The Case for Records Management: Issues for Legal Counsel-Part 2

>>Hannah Bergman
As Michael said, I’m Hannah Bergman. I’m an attorney at the National Archives. I answer lots of records questions on a day-to-day basis.
Part of my job is to look at the general records schedules. Part of it to work on the Capstone
policy. Part of it to advise on records management. I do a whole host of other things like regulations
and financial disclosure forms, EEO cases, et cetera. We have a pretty small staff at
the archives. And all of our contact information is available on, on the general
counsel’s Web page. There are only nine attorneys. So we all will take questions. If any of you
have sort of burning legal records management questions, feel freely to give us a call.
I think I get a lot of calls because I’m at the beginning of the alphabet which is completely
fine. I will start with just a couple points that
aren’t really in the slides but relate to those questions that I get from agency counsel
that deal with records management issues and I think are sort of hotbutton issues.
The first thing is what is means when something comes to the Archives or we send it to the
Archives. A lot of people think that if they send it to the Archives, then it went into
a black box and we are just going to take it from there. There are many reasons why
things might come to the Archives. The two key reasons, one, it is a temporary record
and in the Federal Records Center and you, the agency, is our customer and you are paying
us for storage. We are just your warehouse. In those situations, you have legal custody
of the records. I just started. That’s entirely reasonable.
I lost get lost in this building all the time. What I was saying is there are two reasons
why records might come to the Archives. One, they are temporary records. They are being
stored in a Federal Records Center on the agency’s behalf and you are paying us for
that storage. So when that happens, the agency has legal custody of the records and you are
responsible for processing FOIA requests, discovery and congressional inquiries. You
ask for those records back by contacting your records officer. We charge you for that, but
you still have legal custody of them. Once records are accessioned into the holdings
of the National Archives of the United States, which is the legal body of permanent records,
it exists here in this building, out in College Park and places throughout the country. Those
are the permanent archived records. It is at that point we take over responsibility
for access requests. And we provide generally access to the public of those records sort
of outside of the FOIA process. You just come in. You walk into a research room. You say,
“I want to have access to alien records from people who immigrated in the 1920s.” We say
great. Here’s a cart full of those records. And you get access to them.
When you have litigation as an agency, as some of you may have experienced personally,
it involves accessioned records, records that we at the National Archives have legal custody
of, you have to come into our research rooms like any other member of the public and ask
for those records one cart at a time on the times that are roughly four times a day.
So the reason we have just long transfer periods for permanent records, 15 to 30 years, is
because it is a pretty onerous process to go through the public records request process
to get at those records. So we don’t want to take in legal custody of records that are
– that have an active business purpose in your agency.
If you have active litigation on them, they’re not appropriate to come to us. You should
keep them within your agency’s control and be able to get at those yourself. That’s why
the transfer time is so long, the 15 to 30year time frame.
In addition, the National Archives typically does not apply the same restrictions on records
that you might apply at an agency. We do not apply FOIA B5 to records in our legal custody.
If you are uncomfortable with public access to your records, you should keep them until
you are more comfortable with that. We do apply some level of screening for the
other FOIA exemptions. But, in general, our goal is to make records available to the public
and we’re going to screen differently than you would at your agencies. That’s something
that comes into the calculus of when it is appropriate to transfer records to us. And
that’s another area where I think counsel can interact with records officers that have
a robust discussion about what’s happening with those records, if they’re being used
in active litigation or not. We also on occasion – very rare occasions
will receive a version of a litigation hold from the Justice Department for accession
records. We do not like these. We are coming to terms with the fact that we will take them.
It is possible, particularly in environmental lawsuits or in tribal trust records, that
our records are relevant to litigation that is happening in the present day. If you have
one of those matters and you need us to implement a litigation hold on those records that are
in our legal custody, you should work with DOJ, with your – the discovery counsel, whether
that be Allison Stanton or Sara (saying name), thank you, to get those letters, DOJ has a
particular type of letter that it will send us when accessioned records are at place.
And it essentially says we know you are the Archives and we know you don’t destroy records
but in case you were, please don’t. Then we’ll take some steps to sort of flag them in the
holdings management system as “do not deaccession” basically.
In addition, if we were processing those records to weed out what we consider nonrecord or
temporary records, things that were commingled in your permanent accession that shouldn’t
have come to us and there is a litigation hold in place, we will send them back to you
rather than destroy them. So that’s another purpose of the litigation hold on archived
records. We strongly discourage you accessing records subject to active litigation because
of all these problems and we don’t really want to deal with that.
The other thing we do is preaccession, electronic permanent records. We do this on a limited
basis, so it is possible that you might have permanently valuable electronic records that
you can’t keep in your agency’s custody because of the – in your agency’s physical custody
because of technological concerns. Some of the Iraq war records are an example of we
preaccession them so we have electronic records here at the Archives that we have physical
custody of that we’re maintaining. But DOD hasn’t signed over legal custody to us. And
DOD is still responsible for FOIA access, et cetera. But ultimately, they will sign
over access and we’ll make them available to the public.
That’s not a common situation, but it is available in the rare instances where it is appropriate.
All right. That’s my spiel on what it means when it is “at the Archives.” We often get
FOIA requests for things that are, in fact, not at the Archives so that’s why this comes
up a lot. And then I did just want to point out, we
are going to go through the statute. All of NARA’s statute of 44 USC and we have Chapter
21, 29 and 33. Those are the one’s that primarily apply to you guys. There’s a whole host of
different laws that apply to presidential records. The White House Executive Office
of the President, subject to the presidential act, they don’t anything away under any circumstances.
