Steve Bailey from JISC Infonet provided the fourth talk at the DPC Preserving Email Seminar in London, on July 29th.  In a provocative set of remarks, Steve argued that the records management approach to email has shown little regard for users and the survival of a useful email record unlikely. He proposed an alternate way forward using new technologies such as “email archiving” software alongside a lightweight policy structure based on user needs and requirements.  Below I’d like to summarize his thoughts as I interpreted them and am applying them to my email preservation guidance report.

Arguing the email is a classic example of a gulf between theory and practice, Steve pointed out that the hope to preserve email in ERM systems has, by and large, prove in practice to be an abject failure.  Using ERM for email is simply asking too much; we design systems that force people to modify their work habits in very onerous ways.  People will not copy record emails outside of the email system, much less classify them properly, even when we force them to.

At the same time, records managers and IT professionals stare at the the sheer volume in inboxes and .pst files—which can be seen as a ticking time bomb for data protection, since users copy emails all over the place—and panic.  However, their behavior is completely understandable, since it responsive to external influences.  IT professionals operate under resource constraints and many set blunt, time-based auto deletion policies or hard volume limits, perhaps at the urging of risk-averse legal counsel.  However, end users are savvy and have multiple and free personal accounts with more or less unlimited storage.   Right or wrong, employees expect to have all info at fingertips, w/out any active management applied to it.   Appeals to authority are temporary; they constrain but don’t inspire and encourage loopholes.  In practice, people routinely ignore policy and move work emails to personal accounts.

In place of the ERM approach, Steve called for a re-conceptualized focus on understanding end user behaviors and desires, calling the community to five actions items:

  • embrace volume;
  • conduct a proper and balanced risk assessment. Is it truly better to let users determine what is saved as opposed to saveing all email?  Answer will depend; but generally, courts don’t like policies that are open to user interpretation and abuse.
  •  stop thinking of email in isolation, think instead of e-communication;
  • jump-start a email research agenda focusing human/computer interactions with email software; and
  • implement management controls are beneficial to user and in line with emerging technologies, such as email archiving software.

He argued that we need  new email management policies and that we should listen to users.   Not talk to them or worse yet tell them what to do.  But to understand how people use their email accounts, then build reasonable management controls that will not be evaded around those practices.  For example, most people like having access to all sent and received messages as a personal memory bank.  In this respect, research by Cathy Marshall and others shows that email can be a singularly effective nexus for organizing one’s assets. We can build systems and policies that encourage that behavior while managing legal risk.

This strategy would need to pay cognizance to the fact the many institutions like to delete email for legal reasons: to get rid of the the smoking gun.  However, Steve argued that we need to depend on people to be sensible to what they send.  Maybe we should try to parnter with people so that we are all more informed and responsible users who don’t do wrong in the first place.  [CP: In addition, I would note that there are so call ‘outbound content compliance’ techniques that can help prevent emails that do not meet defined criteria from being sent in the first place, although they obviously would not be silver bullet either.]

Finally, he noted that with new storing and indexing technologies, we can we potentially liberate this email across the enterprise.  In my own experience and that of the MRC, there is no technical barrier to searching across multiple boxes—it can be done with a little thought and with engagement of users, and, as I noted a few weeks ago, by using email archiving and discovery tools.

Tagged with:  
  • I agree up to a point, but I do not think that we should accept volume as a default position. There are a number of simple rules (such as deleting any emails you are CCed into (as they are not a record)) which cuts down on volume. 
    Imagine if, instead of emails, these were letters. Would people really want stacks of letters lying around? No. 

    I think volumes of emails will be less of an issue if people stop sending so many CC emails or use it for what it was not intended to be, which was a CYA device, instead of a communication device. I was told of a case, where someone kept an e-mail for 5 years just in case their line manager challenged their approval to undertake a project. 

    At the same time, do I really need to save or send the email that says “thanks” in response to a 25 iteration email conversation?  No. Yet, people do because they think “just in case” or “I do not know if I can delete this”.

    What will develop are algorithms that will allow people to categorise emails based upon content so if they decide to delete or need to consider for deletion, the system can check whether it fits pre-determined categories (like carbon copied, emails from a discussion list) that can be deleted. Moreover, one could than have context specific searching, as many enterprise software systems allow, that check to see if any controversial or tagged items (for example, if something is pending for litigation or whatever rules the company has set) so that the item cannot be deleted unless authorised (I would image this could be kept to a minimum).

    In any case, I do not think we should surrender to sloth and sloppiness. Knowing myself to be a culprit in these areas, it is quite easy to get back to a basic level of records mangement orderliness by following a couple of rules of thumb to determine whether an email is a record and needs to be retained.

