Playing devil's advocate...
Email records on computers in Downing Street are subject to automatic deletion within three months through a system which makes it almost impossible for the public to view them under the Freedom of Information Act, former staff have disclosed to the Financial Times. Reporters at the salmon-pink broadsheet discovered that this …
I get that it's potentially good information security policy to delete data you know you won't need again, preventing it falling into the hands of attackers, something Sony Pictures probably should have considered. But that's when we're talking business and the data is not required for audit/SOX/other legal purposes. This however, is a government, and this is a blatant policy of evasion, obstruction, and scorched earth in the face of the FOIA.
Meanwhile, they're storing every bit of our correspondence without our consent, and not with a 90 day retention policy. So outrage all round? Absolutely.
Show me the part of FoIA that tells the government how long they need to keep emails (or any file for that matter).
I don't agree with it personally (I think they should be in a position to keep things longer than that, at least where it doesn't involve PII) but there is nevertheless a world of difference between 'should keep it' and 'have to keep it', and as somebody who has no experience dealing with this it would be wrong for me to at least not consider the possibility that there might be some reasons for this as badly thought through as they may be (for one thing filtering out personal information would be in itself a large task given the volume of email)
"Show me the part of FoIA that tells the government how long they need to keep emails (or any file for that matter)."
Fair comment, but does it matter? They've bent the spirit of the law regarding data collection and privacy so far you can join the ends together. When you promise to free information by law under FoIA, then deliberately delete the information so you don't have to comply, is that any different? Obeying the law via a technicality and breaking it in practice is the modus operandi of modern government, and that needs to change.
"for one thing filtering out personal information would be in itself a large task given the volume of email"
Filtering out personal information? If you mean personal communications on government systems, it seems unlikely to be permissible to conduct personal business with a government/civil service mailbox, any more than it would be with a company.
Banks and other financial organisations do this all the time. The official idea is that you clear off huge backloads of email traffic to de-clutter, with the understanding that everyone will say to some drive or another the business-critical stuff they need to refer to; the in-box is not your storage bin. The unofficial goal is to have a 'sorry gov, it's not on purpose, we just don't keep stuff' reply for when the Regulators want to see email trails.
A company I know has to keep ALL email, regardless of whether it is relevant, useful, incriminating or porn. This is done so that they can go in to court and say, truthfully, that all legal discovery is complete and comprehensive. This is a requirement for their business. It takes a lot of work (compliance, legal, operations, IT) to actually get an email deleted (like the one where bonus numbers were stored in a public store not a private one) and the culprit WILL get a disciplinary for needing this.
Yes, it would be a lot of data, but storage is cheap.
Nice to know the government that enforced this lives by the same rules.
Anonymous, because whilst I don;t work for the company, I don;t want my contact there fired.
I used to work for a government sponsored "Back to Work" program and we were legally required to store ALL correspondence (plus a copy at a separate location in case of fire or whatever) for a minimum of 10 years, be it physical or electronic. Had to hire off-site storage units to deal with all the physical stuff.
Another case of the governments "Do as I say not as I do" attitude. We could have faced serious legal issues and maybe even criminal charges if we did not follow those rules to the letter but somehow it's okay for the government to just destroy that stuff? It just makes me suspicious of what exactly they're trying to hide.
And they are about to put in their new snoopers charter, which will mean that our ISPs will have to keep all our emails for at least 10 years, just in case some bored copper wants to troll through them looking for 'evidence' (and any juicy bits, intimate messages from young girls, etc.).
The IT services company I used to work for had a 3-month deletion routine too. Wonder if it was the same one?
In contrast, the place I work now has to keep all sorts of stuff for long periods to satisfy The Regulator. We have hundreds of tapes holding god-knows-what, and we can't find out because the systems which created them went to landfill MANY years ago.
This is done so that they can go in to court and say, truthfully, that all legal discovery is complete and comprehensive.
Again, playing devil's advocate for a moment: I strongly suspect that the number of court cases involving them is easily dwarfed by the number of FoI requests for any single government department that you'd care to name.
That 'legal discovery' costs time and money neither of which the cash strapped departments have much of. Now imagine having to go through all that every time somebody asks for something.
Except that Hansard probably doesn't potentially contain private information that legally can't be stored longer than necessary (and 'in case we need it later' probably wouldn't count since if I recall correctly it has to be for the reasons it was originally collected & used in the first place). The same can't be said of emails, which can contain all sorts of private information not normally part of any government record like Hansard.
