Reliance on Electronic Records (PS-08-007)
Topics:
PS-08-007.02 Reliance on Electronic Records
Issue Date: 3/20/2008
Revision Date: 7/1/2018
Review Date: 8/30/2024
PURPOSE
Email messages, electronic data interchange, and other forms of electronic materials often document important government transactions and decisions. Like any other type of record, such information is necessary to ensure government accountability. In light of today’s reliance on technology for conducting official business, the Georgia Records Act requires that each Agency establish a policy of intent to rely on electronic data as a form of official record. Official records reflect the information and position that the agency believes is true and complete and will be relied upon to conduct its business.
This policy designates digital data as an authorized form of official record within the Enterprise, but DOES NOT imply that electronically generated data is the only form of official record recognized or authorized by the state, NOR does it preclude an agency from establishing internal policy regarding the creation and designation of official records. This policy statement serves as a reminder to agencies that electronic data must also exist as part of the State’s overall data security and records management programs.
SCOPE and AUTHORITY
O.C.G.A 50-25-4(a)(10) – State Government, Georgia Technology, General Powers
O.C.G.A 50-25-4(a)(21) - State Government, Georgia Technology, General Powers
PM-04-001 – Information Technology Policies, Standards and Guidelines
PS-08-005 – Enterprise Information Security Policy
TERMS and DEFINITIONS
Records - recorded information in any form, including data in computer systems, created or received and maintained by an organization or person in the transaction of business and kept as evidence of such activity.
Georgia statute defines Records as “all documents, papers, letters, maps, books (except books in formally organized libraries), microfilm, magnetic tape, or other material, regardless of physical form or characteristics, made or received pursuant to law or ordinance or in performance of functions by any agency” (Georgia Records Act).
Electronic Data, Information and/or Record -any form of digitally recorded material generated, transmitted, received and/or stored that is designated a record by the data owner or law, based on content and/or subject matter. This includes but is not limited to electronic digital interchange, email, digital/text voice messages, instant messages and text messages.
POLICY
The State of Georgia recognizes electronically generated data (such as email, electronic data interchange, instant messages, digital voice mail and other forms of electronic material) made or received by an entity of the State of Georgia or in connection with the transaction of public business as a form of official public record that must be safeguarded against loss or unauthorized destruction (derived from the Georgia Records Act).
Each Agency shall issue an internal policy designating the authorized forms of official records in the custody of that agency and shall notify all personnel that all records are subject to the records retention requirements set forth by the Georgia Records Act for records retention.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
Data Security - Electronic Records (SS-08-003)
Communications Accountability (SS-08-009)
REFERENCES
Georgia Archives http://www.georgiaarchives.org/ Records Retention Schedules
NIST SP 800-53 Security and Privacy Controls for Information Systems and Organizations
Georgia Records Act - O.C.G.A. 50-18-90 et seq.