Getting Over the Perfect and Embracing the Good
Last week, I blogged about the surprising (to me!) number of questions that NARA’s Capstone Approach to email management and archiving generated at the Feb 19 BRIDG meeting — A “BRIDG” to Understanding Capstone.
When it comes to records management, I’ve always thought that the perfect can be the enemy of the good. Or, as some others have said…
Voltaire: “The best is the enemy of the good.”
Confucius: “Better a diamond with a flaw than a pebble without.”
Shakespeare: “Striving to better, oft we mar what’s well.”
There are some purists who perceive the Capstone approach as something of a fallback from a more comprehensive content-based approach to email management. The point of email archiving and preservation — the point of any sort of records management for that matter — is to preserve a defensible record of who did what, when, why, and in what context. That doesn’t necessarily mean perfect. The point is to preserve important decisions and artifacts for future generations. As a bit of an amateur historian and genealogist (see my alter ego web site HERE if you’re confused) in addition to my content management interest, these records and artifacts — and context — are important to me.
Wikipedia defines “capstone” as “the wedge-shaped stone at the apex of a masonry arch or typically round-shaped one at the apex of a vault. In both cases it is the final piece placed during construction and locks all the stones into position, allowing the arch or vault to bear weight.” While Capstone email management varies from this definition in that email is not the final piece of the information management puzzle, it is, I think the key piece. As the defacto communication vehicle for the digital age, it is important that we get email management and email archiving right. It’s not easy.
Given the complexity of the problem and its growing scale, I think we need to be wary of an infinitely-long search for perfect solutions. Capstone is not perfect, but it does put boundaries around the problem, and that’s important.
One big problem is defining Capstone criteria broadly enough such that they provide a reasonable mirror of agency accountability and not a mask for it.
The Capstone model leaves some room for interpretation in terms of which officials’ emails are saved permanently or for extended periods. The initial lack of rigor in NARA’s model became a serious issue of concern for openness groups when in April 2014 the CIA requested authority, under Capstone guidance, to delete emails from all but 22 officials (out of a workforce of over 20,000 employees and an unknown number of contractors) immediately upon their departure from the agency. (Upholding the Right-to-Know in the Digital Age</>)
An interesting blog post by Alexander Roberts — The ‘Capstone’ email appraisal approach — goes through some of the concerns and challenges posed by a Capstone approach, and particularly discusses European privacy and GDPR (EU General Data Protection Regulation) perspectives on Capstone.
- …who counts as a ‘Capstone’ user and whose correspondence is ‘worthy’ of preservation, and who does not? Such decisions can be quite political, giving rise to strong emotions and indicating implied positions of influence and power which may not be officially recognised.
- …how [do you] mitigate the risk of collecting personal email subject matter, along with the distinct possibility of collecting and having to store non-record email?
- Leaving it up to end users to decide what gets included in their email archive before it gets deleted can also present a skewed, partial and sanitised record of their activities.
- …how email accounts are identified and prepared for archiving will depend on the technology available and policy requirements within any organisation and the approach can only inform such local decisions.
A 2017 presentation by the National Security Agency/Central Security Service (NSA/CSS) and NARA paints a good picture of how Capstone should be viewed:
- Relatively High level – sets the baseline requirements.
- There is no “one size fits all” policy, and NARA will not develop the detailed policy for you.
- The real challenge for agencies is using this guidance to develop detailed policy that works best for their business processes and associated risks.
- For Capstone to work, an agency needs to focus on their own agency-specific policy.
The presentation goes on to note that involvement of key stakeholders is needed for Capstone success. And that means all the stakeholders:
- Agency Records Officer
- Senior Agency Official for Records Management
- General Counsel
- Chief Information / Technology Officer
- Departmental Records Officer
There are a lot of Capstone training resources available from NARA — HERE.
All of these are issues that will be explored at the March 25 FCW seminar (free!) on Electronic Records Readiness: A Practical Path to M-19-21 Compliance. I’ll be speaking at the conference; I hope to see you there!