They do have the legal authority to, they essentially just don’t – (chuckles)- because
it is an onerous process to figure out what they could. What they could dispose of. So
as a consequence, all White House emails come to the National Archives, period. And they
go to a presidential library. So I’m going to start going through the statutory
changes. We are going to go over Capstone and email management. If you have questions,
just interrupt me, raise your hand. We’ll get a microphone to you.
All right. So the first time since 1950 ->>Got a question.
>>Yes, I was wondering if NARA learned anything, say, regarding those of us in the room who
may have joined the Federal Service prior to the year 2000 and all of our records were
destroyed in the fire? Has anything been learned from that so that this would not repeat itself?
>>Hannah Bergman: The 1976 fire at the National Personnel Records Center, that fire?
>>I thought it was less than the year 2000. I didn’t know it was that old.
>>’77.>>Hannah Bergman: ’77? ’74. Okay. There was
a fire in the mid ’70s. (chuckles). The sixth floor of the National Personnel
Records Center burned off. Then we put – then we took the floor off, put a roof on and then
that building existed for four years. In terms of what happened there, there was a massive
effort to recover all of the affected records. Those were military service records. Obviously
very important to the veterans to prove their service.
So we’ve done several things to sort of reconstruct those records so that everyone can get their
benefits. And we have obviously in place now a whole host of regulations about fire safety
in buildings that store records. For example, you cannot have a space heater here no matter
how much – how cold you are. But there are also at 36 CFR, I think it’s in the 1270s
are the regulations on essentially humidity controls, water sprinklers, et cetera, all
those things that you have to have in place at a building that stores permanent records.
So not only do we comply with our own regulation but also Iron Mountain who many of you may
use to store records. I’m sure there are other vendors out there that store records, they
are just the most common competitor to us, everyone complies with those building standards
in an effort to prevent that from ever happening again.
It is a really interesting and sad story, and we still don’t know what caused the fire,
to my knowledge. All right. So I’m going to move on to the
Federal Records Act. Amendments that happened in November. This is the first time the Federal
Records Act and the Presidential Records Act were amended since 1950. This is a pretty
big deal for us. It had been a long time in coming, and we – the Archives was very involved
in sort of getting these amendments through and proposing them over time. So we are very
pleased to have updates to the Federal Records Act for this century. (laughter).
Yeah. So a summary of the major updates, it changes the definition of federal records.
We will get to that shortly. It specifically covers electronic records so that we’re not
focused on machine readable which had been the old terminology. It grants the archivist
determination as to what’s a record and what’s not. It authorizes early permanent transfer
of records for the preaccessioning that I talked about. It clarifies responsibility
for federal employees when they use nonfederal employee. We will have a whole slide on that.
And it does some other things. Specifically related to the executive order
on presidential records and sort of review of privileges, again, that’s not going to
apply to anyone who doesn’t work at the White House.
So section – that is, in fact, the section 2. And this essentially codifies what is now
the current executive order and President’s review of privileged materials. There have
been a back and forth over a couple of administrations on sort of who was allowed to assert a privilege
on behalf of the President. Was it just the incumbent President? Was it the former President?
Was it the representative, et cetera? This is now all codified so it will not changes
by executive order anymore. Authorizing preaccessioning of electronic
records, this is what I was just talking about. Allows us to take in those records. It is
something we have been doing for many years, but it makes clear that we have the statutory
authority to do that which as agencies it should ensure you that we are only taking
physical custody, that legal control of those records resides with all of the agencies.
So whatever your access determinations are is the ones that will prevail, not ours.
It does also modernize 3106 with regard to unauthorized removal and destruction of records.
Here you will see in italics just places where the regulation interpret the statute and will
be updated. I think we’re hoping to have package of updated regulations out in the Federal
Register as proposed rules maybe by June or so. So they’re circulating about tracked changes.
Eventually it will get to the policy office and then it will get to the Federal Register
from that. As the agency publishes the federal register,
we still lack control over when things get put in the Federal Register.
This is the disclosure requirement, section 10. It establishes requirements for Federal
Records Act employees who use personal email. There is a similar provision for records that
are subject to the Presidential Records Act. All right. We’ve got the modernization of
the definition, again, of federal records. So they will be updating our regulations at
36 CFR 1220 and 22. These are places you can look if you are trying to do some analysis
as to what constitutes a record or nonrecord or what the agency’s responsibility are. These
are all things that are fairly detailed and laid out in our regs.
Also, you have unauthorized removal of classified records, we refer to this as the Sandy Berger
provision. As you may know, Sandy Berger put records in his pants and stole them. But we
got them back and Congress has now made it clear that people who steal things should
not have access to the original records. We have already several years ago changed our
procedures and put in security measures so that this would not happen. But the updates
to the Federal Records Act basically solved problems that have accumulated over the past
20 years, 30years or so. This section is entirely housekeeping, so
there has been a commission that existed, again, 40 years ago. That was removed from
our statute. One of the things that Congress is doing now, all committees are doing on
their own accord, is changing all pronouns so that they’re gender neutral which I think
is really great, just FYI if your statute is getting updated, that will be happening.
So the new definition of records says this 44 USC 4401 all material made or received
by a federal agency under federal law or in connection with the transaction of public
business and appropriate for preservation by that agency, blah, blah, blah. So the key
change here from the big block of text that Erin had at the beginning is elimination of
the term “machine readable” and the insertion of regardless of former characteristic. So
it is really just meant to make it more modern. And then recorded information is further defined,
all traditional forms of records regardless of physical form or characteristics including
information created or manipulated, communicated or stored in a digital or electronic format.
And then here we have our quintessential definitions of nonrecords, duplicate copies of records
and library, museum material. Books also part of this definition.
