The Local Record
A Occasional Newsletter of the
State and Local Records Management Division
- It Can (and did) Happen to Me
- Preparing for Disaster is the Best Defense - Legally and Responsibly
- Update about the Regular Legislative Session
- The Challenge of E-Records
While sitting here thinking about the recent flooding in Houston, I remember early in my Air Force career thinking, "This can't happen to me or my office". Was I wrong! On Easter Sunday in 1979, I recall sitting at work in Yugoslavia and my chair started to rock back and forth. I thought that someone was behind me playing a trick. I was wrong. A major earthquake had struck off the coast of the eastern European country. We were lucky because it did not damage our building (I did notice new cracks in our villa). I had no idea what action to take during the earthquakes — we had not received emergency action training.
Years passed and on April 26, 1991, a severe tornado struck our air base near Wichita, Kansas. I lucked out again as my vault and records were not damaged by the tornado (another tornado passed through the area about one mile south two weeks later). I had drafted an emergency action plan one year prior to the tornado and our division had trained and practiced the plan. We were ready. Thank goodness we did not have to salvage our office, but other buildings were totally destroyed, including my son's elementary school. Records and papers were found approximately 150 miles northeast of Wichita. Many records were lost and never recovered.
By now, you are probably thinking that I'm cursed. Guess what? I also experienced two hurricanes in Miami, Florida (Irene and Floyd). Our agency was totally prepared and ready to deal with any contingency thanks to managers who had the foresight to prepare and practice the agency disaster planning regulation. I walked through water almost waist high to get to our office building and watched as high winds tore through the community of Doral.
I changed my thinking about disasters and now realize that it can happen to me and my agency. Have a disaster plan and practice it! I recommend an emergency drill at least every quarter. Have you studied your agency's disaster contingency plan and have you practiced it? What should local governments do to prepare for disasters in Texas? I suggest that you study and implement the disaster preparedness information beginning on page two for your office or agency.
by Jed Rogers, Government Information Analyst
It is a basic tenet of our democratic government that we maintain and protect information for our citizens. People who live in our country, our state, our county, our town expect us to maintain important information about their lives and be able to provide it when needed. Local governments, especially, retain information directly affecting the personal lives of the citizens they serve. Because of this basic function of our democratic society, local governments have a legal obligation to protect their records. The Local Government Records Act, Local Government Code §203.021 (5), requires that elected officials and governing bodies "facilitate the identification and protection of essential local government records." It is also good administrative procedure — common sense — to maintain essential information in an orderly manner for efficient access and to protect it from damage or destruction to the best of our ability. The ramifications of the loss of essential information are often far-reaching, devastating to individuals, and unforeseen.
Essential/vital records are those records that are necessary for the resumption or continuation of government operations in an emergency or disaster, records needed for the re-creation of its legal and financial status and to fulfill the obligations that a government has to its citizens. Some examples are executive orders and directives, operation systems and documentation for automated systems, accounts receivable, grant information, selected payroll information, benefits, equipment inventory, negotiable instruments, insurance information, ownership instruments, and of course records unique to your office. These records can be protected by either protecting the original document on-site, in a fire proof vault or by duplicating/backing-up a copy and storing it at an off-site location, near enough to be accessible but far enough away that it would not be subject to that same risk as the original records.
Risk assessment identifies an office's vulnerabilities, probable threats and the risks associated with them. These can be natural and other community-wide disasters or emergencies caused by acts of destructiveness, building/equipment failure and human error. Some examples are floods, hurricanes, tornadoes, earthquakes, wind/ice/snow storms and brush/forest fires. Other examples are fires, gas leaks/explosions, theft, misappropriation, computer viruses, riots, vandalism, facility failures (network crashes, power failures, leaks), employee disclosures, and hazardous material incidents (local industries, highway, railroad). An office's physical vulnerabilities can be determined by conducting a site survey. This is a review of the facility in which abnormal elements such as leaky roofs, fire hazards, lack of fire suppression, insect infestation, records stored under pipes, etc. are documented.
Risk analysis identifies the probable consequences of risks associated with a government's vulnerabilities and provides the basis for establishing a cost-effective security program that eliminates or minimizes the effects of risks. Two key elements are involved. The probability of encountering a disaster within a specified period of time and the impact/effect that disaster would have on your office. Professionals in your area can assist you. The police and fire departments along with municipal or county emergency management offices, as well as insurance companies can be sources of information. Another excellent source of information is the FEMA Web site at www.fema.gov.
A disaster prevention/recovery plan is a written, approved, implemented, and periodically tested program specifically outlining all actions to be taken to reduce the risk of disasters, to minimize the loss if a disaster occurs and to ensure the government's ability to effectively resume operations. Some key elements of the plan include:
- A policy statement that lists the goals and objectives set by the elected official or governing body.
- Specific actions and reactions for both major and minor disasters.
- Authority to activate the plan.
- Members of the reconstruction and salvage teams and their phone numbers.
- Methods for contacting vendors and support agencies in regard to disaster recovery.
- Testing and revision of the plan.
Implementation of the plan is the final stage. Assign tasks for reconstruction and salvage teams. Identify confidential information and restrict access to the area. Confirm area for resuming operations. Confirm area for reconstruction and salvage of records. Determine salvage priorities. Alert vendors and support agencies. Begin the removal of records to salvage the area. Retrieve protected essential/vital records from offsite storage, backup tapes, vault and take to the relocation area and resume operations.