  • Lawrence,

    Thanks for the thoughtful comment. I totally agree that we should not surrender to sloppiness, although it is far too easy when you receive over 200 emails per day, many for the reasons you mention. (A useful resource here is the email charter, http://emailcharter.org/)
    I was reading an article to Cathy Marshall yesterday (http://www.dlib.org/dlib/march08/marshall/03marshall-pt2.html), which makes a similar point about using algorithms to sort personal digital archives. Such applications should provide users methods to control their files; apply value assessments based on source, activity level, or recommended disposition; and delete email based on defined characteristics. This is basically the same recommendation that David Bearman gave in his 1994 article on email. This type of work can be done within many client apps, although most users don’t use the filters very effectively. Applications such as Aid4Mail can also apply very sophisticated filters at the point of migration, to remove certain emails.
    As an archivist, I am OK with this approach, so long as the particular decisions are reached with a good understanding of the user’s communication style, with his/her consent, and are fully documented. But even then, I think that we need to be careful not to encourage people to remove emails that actually have historical value. It is a fine line to walk, since people naturally want to protect and control their legacy. It seems to me that no matter how many times you tell them that such a strategy is likely to backfire, most people are in favor of transparency–as long as it is someone else’s records that are being made transparent.
    Chris

  • Anonymous

    Of the five bullets in your post, I support the three middle ones – these are insightful and it would behoove any organization to embrace them.  I side with Lawrence, though, that just accepting volume is a poor strategy.  The legal costs of searching that volume vastly outweight the savings in not having to limit it.
     
    The fifth bullet point deserves more scrutiny.  The first time that I heard that software will take care of categorizing and sorting email (and information in general) – from someone high up in the industry, whom I respect and still respect – was 10 years ago.  He predicted with confidence that it was only 2 years away.  Here we are today, and with the exception of some relatively crude filtering, we’re not seeing auto-classification anywhere.  I think it will come someday, but I am very cautious about predictions of this nature, and especially of those that seem to say “we just have to wait for the technology.”  Many organizations can not wait, and should not wait.  Whether it’s two years away or 20 years away, concrete strategies are required today for dealing with email.  Mr. Bailey gives us a gentle push in the right direction, but it seems to me that we’re still depending too much on a future software solution.

  • This is one of the reasons why I like the save it all/email archiving approach very much. If those tools ever do emerge, they can be applied at that time. But if not, we have followed the Hippocratic Oath. People can either do this locally, or server admins can set it up where warranted.

    Chris

  • Chris,
    Thanks for the Charter, it is useful. However, it does not get to the heart of the issue that I was dancing around (to mix my metaphors) in which staff do not understand or are not made aware of the records management requirements.  In many ways, the process is quite simple yet it is made so complex by the perception that it is a specialism. By that I mean, the practical aspects of managing an email account as a records management store are easy (the theoretical side is difficult which is why there are professional records managers) yet we do not see the connect betwen the theory and the practical.  As a result, I fear, that records management fails to address these issues and stake its claim in an organisation because it does not help staff to address these issues.

    By that I mean, is the email charter being circulated by the records maanger or archivist in an organisation or by ICT or someone just tired of getting a lot of emails? As a result, the default positio may be to tolerate large volume because the task of managing them is (perceived to be) so hard. 

    I have never been up to 200 emails a day, but I have sufficient volume to appreciate the challenge. However, I also look at those emails and realize that 90% can be deleted almost immediately because they are not records. They may be of interest, but they are not records nor do they need to be retained.  I wonder how many people are deleting those emails or holding onto them “just in case” as storage gets cheaper and fewer people want to challenge the email management issue (after all really important stuff is going on that is a top priority 🙂 and fewer see it as a records management opportunity rather than an productivity issue. 

    In the end, how many people are even trained to file or organise their work space in a consistent or coherent manner that can be reproduced or reconstructed if they disappeared. If records management is designed, in part, to achieve that business continuity (in a day to day sense), is it doing its job?

  • Completely agree about the need for clear, concise records management advice. Far too many email or IT policies clock in over 5 pages, in addition to reference to other policy documents; it is no wonder people ignore them and don’t respect records managers.

  • Anonymous

    I don’t really agree with Steve that “people will not copy record emails outside of the email system, much less classify them properly, even when we force them to”. I think that there are plenty of folks that save a backup copy of their Emails. It all depends on how important that data is to you.

  • Dasmacintosh2

    Well said Chris. Sloppy unreadable policies have a lot to answer for. They are and yet another source of the disconnection between recordsanagers and end users of EDRMS’s

  • Anonymous

    That still doesn’t help the current situation.  You’re suggesting that we save all email and hope in the meantime that nothing bad happens until the magical software comes along.  The problem is that today, already, companies are storing terabytes and sometimes petabytes of communication data and the growth is exponential.  When they are hit with big lawsuits – career defining and career debilitating lawsuits – suddenly the costs to look through all of that and identify a) relevant data, and of that b) private data and c) privileged data become spectacular.  Too many companies are settling lawsuits for huge sums even when they’re not at fault because the task of litigating it are too astronomical.

    Yes, they can wait for the auto-classification software to do the trick, but to me it’s a little too much like walking through a fire fight to get the prize on the other side and hoping not to get hit all the way through.

  • Well, it is not a silver bullet solution, of course.  People need to practice decent management of their own inboxes, under some kind of relatively straightforward policy.  But, the email archiving software, such as MailArchiva or Mailstore can be very helpful in ensuring that institutions can respond to lawsuits in an effective fashion.  The better versions of this software can function as a medium term preservation option, since they store the files in one of the RFC-based formats, and include discovery, search, and classification methods. 

    Are they perfect–no of course not.  But they do have a use.

  • Pingback: Future Proof – Protecting our digital future » Email messages have corporate value to organisations but are still tricky to manage – latest State Records survey results()