New report highlights shortcomings of Colorado electronic records retention

New report highlights shortcomings of Colorado electronic records retention

Recommends changes to address gaps around emails and text messages

Written by
Edited by Beryl Lipton

A new report released this month by the Colorado Freedom of Information Coalition (CFOIC) offers recommendations for addressing Colorado’s inadequate records retention practices, which currently lack important guidelines around some of the current era’s most common modes of communication: email and text message.

Focused on the State Archives and Public Records Law and the Colorado Open Records Act (CORA), the report, authored by Jill Beathard, is concerned with the retention of these “electronic records,” emphasizing a need to clarify and enforce the types of records to be retained, the length of retention, and the simple fact that retention is required.

These modern issues aren’t unique to Colorado, but they are proving to be a real problem, even for the state’s legislators. In February, KOAA News5 reported that emails, requested under CORA by Colorado State Senator John Cooke, had been deleted following officials’ resignations. Cooke was able to get about 3,000 of those emails, but only after IT workers hunted copies of them down across state servers following the threat of a subpoena.

New rules should be put in place and new legislation should be enacted to enforce them, says CFOIC.

The issue of email

As it stands, CORA recognizes emails and text messages as public records, but it is vague about the exact retention expectations. It requires agencies to have a record retention policy, but it doesn’t offer specifics for the content of those policies. It leaves a lot of discretion to individual government employees to evaluate emails for retention and allowing space for officials to conceal or destroy records.

The Colorado State Archives helps state agencies develop their records policies, but its influence is limited. There is no statutory requirement that emails be retained, so the best the Archives can do is advise officials that they should retain certain emails, and it provides model records retention schedules with classifications for which ones should be kept. The Archives themselves lack a way to store emails indefinitely and do not accept emails into the permanent record, though it’s previously made exceptions, as it did for Governor Hickenlooper’s administration.

The National Archives’s “Capstone” approach, an email retention plan based primarily on the account user’s position in an agency, is the most prominent best practice the report explores. The emails of “capstone officials,” such as agency heads, are scheduled for permanent retention, those of support and administrative staff for three years, and the emails of all other positions for seven years. As of April 2019, 193 of 296 federal agencies reported using the Capstone approach.

CFOIC recommends that Colorado adopt the Capstone approach, variations of which other states already employ. Other best practices include North Carolina’s “Transferring Online Mail with Embedded Semantics,” or TOMES, a system that automatically transfers emails from top officials to the state archives. In Oregon, the state has partnered with private organizations to invest in software systems, using technology to automate retention.

“We are aware of the Capstone approach. When Gov. Hickenlooper left office we used Capstone as a basis for whose emails we were to capture,” said Paul Levit, a records management official at the Archives. However, his office doesn’t have concrete plans for regular adoption of a similar solution. “We would like to formalize this approach or something similar with the Governor’s Office. This was our first time capturing email.”

To properly address Colorado’s retention problems, the report says, increased interagency communication and additional staff hiring at the State Archives would be required.

The trouble of text messages

Another modern form of communication that faces similar problems is text messages.

The report says:

The majority of courts in the U.S. have held that records sent or received by a public official and discussing public business are public records, regardless of whether they are housed on a government-owned device or not… But what methods a government can use to compel its employees to turn over the content of their personal devices is still up for debate in most jurisdictions.

Stories around the country have documented the problem of retaining government text messages. In June, the Philadelphia Inquirer reported that it had used the Pennsylvania Right-to-Know Act to discover that Governor Tom Wolf deleted many of his text messages. State officials’ defense included arguing that the texts were “transitory” and, therefore, did not need to be retained. Overlapping public records laws make it hard to tell whether or not they’re right.

These issues are further complicated by the use of self-deleting text apps. This has been a particularly potent issue in Missouri, where Governor Eric Greitens is facing a year-long lawsuit over his use of an app called Confide. So far, the case has cost the Missouri governor’s office $340,000 on private attorneys alone, as reported by Beth Welsh on the Kansas City Star, leading the St. Louis County Council to consider a ban on self-deleting text apps for government use.

As all government employs these modern modes of communication and need to adjust their understanding of the public’s right to know accordingly, other states could provide important examples for Colorado. In California, a bill passed to require all government agencies to retain emails and other “electronic transmissions” for at least two years, and Montana recently overhauled its public records laws, adding a “retention and disposition subcommittee” to approve the destruction of any public records.

The need to grapple with the elimination and evolution of government records is crucial for CFOIC. As Beathard writes, “Open records laws cannot serve their purpose if requested records no longer exist.”

You can read the whole report embedded below: