An IG’s report has said that the SSA needs to improve its controls over email, instant messages and other electronic messages.
It noted that under the Federal Records Act, electronic messages created or received during agency business are federal records and must be captured and managed in compliance with federal laws, regulations, and policies.
However, it found issues including failure to retain instant messages—the agency disabled the function in its email system that automatically stores them–use of personal email accounts to conduct official business, and lack of controls to ensure that electronic messages are kept when an employee leaves the agency.
Other recommendations include clarifying agency policies on acceptable use of personal email accounts; setting and carrying out standards for storing and backing up agency emails; special emphasis on retaining messages of officials who are most likely to create generate information that must be kept; and better training agency managers and line employees on policies regarding electronic messages.
The report said that SSA management agreed with the recommendations.