How State CIOs Should Preserve Digital Records

States are not well prepared for long-term preservation of digital records, a NASCIO report found, and the consequence is that electronic records are at risk and vulnerable.

The days of state governments filing away solely paper records on everything from residents’ benefits to licenses are long gone. State governments are living in the world of digital records. The question is: Are they ready for all that entails? 

According to a recent report from NASCIO, along with the Council of State Archivists, many states are finding that they are unprepared to deal with the unique management and preservation issues that are related to digital recordkeeping

NASCIO and CoSA offer 11 different strategies, or “plays,” that state CIOs, their staffers and state archivists can take to get a handle on their digital records and ensure they are stored and preserved safely and in an accessible manner. 

“Proper management of state electronic records mitigates information security risks by carefully managing personally identifiable information, managing legacy dependency, and ensuring state records are not locked in proprietary systems,” the report notes. “State CIOs are deploying more cloud services and state enterprise-level efforts. Digital preservation services are frequently provided by third-party cloud providers or managed centrally by state agencies that provide service to others within the state.” 

VIDEO: How will the state CIO role evolve between now and 2023? 

Define the Issues Around Digital Records, Collaborate for Solutions

First, state CIOs and archivists need to understand the issue — and why it is critical to address it. “State government is in the information business and data is its lifeblood. Public services create information in the form of records, increasingly in electronic formats,” the report states. “These records are essential to state governments and to the services state governments provide their citizens. States continue to struggle with new challenges presented by a growing portfolio of electronic records and digital content that must be preserved.” 

The volume and complexity of electronic government records continues to increase at an exponential rate. Indeed, according to the report, between 2006 and 2016, the amount of state and territorial electronic records skyrocketed by 1,693 percent.

“When state government leaders work together, they can ensure the electronic records of today are available in the future to protect citizen rights, document government, and preserve history,” the report notes. “Archives and records management staff can provide services to their state CIO as well as help them understand electronic records challenges.”

Electronic records — which are public information and document government decisions — require attention to ensure they are preserved and accessible, as they are more complex to preserve than paper records, the report says. “Without action to preserve them, electronic records can be overwritten in databases, lost in media migrations, or become inaccessible due to incompatible legacy systems,” according to the report. “Sustained attention and resources are needed to ensure the long-term management and accessibility of our nation’s electronic records.”

Collaboration is key, since digital records management cuts across multiple offices within state governments. State CIO offices have expertise in how electronic records management approaches and technologies fit within the state’s strategic IT direction and enterprise architecture, the report notes. Meanwhile, state archivists and records managers are the primary stakeholders with expertise on which e-records to maintain, which to delete or deaccession and what kind of access might be required. Other stakeholders may include the secretary of state’s office, state legal counsel, the attorney general’s office, and state agency business unit and program owners.

“Collaborative effort is key to developing and adopting best practices and sustainable models for the long-term preservation of electronic records,” the report says.

MORE FROM STATETECH: Find out how state auditors can achieve digital transformation! 

Digital Record Management Involves Communication and Tech

Another play in the playbook is that state CIOs and archivists need clear communication strategies for different constituencies. These include state agencies, the state legislature and the public at large. Notably, for state agencies, the report says that “adequate employee awareness and training activities are keys to ensuring that employees correctly carry out new or existing policies and procedures and understand how to use any new technologies associated with improved electronic records management.”

State CIOs also need to remember to keep public business on public platforms, and that “any account that is used for state business is subject to public records laws. The accounts must be managed and archived according to public records laws.” Official accounts should be used for all government business that happens via social media, the report states.

State CIOs also cannot forget about email records management, and that email messages are subject to public records laws and statutes and need to be managed accordingly. There are many instances in which email may contain state electronic records, including documents and work processes routinely circulated via email, appointments to boards and commissions, hiring and firing decisions, instructions given to and reports from cabinet and agency officials, contract negotiations and legal and policy decisions.

A key element of digital records management is the technological systems used to store and manage such records. However, technology is advancing rapidly, and many state governments face issues related to IT obsolescence when it comes to records management. For example, the file formats of e-records may change and become unreadable even by subsequent releases of the software that created them. 

Additionally, electronic objects require special monitoring to maintain the evidentiary status of the records, the report notes. “Establishing fixity, or the property of a digital file or object being fixed or unchanged, is a critical part of confirming evidentiary status of electronic records,” the report says. Further complicating matters is that some systems for document management don’t preserve the content, structure, context and integrity of the record over time.

“States must select technologies that properly manage and store electronic records, while ensuring that the inevitable obsolescence of the technology does not compromise the records’ integrity or accessibility,” the report advises.

Digital%20Transformation_IR_1%20(1).jpg

IT Governance and Security Are Crucial to E-Records Management

As state CIOs evolve into brokers of IT services, they need to think through how changing operating models will affect digital records management, according to the report. 

“No matter the preservation service provider, the service agreement needs to be thoughtfully and carefully developed. An exit strategy should be identified as part of the contract,” the report says. “The need for digital preservation of state electronic records will outlast commercial service providers and current technological infrastructures. The state needs to clearly understand its rights regarding its data and how the preservation provider is helping it perform its obligations to its citizens.”

IT security is also critical when it comes to records management. While contracts can be formulated to guarantee security arrangements required by state laws and statutes concerning public records, the report notes that “in the real world data remains vulnerable to hacks and hostage situations regardless of contract provisions.” 

State agencies “may decide that having limited control over sensitive data is a risk worth taking to have third-party providers handle digital preservation lifecycle services, but it needs to be an informed decision.” 

State CIOs can help state archives and records management personnel perform a cost-benefit analysis about outsourcing preservation services in relation to data security, the report says. 

Contracts with third-party digital preservation service providers should “establish responsibility for functions that are critical to ensuring the integrity of state data including fixity checking and audits or compliance with state government legal responsibilities,” according to the report. 

State CIOs and archivists should also establish audit trails when working with a third-party preservation service provider. “A verifiable audit trail of the activities involved in the processing of digital records ensures that the reliability and authenticity of the data is secure,” the report says. 

NASCIO also recommends that states adopt a data classification policy, which “helps secure data by knowing what data is most sensitive and most in need of higher levels of security.”

D3Damon/Getty Images
Nov 05 2018