When we think seriously about what we have to do to protect essential information, it could seem overwhelming. But by assessing the risk, developing a plan, and then implementing it one step at a time, we break up the project into manageable components. The result is a workable disaster recover/prevention plan, suitable to your government and its scope of duties. The benefit is protection of information essential to your daily operations and of the utmost importance to the daily lives of your citizens. Legal obligation and common sense — let's get started.
Note: To learn more about protecting and recovering essential information, attend one of our Disaster Planning classes.
by Colleen Munds, Government Information Analyst
The Texas State Legislature passed several bills during the recently-completed 77th Regular Legislative Session that will affect local government entities. These are the bills that were passed:
SB 393 (Corona) Uniform Electronic Transactions Act (UETA)--There is no a comprehensive state law for electronic commerce and electronic transactions. S.B. 393 permits electronic records and electronic signatures in electronic transactions and electronic commerce to be legally enforceable. The purpose of UETA is to remove barriers to electronic commerce by validating and effectuating electronic records and signatures. It is not a digital signature statute. UETA is designed to support and compliment Texas' digital signature rule. The introduced bill was amended several times, but with one exception, the amendments were technical amendments designed to ensure minimal conflict between the Texas version of UETA with the Federal E-Sign legislation. The one exception was to protect existing rulemaking authority of the Texas State Library and Archives Commission over electronic records. The bill was amended to provide that TSLAC along with the Department of Information Resources can adopt rules under the Act. Effective January 1, 2002.
SB 694 (Wentworth) The use of the Internet for business and government transactions is growing. State and local agencies are beginning to acquire credit and debit card numbers from both citizens and organizations. This creates a potential for fraud unless disclosure of these numbers can be prevented. While individuals' credit card numbers can be withheld from disclosure under the Public Information Act, state law is unclear as to whether the credit card numbers of organizations can be withheld as well. S.B. 694 clarifies the language of the law to make confidential all credit and debit card numbers held in governmental records and to make certain e-mail addresses confidential. Effective immediately.
SB 276 (Shapleigh) — Currently, state law precludes electronic notarization because the notarization must be accompanied by a raised or embossed seal, which is not possible in an electronic format. S.B. 276 permits, but does not require, the use of electronic notarization. It does not change the responsibilities of notaries public. Effective immediately.
SB 201 (Corona) Currently, a county tax assessor-collector is authorized to accept payment by credit card and electronic means for certain taxes and fees and to collect a processing and handling fee. S.B. 201 authorizes a county or municipality to collect payment of certain fees by electronic means via the Internet, and to contract with vendors to do so. The bill also authorizes a county or municipality that provides access to information through the Internet to charge a fee only to recover the costs directly and reasonably incurred in providing the access and only if the governing body of the county or municipality determines that providing access to the information through the Internet would not be feasible without the imposition of the charge. Effective immediately.
A few months go I attended the annual meeting of the National Association of Government Archives and Records Administrators where the Archivist of the United States, John Carlin stated:
"Electronic records represent the most strategic challenge facing us today. Electronic records, like records in traditional formats, are critical for the effective functioning of a democracy, and it's up to all of us who deal with government records to make sure such records are created, preserved, and accessible for as long as needed."
My colleagues and I at the Commission couldn't agree more with that statement, but we also realize the enormity of that task. In fact many years ago we recognized that in order to meet the challenge of dealing effectively with electronic records we would need to find new approaches, new technologies, and new partnerships.
Managing electronic information — it's truly an enormous challenge. In fact more and more, it seems that the information is managing US, not the other way around. When it comes to electronic records, we are dealing with issues such as hackers, viruses, internal sabotage, privacy protection, instant access, open records, user error, email proliferation, protection, disaster recovery, constantly changing technology, the sheer volume of information, records destruction, historical preservation, electronic signatures, digital financial transactions, federal regulations, state laws, e-business, e-government, and demanding elected officials — just to name a few. It's no wonder the issue of electronic records seems so overwhelming. It's no wonder we must work together as a team to achieve any sort of success.
As an essential part of this team, local government Information Technology Managers provide a clear understanding of the technology which will bring us better access, control, protection and management of government information. They are the technicians who open the door to the future by implementing effective use of electronic information systems today.
The Records Management Officers bring to the team their own areas of expertise — a clear understanding of retention and destruction requirements, document work flow, legal requirements and historical preservation. Their value is in their systems approach, their long-term view, and their recognition of the human element integral to the success of any new technology.
Another important member of the team, the Public Information Officer, protects the interests of the government and its clients. Within one record, one file or one database, different levels of confidentiality are often needed. These shades within shades of protection must be planned for and programmed well in advance of implementation of any new system. Without the PIOs, we tend to bypass essential legal requirements and place at risk the very people we are here to serve.
These three staff members provide the core of the Information Management Team in each local government. The team's goal is to get the right information to the right person at the right time in the right format in the most cost-effective manner as possible. Working in concert with managers, users and clients, the Information Management Team brings together insights and expertise that are invaluable. Effective communication among staff is critical and teamwork is absolutely essential.
As we move into the new year, we can each think of ways to work with our Information Management Team to improve protection of electronic information in our local governments and implement more efficient information management systems for our clients and users. We can arrive at work each day with enthusiasm and a willing desire to communicate, plan, listen, and prepare for a future where WE manage the information, not the other way around.
by Chris LaPlante, Texas State Archivist