city had relied on an old, aging email server for 10 years. Purchased in 2007,
the email server often froze up and hit storage limits constantly. With the
excuse of “budget,” the city did not want to invest in a new server despite
a result, employees were often forced to delete emails in order to free up
space. A city policy said the employees needed to keep “important” emails.
However, it was unclear what “important” meant and the policy only loosely
defined how the employees should retain them. Some employees used flash drives,
some used external hard drives, and some even transferred files onto personal
day, an outside investigation began that concerned a city department. Allegedly,
funds may have been stolen and investigators wanted to get to the bottom of
what happened. Suddenly, all eyes were on the city as word got out to the
media made several FOIA requests to see emails related to the city department
under investigation. Once the city clerk began trying to carry out the
requests, she hit a wall. Not sure who kept what, she began to fear that key
emails were deleted. Sending out requests to city employees in that department,
the city clerk received uncertain replies about who had the specific emails.
days, she realized the city may not have been able to fulfill the FOIA request—even
with a delay. The crushing realization settled in that emails the city was required to keep by law may have
disappeared. Once the media suspected this happened, they began reporting on
the city in a negative light—casting suspicion over the city in the local
paper. The stories spread to various other papers around the state. Investigators
also noted the serious nature of these missing emails and began to talk of misdemeanors,
fines, penalties, lawsuits, and even possible prosecution for employees who
possibly destroyed records.
for FOIA-related circumstances less serious than this situation, cities can
feel painful repercussions when retrieving emails that are public records.
Delays, excessive hours consumed searching for emails, storage limitations, and
uncertainty about locating emails all increase your risk of liability. Let’s
look at some errors in our story that the city committed.
city thought it maximized its original email server investment. But holding
onto an aging server presents too many problems that impact the accessibility
and security of the information you store on it.
email storage limits is no excuse for not following state retention laws.
Today, many cloud email options exist that provide more than enough email
storage space for an affordable price. Employees should never have to worry
about deleting important emails or storing them in a separate location just
because of email storage caps.
city lacked policies and procedures to ensure proper records retention—and they
passed along their lack of problem solving to employees. It’s not a good idea
to rely on employees to manually store emails in a consistent, legal way. Most
employees have the best intentions—but they get busy, forgetful, or overwhelmed
by their roles and responsibilities. They are not necessarily going to retain
those emails in the most secure, consistent way.
records retentions laws specifically note how emails (and other public records)
must be archived, retained, accessed, and deleted. Modern email servers can
automate much of this process to align with laws. This city clearly needed to
leverage technology more to help them automate the records retention process.
Too many steps were reliant on manual, uncertain processes.
it’s less likely that a scandal or investigation will happen at your city, it’s
not impossible. On whatever level you respond to FOIA requests, it’s your legal
duty to provide the information requested. If you can’t, then you’re asking for
Questions about your ability to respond to a FOIA request? Reach out to us today.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.