Social Media Guidance Lisa Haralampus, Hannah Bergman NARA ASAP National Training Conference July 29, 2015 Who s here? Is your agency using social media? Is it being captured and managed as a record? Have you gotten FOIA requests that required you to search social media records? 3 1
NARA s Social Media Guidance NARA Bulletin 2014-02 Issued October 25, 2013 Superseded previous guidance Contains high-level requirements and best practices for capturing records created when Federal agencies use social media 4 What are social media records? If any answers are YES, then content is likely a record: Does it contain evidence of an agency s policies, business, or mission? Is the information only available on the social media site? Does the agency use the tool to convey official agency information? Is there a business need for the information? 5 What are social media records? Social media content may be a Federal record when the use of social media provides added functionality It must have content, context, and structure along with associated metadata The complete record must be maintained to ensure reliability and authenticity 6 2
Challenges and Best Practices Recordkeeping Content in multiple places Ownership and control Identification of records Scheduling Capture Personally identifiable information Public expectations Articulate clear processes, policies, and recordkeeping roles and responsibilities Areas to consider include: Identifying records Defining ownership Terms of service (TOS) Communicating policies Monitoring use and value Monitoring changes to TOS 7 Scheduling social media Agencies must identify the official record and determine how it will be managed. Some social media records may be temporary; with a transitory, short, or long term retention. Some may even be permanent, such as a blog by an agency senior official. 8 Capturing social media Temporary records may not need to be captured Assess business needs and evaluate risks Capture long-term and permanent records Export into a recordkeeping system 9 3
Capturing Social Media Methods to capture social media records include: Using web crawling software Using web capture tools to capture content Using platform APIs Using RSS Feeds, aggregators, or manual methods Using tools built into some social media platforms to export content 10 RM responsibilities with third party providers Be aware that the provider could discontinue their service or delete information from an agency's account Agencies may stop using a platform at any time In either situation, the agency is not relieved of its records management and possible capture obligations 11 RM responsibilities with third party providers Determine if provider can export the complete record If yes, include instructions for notification and export requirements Agencies will have other business and legal needs regarding capture and should work with providers to ensure these needs are met 12 4
So now You ve done all of this work, figured out what your social media records are, what schedule they have, and captured them And, you get a FOIA request and it turns out the program office was using GitHubto create policy. The request: All documents related to the development of the Project Open Data Metadata Schema About you: Primary job: You process FOIA requests Other duties: privacy and records management Employer: agency responsible for the Open Data policy. So what is GitHub? GitHubis a platform for creating, storing and running code The platform allows you to collaborate internally and externally while you develop Collaboration creates records 5
The search Where are we looking? What are we looking for? Who is likely to have it? Project Open Data Governance Approving Changes In GitHub speak, Project Open Data is actually a collection of different little-p projects housed in individual repositories, or repos. Each individual project repo will be managed as an open source project i.e., users can make pull requests (suggest changes). A repo manager will adjudicate the pull requests (accept, modify, or reject) in a public log on a standard release cycle. Proposed changes to relevant policy areas will be evaluated by relevant policy officials. Information on the repo manager and release cycle for updates will be available in each repo s documentation file. A program management office (PMO) in the General Services Administration (GSA) may be delegated management of individual technical repos, as well as provide daily technical oversight and user support for the Project. Given that the breadth of Project Open Data supports both technical and policy work, there will be different governance processes for each subject. Technical Repositories Governance & Review Cycle(e.g., source code, applications, best practices) Technical repositories will be maintained by staff within the Office of Management and Budget and the Office of Science and Technology Policy, with support from technical staff at GSA (i.e., the Technical Review Committee). All comments and proposed changes from the public or other Federal employees will be reviewed regularly by the Technical Review Committee, on bi-weekly intervals. Additional stakeholders will be involved in review processes based on needed subject matter expertise. Policy Related Repositories Governance & Release Cycle(e.g., open licensing, metadata) Changes to repositories with implications for the policy must be approved by OMB and OSTP policy officials. All comments and proposed changes from the public or other Federal employees will be reviewed by the appropriate staff on bi-weekly intervals. Additional Federal stakeholders will be involved in review processes based on needed subject matter expertise. There are two policies repos that will have very regulated release cycles: Project Open Data Metadata Schema Changes to the Project Open Data metadata schema will be reviewed on an ongoing basis. Starting November 9th, new releases of the schema will only be issued every 6 months, as needed. Suggested changes that alter implementation and structure of the schema will not be merged in-between the regular release cycles, though discussion and commenting during these periods are encouraged. Each version of the schema will have a depreciation date of one year. The Open Data Policy M-13-13 A version of The Open Data Policy (M-13-13) is available for public feedback and suggested changes through Project Open Data. Suggested changes to the policy will be reviewed bi-annually. Adjudication times will depend on the extent of the suggested policy changes and decisions regarding the mechanism for dissemination (e.g., the need to consider updating official version of M-13-13, or other forms of guidance). Accepted changes to the policy will not be merged in-between the regular release cycles to prevent inconsistencies and confusion, though discussion and commenting during these periods are encouraged. 6
Repos Pull requests Repo managers So we ve got And back and forth between repo managers and policy experts about whether or not to make these requested changes. Are the things in the repos agency records? For FOIA? For Federal Records Act purposes? For discovery? Sometimes repos are private Private repo Use: Internal pull requests from staff, discussions of what to do next, etc. What are the challenges associated with requests for this information? 7
It looks like source code... But is it? Issues: Public or private discussions about the direction the project should take Often agency employees are engaging in these conversations It may not be apparent immediately who is an employee, etc. Context is key This is a comment from the repository owner If we click on Phil s profile, we ll learn that he s the Chief Architect for Data.gov and a GSA employee. Pull requests 4 employees 32 conversation entries 1 commit 1 file changed 8
Questions to ask Were there discussions about those changes that took place in: Email? Texts? (the SMS kind) Chats? (gchat, Instant messaging) Other platforms (Slack, internal collaboration tools)? All of these things are electronic messages See NARA e-messages bulletin With people at other agencies? Have those places been searched and the documents given to you? Review process These types of records can be responsive to access requests. How will you review them? Importance of comparing public conversation with internal conversation. What if: The GitHub repository is taken down, and you receive a FOIA request? Have you preserved those records for agency business? If so, search, review, produce If not, should you have? Does your records officer know what your agency is doing on GitHub[and your other similar development platforms]? How: Use an API to ingest all information from a platform, most likely in xml format Questions? Hannah Bergman hannah.bergman@nara.gov Assistant General Counsel NARA Lisa Haralampus lisa.haralampus@nara.gov Director, Federal Records Management Policy NARA 9