Earlier this week, the ABC obtained a suite of government records found in two filing cabinets sold at a secondhand shop. The Department of Prime Minister and Cabinet is currently investigating the disposal of the cabinets, a monumental ‘who-dun-it’. While scapegoating is an effective publicity strategy, it does not really address the problem that led to the leak in the first place, which is a broken recordkeeping system: unfortunately, these types of incidents are what happen when you don’t engage in, and value, good recordkeeping practices. This story is not about who lost the key, or who sold the cabinet. It is about why these papers existed and got to that filing cabinet in the first place, and how such a range of documents ended up in just two cabinets.
The Australian and International Standard on Records Management, AS ISO 15489, defines records as ‘information in any format created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business’.
Governments around the world are tasked, by law and standards, to keep records of the work they undertake and decisions they make. The goal is to ensure transparency in government and that records can be used to benefit current and future generations. While many records can be made public immediately (or almost immediately), some need to stay closed for a specified period of time — from just a few days up to decades, before being released for the benefit of others. But there is such a low level of compliant recordkeeping in Government that these benefits are not being realised.
In a recent Innovation Sprint with Queensland State Archives, we reimagined the future of recordkeeping to address the systemic low levels of compliance. Four major issues were identified in the Sprint that are critical lessons for #thecabinetfiles and governments around the world grappling with recordkeeping in the digital age.
1. Change the process don’t blame the person
A justification for the ABC releasing these records was to expose the “seemingly casual attitude of some of those charged with keeping the documents safe”. Now, the hunt is on for who to blame. But why? It’s not any one individual’s fault, the process of recordkeeping is broken. An IDC Whitepaper found that in Western Europe, 57% of office workers spend an hour or more a day looking for missing documents. This is the most basic example of a broken recordkeeping system.
Today, good recordkeeping relies on public servants to fully understand all the rules and standards associated with creating, storing, managing, preserving, and destroying a public record. And then, it relies on individuals making correct decisions when following the rules.
Take overclassification of records as an example. The sheer number of records being created in any government leaves public servants overwhelmed and over-classifying. There are 218,990 full-time employees in the Queensland Government. Let’s assume each public sector employee sends and receives 10 emails per day. As each government correspondence is a public record, that’s roughly 2,189,990 email records being generated each day. Every single day. Every public record needs to be appraised, which involves determining which of them should be created and captured (not all of them have to!), and how long they need to be kept (see for instance the appraisal statement of Queensland State Archives). Government employees trying to appraise records become overwhelmed by this time-consuming task and then simply accept that they appraise even the most trivial document as a record that needs to be created and captured. It then depowers the actual recordkeeping system. Trying to stay on the safe side weakens the system.
In the age of algorithms, it is unbelievable that such crucial decisions and actions are not receiving enough attention and support (except for cases when something goes wrong). This is not an isolated case — it’s systemic.
What if you just got in an expert? Insert record managers. But they are only able to manage compliance if they have buy-in and their colleagues save the right records in the approved physical storage or an electronic digital record management system (EDRMS). The role of the record manager is to ensure compliance of a system that fundamentally cannot be compliant, because there is a latency in value of compliant recordkeeping to the individual, and culturally it is seen as a back of house service and a tick and flick exercise.
Maybe it is time to give up on nudging humans towards the right behaviour, or having rolling education seminars that do not seem to be working. Instead, let’s build a system that is flexible enough to accommodate the various ways people work, on different platforms, for a number of projects. What if we accept user non-compliance and build a compliant-by-default system, shifting the burden of compliance from the individual to the system.
A compliant-by-default system helps reduce perceived wasted time spent on finding the detail and context of records by digitising decision-making, pushing trusted information out to public servants. These changes allow for more efficient processes and collaboration, where collaboration becomes second nature through a greater access to information. Using process mining, efficiency gains at a divisional level can be achieved with government processes and objectives being consistent, prioritised, and unified.
Making the system compliant-by-default embraces the principles of status quo bias where people stick to what they are already doing, with individuals no longer experiencing a cognitive cost or expending time trying to figure out what a record is or what best practice needs to be followed. The compliant system is an informational signal that good recordkeeping is a good idea and normative, and the default option means bad recordkeeping practices now require conscious, explicit effort.
2. Record-using not record-keeping
The ABC says they disclosed these records because the content affects the lives of all Australians as they reveal how key decisions have been made. This is the basis for recordkeeping but how many of us actually go and search for records that are available? Very few. So why do we care now?
First, we are interested in the uniqueness of how this information came to be. Super secret files locked in cabinets bought from an op-shop. Definitely newsworthy.
Second, we care because the people and the events that these documents expose are in our recent political history. If these cabinet documents had lived out their proposed retention and access period, we would be seeing them in the 2030’s and the ability for their contents to inform action would have been greatly diminished.
This signals is an appetite for transparency in the debates around decision-making, which requires reimagining the value of records. We argue the value of recordkeeping comes in its use. Overclassification should be seen as depraving the community of the value that they could otherwise receive, and therefore, considered as bad public practice. The unintended consequence of overclassification is higher risk of leaks (through lower perception of the potential risk).
Archival agencies need to move from recordkeeping to record-using.
Whilst the circumstances of #thecabinetfiles might be unorthodox, it is clear that value of good recordkeeping (or a lack thereof) has been brought to life through this story. Government agencies traditionally do not know how to craft interest in records in a way that the average citizen can consume. Perhaps there are lessons that can be learnt from media.
Those in the archival profession desperately keep strategic endorsement for recordkeeping, but on key public matters such as this, government recordkeeping appraisal authorities have yet to release a comment or position.
