Jackson County

Jackson County loves Netmail

Challenge

Jackson County had a policy regarding email and the retention of email as a public record according to state schedules and applicable laws, and that it was everybody’s responsibility to retain things as long as they were required to. While having the statement in principle was positive, its scope was too broad and didn’t provide details and guidance as to how exactly to comply with the policy.

Solution

Looking for an innovative approach to solving the email retention issue and actually be able to successfully enforce the county’s email policy, the county brought together several departments of Jackson County for a two-day workshop devoted to email retention and the different considerations pertinent to email policy creation.

Results

The Netmail e-Policy Workshop provided an opportunity to get the policy makers on the same page. The key stakeholders who took part in the two-day onsite seminar were IT, Counsel, Administration, HR, Risk Management, and Internal Audit. Health and Human Services also attended due to their unique requirements for records retention and deletion under HIPAA.

Background

Located in Southern Oregon and surrounded by the majestic Cascade and Siskiyou Mountain ranges, Jackson County is arguably one of the most beautiful and livable areas of the Pacific Northwest. In addition to the breathtaking scenery in every direction, Jackson County offers a growing economic base, moderate weather and superior quality of life. Jackson County is committed to providing highly effective services to the public.

Email as a Primary Vehicle for Doing Business

Jackson County consists of about 1000 employees who serve the public of the area. Day-to-day communication is conducted using the Novell GroupWise collaboration platform. As is the case with most government organizations and public agencies nowadays, email is a primary mechanism for doing business for the county. Practically everything related to the county’s business activity, including tasks, appointments, and correspondence, resides in its email system.

Nominally, Jackson County has had a policy regarding email and the retention of email as a public record for a long period of time. In reality, this was a vague eight-year old directive stating that email was a public record and as such had to be retained according to state schedules and applicable laws, and that it was everybody’s responsibility to retain things as long as they were required to. While having the statement in principle was positive in the sense that it made county employees aware of the status of email as a public record, its scope was too broad and didn’t provide details and guidance as to how exactly to comply with the policy. Neither did it offer specific procedures that would ensure the policy could be enforced.

Before Investing in Technology, Get the Stakeholders on the Same Page

Mark Decker, CIO of Jackson County and Director of Information Technology Services, realized he needed an innovative approach to solving the email retention issue and actually be able to successfully enforce the county’s email policy. Thus, at the beginning of 2009, he took the lead on bringing together several departments of Jackson County for a two-day workshop devoted to email retention and the different considerations pertinent to email policy creation.

Decker talks about his decision, “In the IT department, we were looking at implementing an email archiving solution to address the problem of recovering old emails in response to public information requests. Every citizen basically has subpoena power to ask the county for email, as email is a public record. As a public agency, we have to be able to respond to information requests regarding public business.”

So far, handling such requests has been a highly labor-intensive and unproductive process. To meet their obligations to the public, IT staff have had to resort to back-up media and spend many hours restoring email accounts from tape. “It is a waste of time and tax-payer dollars to search for electronic records that way,” continues Decker. “Purely from the vantage point of IT professionals, we want a tool that would make the process easier and more efficient.”

Decker’s second big concern regarding email retention was the fact that e-discovery is becoming an increasingly visible issue. “Our inability to respond effectively to eDiscovery requests was weighing on my mind. This was also a concern for the County Counsel and Risk Management, but they hadn’t acted upon it to that point. It wasn’t that they didn’t care, it just never made it to the top of their priority lists as there are always other, more immediate issues. I felt it was time to raise the priority of this issue and get a plan in place to reduce risk.”

Decker began sending relevant articles to the County counsel and Human Resources to raise awareness and highlight the importance of e-discovery for the County’s business process. He also made the case to reserve part of the coming year’s budget to purchase a technology solution to automate email archiving and retrieval. “But I knew that before a technology solution could do us any good, there had to be a new policy in place. Our existing policy wasn’t very useful.”

Moreover, it was imperative to get the key stakeholders aligned, force them to consider the issues deeply and make decisions, and have them all participate in designing and supporting the policy. “It is not IT’s job to make business policy. The organization must own the retention policy,” says Decker.

The Netmail e-Policy Workshop provided an opportunity to get the policy makers on the same page. The key stakeholders who took part in the two-day onsite seminar were IT, Counsel, Administration, HR, Risk Management, and Internal Audit. Health and Human Services also attended due to their unique requirements for records retention and deletion under HIPAA. “In hindsight, another party that should also have attended is the County Clerk. By law, the Clerk is the keeper of public records,” Decker points out.

Overall, the outcome of the ePolicy workshop was very positive. The seminar accomplished the primary goal of raising the awareness among stakeholders and giving them the information they needed to make some decisions. “The biggest thing we achieved was that we all came out of the workshop with specific decisions about what the principles behind our email retention policy are going to be,” comments Decker.

The workshop was moderated by technology lawyer Ben Wright, who was extremely effective in facilitating the group’s discussion through real-life cases to illustrate certain points. He also provided a specific framework to drive decisions and prioritization. “Ben basically gave us 5 critical questions we needed to answer and at the end of the 2 days we had answered them.” Even though they didn’t have the full e-policy written by the end of the workshop, those guiding principles will provide a solid framework for it.

The next step in Jackson County’s new e-policy project is completing a first draft of the policy based on the template provided by the workshop instructors. The draft will then be reviewed by all the departments prior to formal adoption. The fact that stakeholders took part in the workshop and have already agreed on the basic concepts will speed completion and adoption of the policy.

Organizational Buy-In Is the First Step to the Successful Implementation of an Email Retention Policy

For Jackson County, the ePolicy Workshop provided valuable training to policy makers so they could make informed decisions, and was the catalyst that helped the agency achieve forward momentum. There is no doubt that email retention is not just an IT issue, much more it is a business issue. These retained email records are not IT’s documents, they are records of the business. That’s why when deciding on an appropriate email retention solution, all primary stakeholders need to have a say in what is important and has to be retained.

The Bottom Line

Mark Decker CIO of Jackson County and Director of Information Technology Services