In Part 3 of our interview, Don DeLoach, former Chief Information Officer for City of Tallahassee and consultant to local government firms, gives us an inside look at the internal policies and rules public sector organizations need to have in place—and which stakeholders should be involved in creating them.
Who are the stakeholders within a public sector organization that are responsible for responding to records requests?
Before we discuss who is responsible for responding to records requests, we should talk about the business process that comes along with handling them. The first thing the organization should consider is who oversees the records. Is it the Clerk of Records? The IT department? Who is responsible for finding those records and getting them to legal to have sensitive or exempt information redacted? The answers to these questions lay the foundation for how the organization will handle records requests.
Who is responsible for determining and implementing the business process?
There are four stakeholders who should create the process: The Chief Information Officer (CIO), Public Information Officer (PIO), the Clerk of Records (Clerk), and Legal. These four should get together to come up with the process that best fits their needs as an organization. This must be a collaborative effort because records need to move through a series of steps before they can be released in response to a request.
In most organizations with a manual process, the Clerk is where the request starts. Someone in IT or the CIO is responsible for finding the records, which are typically in an archive. The Legal department reviews the records and redacts any information that is exempt to public view, such as home addresses or sensitive, personally identifying information. The PIO is responsible for articulating the process to the public and disclosing any costs associated with records requests. In essence, the PIO plays a marketing role in how the public interacts with the organization. Everything is connected in the business process, and if any part of the team falls off or behind, the process will derail.
How does it differ with an automated process? Will these four stakeholders still need to collaborate?
First and foremost, if the stakeholders implement an automated solution, IT doesn’t have to get involved once the solution is in place, which is the ideal scenario. It takes a lot of time and effort to manually locate the requested records. With an automated system, the Clerk could quickly and easily locate all records across email, social media, text messages, or whatever was requested. Once found, the records could be sent straight to Legal for redaction, then to the Clerk who releases them to the requestor—streamlining the workflow from four teams to two. Because it’s cheaper and easier for the organization to produce the records as soon as possible, it’s in their best interest to find a tool that allows that to happen. If you don’t have the right business process and tools in place, it can become a very expensive task. You can also damage the relationship between you and the community. Releasing the records shows your organization is transparent and accessible.
What should you look for in an automated solution that would help the organization determine and adhere to their workflow and policies?
Just like we discussed in Part 2: Choosing the Right Archiving Solution for Your Public Sector Agency, you want to look for an automated solution that’s easy to use. If it’s not easy, you will have to find someone in IT—or hire someone with an IT background to help you with records requests—which is exactly what you’re trying to avoid. Your automated archiving solution should have a robust search function, and its eDiscovery tool should be self-explanatory so anyone can review the information. You also want an automated solution that can grow with your organization as it adopts new communications types, such as social media and text messaging. If your solution lacks these features, you’re back to stretching your staff thin or hiring additional employees to handle records requests. More time, more people, more effort, more money. Even if you have the in-house staff to fill those extra roles, you’re still racking up a hefty tab.
Is there any reason a manual process would be preferred?
What you’ll find is the manual process is more in the workflow than the pulling of the records. If you have to manually track down and search through records, it’s going to be a very long and tedious process. However, if you have a discovery tool that can pull email and other types of records quickly, the process will be expedited. The organization might have a workflow-management tool that is tracked in a database and sends emails to the people in the right flow, but most organizations use a manual checklist: Where did the record start? Did it get through the clerk? IT department? CIO? Legal? Most of the time, that manual checklist will be released along with the records to prove the correct workflow. If an organization has an electronic document management system in place, they can probably build it to adapt that system into their workflow.
Is it a best practice to review your workflow? Is it a matter of public record?
Yes, if it’s in writing, and has been approved by the commission, city manager, or ordinance that addresses the workflow, it is a legal public document and must be produced if requested. You should always review your workflow periodically, not just to make sure it’s up-to-date, but to make sure it still works for the organization and to ensure that you’re doing the right thing, according to law.
Don DeLoach has more than 32 years of state and local government involvement. Don was the Chief Information Systems Officer for the City of Tallahassee, and was responsible for all of the city’s technology needs. He is also a former president of the Florida Local Government Information Systems Association, and a former member of the board of directors for Public Technology Institute. Don was recognized in 2008 as a Premier 100 CIO by Computer World Magazine.
Founded in 2001, Smarsh helps more than 20,000 organizations meet regulatory compliance, e-discovery and record retention requirements. The company is headquartered in Portland, Oregon, with offices in New York City, Boston, Raleigh, N.C. and London.
For more information, visit www.smarsh.com, follow @SmarshInc on Twitter or like Smarsh on Facebook at www.facebook.com/SmarshInc
Latest posts by Smarsh (see all)
- It’s a Social, Mobile World Out There, People - September 21, 2017
- Preparing for MiFID II and its Global Impact With Help From Industry Experts - September 15, 2017
- Regulators Don’t Want Perfection, But They Do Expect a Compliance Strategy and Execution - September 14, 2017