Focus on Managing Electronic Records

Many electronic records are maintained by individuals in directories scattered on personal drives, local drives, shared drives, and in email.  Each individual often has a different method of naming any folders and electronic files.  Additionally, the electronic files might not be accessible to others with a need to view the records.

Appropriate filing and labeling of electronic files stored on network and shared drives requires intentional planning and putting in place ongoing practices for file management. As more records are maintained electronically only, this is essential. All DOR team members potentially create and need to participate in maintaining electronic records. At a minimum, every member of DOR management, from front line supervisors up through the executive director, definitely has original records of some type and duplicate copies of others.

An electronic records file plan is essential to records management because it organizes records according to the department, division, or section requirements, rather than individual preferences.   A comprehensive file plan provides a “location” for every record stored as an electronic file. Understanding the file plan lets users know where to file records and helps others know where to find the records when needed. Linking the file plan directories and subdirectories to the record disposition schedule (SA-194) also enables users to easily implement the proper retention and disposition of records.

One of the principal differences between a paper filing system and an electronic filing system is that in a paper filing system, individual documents are not named.  In a paper system, file cabinets, drawers, and folders are named, but the individual documents in a folder are not named; however, electronic documents within a given directory are individually named.

The volume of physical (paper) records has been declining while the volume of electronic records has been increasing.  The transition from physical records to electronic records will continue to increase over time. As a result, it is important to name electronic files and directories consistently to aid users in retrieving records and for records management purposes.  Consistent file paths and naming conventions can also eliminate multiple copies of files and/or file paths to store the same record.

Each division or section should have a structured “Records Directory Tree” (RecordsOnly drive) with access controls for storing electronic records on network/shared drives where only records are stored.  The records directory tree should be linked to the corresponding record series listed on the division’s/section’s SA-194 with file names in an arrangement that facilitates quick/easy filing and disposition/destruction of records compliant with the records management program.  

When Google Drive is used to store records, use a “RecordsOnly” Google shared drive or control the shared drive through a “RecordsOnly” Google site. 

Other considerations and requirements for storing records on a Google drive include:

• Records need to be stored separately from non-records and the directory structure should be tied to the SA-194. A division or unit's SA-194 applies the same retention to a record based on its classification regardless of its format. It doesn't matter if a record is kept electronically or physically, what matters in terms of records retention requirements is what the record is, including its classification and whether 

• When using a Google shared drive or Google site for records, you can submit an OIT service desk ticket to install “Google Drive for Desktop”.  The “Google Drive for Desktop” application provides the ability to report the disk space used and the number of files stored in a Google shared drive.  The Google Drive for Desktop will display the Google drive in Windows File Explorer just like any other drive associated with your computer except for the Google directories/files displayed under “Shared with me.”

Shared Drive Access

• A Google shared drive should always have at least two members at the “Manager” level for continuity of operations in case a “Manager” member leaves the division/section.  In most cases, the “Manager” members should be records custodians, records delegates, section managers, and, in some cases, supervisors.  “Manager” members have full control of the Google shared drive and are the only ones who can add other members to the drive or to specific folders.

• In Google Drive, it is possible to share files and folders with the public.  Therefore, the “Manager” level members of a Google shared drive must take the time to learn and set the shared drive setting so that only members of the shared drive and individuals added to specific folders/files are allowed in and that file link sharing is restricted (e.g. the link will only work if the individual is a member of the shared drive or was added to specific folders/files).  “Content Manger” and “Contributor” level members of a Google shared drive can share files;  therefore, these members must take the time to learn file sharing so that only members of the shared drive and individuals added to specific folders/files are allowed in and that file link sharing is restricted.

• “Members” of the shared drive will see the drive and all of the folders under “Share drives” in their Google Drive panel.  Non-members who were added to specific folders within a shared drive will see the shared folder under their “Shared with me” and not under “Shared drives” in the Google Drive panel.

• Records should not be stored in or shared from an employee’s personal Google “My Drive.” Files stored in an employee’s personal Google “My Drive” may disappear or become inaccessible after an internal transfer or separation from employment. 

Emails that are considered records cannot be stored in Gmail. Instead, emails can be saved from Gmail as a PDF file for records management purposes.  Gmail attachments can simply be dragged and dropped into the appropriate directory.