One thing that I would stress is that you should not spend a lot of time, if you can
avoid it, there may be litigationrelated lens why it is useful to do so. But on a daytoday
basis when you are trying to manage record or trying to provide advice about agency management,
don’t stress over whether or not it is a record or nonrecord. Just accept that it is probably
a record. The definition is broad enough that sort of from a practical management purpose,
assume it is a record. It can be a transitory record. It could be
a temporary – which is a form of a temporary record. Or it could be a permanent record.
Not all records have to be kept forever. So it is okay if it is a record. If you are trying
to spend enormous amounts of time over whether or not it is a nonrecord, that should be a
conversation and energy reserved for a minority of situations where there is a specific legal
strategy in mind related to a case where it’s really important for you to argue that it
is nonrecord because of the statutory framework you’re under.
For example, in the EPA litigation over the administrator’s tech messages, which I think
is CEI versus EPA, there is a lot of argument that those are nonrecord materials. That’s
quite logical, quite plausible. It is part of a litigation strategy. And those text messages
about, oh, meet me at Starbucks so we can prep for our meeting, you know, arguably not
a record. Something that they can certainly rely on as part of that strategy. But, again,
don’t – on a daytoday basis when you are trying to make big policy decisions about sort of
where your agency is going, spending a lot of time trying to parse out nonrecord from
record is not worth the time. Accept that it is a record and sort of go from there.
If you need help with this, we would be happy to determine it is a record for you. So Erin
said that this provision didn’t actually stem from an event. It didn’t stem from any recent
event, that’s true. It stems from a problem that Henry Kissinger created when he left
the State Department. So in the late ’70s, early ’80s, Kissinger
was secretary of state. He took with him his personal papers, the secretary of state’s
personal papers. And he said these are nonrecord copies. All of the record copies are in the
State Department’s official central file system. We said no, that’s not true. Office legal
counsel of the justice department said it is up to the agency to determine whether or
not those are federal records and Kissinger in consultation with State Department counsel
determined that they weren’t federal records. This provision fixes that problem which has
largely not come up since. But this is why Henry Kissinger’s papers are at the Library
of Congress and not at the National Archives and this is sort of the genesis of that statutory
change. We do not anticipate intervening on agency’s
decisions on a daily basis as to whether or not something is a nonrecord or record. But
I think that we would certainly use this provision were the Henry Kissinger problem were to reassert
itself today. That gives you a little bit of context for what happened.
All right. Electronic messaging accounts, so I’m actually – so this is part of the amendment.
This amendment obviously passed in November, was in the works long before any shenanigans
regarding Secretary Clinton’s email came to light. This is something that had been a concern
of our oversight committee for many years. There were many other agencies where this
had arisen. This was a problem, I think, during the Bush White House years with regard to
PRA employees using – I’m totally blanking – the Republican Party’s email services rather
than the White House ones, right, to do business. So long, long time in the works. Not related
to Clinton, though, clearly on point. So federal employees must – may use nonofficial
electronic messaging accounts but when they do so, they have to forward or copy that message
to the official’s account within 20 days. Intentional violations of this rule will be
a basis for disciplinary action. Yeah.
>>So I’ve done some counseling ->>Hannah Bergman: Mmhmm.
>>Hi. I’ve done some counseling on this since it came out, you know, for people in the agency,
making them aware of it. One question I have is: What is the intersection with this forwarding
provision and transitory records?>>Hannah Bergman: Yes.
>>If, for example, somebody is saying on their personal email, hey, I’m going to be
late for a meeting, are they then obligated to forward that in so that they may delete
it following this law?>>Hannah Bergman: No. (chuckles). They are
not. So one point on this slide – and then we’ll move on to answering my question and
the next slide. Intentional violations shall be a basis for disciplinary action. We at
the Archives are not going to be providing advice on what an intentional violation is
and what disciplinary action should be happening. That is something that you should work with
your personnel offices and take – use your own penalty guide to determine that. I think
from our standpoint one could always discipline employees for doing the wrong thing such as
destroying federal records. The statute makes that clear.
But this isn’t really a new thing, right? You could always be disciplined for disobeying
agency policy. So work with your own human capital folks. We have nothing grandiose to
say about this in terms of guidance. The definition of an electronic message and
the question about transitory, all right, first, electronic message is more than email.
This is intentional. Congress is very clear that they did not mean to limit this provision
to email. Or if they did mean to do so in November, they certainly no longer mean they
could be limited to be email at this point in time. It is going to apply to text messages,
chats and other yettobe invented forms of communication. If your agency – I don’t know
– Snap Chat I think is a version of transitory. So whatever the case is, electronic message
is must broader than email. So the question about transitory, transitory
records per our regulations have a value basically of less than 180 days. So outside of the electronic
messaging construct, anything that you need to keep for less than 180 days is by definition
transitory and you can just deal with it in the system in which it resides. You don’t
need to take any additional electronic records or management steps to dispose of it.
And what is your business need for that information? So if you just need to know, you know, where
the exits are in the building, how to get to the coffee, whatever, where the soda machine
is, very basic stuff, right, that’s a transitory record. You are not going to need the directions
on how to get to this room after today’s meeting, right? You can go ahead and dispose of that
under the general records schedule and our regs.
Now, if you have communicated information in a personal account that is transitory,
our current thinking is that if the value of the record is less than 20 days, then the
statutory requirement doesn’t apply. Does that make sense?
>>(speaker off microphone.)>>Hannah Bergman: Yes. So it is going to
be 1236.22 (c). I just reviewed these yesterday. So 36 CFR 1236.22 (c) will be updated in the
next batch that we send to the Federal Register. It is sort of the most heavy lift. And the
statutory changes are sort of what’s driving those reg updates.
