News

Insights from practitioners in Information Management

Issue 26 – Emails are records too

Welcome to this months issue of Information Overload. First of all I would like to take this opportunity to thank everyone who forwards the newsletter on to friends and colleagues, I hope you get something of interest and use from its contents.  I would also like to welcome all new subscribers; you may be interested to note we now have subscribers from 9 countries including the United Kingdom, the United States and India. Welcome, we hope you enjoy reading.

I would like to apologise in advance for the topic of this month’s edition. We are going to go back to basics and discuss the subject – Emails are records too!

In this Issue we will be looking at:

• Emails are records too!
• Technological Constraints;
• Media Fragility and Version Control;
• A Thought to Ponder.

Emails are Records Too!
Emails that have been sent and received, as part of your business transactions and activities should be treated in the same way as your paper based records. Yes, emails are records too. As we change the way that we conduct our daily business so too must the definitions and legal considerations of record keeping. So “for the record” let us define the term record.

The AS/ISO 15489 defines a record as being:
“Information created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transactions of business.”

The WA State Records Act 2000 defines a record as being “any record of information however recorded and includes –
(a) any thing on which there is writing or Braille;
(b) a map, plan, diagram or graph;
(c) a drawing, pictorial or graphic work, or photograph;
(d) any thing on which there are figures, marks, perforations, or symbols, having a meaning for persons qualified to interpret them;
(e) any thing from which images, sounds or writings can be reproduced with or without the aid of anything else; and
(f) any thing on which information has been stored or recorded, either mechanically, magnetically, or electronically.”
West Australian State Records Act 2000. State Records Principles and Standards 2002 as published by the Government Gazette, Tuesday 5th March 2003, No 38.
Whilst these give broad definitions of what constitutes “a record” it should be noted that the term “electronic records” needs further clarification. The reason being is a simple one.  Most people do not consider Emails and other forms of electronic communication as a business transaction.

The Australian Records Retention Manual (ARRM) defines electronic records as:

Any record created or stored electronically.  Included in this term are those records, which are “born digital”, as well as those records, which have been scanned into an electronic record format and stored on “the system”.  Within this category of record are e-mails, interactive messages (for example MSN Messaging) and any SMS text messages which are sent and received as part of a business transaction and should be subject to the same retention and disposal schedules as the rest of the electronic and paper based records managed by an organisation. Section 1: What is a Record? Australian Record Retention Manual, 5th Edition, 2004

The importance of determining the actual meaning of the word “record” is simple. The record is capable of removing the evidentiary difficulties associated with both information and communication. The record, subject to the test of reliability, is proof of how things were. If your electronic records are not captured and “filed” correctly, you will not be able to prove how things were, and consequently you may be subject to fines and/or imprisonment. 

If this sounds a little harsh, take the recently introduced Sarbanes Oxley Act. The United States (US) Sarbanes Oxley Act 2002, named for the two senators who introduced the bill – (Senator Paul D Sarbanes (D-Md) and Republican Michael G Oxley) states that non-compliance with the rules applying to the maintenance of records is a federal crime in America and can result in a jail term of up to 20 years and large fines. 

The Act also governs accounting practices and specifies mandatory retention periods of five years for all audit and review work papers. Failure to keep records (in whatever format) for the specified term can result in jail terms of up to 10 years.

Complying with the Act requires that an organisation should produce, on request, authentic and reliable records and all supporting documentation. Section 1102 of the act is concerned with tampering with records or impeding official proceedings and states that:
“Whoever corruptly – (1) alters, destroys, mutilates, or conceals a record, document, or other object, or attempts to do so, with the intent to impair the object’s integrity or availability for use in an official proceeding; or
(2) otherwise obstructs, influences, or impedes any official proceeding, or attempts to do so, shall be fined under this title or imprisoned not more than 20 years, or both.”
The Act can be viewed in its entirety at
http://news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf

Before you say, but what has that got to do with me? The Sarbanes Oxley act has far reaching implications, any company or organisation that is an SEC (the United States Government’s Securities and Exchange Commission) registrant, as well as those subsidiaries of US or European parent companies that are SEC registrants MUST comply in full with the Sarbanes Oxley Act.
As we are all too aware, storing and retaining the integrity of electronic records and emails in particular is somewhat problematic, given the speed in which technology advances.  But we will be looking at this in more detail a little further on.

