Reliance on Electronic Records (PS-08-007.02)

PS-08-007.02 Reliance on Electronic Records

Issue Date:  3/20/2008

Revision Effective Date:  12/15/2014

Revision Date: 7/1/2018

Review Date: 12/1/2023

PURPOSE

Email messages, electronic data interchange, and other forms of electronic materials often document important government transactions and decisions.  Like any other type of record, such information is necessary to ensure government accountability. In light of today’s reliance on technology for conducting official business, the Georgia Records Act requires that each Agency establish a policy of intent to rely on electronic data as a form of official record.   Official records reflect the information and position that the agency believes is true and complete and will be relied upon to conduct its business.

This policy designates digital data as an authorized form of official record within the Enterprise, but DOES NOT imply that electronically generated data is the only form of official record recognized or authorized by the state,  NOR  does it preclude an agency from establishing internal policy regarding the creation and designation of official records. This policy statement serves as a reminder to agencies that electronic data must also exist as part of the State’s overall data security and records management programs.

SCOPE and AUTHORITY

O.C.G.A 50-25-4(a)(10) – State Government, Georgia Technology, General Powers

O.C.G.A 50-25-4(a)(21) - State Government, Georgia Technology, General Powers

PM-04-001 – Information Technology Policies, Standards and Guidelines

PS-08-005 – Enterprise Information Security Charter

TERMS and DEFINITIONS

Records - recorded information in any form, including data in computer systems, created or received and maintained by an organization or person in the transaction of business and kept as evidence of such activity.

Georgia statute defines  Records as  “all documents,  papers, letters,   maps,   books   (except books in formally organized libraries), microfilm, magnetic tape, or other material, regardless of physical form or characteristics, made or received pursuant to law or ordinance or in performance of functions by any agency” (Georgia Records Act).

Electronic Data, Information and/or Record -any form of digitally recorded material generated, transmitted, received and/or stored that is designated a record by the data owner or law, based on content and/or subject matter.   This includes but is not limited to electronic digital interchange, email, digital/text voice messages, instant messages and text messages.

POLICY

The State of Georgia recognizes electronically generated data (such as email, electronic data interchange, instant messages, digital voice mail and other forms of electronic material) made or received by an entity of the State of Georgia or in connection with the transaction of public business as a form of official public record that must be safeguarded against loss or unauthorized destruction (derived from the Georgia Records Act).

Each Agency shall issue an internal policy designating the authorized forms of official records in the custody of that agency and shall notify all personnel that all records are subject to the records retention requirements set forth by the Georgia Records Act for records retention.

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

Data Security - Electronic Records (SS-08-003)

Communications Accountability (SS-08-009)

REFERENCES

Georgia Archives http://www.georgiaarchives.org/ Records Retention Schedules

NIST Computer Security Resource Center -  http://csrc.nist.gov/ SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations

PL 4 Rules of Behavior

Georgia Records Act -  O.C.G.A. 50-18-90 et seq.