In the United States and other countries, there are local governments moving entire email infrastructures from their own servers to cloud-based email platforms: the City of Chicago announced such a move last year. So long as an email documents the business of a North Carolina municipality or county, it is a public record, whether stored on an email server in the office or somewhere in the “cloud.”
Future Proof, the blog of the State Records Authority of New South Wales, Australia, has a timely and interesting post on the management of cloud-based email as public records, with 9 tips for a municipality or county considering a cloud-based email platform:
- Consider records management issues right from the project’s kickoff.
- Change traditional email management practices when needed to fit the new cloud-based email platform.
- Apply records retention and disposition schedules to legacy email, but if granular examination of legacy email is impossible, base retention on potential risk, i.e., err on the side of caution!
- Realize that a cloud-based email platform does not have built-in records management tools; the records custodian will retain responsibility for records management.
- Use the transition as an opportunity to improve records management of email.
- Be aware of any default retention period on the cloud-based email platform; adopt a proactive strategy to ensure proper management of email with a longer retention period.
- Ready an exit strategy even before moving to the new cloud-based email platform.
- Investigate the possible application of business rules and metadata for management of email.
- Be aware that a cloud-based email platform often comes with additional functions, such as calendars, collaboration platforms, and instant messaging; these are public records, too, so long as they document public business, and need management.
Cloud computing in general brings up a whole range of records management issues for local governments. Our Best Practices for Cloud Computing: Records Management Considerations covers compliance issues, understanding and negotiating the terms of the service level agreement, performance and monitoring, service interruptions, costs, security and privacy, removing data from the cloud and avoiding vendor lock-in, and e-discovery guidelines. Both our guidelines and the Future Proof blog post emphasize that, when public records are managed exclusively in the cloud, careful consideration should be taken regarding the implications of cloud storage for records management.