The team here at Information Enterprises Australia (IEA) noted with interest that emails were used as evidence in the United Kingdom’s “Hutton Inquiry”. In particular those emails sent and received by journalist Andrew Gilligan. The Hutton Inquiry was a British judicial inquiry chaired by Lord Hutton who was appointed by the British government to investigate the death of a government weapons expert, Dr. David Kelly. 

As a result of the inquiry, changes to British Legislation occurred. The Retention of Communications Data Under Part 11: Anti-Terrorism, Crime & Security Act 2001 – http://www.hmso.gov.uk/si/si2003/draft/5b.pdf now stipulates that information relating to email traffic should be retained for a period of 12 months. For a brief overview of the case go to – http://en.wikipedia.org/wiki/Hutton_Inquiry

However, if your organisation is impacted by both pieces of legislation (and with the ever increasing globalisation of businesses, this is becoming more and more likely), then it is recommended that you keep records relating to all business transactions for the longer period of time, ie., 5 years. The problems associated with legislation like the US Sarbanes Oxley act are complex. As more records are being generated electronically, ensuring organisations are able “to produce, on request, authentic and reliable records and all supporting documentation” is difficult.
According to a new study by the International Data Corporation (IDC), it is estimated that daily email traffic will double by 2006, taking the number of email messages sent and received each day from a mere 31 billion messages to over 60 billion messages per day.  As more and more people and organisations “go online” this number of messages sent will continue to grow. According to IDC this would amount to over 3.35 petabytes of information. The question becomes how do you manage this ever growing problem, and be able to “to produce, on request, authentic and reliable records and all supporting documentation”?
http://www.sims.berkeley.edu/research/projects/how-much-info-2003/internet.htm

Technological Constraints
As we have discussed in previous newsletters, part of the problem with maintaining access to electronic information is the speed to technological obsolescence of the computer hardware and software used to generate the records. It is interesting to note that we seem to belong to a “throw away” society. Replacing mobile phones every two years when contracts run out, wanting the latest and greatest in gadgets and electronics, upgrading computers and software whenever new versions come out and so on. Take for example the move away from video to CD technology. How many of you own a VHS recorder, CD Player and a DVD Player, how many of you have more than one television and how many of those have their own sets of gadgets and surround sound entertainment systems? Quite a few I would imagine. I am not saying that this is either a good or a bad thing, but it is interesting to note how our need to have the biggest and best system outweighs the economic considerations (people usually outsource in order to save money), the environmental concerns (how do we recycle/reuse this) or how we are going to manage the old data, and do we care if one day we can’t access the old material? After all tomorrow hasn’t arrived yet. If you think my comments are a little flippant, ask yourself this – what would you do if your VHS recorder decided not to work, would you get it fixed, or would you ditch it in favour of a new one with integral digital top box and DVD Player? 

Media Fragility and Version Control:
As you probably know, having read previous newsletters, migration of records across software upgrades can render old files and documents unreadable by the later versions.  “Migration is essentially a translation. With migration, as with all translations, some information is lost, no matter how skilled the interpreter. In migration, it is usually the context, rather than the data, that drops out or is improperly reconstructed in the new code. This can be crippling in dynamic formats, in relational databases, and even in simple spreadsheets.” Lawrence, Gregory W et al. Risk Management of Digital Information: A File Format Investigation. Council on Library and Information Resources, June 2000, vi (www.clir.org)

Most people agree that if you have a paper document – you can preserve the object and you preserve the record. With E-records, people experience the record through a performance (by using appropriate software/hardware). Therefore with e-records if you preserve the performance you can preserve the record. However, there is the issue of data migration – if the record has been migrated through various versions – questions you need to ask yourself are:
• Is the version that I am viewing the version that the originator wanted me to see?
• Is it in the correct format?
• Can I see the object in the same way as the original creator saw?

It is said that the key to preservation is:
• Actively determining what it is you want to keep;
• The use of Standards and best practice – for example – ISO 15489; PDF-A and JPEG 2000;
• Full documentation as to decisions made, which software used and the records migrated or transferred.
• Active involvement in technology decisions, records managers, librarians and archivists should be involved at an organisational level;
• Remember there is no silver bullet; and
• There is no product-driven solution.
This newsletter does not hope to cover all the problems and issues surrounding electronic archiving and would therefore direct you to IEA’s White Paper on Electronic Archiving (Issue 19. If you would like a copy of this paper, please contact the office on training@iea.com.au and we will send you a copy)