Best Practices in Public Record Response
Content based on the webinar: Public Record Response - Best Practices in 20 Minutes by Bryan Pierre, Public Administration Program Manager, TD Synnex Public Sector and Robert Cruz, VP, Information Governance Solutions, Smarsh.
Government agencies today communicate and engage with their constituents in new and innovative ways. However, agencies must still respond to public records requests in compliance with the Freedom of Information Act (FIOA) and state Sunshine laws. While using a variety of communications channels is beneficial to collaboration, capturing and storing digital files to respond to records requests and meet data privacy obligations poses its own set of unique challenges.
In our recent webinar, Public Record Response: Best Practices in 20 Minutes, our experts discussed:
- The reality of digital communications today in government
- How digital communications are impacting digital records requests
- Best practices around capturing public records responses and enhancing public records management policies and procedures
Below is a summary of critical points from that discussion.
Trends in public record communications
In the public sector, as in the private sector, digital communications like social media and text messages have become a standard way for federal, state and local agencies to communicate and drive greater engagement with their audiences.
While it helps to engage where audiences prefer, digital communications continue to evolve rapidly. Meta’s newest social media platform, Threads, highlights the ever-changing ways each new generation prefers to communicate and further highlights how important it is to keep up with the evolution of digital communications from a public record and cybersecurity standpoint.
One obstacle public sector agencies face is how to capture, store and analyze information across collaboration platforms—such as Microsoft Teams, Slack and Zoom. These platforms raise many unique challenges for digital communications and public record management, including:
- Persistent, interactive, multimodal communications
- Features that cannot be reliably captured (e.g., whiteboards)
- Embedded artificial intelligence capabilities
- Massive datasets
- New features defaulted “on” without notifying IT teams
To overcome these obstacles, technology must provide the right capabilities. Bryan Pierre, public administration program manager for TD Synnex, Public Sector, noted that technology needs to provide protection both from a data privacy and cybersecurity standpoint.
Cybercriminals seeking to penetrate or infiltrate a government system seek areas with a weaker cybersecurity defense. Securing disparate networks is a genuine concern. Thus, it’s important to secure not only the lines of communication, “but everything else around it,” Pierre said, including endpoint security and any data shared. Internally, agencies need to ensure technical teams are trained to recognize when sensitive information is being shared and when secure and standard procedures need to be established.
While most government agencies require their employees to use an agency-owned phone or laptop for official business, some still allow their employees to use their personal devices, which opens the agencies up to security flaws. It is crucial to have robust policies and procedures that establish strict protocols around the various lines of digital communications and mobile devices the agency allows its employees to use.
Public records request challenges
Agencies now have to collect and maintain more significant amounts of data from a wider variety of digital communication channels than ever before. Further complicating matters, not all government agencies have records management systems with the technological capabilities to respond quickly to FOIA or sunshine requests.
A government agency may receive a public records request to produce all its information over the past year, and that’s a massive amount of data that requires the proper system.
“Some of these systems are not well-equipped to do this in a timely manner that meets requirements in terms of the time needed for you to respond,” said Robert Cruz, vice president of information governance solutions at Smarsh.
Agencies need robust data management processes and procedures to manage data from different communications channels — including email, video and chat files, social media communications, mobile communications and more. “Since those methods of communication continue to update and change, it creates that constant need to update, report, and archive those records as well,” Pierre said.
For example, some government agencies have already begun using Threads as another way to interact, meaning those agencies will need a way to effectively manage those records electronically — efficiently and on demand. Additionally, those records need to be stored somewhere long-term.
Anytime employees of regulated firms or government agencies use digital communication channels where that data is not captured creates risks for the organization. “Threads does not currently have an API that allows for the capability to extract and preserve historical records, and so it’s interesting that we’re seeing adoption,” Cruz said. Until there’s a secure and compliant way for agencies to capture and store their data from Threads, they face a lot of risk using it.
Best practices for managing public records requests
There are several best practices agencies can follow to mitigate the risks posed by digital communications, including:
- Reexamining current communications approval processes channels
- Revisiting approved tools for updates or changes in features, controls and APIs
- Updating policies and procedures
- Evaluating training programs to ensure they address the use of specific communication tools
- Conducting regular audits of systems and processes to be responsive to records requests
“It’s all about employee training and integration of policies and procedures with those technical teams across the agency and government spectrum,” Pierre said. By having employees and IT teams adequately trained and in sync with one another and arming them with the proper tools, government agencies can more easily respond to records requests.
It’s also important to update policies and procedures to ensure they address the proper data capturing and use of digital communication tools. Good policy management is more than just about records retention. It’s also about establishing code of conduct policies and procedures relevant to individual roles and the specific communication tools used.
Finally, partnering with the right third party is essential to capture all business communications over digital channels. Key capabilities include a tool that’s able to capture official business communications, as well as being able to “quickly and efficiently store that information with a scalable system, allowing you to search and retrieve that data, and then provide the mechanisms to send that information wherever it’s needed” Cruz said. “We can help in a variety of ways to ensure that the technology infrastructure is where it needs to be to deal with the modern challenges of public records requests.”
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.