Like I said, I’m thinking Juneish for that publication. There will then be new dot 23paragraph
that applies the 20day rule to other electronic messages that are not email and that specifically
says records that have a value of less than 20 days, this rule does not apply to.
So I can also say that was our thinking as of 5:00 – yesterday. (chuckles).
In drafting regulations, obviously lots of things change. It’s possible that could change.
It’s possible that we could get public comment that would lead us to change the final guidance.
But definitely be on the lookout for that. It is certainly our plan to address these
issues in that reg update. A place where we publish these things, if
reading the Federal Register just isn’t part of your day-to-day process, is the records express
log which is on And it is the blog of our national records management program.
So those are the folks that organize this class. They process the records schedules.
They do reg updates, et cetera. That blog is a good place to look for high level guidance
coming out of NARA, bulletins, that sort of thing. You be subscribe to a RSS feed or email
updates if that’s helpful. Any other questions about electronic messages
or electronic messaging accounts? All right. So the President’s Records Management Directive
is the current sort of overarching guidance that has come out of the White House. The
first time since Harry Truman that records management has gotten the attention of a sitting
President which is pretty exciting. It set forth several goals for agencies. These are
the highlevel goals, require electronic record keeping to ensure transparency, efficiency
and accountability. And then to demonstrate compliance with federal records management
statutes and regulations. These should be happening regardless of what the President
says, right? This is the highlevel goals of the President’s Records Management Directive.
Those have been implemented by the archivist in OMB which is M1416. And this came out following
I.R.S. and EPA troubles with email an reiterated what our guidance is on email management.
I ask you to look at the latest M1416 for our latest thinking on email management which
is in conjunction with OMB. It is not just us who care about these things.
So the way in which agencies are going to meet these two goals, which are the goals
are to manage all email electronically by the end of 2016 and to manage permanent electronic
records that are created electronically by 2019 via the Capstone approach.
So Erin mentioned this earlier. And NARA has a lot of guidance on what we mean by the Capstone
approach. But just to reiterate, we have a fancy picture. And it is a way to manage your
email based on the role of the account holder and so you’re making broad decision about
the person, the person themselves on their job and what it is they’re doing rather than
making decisions based on the content of each individual email message.
So understand our own scheme of regulations, every time you send an email, you are supposed
to look at it. God, this email is about ethics advice. Obviously I file it under the file
series and the file plans related to ethics advice that our agency has established and
is in conjunction with the general records schedule. So I will put a file code and it
is in our office 1102 (b), I think, is the file code. And it has a six-year disposition.
Every time I send an email giving ethics advice that says, you can keep that, no, you can’t
keep that, please finish your financial disclosure form, no, really, please finish your financial
disclosure, no, you need to list the underlying assets in our financial disclosure, all of
those things I should print and file and put in a folder with a six-year disposition. That
was not happening. I was not doing that. Every other federal employee also not doing that.
So what we’ve come up with is the Capstone approach to records management which takes
the individual determination about the content of the email out of the equation, right? So
you are just making broad categorical determinations based on what the person’s job is and whether
or not they’re creating permanent records. So as Erin said, we all copy our bosses when
we have serious problems with important things. Theoretically, the top tier of the agency,
the Capstone of the agency would be where those permanent records would reside. So when
I’m offering legal advice related to the interpretation of our statutes, that’s precedent that another
agency is going to rely related to the 20day rule and what the transitory record, for example,
I will copy my boss, the general counsel, and that email will be captured and managed
as a permanent record because his email account is permanent. Does this make sense to everyone?
I feel like I feel like I say this a lot but then I get these questions that make me think
that I’m saying entirely the wrong thing and it is not sinking in. Is this sinking in?
Are we okay? All right. We have actually finally put out in the Federal
Register for public comment a general records schedule for how you can implement this at
your agency. It just went out for public comment on April 1st, I believe. So there is this
60day public comment, basically. During this time we’re also going to have a public meeting
so if you really care about email records management, you can come to the Archives on
May 21st and talk about these things indepth. We are going to get feedback from the public
interest community about these decisions. Our efforts to have a public meeting are a
direct result of email management being such a hotbutton issue. Not only has Secretary
Clinton’s use of email been an issue but the I.R.S. and EPA, we also had a lot of public
controversy about the CIA email records schedule. So people care about these things. It is quite
apparent to us that this is an area where the public interest community is really engaged.
That’s why we’re going to have this public meeting.
So the Capstone general records schedule puts all employees into three categories: Permanent,
7year and 3year. This is a list of the permanent categories. These people – so this is in the
Federal Register on April 1st. You can go to the Federal Register. You can also go to
the records express blog for all of the background on this if you can’t squint and read the fine
print here. This is a list of nine categories of people
whose email would be permanent. Deputies of those people, head of the agency, staff assistants
to those people, principal management positions such as the chief operating officer, the CIO,
the chief knowledge officer – that’s a new thing. OMB is probably making you have one.
CFO and their equivalents, directors of significant program offices. This is where agencies have
a lot of wiggle room, what is a significant program office is an agency-specific question
that you should certainly spend some time thinking about. Principal regional officials
such as regional administrators, roles or positions, routine providing advice to the
agency such as your general counsel, chief of staff, inspector general, et cetera. And
then anyone else who hasn’t been captured that has a presidential appointment with a
Senate confirmation. These people create permanent email. That is what the schedule says. Should
we go through the temporary email slide first or do you want to ask your question? Okay.
Context, right? So the temporary bucket is a 3 and 7year bucket.
The 7year bucket is by far the largest of any of these. The vast majority of employees
should fall into this 7year retention category. The 3year category is meant for the individuals
who make the really important work of government happen, the logistical processing of things.