Which one is more important? The DPA or FoIA? Letting them think that storing anything remotely private just because it might be useful later on is a very bad idea IMO.
Not sure what's with the downvotes, but consider this:
- Anything remotely private or otherwise considered outside the scope for publication has to be redacted from anything released to the public (probably not the case with other legal requirements mentioned elsewhere in this thread since presumably the information is being provided to the government rather than the general public)
- Such redaction probably has to be done by hand, since it's difficult to believe that automated systems could be trusted to do the job with sufficient accuracy.
- More emails to trawl through means more work. This is unavoidable and the cost of the storage will not change that.
Storing emails for longer means that it will actually be easier to hide information, not more difficult, since it will make it far easier for government departments to use s.12 of the act (excessive cost) to deny access. That greater ease in denying access IMO strongly suggests that avoiding the impact of FoIA is not the aim here.
If it was then they would have an interest in keeping things as long as is humanly possible to make any trawl of the information too expensive.
Email isn't (shouldn't be) a filing system...
Why? Most email clients go out of their way to provide filing-system-like features such as hierarchical folders.
Important documents should be kept in a version controlled respostory.
Maybe, but emails, however important, are intrinsically different from version-controlled documents. It's rare for an email to be modified, as opposed to being copied into another email.
It's true - in that a live email server shouldn't be used as a filing system, however archived copies kept on a separate server (multiple copies on multiple servers at separate locations to be pedantic, with no outside facing network connections) very much should be kept as such and is indeed legally required.in many cases as is version control, as otherwise the archived mail can be changed willy nilly to remove incriminating or exculpatory material.
All that is apparently only for the plebs it seems, as the government can just say sod it and delete anything they don't like the idea of anyone ever reading.
>Important documents should be kept in a version controlled repos[i]tory
When I joined the Civil Service, shortly after God got out of short trousers, the relevant bit of the relevant Manual (definitely capital M - Manual) said something very close to "The state of public business shall be ascertainable at any point in time by reference to the Registered File".
Certainly we used to send memoranda and notes that didn't make it into the registered files, but anything that supported a decision made by the Service in the administration of public business had to be filed.
Soon thereafter, colleagues started to use email on the internal network, and we made an explicit decision to print and file anything that seemed to be a record: it helped that our business was scientific and technical record-keeping, so awareness wasn't really a problem.
When I left the service, there was a huge and ongoing effort to identify and retain electronic records, the paper variety having all but disappeared - remember when we thought The Paperless Office would be such a good thing?
I suggest that the story is about politicians trying to avoid leaving a trail, and I expect that their civil servants don't like and don't want a blanket deletion policy.
Actually it is more than just "a feeling of wrongdoing" ...
If you study much of the verbal diarrhoea that come out of the cabinet (especially during the Tony B Liar years, and especially from certain Home Office ministers) then the rule is that they clearly would only have done this if they had something to hide. It was a common theme that no-one has any reason to worry about privacy unless they had something to hide.
So it's clear, by their own logic, the only conclusion we can draw is that they did have things to hide. And what's more, we've found out since then that there were indeed "goings on" ...
EDIT: And aren't there any government rules on retention of official documents ? Surely those responsible for instructing for this to happen should be charged for breaking those rules ?
> And aren't there any government rules on retention of official documents ? Surely those responsible for instructing for this to happen should be charged for breaking those rules ?
Yes, but as an earlier commentard observed, email is not an appropriate medium for official (or any other important) documents, for one thing it's almost devoid of security. If the documents are official they should be elsewhere, not in email archives.
As you say, it's not necessarily the best medium for a lot of things.
BUT it is used for a lot of things, and what is said in emails can often be very important - hence why there are some very good (and expensive) systems whose sole purpose is to maintain all emails in a retrievable form. They are also admissible as evidence, and are an acceptable form of contract, and in law are considered a letter for things like the information required by the Companies Act to be shown on business letters.
Even without the comments that it made work very hard, I absolutely do not believe for one second that important stuff wasn't dealt with by email, and that important decisions weren't arrived at via email exchanges. As such, for an organisation like No 10 there is little (if any) valid argument for not having an "archive by default and delete only what's justifiably not important" policy.
We have the ridiculous email deletion example from Hilarity Clinton and the State Department and Lois Lerner and the Infernal Revenue Service.
