Avoiding Serious Email Open Records Mistakes

October 21, 2015

Nathan Eisner, COO, Sophicity

This article is posted with permission from VC3's blog and shares non-technical, municipal-relevant insights about critical technology issues, focusing on how technology reduces costs, helps better serve citizens, and lessens cybersecurity risks. VC3 is solely responsible for the article’s content.
This article originally appeared on Sophicity's CitySmart blog. 

Following open records laws and records retention policies is serious business. However, email sometimes gets treated like an informal type of communication. But when email is considered a public record, an informal approach to email becomes hard-to-manage, expensive, and time-consuming when responding to an open records request.

Unfortunately, many cities have not modernized their email systems. As a result, they open themselves up to greater risk by not having proper business-class functionality to help properly archive and maintain email.

Here are a few serious mistakes that jeopardize a city’s ability to respond to open records requests that involve email.
 
  1. Using free or personal email accounts. Free software platforms often lack a central way to manage and maintain email that can effectively match your city’s records retention policies. Personal email accounts involve even more risk because they blur the boundary between business and personal information. Politicians from Sarah Palin to Hillary Clinton have run into ugly, expensive problems when using personal emails for government business. Conduct all city business with a business-class email system that your IT staff or vendor manages and maintains.
  2. Lacking an email archiving policy. To reduce the risk of deleting or losing important emails, it helps to set up archiving on your email platform. That means taking a serious look at storage. Reducing employee email storage increases the risk of employees deleting emails that need to be retained. If you know how long you need to keep your emails and when they can be deleted, then you can automate your email system to take care of this.
  3. Failing to properly back up emails both onsite and offsite. Emails for city business are public records. In other words, failing to back up emails is not optional. If you already have a data backup plan for your email, then you need to examine if you back up that data both onsite and offsite. Also, you need to test your backups at least quarterly to ensure they work.
  4. Relying on email for document management. We’ve written before that email is no substitute for a document management system. Document management systems work exceptionally well for creating, editing, reviewing, and finalizing official documents while collaborating transparently with other people. Documents don’t get lost, they are seen by any authorized user, and they are easy to find when you receive an open records request. By contrast, documents become much harder to manage when they only reside in people’s emails.

To avoid the above mistakes, your city can follow this simple checklist.
 
  • Use a business-class email system.
  • Archive email to match with your city’s retention schedule.
  • Back up emails both onsite and offsite.
  • Create official documents in a document management system.
  • Clarify city policy and procedures about using personal and business email.

Back to Listing