The Xerox multifunction printers/copiers installed at DOR facilities also have the ability to scan paper documents to your email address as a PDF.  The scanned document will appear as a PDF attachment in an email from the copier.  Please refer to the user manual for the Xerox multifunction printer/copier for instructions. Settings for scanning need to ensure materials are OCRd when they are scanned. This process identifies the text in the scan instead of just producing an image. The text is necessary in order for the scanned PDF to be accessible.

Maintaining the authenticity of electronic records stored on network and shared drives is more difficult than for paper records.  Paper records are usually stored in locked file cabinets, offices, and storage rooms with limited access.  The security profiles and permission settings on network and shared drives can provide the same level of restricted access.  However, electronic files can be altered, changed, or corrupted easier than paper records.  Proof that DOR follows this procedure and the records management program indicates records are trustworthy, complete, and admissible in court. 

For securing DOR’s electronic records, assume that all records contain some level of personally identifiable information (PII), protected health information (PHI), and/or confidential data unless the record is a publication.  Restricted directory access is required by setting (read, write, modify) permissions using group policy and the Window File System through OIT.  For Google Shared Drives, the “Manager” of the shared drive sets the drive and folder permissions. The records custodian along with the division director and section managers should determine directory permissions. After the initial permissions are defined, a single point of contact to authorize access for new employees and functional changes should be established within the division/section that owns the records.  Note that restricted access is still needed for records that are publications since record copies must maintain their legal authenticity. 

If there is a choice between having electronic records instead of physical records, electronic records should be the primary choice.  Electronic files are automatically backed up and stored offsite in the event a disaster recovery effort becomes necessary.  If the records are electronic, try to keep them electronic and don’t convert them to paper unless absolutely necessary.  If the records are paper, don’t make the effort to convert them to electronic by scanning/imaging the documents unless doing so makes sense. The one consideration or exception is when the record has a permanent retention period.  Electronic media degrades relatively quickly and electronic storage formats constantly change.  Therefore, it may make sense to archive some records with permanent retention on high-quality archival paper or high-quality microfilm if they are transferred to State Archives for historical preservation.  However, State Archives has approved PDF and TIFF as preservation formats for electronic records.  State Archives can also make format recommendations based on the circumstances and record value. 

• § 24-80-107 states: “Any officer of a governmental agency may cause any records, papers, or documents in his or her custody to be photographed, microphotographed, or reproduced on film.” “Such photographs, microphotographs, or photographic film shall be deemed to be original records for all purposes, including introduction in evidence in all courts or administrative agencies.”

State Archives has provided guidance regarding the preferred formats for long-term preservation of electronic records. These include:

• TIFF ("tagged image file format" for graphics and images)

• PDF ("portable document format" optimized for sharing, compatibility, security, and compression)  

• MP4 (MPEG-4 video file that stores video, audio, and subtitles)

• MOV (MPEG 4 video container file primarily used with Apple's QuickTime program)

• EML ("electronic mail format" that is a plain text file that stores and email and its attachments)

• MBOX (standard message storage format that contains all details for included email messages)

Electronic records that have a long or permanent retention period require a migration strategy to avoid obsolescence.  The currently recommended file types provided by State Archives are those that are most compatible with a range of programs and equipment. This is important because different individual programs, such as some word processing and spreadsheet programs have fallen out of favor and may no longer be available in order to access files stored in a proprietary format.  Even within popular office software programs, file formats and structures change, which can also make older obsolete files difficult to open as time passes.  Older electronic record files with a long or permanent retention period might require a review and migration to current software file formats and/or new storage media types. 

Accessibility laws apply to all forms of online content, including PDFs and documents. Every DOR team member has a role in ensuring that everyone has equal access to information regardless of the format.

OIT Guidance for Accessible PDFs and Documents

The disposition of electronic records is subject to the same requirements as physical records. Review Chapter 6 of the Records Management Manual for more information about record disposal requirements and procedures.

DOR Policy AOD-013 Destruction/Disposal of Paper and Electronic Documents Containing Personally Identifiable Information (PII) also applies to the deletion or destruction of electronic records.

Just as with physical records, the disposal or deletion of all electronic records must also be documented through the completion of the DR 5041 form, Department of Revenue Certificate of Records Disposal.