A compliant-by-default recordkeeping system means that public servants would be able to find and use records more efficiently. What this means is that recordkeeping as an activity can shift from offering hindsight about decisions, situations, and projects at points in time to offering insight and foresight in a more front-facing business intelligence role in the public authority.
A compliant-by default system focuses on improved insights from data, as well as from more case studies and greater clarity with planning and reporting, while improving connectivity, data-sharing, and overall intra-governmental collaboration. Compliant-by-default is a profound new capability that benefits all categories of public authorities, leading a shift in the way government is done. By moving recordkeepers to record-users, we propose a fundamental shift from using records to offer hindsight, to using records to generate insight, and foresight for all levels of society.
Record-using, not recordkeeping, has the potential to unlock new revenue streams from service offerings that were not previously possible. Record using, not just recordkeeping could be built to design out deviance, to design out noncompliant recordkeeping practices.
3. Rethink how we Act
One of the findings in the #thecabinetfiles was the 200 top-secret code word protected and sensitive documents were left in the office of Senior Minister Penny Wong when Labor lost the 2013 election. At the surface this sounds negligent, however, most recordkeeping Acts struggle to guide recordkeeping best practice during a change of government.
In Queensland for instance, a Minister is a public authority. What normally happens when a public authority ceases to exist (e.g., there is a change of government), is that the records need to move to another relevant public authority. However, under the Westminster system, a new government cannot access the records of the former government. So, in Penny Wong’s case, it would have been difficult for any public servant to navigate where the responsibility of these records resides.
Governments in all Australian jurisdictions, as well as around the world, are grappling with the scope of digital recordkeeping and how the tools we use today for record creation, storage, and preservation are incompatible with the existing law and standards. In the United States, Rep. Mike Quigley, D-Ill., introduced the Communications Over Various Feeds Electronically for Engagement (COVFEFE) Bill which aimed to amend the Presidential Records Act to make sure that social media posts, including deleted tweets, are archived and classified as “documentary material”.
On one end of the spectrum you have this #thecabinetfiles example, which is non-compliant storage and security of paper-based records. On the other end you have active non-compliant recordkeeping where a verbal culture is encouraged and the use of Apps that automatically delete content that constitutes a public record.
This spectrum of non-compliance highlights that it is an unachievable task to try and get compliance through all public servants, across all levels of government. The Acts that guide government recordkeeping are shaped by a paradigm of rigid compliance placed onto responsible parties.
Existing Acts for national and state jurisdictions:
- Archives Act 1983
- Public Records Act 2002 (QLD)
- State Records Act 1998 (NSW)
- Public Records Act 1973 (VIC)
- State Records Act 1997 (SA)
- State Records Act 2000 (WA)
- Territory Records Act 2002 (ACT including NT)
In deciding which of these Government records they were trying to make public, it seems the ABC developed their own appraisal process, created off an journalistic ethical foundation — public good, national security, etc.
We can hear recordkeepers across the country vigorously arguing the callousness of these actions. It is the role of a recordkeeper within Government to appraise what is a record and what is not, how sensitive the information is, and how long it needs to be kept from the public eye. In the case of these cabinet documents, it is 20 years. Compliant recordkeeping for these documents should have followed a very standard procedure.
The digital v physical debate
As the creation of physical public records declines and the creation of digital born records increases, there is a lot of debate about the security of physical versus digital. What is probably scaring most digitally-averse members of society is that this non-compliant recordkeeping happened with paper-records, not digital records.
While the general perception may be that physical records are easier to secure and manage, the reality shows it is not the case. Digital records never disappear without a trace (as would be the case should the cabinets in question be burnt or thrown off a bridge), and every digital storage system has to be designed and any interactions with it follow algorithms. While the sheer scale of potential attacks on a digital storage system may be much higher, a well designed digital system can be protected.
But if we continue the paradigm of record-using, then digital records can truly offer new value back to government. Archival agencies have an opportunity to redefine what recordkeeping means to people and why it’s important, and to turn it from a chore to a superpower. A digital record isn’t something to be locked away in an archive, it is the currency of knowledge transfer. If to move towards a model of compliance-by-default, by being able to automatically apply recordkeeping standards to the places where records are created. What is unique about this solution is that we are not looking to make humans more compliant, rather, to making the system compliant.
The successful organisations of the digital age are not trying to make their users and customers fit their processes. Instead, they’re trying to fit the processes of their users and customers. Technology should accommodate people. A compliant-by-default system knows what software is being used, and how to mirror or migrate that data into a compliant location. It can also check for full and accurate records, applying a codified appraisal, security and retention process to each document. To realise a compliant-by-default system we need to stop treating digital with caution. There is absolutely no reason to store paper records in cabinets in 21st century. While printouts may be needed occasionally, a digital-first record keeping approach means that sensitive printouts can be destroyed immediately after being used.
Dear Federal Government. Stop crying wolf. Stop trying to direct our attention toward the wrong problem. The real problem is the current recordkeeping system, and it needs to be reimagined for the 21st century. The need for fundamental recordkeeping reform is imminent, and there’s a lot to learn from other Australian Governments, that are already exploring the opportunities for record keeping in 21st century, like Queensland State Archives.
This article was written by Dr Paula Dootson, Mr Peter Townson, and Professor Marek Kowalkiewicz and inspired by a reimagining recordkeeping project with the Queensland State Archives. This project also involved the One-Stop-Shop Strategy and Implementation Office, Liquid Interactive and Search365.