by automatically preserving the accounts of key officials (and others as appropriate) as official records. Under the application of the Capstone approach, as the head of a department, Secretary Clinton’s emails would have been slated for automatic preservation as part of the historical record of the first Obama Administration and would have been more accessible to pending Freedom of Information Act requests.

The webinar discussion shows, however, that Capstone is intended to be just an important starting point for effective email governance. The Capstone approach alone can be both over and under-inclusive. Not every email in a “Capstone” account is legitimately a “permanent record” requiring preservation, and some would-be permanent records in non-Capstone accounts can be missed. However, Baron emphasized that Capstone always has been intended as an “interim solution to a future state,” that would include the use of software auto-classification solutions to more effectively classify emails. “It is incumbent on agencies to view Capstone as a [very much needed] bridge where the capture elements under NARA policy are [admittedly] somewhat simplistic and somewhat large bucket in nature,” observed Baron.

The webinar discusses recent advances in auto-classification, for example, allowing computers to be trained to identify and classify records. This would allow for a much more granular, less labor-intensive application of records retention requirements and classification rules, as well as review of more email accounts and documents beyond email. Effective application of these technologies could help to address both long-term preservation issues, as well as ensure that those records are appropriately classified, making them more accessible as the official historical record of our nation.

Log into our community site to watch this timely webinar, today.

Recent Coverage:
FCW article: Few levers to keep records scofflaws in line
TIME’s cover story: The Clinton Way
Factcheck article: Clinton’s Email and the Privacy ‘Privilege’

 
OpenText Innovation tour with Barclay Blair

“BOMBSHELL REVELATIONS” ABOUT HILLARY CLINTON’S USE OF PERSONAL EMAIL ACCOUNT. WATCH TODAY’S IGI WEBINAR ON DEMAND

NYT Headline Clinton Use of Private Email“It will likely become a big issue in the upcoming presidential campaign. This morning Hillary Clinton is in the hot seat after bombshell revelations first reported by the New York Times overnight. The Times reported that Clinton exclusively used a personal email account to conduct government business as Secretary of State.”

ABC News, Good Morning America, March 3, 2015

“‘It is very difficult to conceive of a scenario — short of nuclear winter — where an agency would be justified in allowing its cabinet-level head officer to solely use a private email communications channel for the conduct of government business,’ said Jason R. Baron, a lawyer at Drinker Biddle & Reath who is a former director of litigation at the National Archives and Records Administration.”

Hillary Clinton Used Personal Email Account at State Dept., Possibly Breaking Rules, New York Times, March 2, 2015

Jason R. Baron, Co-Chair of the Information Governance Initiative is quoted in a breaking, front-page story this morning in the New York Times about Hillary Clinton’s use of a personal email account for four years while she was Secretary of State. Jason was also interviewed about the issue on Good Morning America today and the story is going viral around the globe.

The IGI hosted a live discussion this morning about email governance in the U.S. Federal government, specifically NARA’s “Capstone” strategy that is explicitly designed to ensure that all email of top officials is captured and retained permanently.

Our discussion included a panel of experts with deep experience on Federal government recordkeeping and email governance, and presentation of a case study of how the Department of the Interior is dealing with its massive email archive. The panel discussed more sophisticated approaches to email governance that use automated classification to identify and preserve important messages.

Baron stated during today's webinar "There are certainly understandable reasons to use private email accounts from time to time [...] but the rules that are in place, that are well understood, are that high level officials and frankly anyone in government needs to use an official record keeping system for email and that it is the exception not the rule to use Gmail."

He went on to state that "if Capstone was in place and she had an account on the system, then all of her email records those of historical importance and everything else would have been captured in an archive..."

View the full webinar.

DailyMail

JRB and Clinton

Events like this seem to beg for a nickname or at least a hashtag. Take our online poll to vote, and to provide your best suggestions.

 

JASON R. BARON INTERVIEWED IN THE ARTICLE: AGENCIES GOING ‘CLOUD FIRST’ FACE A RECORDS RIDDLE

IGI Co-Chair, Jason R. Baron, was interviewed by Richard Walker in the recent article, “Agencies Going ‘Cloud First’ Face a Records Riddle,” published at InformationWeek Government. Click here to read the article.

According to Baron, federal agencies attempting to comply with the Obama Administration’s directive to shift to cloud computing would be well-advised to address their electronic recordkeeping obligations upfront or risk failing to meet key and impending e-recordkeeping deadlines. The "Capstone” approach, introduced by the National Archives and Records Administration (NARA) in August of last year, one option for addressing these concerns, is discussed.

Excerpt:

Agencies that aren't spending enough time on electronic records requirements at the beginning of the process of migrating to the cloud for email may have difficulty meeting these deadlines, said Baron.

"Otherwise you're building what amounts to a slow-motion train wreck, where you've got this cloud and you've got a million emails somewhere in there and that's all very good. But at the end of the day, when the agency wants [to forward email records] to NARA, it may not have deleted any email or differentiated between what's permanent and what's temporary. You need to think about these issues on the front end."