FOI-avoidance or good records management? Cabinet Office Email Policy

FOIMan wonders if 90 day retention of email by the Cabinet Office is a conspiracy, or if it could be a (clumsy) attempt at governance.

The Cabinet Office

The Cabinet Office

The FT has a piece this morning stating that the Cabinet Office routinely deletes email after 90 days. It argues that this is evidence of the Cabinet Office deliberately avoiding FOI. Cue outraged voices from all quarters.

However, this may not be the dark conspiracy that everyone supposes. Email causes significant problems for those responsible for managing information in all organisations. Despite the fact that it has been around for years, there is no generally accepted approach to managing it. Records management consultant James Lappin wrote a really good piece a couple of years ago outlining the options and their shortcomings. Amongst them is the option of automatically deleting email after a short period.

The argument in favour of this policy is that most email is ephemeral. Keeping it all forever isn’t an option for various reasons (including data protection requirements). But some emails are important records. What you need is to identify a way to encourage staff to file the important emails. But staff tend to put off filing. So the aim of the 90 day retention policy is to force staff to file key email because if they don’t it will be gone forever.

There are of course weaknesses with this policy. Staff may still fail to file things and then they are lost. It is usually easy for staff to find ways to get round the policy by creating folders and moving all their email into them in bulk before the 90 days is up. Their intention is to get round to weeding and filing them at some point but it never happens. As the FT article demonstrates, the policy can be readily misinterpreted. But it is a policy widely adopted because at least it is an attempt to manage the chaos of the email server.

My understanding is that this policy was adopted by many government departments in 2004. It was a policy that we adopted at the Greater London Authority possibly at my suggestion (it’s a long time ago). The intention – at least on my part – was to manage email, not to bypass FOI. As I’ve previously argued, retaining everything would be impractical – it might even reduce the likelihood of information being disclosed, as the section 12 limit would more often be an issue. And I should be clear – the intention was never that all emails would be deleted; it was to encourage staff to take action by identifying and keeping the emails that were formal records. My strong suspicion is that staff in the Cabinet Office are encouraged to do the same. This is not about deleting ALL emails; staff should be saving emails which document key decisions within whatever records management system is in place within the Cabinet Office.

One of the reasons I advocated it was that it was a policy which had been adopted by a previous employer. That employer wasn’t in the public sector, and didn’t face the prospect of receiving FOI requests. I saw it as a legitimate and established way to address the management of email.

None of this is to say that the policy hasn’t become a convenient way for the Cabinet Office to avoid having to answer certain questions. As a policy it has significant weaknesses and it is not necessarily one which I would advocate now. Given the complaints made by the officials quoted by the FT, the approach doesn’t seem to be working well for the Cabinet Office’s staff (although it’s also possible that those quoted ignored the instructions they were given on email filing). If I was advising the Cabinet Office (not very likely, I grant you), I would be advocating a different approach, not least because of the obvious reputational harm that it is causing.

As I’ve written before, records managers do need to consider the political ramifications of their advice and policies. But my strong suspicion is that the 3 month email policy was not – at least initially – proposed as a way to avoid FOI. It was just one of many options for managing email – and every single approach that I’ve ever used or read about has its shortcomings.

11 comments

  1. Martin Rosenbaum says:

    I’m interested in what approach you would/do recommend, if only as the least bad option?

    • FOIMan says:

      Hi Martin
      There are several methods – none of which are perfect.
      1. Keep everything forever – not practical/compliant as this would include personal data which shouldn’t be kept longer than necessary. Furthermore even though server space is cheap, it still costs.
      2. The approach of the Cabinet Office but with varying retention periods. 12 months is common.
      3. Some kind of auto-capture/classification. Technology in this area has moved on a lot, but might still result in the wrong things being retained or filed.
      4. Retain whole email accounts, at least for key figures, but put onus on staff to remove personal data/private email. Sort of the opposite of what the Cabinet Office does. But still compliance risks, and relies on staff following rules.
      5. Some sort of hybrid approach.
      My personal thinking is that a combination of 3 & 4 would be preferable. The best solution would be that the Govt recognise there is a serious issue here and give The National Archives funding to develop a workable approach for all of government. The problem is that this is seen purely as a basic admin issue. It’s really very complex and needs serious thought. Recommend James Lappin’s writings on this whole subject.

  2. Patrick says:

    If the home office had been doing this then presumably we would not have seen the emails where they tried to offer ‘comforting’ advice to companies trying to do something that they ought to have known was legally questionable. Couple that with the number of un-minuted meetings on that same subject and it’s impossible to trust the cabinet office to reliably file important emails.

    If anything the failure to do so is pretty much guaranteed when you look as past behaviour, both to keeping records and to FoIA generally (the cabinet office in particular has managed to get on the ICO naughty list in the past for failing to respond acceptably if memory serves).

    I’m assuming that they would be running the same searches in Outlook – or whatever system they use – with the only difference being the date range, so would section 12 really be that likely to apply here?

  3. David Matthew says:

    This deletion policy has bigger implications not least for the historians and academics when there is a likelihood that the e-mails will be destroyed and the history will have been lost. It is not that this deletion policy was not known about before, it was raised in Parliament in 2004. I doubt whether the coincidence of FOI and records management, I doubt if they would have tried this, Government would probably fail.

    In my view, unless an e-mail is sent for information or is personal then it should not be destroyed after such a short period as three months and that a review of e-mails should be scheduled, it should be treated like paper files and have a time limit to be kept or preserved. The issue is the never ending e-mails, you send one, you get a reply, you send another, etc etc, so you should only keep the complete one. What do you do if someone doesn’t want to file e-mails?.

  4. Peterk says:

    I agree with using 3 and 4, but the real thing that needs to be done is provide training to staff about the email application that is being used (how to set up folders, rules,etc) as well as training on how to write emails ie single subjects, standardized subject headers, etc. without training you can’t expect staff to properly manage their emails. In my experience (private and public sector) no one provides such training.

  5. […] 2015.  FOI avoidance or good records management?  Cabinet Office Email Policy.  Available from https://www.foiman.com/archives/1584  accessed 18 June […]

  6. […] the government was pursuing retention and deletion policies which involved deleting emails after 90 days. On Tuesday we saw Iain Duncan Smith’s apparent refusal to publish statistics relating to those […]