German Laws, Orders, Regulations and Instructions
Affinity with Local (County) US Government
What does the law expect of electronic government records? Records enable governments to be transparent. If government keeps good records of its activities and gives citizens easy access to them, then citizens can review government and hold it accountable.
Today most government records are electronic. Accordingly, the German federal government seeks to archive its electronic records, including e-mail. A key initiative under the Federal Ministry of the Interior is DOMEA, a project that sheds light on the legal expectations for e-government records, including electronic mail.
The DOMEA project recognizes that: “Electronic records . . . have to meet the requirements for record keeping in public administrations, which are prescribed in laws, standing orders, regulations and instructions. They include important points, such as:
“1. The completeness, integrity and authenticity of official records, which means that official documents cannot be subsequently altered, changed, removed, destroyed or deleted.
“2. The records principle of public administration, which means that documents have to be appropriately joined together in systematically arranged subject files according to the functions of a particular office.
“3. The accountability and lawfulness of administrative procedures, which means that accountabilities and responsibilities have to be documented in records in the course of business and that the state of affairs and the development of transactions in a given case has to be completely evident in records at any time.”
Of course, the validity of these legal standards is not limited to Germany or even Europe.
If these are the legal standards for government records, then query whether popular enterprise e-mail systems such as Microsoft Exchange and Novell Groupwise are designed to meet these standards. Generally speaking, they are not. They do not support efficient storage, management, protection and searching of vast quantities of e-mail records, collected from a large population of users over an extended period of time. That’s one reason enterprises like governments commonly have policies to destroy most e-mail relatively quickly, such as 90 days after transmission.
But e-mail has become central to the administration of modern government. Very often, e-mail documents official transactions and official delegations of responsibility. It also empowers internal audits and investigations (by for example inspectors general) for fraud, waste, corruption, mismangement and misappropriation of funds.
For some time organizations such as governments have relied on ad hoc methods for retaining e-mail – including the print-and-file method. But e-mail is so voluminous and has become so important that ad hoc solutions are failing.
Last week I led an on-site workshop with the staff of a mid-size county government struggling with this problem. Staff representatives hailed from IT, counsel, finance, administration, internal audit, human resources, risk management and public health services. The county’s e-mail system is Groupwise. The staff concluded that the county needs, in addition to Groupwise, a dedicated e-mail archive appliance. The workshop enabled the staff to write new, modern policy on e-mail archival.
Mr. Wright teaches e-discovery and e-investigation law at the SANS Institute.
He is an advisor to Messaging Architects, where he leads an in-house workshop to help the stakeholders in an enterprise craft workable policy on the management of email and other eRecords.
P.S. New Mexico's Attorney General (AG) indicted the state's former Secretary of State (SoS) for tax evasion and money laundering tied to alleged kickbacks to her by the recipient of federal grant money. Stephanie Simon, "New Mexico Roiled by New Graft Case," Wall Street Journal, August 22 -23, 2009. Among other things, the indictment alleged that the defendant advanced her crime by fabricating two official records in 2004 -- a paper letter and a paper memo. The indictment came on the heels of thorough document reviews by both federal and state auditors. The auditors said the Secretary of State's office maintained poor records on its management of federal grant money. Email records (which are very hard to forge or spoof successfully) were sparse if non-existent. Furthermore, the Secretary of State's office says it keeps financial records only three years after the close of the fiscal year. Now, the AG and the ex-SoS disagree sharply over the allegations. Had the SoS's office maintained more detailed and complete records (including archived email, supported by time-stamps and other audit trails), this disagreement might now be resolved. Either (a) the ex-SoS would have been deterred at the outset from corruption for fear that the records would betray her, (b) the records would clearly exonerate the ex-SoS, or (c) the records would unambiguously demonstrate the ex-SoS's guilt.