Social Security benefits, payroll, people who work in the mailroom, people who are couriers
for agencies, right, the daytoday operations of an agency, they are really important to
the deliver of services but those people just don’t have – they aren’t creating agency policy.
They are not creating documents that affect the rights and interests of citizens, et cetera.
That category is the 3year one. Everyone else is in the 7year category. Erin is in the 7year
category. I’m in the 7year category. Michael’s in the 7year category. These are people who
do important work but whose email we’re going to assume should be kept for seven years.
Now, agencies have discretion to keep all of this email longer. So the 7year rule is
a floor. So if my boss says what I really want is all the attorneys in my office, I
want to keep their emails for 15 years, the Capstone GRS allows for that – they allow
for the agency to make that determination. And that could just affect your attorneys
in the general counsel’s office and not affect the program analyst in your strategy office,
for example,, right? Okay. What was your question?
>>Our agency has problems getting permanent appointments. Makes some news sometimes. What
about folks who frequently hold acting positions?>>Hannah Bergman: Yeah. So I don’t have – it
is not super easy to pull up the GRS in front of me. But the GRS itself does address that.
And if I recall correctly, the frequently asked question document which is, like, 30
pages at this point, it specifically has a FAQ on acting, first of all. I think we said
if you are in an acting position for 60 days, then this is triggered. There is the notion
you are acting because someone is on maternity leave and that person is coming back and you
are keeping the trains running on time but you are not changing the direction of the
agency, right? Or there is the notion that you have a hard time getting people confirmed.
So when you are acting, you are really in charge. So we wanted to give agencies the
discretion to make that determination and recognize those two realities.
So another rule that the 60day requirement attaches to is if you are in an acting position
that requires an OGE 278 financial disclosure form, that’s triggered with the 60day rule,
I believe. We are trying to look at other areas of the law that had a factoring sort
of component and when other statutory requirements are triggered. The public financial disclosure
requirement is triggered at that time. We are trying to tie it to that, so if that helps.
So in addition to the schedule, what we published and what’s available in the Records Express
Blog is a white paper that explains to a regular layperson who is not steeped in records management
law what’s happening here and then a frequently asked questions document that goes through
questions like acting, et cetera. That actually reminds me. I’m going to go
back because there is one thing I wanted to cover on the electronic messaging slide and
it relates to email as well. First, contractors. Contractors who have agency accounts, things
we have essentially thought that the rule is going to – so the statute is specific to
federal employees with this 20day rule. So legislative branch employees not covered by
it. Probably still a good idea to follow because I think you would have a sort of hard time
articulating why a new GBO employee didn’t follow this rule merely because it is specific
to executive branch employees. The other point I wanted to make is FACA committee
members. If you have FACA committee, you should think about how this affects your SGE employees
or representatives to the committee, right? So are these people employees, do they have
email accounts? There is a GRS that deals with FACA records specifically and our FAQs
on that which have just been updated in consultation with the secretary management office at GSA
which has FACA oversight responsibilities essentially say if the person does not have
an agency email account and they’re going to use their personal account, then to deal
with all of the record keeping issues that attach to that, not just this, what you should
do is just copy the DFO, the designated federal official on your record emails. Does that
help people who have FACA committees? This is something that has come up as an area where
there has been a lot of questions. And so also contractors not going to be covered
by this requirement just because of the statutory language, I think contractors in the Capstone
paradigm are probably going to sort of by default be captured because you’re going to
have accounts that are given to contractors that are agency email accounts and they’re
going to fall into one of the temporary buckets, basically.
Questions about that? All right. All right.>>I think I’m missing the big picture of
what the Capstone project is.>>Hannah Bergman: I’m sorry. We can go back.
Yes.>>So does that mean I have a choice to do
either/or or can you do – let’s say that, you know, I manage contracts and we have a
twoyear requirement. I’m making it up. I’m choosing something less than seven years and
I am a 7year employee, does that mean I have the choice if I don’t want to sort through
my stuff, I can just keep it seven years. But if I do want to, I have closed out a big
contract, it is mucking up my hard drive and I want to delete it and I can, I get to delete
it?>>Hannah Bergman: Right. This is an area
where the agency policies that Erin talked about are really important. So how a Capstone
approach to email management fits with your other records management programs is a matter
of an agency discretion and policy. Yes, if what you want to do and what you’re able to
do is manage those records, those email records by the content and say, this was a twoyear
record, this contract is closed out, this matter is closed, Capstone allows for that.
It also allows for instances where Erin creates permanent records related to appraisal dossiers.
She is in the 7year category but she has an obligation to take those permanent records
and do something else with them, put them in the appraisal dossier so they are preserved.
Capstone is meant to be a blanket approach that sort of allows you to make these broadbased
determinations within an acceptable level of risk.
So the worse that happens is that you kept the twoyear record for seven years. Yeah,
that’s not so great. But what we all know is that there are these blobs of email out
there that agencies aren’t disposing of because they don’t feel like people are doing that.
They are not going through and filing their email according to a schedule and they can’t
say, oh, we are disposing of this in accordance with our regular schedule. So Capstone provides
that schedule basis for disposition without requiring you to go through and make those
individual determinations. Now, the consequence of that is that it is
entirely possible that you are a 7year employee and you have 10year records. We’re okay with
that. We are okay with those being disposed of at the 7year mark. We have come to terms
with the risk in this policy. If you are okay with it, that’s up to you. I mean, the Capstone
memo that we put out essentially gives agencies that discretion so say, well, if an employee
has tenyear records but they are in the 7year bucket, the employee as an affirmative obligation
to manage those records for ten years or we are just going to manage the email for seven
years and that’s the decision we are going to make. You can make either of those choices.
