Government Retention Policies

In case you were ever wondering, here is what the government actually has to do in terms of retaining their electronic documents. Whether or not they actually have the ability to do this is another story. Source can be found here.

Document	Retention Period
(1) Records pertaining to Contract Disputes Act actions.	6 years and 3 months after final action or decision for files created prior to October 1, 1979. 1 year after final action or decision for files created on or after October 1, 1979.
(2) Contracts (and related records or documents, including successful proposals) exceeding the simplified acquisition threshold for other than construction.	6 years and 3 months after final payment.
(3) Contracts (and related records or documents, including successful proposals) at or below the simplified acquisition threshold for other than construction.	3 years after final payment.
(4) Construction contracts:
(i) Above $2,000.	6 years and 3 months after final payment.
(ii) $2,000 or less.	3 years after final payment.
(iii) Related records or documents, including successful proposals, except for contractor's payrolls (see (b)(4)(iv)).	Same as contract file.
(iv) Contractor's payrolls submitted in accordance with Department of Labor regulations, with related certifications, anti-kickback affidavits, and other related papers.	3 years after contract completion unless contract performance is the subject of an enforcement action on that date.
(5) Solicited and unsolicited unsuccessful offers, quotations, bids, and proposals:	.
(i) Relating to contracts above the simplified acquisition threshold.	If filed separately from contract file, until contract is completed. Otherwise, the same as related contract file.
(ii) Relating to contracts at or below the simplified acquisition threshold.	1 year after date of award or until final payment, whichever is later.
(6) Files for canceled solicitations.	5 years after cancellation.
(7) Other copies of procurement file records used by component elements of a contracting office for administrative purposes.	Upon termination or completion.
(8) Documents pertaining generally to the contractor as described at 4.801(c)(3).	Until superseded or obsolete.
(9) Data submitted to the Federal Procurement Data System (FPDS). Electronic data file maintained by fiscal year, containing unclassified records of all procurements other than simplified acquisitions, and information required under 4.603.	5 years after submittal to FPDS.
(10) Investigations, cases pending or in litigation (including protests), or similar matters.	Until final clearance or settlement, or, if related to a document identified in (b)(1) - (9), for the retention period specified for the related document, whichever is later.

Pre-Review: One Way to Stop WikiLeaks

Image via WikipediaAs most people have already caught up on the WikiLeaks and Afghan War Diaries affair, I just wanted to quickly point out that this type of data loss can be avoided by using the correct records management software. To tighten the valve on probably the most prevalent and most easily accessible avenue of leakage, e-mail, should be a requirement from any solution. By using an enterprise-wide email and content management solution, companies (or governments) can be sure that offensive e-mails do not leave the company. 

Pre-review functionality allows for policies to be set based on any characteristic of the mail, the number of metadata parameters as well as the contents of an e-mail or attachment. Properly deployed the system can block an e-mail from being sent out of the organization before any damage is done. As an example, if a policy stating that any e-mail or file discussing “Contract X” should not be allowed to leave the company firewall, a policy to this effect will ensure that any e-mail or attachment containing any information related to “Contract X” is blocked at the gateway.  In essence, these e-mails are automatically “flagged” and the compliance officer or the administrator would be informed immediately that there was an attempt to send that content out.  They would then also have the option to allow the e-mail to go through and be sent out, or confirm that it needs to stay blocked. 

Such functionality (hopefully) should be deployed throughout the government, but for some reason I get the feeling that its not. If anyone has more information on how the government, especially defense organizations, does data loss prevention, I'm all ears.