Last month Information Governance ANZ hosted an entertaining evening with Jason R Baron on the topic of Presidential tweets, Self-destructing messages and the use of Shadow IT. Jason is Co-Chair of the US Information Governance Initiative and previously served as Director of Litigation for the US National Archives and Records Administration.
Jason noted that government officials communicating about government business via Twitter should expect judicial scrutiny of their actions with respect to the ‘limited public forum’ they have created, and that tweets, like any communications sent by high level public officials about government business, are potentially appropriate for preservation as official records. This includes tweets from @POTUS and @realdonaldtrump. This lesson is repeatedly ignored when users confront novel communications platforms, such as email (1986), texts (circa 2002) and Snapchat (2016).
This view about the importance of capturing certain records of business transacted via email and social media aligns with advice provided by NSW State Archives and Records. (See our advice on Managing Email, Strategies for Managing Social Media Information, Mobile apps and patient records and How long should social media records be kept?)
In 2016, Jason was interviewed by the New York Times (Hillary Clinton Used Personal Email Server at State Dept., Possibly Breaking Rules’. Michael Schmidt, New York Times, March 3, 2016). He was quoted at that time as saying ‘it is very difficult to conceive of a scenario – short of nuclear winter – where an agency would be justified in allowing its cabinet-level head officer to solely use a private email communications channel for the conduct of government business’. Jason noted that he was right and wrong when he made that statement. Right in that Hillary Clinton’s case represents an extreme outlier, but wrong in that she alone was seeking to evade public scrutiny in connection with email and other forms of communication. He noted that politicians and corporate executives of all stripes adopt similar end-runs:
- Jared Kushner used private email in Trump administration
- Pence used private email for state business – and was hacked
- Malcolm Turnbull defends use of secret messaging apps and private email server
- QLD Labor MP Mark Bailey avoids criminal charges over deleted private email accounts
(Baron suggested the Wiki page of political controversies in Australia for more examples).
He did note however, that caution is needed as soundbites and headlines can be misleading. The policy guidance has been somewhat of a moving target from 2000 through to the present. The same rules were not in place and one needs to be careful in comparing apples and oranges. Using a private email system for non-official business like electioneering/campaigning may be perfectly appropriate, the problem comes when one is mixing public/private business on the desktop or one’s own device, or when directing staff on the government payroll to perform campaign-related duties.
Using a private email system from a government or personal computer to communicate about official matters is not per se a records violation (although it increasingly may raise security issues), rather it is not copying or transferring records of public business from the account that causes the fundamental problem.
There is partial statutory recognition of shadow IT in the US under US Code 2911 Disclosure requirement for official business conducted using non-official electronic messaging accounts. The Code states that:
In general an officer or employee of an executive agency may not create or send a record using a non-official electronic messaging account unless such officer or employee copies an official electronic messaging account of the officer or employee in the original creation or transmission of the record; or forwards a complete copy of the record to an official electronic messaging account of the officer or employee not later than 20 days after the original creation or transmission of the record.
The intentional violation of this (including any rules, regulations, or other implementing guidelines), as determined by the appropriate supervisor, shall be a basis for disciplinary action.
Jason noted the lessons from this are that:
- Lesson No1 – No one knows where everything is
- Lesson no 2 – No one knows what everyone is doing (he illustrated this point with a photo of Edward Snowden).
Bring Your own device policies and the world of ephemeral communications, including self-destructing messages on Signal, Confide, Whats App and Snapchat are an issue. He suggested the following best practices in confronting the reality of shadow IT:
- Develop a robust information governance policy that covers the emergence of shadow IT in the workplace
- Educate employees
- Employ IT solutions to protect information e.g. allowing remote access through directed means such as Citrix, require passwords and screen timeouts, make it easy to copy or forward messages to official recordkeeping systems
- Make agency systems and devices easier and more attractive to use than alternatives (he wished everyone good luck with this one)
- Periodically re-evaluate employee practices and company policies
- Practice what you preach
(See J R Baron and Amy R Marcos “Beyond BYOD: What lies in the Shadows’. The Ethical Boardroom (2015) https://ethicalboardroom.com/beyond-byod-what-lies-in-the-shadows/ for more about this topic)
Jason finished with the advice to not practice Black Swan information governance by being proactive and ended on a positive note that culture change was possible.
It would have been interesting to get Jason’s views on the recent stories that President Trump routinely rips up paper records.
A video of his presentation and copies of his slides are available from the Information Governance website.photo by: marfis75
Welcome to working within the Records Management and Archives industry! NSW State Archives and Records Authority acknowledges that not everyone working in Local Government comes from a record management background or has received formal training in this fields area. The following advice is for all new Local Government employees who are beginning a career in records management environment regardless of their background.
Know what you are doing
It is important for Records Management teams to remember there is not one correct methodology to practise. Nor are there industry benchmarks for team performance that they need to meet. Records management can sit in many different spots within Local Government and therefore the scope of services your team provides can vary. You could be:
- Handling development applications
- Actioning GIPA requests
- Administering records management systems
- Opening and/or processing the Council’s mail
- Training staff
- Setting and ensuring compliance of information management policies
There are standards and codes of best practice in recordkeeping that allow you to benchmark your organisation’s performance for the State Records Act 1998. The Act will most likely form the backbone for your work. To educate yourself about the Act, its requirements and the impact on your work we have a range of free online training material.
Know the rules
The Government Recordkeeping website has all the rules you need to be aware of for complying with the State Records Act. Start by having a look at the rules around:
- identifying records of archival value
- digital archive preservation,
- retention and disposal of records, in particular authorities 39 and 16,
- records management standards, and
- transferring records to the State Archives.