The policy gives you that discretion. Does that make sense?
>>Agencies can submit their own email schedules as long as they are meeting the obligations
of the presidential records management guidance. We do have several agencies who have submitted
their own records schedules for email. The most famous, infamous is the CIA one pending.
NARA decided we had our own records schedule for email that we had put up and then we decided
the GRS was going to more or less be in line with all of those decisions. So that schedule
was actually withdrawn from the Federal Register and the approval process. And we are waiting
as an agency to employ the GRS once it’s finalized. There are levels of choices that can be individualized
as Hannah said.>>Hannah Bergman: Any other questions? Did
I get the big picture there? We have a lot of resources on Capstone available if you
are dealing with these questions you want to grapple with it more. Just let us know.
All right. So discovery, this matters for agency counsel, you know, because it is your
job. (chuckles). These are sort of the areas, I think, that,
you know, we deal with access requests, whether they be discovery, congressional requests,
FOIA. I think the important thing to take away is obviously what we are talking about
in terms of nonrecord, it is useful in your litigation context. It is useful in FOIA.
But FOIA has a different definition of what’s an agency record. It is broader than under
the Federal Records Act, right? Congressional requests are not bounded by
such notions of recordness. They’re just -they just exist. So if you have something you are
going to need to find it and make it available. And obviously in discovery, you are bound
by the Federal Rules of Civil Procedure and records schedules, as Erin has said, really
guide what you should be looking for in a discovery context and what you’re likely to
find and what can be disposed of, what you’re going to be put litigation holds on. But they’re
not the be all, end all. So areas beyond email that you should think
about in eDiscovery issues, we’ve sort of gone through all of these in our conversations
earlier. Text files, PowerPoints, spreadsheets, sort of all of the things on your drive, the
unstructured data, your structured data as well, intranet, so whatever is in your home
agency communications. I don’t know if your agencies have something that’s sort of akin
to like a Facebook internally, but that’s something that we have at the National Archives
and is an area that would certainly be subject to discovery, FOIA, et cetera. So don’t forget
about those strange repositories that are creeping up now in sort of the age of social
media. Likewise, there is a lot of employment litigation
on availability of things like Facebook pages, Twitter, Instagram, that sort of stuff as
it relates to disciplinary proceedings against employees. So if your employee says they’re
sick and they are posting on their Facebook that they are really at the beach, that Facebook
evidence can come into play. How that happens, be aware of. The 20minute we have left, probably
not an area we want to delve deep into. Certainly there is a burgeoning area of personnel law.
Keep in mind the Privacy Act will affect your ability to retrieve that information.
Data on mobile devices I think is a huge issue. So think about how you’re managing your data
on your mobile devices. Are you allowing employees to bring their own devices. Have you learned
the important lesson of the dangers of that happening? And what sort of are your policies
for letting employees who telework keep information on laptops. Are you giving them the laptop?
From the agency to use? Are you requiring the telework eligible employees provide their
own computer? That can really change what your policies need to look like from a records
management standpoint, from a discovery standpoint, from an I.T. security standpoint.
I think we’ve recently had instances where employees in the telework context have had
things on their personal computer that they should not have had on their personal computer
and they no longer have those personal computers. So you must address this issue. You do not
want to be in a position where you have to ask an employee to turn over their computer
and they lose the pictures of their cute children that they haven’t backed up because you need
that computer. I really encourage agencies to give people
devices. I think bring your own device is really dangerous from my standpoint.
All right. Oh, is that in the wrong direction? No. Okay.
We’ve covered all of these, right? Do people still have backup tapes? I feel like backup
tapes, they are like paper at the Archives. Eventually they’ll stop being acceptable,
but in the interim… So we’ve just got a couple of slides on foundational
sort of discovery issues. Obviously Arthur Anderson was an important case on how document
retention policies are going to interact with your litigation obligations. That’s the place
we start from. Obviously what Erin has spent a long time
talking about is the notion that you can, in fact, dispose of things in accordance with
those document retention policies if you have them. The entire process of scheduling your
records is really to allow you to dispose of the records in a way that is defensible
in litigation, is defensible from a budgetary aspect that you’re just not keeping everything
forever. So as Erin said, your file plan is something
that you’re going to want to look to any time you have a discovery demand. And where your
file plan or your records schedules are deficient – and the records are not yet scheduled, they
have to be maintained until they’re scheduled. And so scheduling does take a long time. I’m
quite aware of that, right? Like, it is going to – even if you submitted a schedule to us
tomorrow and it was perfect, it’s going to take probably a year for that schedule to
go forward. So you need to plan in advance for being able
to manage the large volume of material that you’re collecting, particularly in electronic
environment. There are a lot of storage costs associated with that. There are a lot of retrieval
costs associated with it. But unscheduled records can be deleted from a records management
standpoint and deletion of those records has serious consequences in litigation. You have
no document retention policy to fall back on as a defensible mechanism.
So obviously these rules apply to electronic records. Hopefully we don’t have to make the
distinctions as often. But I did want to talk about the Gerlich case a little bit. Anyone
familiar with the Gerlich case? It is about five years old. So the Justice Department
had been recruiting honors attorneys at the end of the Bush administration. And there
was a process to vet those applicants that essentially led to people looking at Facebook
pages to determine things like political party affiliation and other not good things so they
were making determinations about your application based on your political beliefs and your hobbies,
what clubs you belong to, et cetera. So this case sort of focuses on the catch
22 of, well, once you’ve done the illegal activity, are you obligated to keep a record
of your illegal activity or can you destroy that evidence? And if you destroy that evidence,
how is that going to work out for you in the litigation about your ongoing misconduct?
