Public Sector Compliance Policies

This guest post is by ELGL member Don DeLoach. Don has more than 32 years of state and local government involvement. He was the former Chief Information Systems Officer for the City of Tallahassee, and was responsible for all of the city’s technology needs.

He is also a former president of the Florida Local Government Information Systems Association, and a former member of the board of directors for Public Technology Institute.


Every government organization has a mandate to respond to public records requests in a timely manner. But fulfilling that role first requires an archiving platform to capture all digital communications, along with clear processes for stakeholders to search through agency records and fulfill any requests.

Setting up a structured policy for digital communications compliance starts by delegating who in the organization will be responsible for overseeing electronic records requests. Agency officials must also define the rules and business processes to manage their retention of electronic records.

The first step is deciding who shall oversee records retention:

Is it the Clerk of Records, or the IT department? Who will be responsible for finding those records and having them reviewed by the legal team to redact any sensitive or exempt information?

The answer to these questions will set the stage for how your organization should handle records requests.

Four key stakeholders should have some input into developing this process. They include the Chief Information Officer (CIO), the Public Information Officer (PIO), the Clerk of Records (Clerk), and the Legal Department (Legal).

These four entities are best equipped to develop a process that fits the organization’s culture and needs. Collaboration between these groups is necessary because each record must pass through several layers of oversight before being released.

In turn, the PIO is responsible for conveying this records retention process to the public, and disclosing any costs associated with records requests. In many ways, this function becomes a marketing duty for the PIO by providing a public interface for the organization.

Once a compliance workflow has been approved by the local commission, city manager, or ordinance, it too becomes a legal public document that must be produced upon request. That’s why workflows should be reviewed from time to time, to make sure they stay updated and that the agency continues to comply with relevant laws.

Using Manual vs. Automated Processes for Records Retention

If you must manually track down and search through every record, it’s going to be a very long and tedious process. However, if you have a discovery tool that can pull email and other types of records quickly, the process will be expedited.

For agencies that still rely on manual processes, such requests are usually run through the Clerk’s office. Agencies with modernized systems like Smarsh, CIOs or IT leaders are often responsible for managing the archive. Legal is tasked with reviewing the records to redact any information exempted from public view, including personally identifiable data such as home addresses or Social Security Numbers.

The organization might have a workflow-management tool that is tracked in a database and sends emails to the people in the right flow.

However, most organizations still use a manual checklist:

Where did the record start? Did it get through the clerk? IT department? CIO? Legal?

Most of the time, that manual checklist will be released along with the records to prove the correct workflow. If an organization has implemented an electronic document management system, the team can probably adapt that system into their workflow.

By moving to an automated archiving solution, the stakeholders can oversee records retention without continuous oversight by IT.

Rather than requiring a cumbersome process for manual searches, an automated system can allow a Clerk to quickly and easily locate all records across email, social media, text messages, and more.

It’s best to choose an automated solution that can grow with your organization as it adopts new types of digital communications. Lacking these features, you could be back to stretching your staff too thin or bringing on additional employees to execute records requests. More time, more people, more effort more money—even with adequate in-house staff to fill those extra roles, you’ll still be racking up a hefty tab.

Once the records are produced, they can be automatically sent to Legal for redaction, then back to the Clerk for a quick release to the requestor. This process will streamline the workflow from four teams to two. In turn, automation makes it cheaper and easier for your organization to produce records as soon as possible.

For organizations that don’t have the right business processes, policies and tools in place, records retention can become a very expensive and time-consuming task.

Perhaps even more importantly, failure to quickly produce a public record can damage the agency’s community reputation. Making prompt responses to public records requests will reflect an organization that is transparent and accessible, and one that truly serves the public interest.