Five Ways to Manage Government Archiving in the Digital Age
The communications landscape has significantly changed this year due to the pandemic and resulting dispersed workforces. This disruption has had an effect on how government agencies at the state, federal, and regional levels are communicating. It has also impacted how they capture and retain electronic communications records generated through multiple technologies.
Last week, Smarsh VP of Information Governance, Robert Cruz, led a session at the Digital Government Institute’s E-Discovery, Records and Information Management (EDRM) virtual conference. In this presentation, “Government Archiving in the Digital Age,” Robert recommended best practices for managing this unprecedented wave of digital communication tools and keeping information secure and accessible.
An inevitable change in communication methods
It wasn’t just the pandemic that moved government agencies to adopt new communication tools (e.g., mobile text messaging, collaboration and conferencing applications, etc.). Over time, demographic changes in the workplace have increased the urgency to allow devices and applications that people use in their daily lives. Current events have only accelerated this shift.
As government workers have adapted to working remotely, they may be using devices or applications that are not explicitly allowed to get their work done. Robert explained a common scenario: “If I haven't been given the appropriate guidance or the technologies to equip me to work remotely, the first thing I'm going to do is pick up my phone and call somebody. If I have an answer or I need to get back to a colleague, chances are, I may pick up that phone and use an application to send a message. I might use WeChat, WhatsApp, Slack, Discord, or some other tool that I may be familiar with in my personal life.”
Information security implications of new communication tools
This switch to broader use of communication tools brings new security and information risks. For example, the shared use of a computer at an employee’s home; access to an employee’s devices or accounts by a roommate or third party; or working on a home computer that doesn’t have appropriate security updates. Information security incidents such as credential stealing and malware attacks can have major data security implications for government agencies.
Additionally, new communication tools are sometimes being used before an agency has applied appropriate policy controls. If you deploy Microsoft Teams or Zoom in your organization, have you thought about how to govern whiteboards, voice recordings, bots, AI, and other capabilities that modern communication tools provide?
Maybe most crucially, government agencies are subject to potential regulatory, litigation, or freedom of information requirements. New communication tools have complicated the process for capturing and archiving communications data that is part of the public record. Agencies must make sure they can respond to content requests comprehensively and within the required timelines. Given the growing variety of information sources that individuals are now using, this is an issue that must be addressed.
Best practices for digital archiving in government
Robert offered these five recommendations for managing new communication tools while considering information security, policy controls and more complicated archiving processes.
1. Do a risk/benefit analysis to decide which tools explicitly can and cannot be used by employees. Have you considered anything that could go wrong by allowing a wider range of communication tools in your agency? Are you able to apply the necessary privacy controls? Are you confident that individuals cannot leak intellectual property or other high- value information that now may be exchanged over Teams or Zoom? Do an audit of all applications and devices employees are using, apply due diligence to each of those tools, and make sure to have the appropriate stakeholders involved in that conversation.
2. Ensure that basic archiving controls are available. When looking at any new technology that your employees are using or have requested to use, you should determine whether it has the capabilities to capture and retain a historical record of information. Can you retrieve three years of data from Slack or Zoom? Can you receive and store all the content, activity and files that people are exchanging? That data is crucial for public records obligations, but also to understand what employees are doing and if the information they are sharing is secure. If those controls aren’t available, and your current archiving solution is not capable of meeting those needs, it may be time to consider a new option.
3. Look closely at vendor capabilities. Every organization — government or otherwise — is struggling with how to manage the volume and variety of data that's now being generated through digital communication tools. For government organizations with official requirements to retain this data, now is a good time to assess whether those needs are being met. If you’re using a third-party tool for capturing and retaining your data, is it capable of preserving and aggregating all communications data being generated? Make sure you’re working with a vendor partner that has the resources to meet your current and future needs.
4. Review and refine your communication policies. This is one of the most critical elements to getting your arms around the breadth of technology that agency employees are using. If you look at information governance as a by-product or a function of policy training and technology, policy really is where it begins. Are your communication policies up to date? Do individuals know what they can and cannot do? Have you updated and addressed work-from-home behaviors in your agency’s code of conduct policy? Do you have the ability to spot things that may come up that are in the realm of harassment? All of these policy controls need to be examined to make sure that they work and are functional in this remote scenario.
5. Develop an ongoing training program for your employees. Training employees on communication policies and information security is critical. Staff should be aware of their responsibilities while working in the office or remotely, especially as new tools are introduced and your work scenario changes. Training should be ongoing as new employees join and done regularly to keep people on the same page.
Managing government archiving in the digital age requires that your organization is prepared but agile. There have been a lot of changes in the past several months that will continue to require policy adjustments and technology controls. Staying on top of evolving communication trends and tools will help to ensure that you're meeting all of your information governance objectives.
Watch the full recording of Robert's session: "Government Archiving in the Digital Age"
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.