So it is a really – they are very interesting opinions. The District Court found for the
Justice Department. The circuit court ultimately overturned that decision. And then event actually
the case was settled out of court once the Circuit Court made it clear that justice was
probably not going to be able to defend its actions.
Gerlich focuses on the notion that once you’ve created these records, you did have an obligation
to preserve them, that the Federal Records Act creates this affirmative obligation to
keep what were, in this case, printouts from applicants’ Facebook pages with annotations
about them whether or not they were good to go or not based on their political party affiliation
and other sort of life choices. So the court here, I think, relies on Talavera
which is a much more fulsome discussion and the case that preceded Gerlich and talks about
the action between EEO actions and require an agency to retain records versus the records
schedule and where the two intersect. The ultimate takeaway from this is you have
got to be aware of situations where there are regulations that intersect with your records
schedules along with statute of limitations and how long you’re keeping things.
In the Gerlich case, essentially the Circuit Court said the plaintiffs are entitled to
a spoliation inference because they can’t prove their case because the Justice Department
destroyed these records. They should have known that these records were going to be
needed in this litigation. There was a lot of press attention. There was an investigation.
These records were really going to be instrumental in whether or not the plaintiffs were allowed
to prove their case or not. So absent the records, the spoliation inference
was against justice. There is also some fascinating aspects of the Privacy Act that come into
play in the Gerlich case. It says the Privacy Act has this notion that an agency isn’t allowed
to collect information about an individual’s exercise of First Amendment activities absent
consent of that individual or a legitimate enforcement need. Vetting you for a job application
is not a legitimate law enforcement need. So did you have consent? This is an area where
you may want to pay attention to what’s happening in personnel offices, in – how you are vetting
applicants internally. I think we all know in this sort of Google environment, social
media world, of course, your instincts is to type in the person’s name to Google to
see what’s happening before they show up to the interview.
As federal employees, you shouldn’t be doing that. Gerlich talks about that as a real problem.
If your human capital office isn’t aware of this, if they haven’t provided guidance, your
selecting officials interviewing panels, or they are not getting consent from the applicant
to do that, another way to solve this problem is you require consent of all applicants to
do some basic Googling of them, that’s an area where I think counsel can be proactive.
Don’t not end up in the same position as DOJ. That’s an important lesson we can all learn
from. The DOJ – the payout was substantial. The
settlement agreement is public. I think it was more than $100,000 that justice ended
up paying to these applicants. So another case that I just wanted to mention,
I don’t know how many of you interact with the criminal side of the world. But in the
event that you’re involved in OIG work or work for a criminal agency, there’s obviously
an obligation with regard to litigation holds for evidentiary material that’s going to come
into place. This is a case out of New Jersey where the FBI failed to preserve really important
text messages on an agent’s phone and then the consequence of that was that the defendants
were not convicted. So there’s an obligation when you issue a litigation hold for that
litigation hold to extend to things like text messages on agent’s phones when those are
going to be used in a litigation, prosecution. Lots of people run out of space and delete
their messages. This is what happened in that case. So, again, if you don’t have adequate
storage, that’s an area where you really need to think about what your record keeping requirements
are and provide for the policies as it is related to forwarding those text messages
to email accounts, et cetera so that you’re not in that position. No one wants a defendant
to go free just because you deleted the text messages.
So I also just wanted to touch on updates to Rule 37 (e), the Federal Rules of Civil
Procedure. This is the current rule which says absent exceptional circumstances, a court
may not impose sanctions under the rules for failing to provide let CSIs or routine of
a good faith electronic system. If you have done all the right things but for some reason
you do not have the emails, Rule 37 provided this out for you. Still does. But probably
by next year, I understand, these updates will go into effect. So they have been a long
time in the works, updates to the Rules of Civil Procedure. Justice is fairly involved
in crafting Rule 37 and are making their opinion pretty vocal on the pros and cons of these
changes. The rule is going to be changing I’m thinking Decemberish 2015 is when that
is most likely to happen. But it will say failure to preserve electronically stored
information, if electronically stored information should have been preserved in anticipation
or conduct of litigation is lost because the party failed to take a reasonable step to
preserve it and cannot be restored or replaced through additional discovery, the court can
essentially order this spoliation inference or sanctions. Keep that in mind, those updates
are coming. A lot of the things that were encapsulated
in the good faith notion are still there in the advisory notes to that rule. That’s the
link if you want to get the full report. Another thing that I wanted to touch on with
records to spoliation inferences and claims that records no longer exist is this notion
of unauthorized destruction. So there is a statutory obligation for an agency to report
to NARA when you have an unauthorized destruction of records. So if you are in the middle of
FOIA litigation and you realize you have destroyed the records and you shouldn’t have, that’s
an unauthorized destruction. You need to send us a letter.
36 CFR 1230 has the requirements. Typically what’s happening is a letter from the agency
records officer to the chief records officer which is Erin’s boss, Paul Wester, one to
two pages summarizes the incident. We will then reply and say we would like more information
about this. Are you going to make sure it doesn’t happen again? You will then make sure
it doesn’t happen again and assert in writing that that’s what’s going to happen.
If you want to see how this is currently playing out, essentially the State Department sent
such a letter. We sent a report back. I think all of that is about to be released or was
released this morning or in the process of being released. Something with that is happening.
But unauthorized destruction of records, reports often do get press attention, in part because
they come about in litigation so there is already sort of a public interest in what’s
happening. But we do expect to see them even in the mundane instances where there is no
press attention, no agency head is involved, et cetera. Make an unauthorized destruction
report. Talk to your records officer about that. Make sure that you’re doing that. And
then make sure you actually follow through and you really do make whatever policy changes
or management changes are necessary to make sure this doesn’t happen again. Like the I.R.S.,
another example of unauthorized destruction reports.
