Steve Bailey from JISC Infonet provided the fourth talk at the DPC Preserving Email Seminar in London, on July 29th. In a provocative set of remarks, Steve argued that the records management approach to email has shown little regard for users and the survival of a useful email record unlikely. He proposed an alternate way forward using new technologies such as “email archiving” software alongside a lightweight policy structure based on user needs and requirements. Below I’d like to summarize his thoughts as I interpreted them and am applying them to my email preservation guidance report.
Arguing the email is a classic example of a gulf between theory and practice, Steve pointed out that the hope to preserve email in ERM systems has, by and large, prove in practice to be an abject failure. Using ERM for email is simply asking too much; we design systems that force people to modify their work habits in very onerous ways. People will not copy record emails outside of the email system, much less classify them properly, even when we force them to.
At the same time, records managers and IT professionals stare at the the sheer volume in inboxes and .pst files—which can be seen as a ticking time bomb for data protection, since users copy emails all over the place—and panic. However, their behavior is completely understandable, since it responsive to external influences. IT professionals operate under resource constraints and many set blunt, time-based auto deletion policies or hard volume limits, perhaps at the urging of risk-averse legal counsel. However, end users are savvy and have multiple and free personal accounts with more or less unlimited storage. Right or wrong, employees expect to have all info at fingertips, w/out any active management applied to it. Appeals to authority are temporary; they constrain but don’t inspire and encourage loopholes. In practice, people routinely ignore policy and move work emails to personal accounts.
In place of the ERM approach, Steve called for a re-conceptualized focus on understanding end user behaviors and desires, calling the community to five actions items:
- embrace volume;
- conduct a proper and balanced risk assessment. Is it truly better to let users determine what is saved as opposed to saveing all email? Answer will depend; but generally, courts don’t like policies that are open to user interpretation and abuse.
- stop thinking of email in isolation, think instead of e-communication;
- jump-start a email research agenda focusing human/computer interactions with email software; and
- implement management controls are beneficial to user and in line with emerging technologies, such as email archiving software.
He argued that we need new email management policies and that we should listen to users. Not talk to them or worse yet tell them what to do. But to understand how people use their email accounts, then build reasonable management controls that will not be evaded around those practices. For example, most people like having access to all sent and received messages as a personal memory bank. In this respect, research by Cathy Marshall and others shows that email can be a singularly effective nexus for organizing one’s assets. We can build systems and policies that encourage that behavior while managing legal risk.
This strategy would need to pay cognizance to the fact the many institutions like to delete email for legal reasons: to get rid of the the smoking gun. However, Steve argued that we need to depend on people to be sensible to what they send. Maybe we should try to parnter with people so that we are all more informed and responsible users who don’t do wrong in the first place. [CP: In addition, I would note that there are so call ‘outbound content compliance’ techniques that can help prevent emails that do not meet defined criteria from being sent in the first place, although they obviously would not be silver bullet either.]
Finally, he noted that with new storing and indexing technologies, we can we potentially liberate this email across the enterprise. In my own experience and that of the MRC, there is no technical barrier to searching across multiple boxes—it can be done with a little thought and with engagement of users, and, as I noted a few weeks ago, by using email archiving and discovery tools.