Both deleted emails or destroyed data with impunity to avoid further investigation and prosecution and have never been brought up on charges for the crime of "Obstruction of Justice".
Therefore a legal precedent has been set that no one in the US can be accused of Obstruction for deleting critical evidence and the excuse "the internet ate my homework" is now fully valid.
If it was okay for those two, it is okay for me and everyone else.
I'm amazed to see that myself. They probably torch records they want torched left and right. It must be great if you're up to something fucked up.
I dunno about the Federal government's requirements, but the parts I've worked around or in seem to save everything even if its really pointless (at least the Army saves [in triplicate, mind you] damned near everything, especially if it relates to money. Yet keep in mind that they say DoD, which the Army is part of, can't be audited as its too big so draw your own conclusions there) but I do know for a fact that my state has a really strict law about that, we call it Government in the Sunshine, and everyone from the State level down is subject to it, even some services that aren't "government" technically but use public funds are responsible for storing their data for auditing.
I suspect your State or equivalent government or maybe even your central government does as well judging by your reaction.
It is strange to see a government have something like FOIA, but at the same time be able to burn its archives so FOIA doesn't really matter. And what gets me is that no civil liberties lawyers existed that were able to see through that arrangement. The UK needs something like the ACLU to keep these people a little more honest because it's really outrageous that they can basically burn or shred what pleases them.
Documents older than a small number of years old get trashed, what is not preserved by individuals (e.g., members of committees or community groups) goes down the Memory Hole. I had the sad experience of having to leave piles of documents (related to long-past projects in and proposals for our downtown) in a "to be recycled" pile at the former home of an acquaintance when he got evicted on almost no notice, and I suspect some of the only history of these projects is now gone. Granted, this is minor stuff -- governments won't topple, nor will communities cleave in civil unrest, if anyone saw these papers and passed them 'round -- but it's still a sorry symptom of the "if it's old, it goes" mindset that too often comes back to bite us in the nethers. As has been pointed out by more than one esteemed commentard above, storage is dirt cheap these days so there really is no reason for the scorched earth storage policy.
At least in Florida, we have this law called the Government in the Sunshine Law. It basically says no matter who you are, if you're paid by the Government, you have to retain your email archives as they are a public record and anyone deleting them is breaking the law and they actually do prosecute people over it.
It was one of many charges that my former county commissioner got charged with when they brought her to book over corruption. Its funny, since she's been convicted we've had growth, re-zoning, improvements and new construction every quarter. Before it was all going to District 4, small wonder why.
Was with a young technician in the last place I worked.
He was going on and on about PST's and how M$ says they don't support them and people should use online archives.
He didn't seem to understand my point that why would a small business spend the extra for M$ Office Professional and then a enterprise license when PST's work perfectly fine for 99% of customers and can be easily split up however you want, such as yearly or 6 monthly blocks or whatever floats your boat. I still see PST's supported in Exchange 2010 on the latest Outlook versions and I see that PST's are the file type Outlook for normal home ISP emails uses.
As others have pointed out, storage is pretty cheap these days so there's no excuse for archiving these off to any number of solutions including PST's. I mean when a staff member leaves, do they just delete their mailbox because in three months they won't be here, so why bother saving anything?
Companies and other organisations are legally required to keep everything (correspondence, emails, contracts etc.etc.) for as long as they could be used in a court case. If they fail to provide the information (documents, whatever) on demand, the judge or jury is allowed to take whatever view of their failure they wish to. So, if the judge/jury decides it is deliberate evasion, they are allowed to assume the document would be prejudicial to the failing parties case and find accordingly. So, if they do delete something, they need to have a very plausible and good case for having done so. Simply saying 'not enough space' or 'too hard' is not good enough.
This is what often causes the 7 year retention issue, although court cases can be brought beyond 7 years under some circumstances.
This kind of thing has been standard across central government since FoI became law 10 years ago. You have to choose to save off the important stuff (and there are archive systems to do this) and then everything else is cleared after a specified period of time - No10 have 3 months but I think the rest of Gov have between 6 and 12 months as the limit. Remember,this stuff has been in place since 2005 - storage was really very expensive back then and Gov IT budgets are limited (remember they are funded by taking money away from you as taxes).
The FoI Act specifcially did not include a clause to stop people deleting stuff before a request has been received to allow removing anything unimportant / incriminating (delete as appropriate :) )
Of course, deleting stuff after receiving a request will get you in a load of trouble.
Biting the hand that feeds IT © 1998–2019