All right. Now we just have – we have a couple of slides about email management. This sort
of repeats what we have said before earlier this morning where we said there are a lot
of ways in which you can manage email. Not all of them are super useful from a records
management standpoint, but you are probably using them in litigation. Be aware of what
your email archiving tools are. And it is possible with a Capstone approach to email
management, you could use those litigation tools to implement your records management
policy if you do it correctly. This references something called DOD 1515.2.
Those were – those are certified records management applications which are really fancy ways to
manage records in accordance with our regulations. NARA previously, maybe like a decade ago,
endorsed this standards is the goldplated way to do electronic records management. We
have since realized no one can afford goldplated electronic records management systems, not
even DOD. So we’ve backed off from that endorsement to say that’s one of many ways in which you
can meet our obligations. But there are all these other ways as well.
So someone comes to you and says, the system is not 5015.2 compliant, that’s okay. If you
did buy one, it is probably making you frustrated on a daily basis because you can’t get records
out for litigation or manipulate or do things with them. They are not as exciting as we
thought that they were in the early 2000s, late ’90s.
I’m going to skip over that one and move on to backup tapes to say that backup tapes are
covered by digital records schedule. We have recently updated the schedule that covers
these. We have gone from GRS 24 to the new revised, better, user friendly, Excel spreadsheet
version of the GRS 3.2, item 40 and 41 which essentially say that you can destroy backup
tapes and recycle them in accordance with your regular processes.
They are not an effective means of managing your records. So someone says to you, I’m
keeping my records on the backup tapes, no, no, you are not. They still need to be held
though if you have them. Litigation holds do not reach backup tapes. You cannot assume
they don’t exist. For some of your systems, they probably exist for other ones.
These two cases are about what happens when attorneys agree to things that they don’t
understand. So the Fannie Mae case essentially, the attorneys there said, oh, we can meet
that deadline and produce that ESI and they could not and they received sanctions for
that. In the Knickerbocker versus Corinthian College case, it is a more interesting case.
It goes into what happens when people try to parse language of a court order a little
too closely and say things like, backup servers, those aren’t the same things as backup tapes.
I didn’t know that you meant the backup server, too. No, no, you did, right? So this is sort
of an awareness of don’t read the cord orders too narrowly. Don’t interpret the discovery
request too narrowly. It is not good faith to say, well, you said “tapes,” how was I
to know you also meant “servers”? In that case the attorneys failed to tell
employees to implement the litigation hold which is another real problem. So just you
knowingly, you shouldn’t delete the records. It isn’t enough. You have to actually tell
people that there is a litigation hold in place.
If you are in a cloudhosted environment, you should think about how you will implement
your litigation holds in that environment. That is largely affected by what your contract
with the cloud provider looks like? Be sure to take a look at those contracts, figure
out if you can get the information out on demand, what time frame you’re looking at
for a turnaround for massive exports of that data, what format it would look like. If it
is even possible where the data resides. Is it outside of the U.S.? Have you – are there
other implications to that? Is your data commingled with other entities? Is it possible for them
to segregate out what you need and leave the rest and just give you your information. Is
it likely the cloud provider will be subpoenaed and you would not know about it and your data
would be implicated? What sort of – what’s going to happen there? So these are all issues
that a good contract and a good structure can deal with, but keep in mind I’m sure they
have probably been raised to you before by reviewing contracts for I.T. systems, for
records management issues, and other I.T. management issues. It is an important part,
I think, of how you can provide useful advice in the records arena.
All right. So a couple more points. Metadata, that’s the thing, you should be aware of it.
So for email, we have specific regs on what constitutes the metadata of an email. That
was widely litigated in the Armstrong cases. The most important thing that I think systems
now today may not be able to handle is the notion that distribution lists need to be
exploded to have everyone’s actual names. So if in your Capstone approach or your electronic
records management system, your eArchive, what is it is you are using, you have in your
agency an email distribution list that is senior [email protected] and then senior
officials get that email, when you capture that for litigation or for record keeping
purposes, you need to actually know who is on the senior staff. That is a crucial part
of that record. Armstrong really talks about that. Talks about that as being a key difference
between the electronic record and the paper printout of an email and why the electronic
record has additional added value. And so think about how you’re getting that
recipient information, how you are exploiting those distribution lists because that can
really come into play poorly if you haven’t thought it through.
Format, obviously, if you don’t know it already, OMB has metadata guidance that requires you
to use a particular schema for managing your metadata. It is the common core metadata standards.
NARA is also working on metadata guidance at that will hopefully not conflict with OMB’s.
Another sort of metadata guidance document you should be aware of is if you are an agency
that the Justice Department is going to be litigating on your behalf, DOJ’s eDiscovery
folks have a onepage handout of what data they are going to need when you give them
records for litigation. Capture everything in a preservation order.
No, really, capture everything. (chuckles). More assertive details on that. These are
– key takeaways are always to check the law. It’s changing. Particularly case law on eDiscovery
and burdens, the federal rules will be changing. We didn’t talk about amendments to Rule 26
but those are in the works as well so just be in the update. Don’t rely on an outdated
version. Plan for those changes and differences in the burden analysis.
Here’s some handouts. Sedona conference, always super useful for guidance if you haven’t checked
it out. This is Erin’s and my contact info. So I think
we’re done. We’re here if you have questions, though. We’re happy to talk about any issues
you might have. (applause)

Leave a Reply

Your email address will not be published. Required fields are marked *