Whilst the advice provided on our website will have a focus on operating within the framework of the State Records Act, you should also be aware that working in recordkeeping within Local Government is not limited to the requirements of the State Records Act. Depending on your Council’s business practices you may need to work with business practices around:
- Government Information (Public Access) Act 2009
- Environmental Planning & Assessment Act 1979 (and various amendments)
- Companion Animal Act 1998
- Swimming Pool Act 1992
- Privacy and Personal Information Protection Act 1998
It is also important that Records Managers review how their Access Directions work alongside their Council’s governance policies relating to GIPA requirements. To see if your Council has Access Directions click here. If your Council doesn’t have access directions, you can develop your own using our guide and in discussion with our Public Access team.
Need to know more?
State Archives and Records is the NSW recordkeeping authority. We manage the archives collection, provide advice on recordkeeping rules for the public sector, and provide a records repository for the government.
- General enquiries can be emailed to firstname.lastname@example.org or call our switchboard (02) 9673 1788
- To discuss recordkeeping rules, standards and authorities email email@example.com or call (02) 8257 2900
- To discuss transferring custody of State archives to us email firstname.lastname@example.org
- To discuss retrieving archives that are in our custody use our online form or email email@example.com
- To discuss the Government Records Repository services or your holdings email firstname.lastname@example.org or call (02) 8805 5325
- If you would like to obtain a formal qualification or tap into the industry’s professional associations click here.
This post was written by Ben Thomson, AALIA, who recently completed a practicum placement with the Government Recordkeeping Team at State Archives & Records NSW. Ben is currently the Team Leader – Business Information at The Hills Shire Council, Sydney and is in his final year of studying the Graduate Diploma in Recordkeeping and Archives at Curtin University.Image credit: Alan Levine, Hard to Access the Records
By Cameron Duffy
Communications and Promotion Officer (IPC)
NSW Information Commissioner and Open Data Advocate, Elizabeth Tydd, has launched a new e-learning module on Open Data in collaboration with the Department of Finance, Services and Innovation (DFSI).
‘Launched in May to close out Information Awareness Month (IAM), our new Open Data e-learning module is an opportunity to increase public awareness of information and its place in all aspects of daily life and to promote information practices and policies to support sound information management across organisations,’ said Ms Tydd, NSW Open Data Advocate and CEO of the Information and Privacy Commission NSW (IPC).
‘Transparency of government actions – sound practices for information access and information sharing are central to building trust and achieving an effective democratic system.
‘Our challenge as custodians of government information, is to embrace the ‘digital world’ and apply its benefits to promote accountability, deliver better services, engage with the community and at the same time, ensure our systems protect information privacy and security.
‘Building trust and confidence in our ability to ethically and effectively manage information in the digital age is essential to advancing Open Government. Our new e-learning module is also designed to elevate knowledge of sound information governance,’ Ms Tydd said.
The IPC is promoting good governance through the release of a new, freely available Open Data e-learning resource.
‘DFSI are leading the state’s work in better understanding and ensuring accountability for using and sharing Open Data. This e-learning resource has been developed in line with the NSW Open Data Policy and is being delivered under our commitment to provide education and training to our stakeholder groups across NSW information access and privacy legislation,’ Ms Tydd said.
‘I am pleased to launch the new Open Data module which has been designed to provide an understanding of Open Data along with an explanation of how public sector organisations can embed good information practices to support Open Data release in NSW.
‘Open Data offers great potential value to the community and government. The benefits are diverse, ranging from improved efficiency to greater public participation in the development of government policies and community services.
‘I encourage all public sector employees to complete the Open Data e-learning course, available for free on the IPC website,’ Ms Tydd said.
More information and resources on information access and privacy rights in NSW are available at http://ipc.nsw.gov.au/
The European Union’s General Data Protection Regulation (GDPR) is new data privacy legislation introduced to protect the personal data of all citizens across the EU. The GDPR comes into effect in a matter of weeks, on May 25th 2018.
Although a European law, the GDPR is designed to have extra-territorial reach and may apply to some NSW public offices, such as universities.
As this month is Information Awareness Month, it is more relevant than ever to ensure that NSW public offices are remaining up to date with new privacy regulations. According to NSW Information Commissioner Elizabeth Tydd, Information Awareness Month is a “timely reminder” of the importance of good governance and best practice around information management. Privacy frameworks such as the GDPR are designed to promote and regulate precisely this.
The Information and Privacy Commission (IPC) has created a fact sheet to inform NSW public sector agencies of their responsibilities in regards to the new legislation. The fact sheet includes answers to a few of the common questions about the GDPR, such as:
Does my public sector agency need to comply with GDPR?
How is the GDPR different to NSW privacy laws?
What are the risks of not complying with the GDPR?
For answers to these questions and more information about how the GDPR could affect the NSW public sector, visit the IPC’s fact sheet.
Photo by Dennis van der Heijden
May is Information Awareness Month (IAM). The purpose of IAM is to increase public awareness of information and its place in all aspects of daily life.
This year’s theme: Trust in the Digital World highlights the key role information plays in building trust in digital technologies.
To celebrate IAM, we will be posting information on how we can build trust in the digital world. So keep an eye on the blog during May.
In the meantime, you can read one of our blog posts regarding trust: Trust no one? The truth is out there.
You can also read the NSW Digital Strategy which provides details on how the NSW Government is approaching the design and delivery of its services. It also includes information on cyber security’s role in ensuring that government services provided digitally stay safe, secure and trustworthy.