UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL THE INSPECTOR GENERAL May 16, 2019 The Honorable Rosa DeLauro Chairwoman, Subcommittee on Labor, Health and Human Services, Education, and Related Agencies Committee on Appropriations U.S. House of Representatives Washington, D.C. 20515 Dear Chairwoman DeLauro: Thank you for your request for an Office of Inspector General (OIG) review of U.S. Department of Education (Department) political appointees' compliance with Federal laws, regulations, and Department policies regarding the use of email. Attached you will find the results of our review. We do apologize for the delay in completing this review. Due to limited staff resources and other competing priorities, we were unable to initiate our work until well into 2018. We sincerely appreciate your patience and understanding as we work through our staffing challenges. If, after reviewing the report, you have any questions or if you need additional information, please do not hesitate to contact me directly at (202) 245-6900 or have a member of your staff contact our Congressional Liaison Catherine Grant at (202) 245-7023. Sincerely, Digitally signed by Sandra Sandra Bruce Date : 2019.05.16 Bruce 22:29:50 -04'00' Sandra D. Bruce Inspector General (Acting) cc: The Honorable Tom Cole, Ranking Member, Subcommittee on Labor, Health and Human Services, Education, and Related Agencies, Committee on Appropriations, U.S. House of Representatives The Honorable Betsy Devos, Secretary of Education U.S. Department of Education Office of Inspector General Response to Request for Information on Political Appointees' Use of Personal Email Accounts, Preservation of Emails, and Responses to Freedom of Information Act Requests May 16, 2019 On October 4, 2017, Representative Delauro requested that the U.S. Department of Education (Department) Office of Inspector General (OIG) conduct a review of political appointees at the Department to ensure that these officials are following the spirit and letter of all Federal laws and regulations, as well as Departmental policies, related to email use. Representative Delauro specifically requested that the OIG conduct a review to determine the following: 1. whether the Secretary of Education or other senior political officials have used personal email accounts to conduct government business; 2. whether all emails related to government activities or public policy are being properly preserved as public records; 3. whether all emails related to government activities or public policy are being reviewed in response to Freedom of Information Act (FOIA) requests; and 4. if there are other irregularities in the email or communications activities of senior political appointees that could violate Federal statutes. Work Performed To respond to this request, we: • Interviewed officials from the Office of Management and the Office of the Secretary who are responsible for records management and handling FOIA requests. • Reviewed the Department's policies and procedures for ensuring compliance with Federal records management laws and policies. • Surveyed 51 politically appointed officials, in addition to the Secretary, who were on board at the Department as of November 9, 2017. The purpose of the survey was to determine whether the officials and the Secretary received the Department's records management training and used their personal email and/or messaging accounts to conduct government business. 1 • Reviewed selected Departmental emails transmitted between November 1, 2017, and February 9, 2018, to validate survey responses. We judgmentally selected political officials that stated they used their personal email or messaging account more than 10 times to conduct government business. • Reviewed Departmental emails sent to or received from the Secretary's four known personal email accounts between January 20, 2017, and April 10, 2018. We also reviewed additional emails from the Secretary's personal email accounts provided by the Office of the Secretary on January 31, 2019. • Judgmentally selected eight FOIA requests that requested the email communications of the Secretary and/or political officials. We conducted follow-up reviews on the five FOIA requests that were closed as of May 31, 2018, to determine how the Department responded to each request. Summary of Results The Department has established policies that prohibit all employees from using personal email or messaging applications to conduct Department business. Under this policy, personal email and messaging may be used only under exceptional circumstances. When employees use personal email to conduct Department business, they must forward those messages to a Department account within 20 days. The Department provided training to all political appointees on the requirements of this policy. Seventy-eight percent of the political appointees we surveyed reported use of personal email and/or messages in limited circumstances for a variety of reasons, including technical problems with their government equipment and working after hours. We judgmentally selected four of these appointees and confirmed that they forwarded messages to their Department accounts. We found the Department's training could be improved to more clearly explain when use of personal email and messaging is appropriate. The Secretary reported that it was not her practice to conduct government business using personal email accounts, and where she was aware that emails on a personal account may have involved government business, she took steps to ensure that such communications were directed to the Department's email system. We found only a limited number of emails sent to or from her private accounts in the Department email system . The Department has policies and practices to preserve all email by Department employees. Regarding the limited number of email sent to and from the Secretary's private email accounts, those messages were preserved only in the accounts of other Department employees that were included on those messages, and not in the Secretary's Department accounts. The Office of the Secretary informed us that it had completed a review to ensure that any messages relating to Department business contained in the Secretary's private accounts were now also preserved in her Department accounts. 2 The Department has policies and practices in place to search for and review email when needed in response to FOIA requests. In response to one FOIA request for email to and from any private email account controlled by the Secretary, we found that the Department did not identify or produce responsive email that we identified during our review. For another FOIA request, the Department did identify and produce email sent by t he Secretary from her private account. We found the Department's FOIA procedures could be improved when requests relate to use of private email accounts for Department business. In response to our review, the Department stated that it has established policies, procedures, and trainings that inform all employees of its expectations regarding personal email use, preservation of emails, and FOIA inquiries. Further, the Department stated that it takes these matters very seriously and strives to ensure all employees, including political appointees, are adequately trained and following Federal laws and Department directives. The Department stated it will continue to review its training materials to ensure they clearly explain staff responsibilities. Background The Office of the Chief Privacy Officer is responsible for overseeing the Department's record management program and ensuring the Department's compliance with Federal records management laws and related Department policies. 1 The FOIA Service Center is responsible for receiving, coordinating, tracking, and documenting the processing of all incoming FOIA requests. The FOIA Coordinator in each of the Department's Principal Offices coordinates the timely completion of FOIA processing tasks, including verifying that officials performed a thorough and appropriate search for responsive documents, uploading the documents into the FOIA case management system, and recommending any redactions in the records in accordance with the FOIA and Department's regulations. The Federal Records Act of 1950 (Act) and its implementing regulations require Federal agencies to preserve "records" which are defined as recorded information made or received by a Federal agency under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by the agency as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the United States Government or because of the informational value of data in them. In November 2014, the Act was amended to prohibit using nonofficial electronic messaging accounts to create or send a record, unless those messages are forwarded to an official electronic messaging account of the employee in the original creation or transmittal of the record. It also expanded the definition of a Federal record to include electronic messages. 1 In 2019, the Department transferred this responsibility to the Information Management Branch of the Office of the Chief Information Officer. 3 In July 2015, the National Archives and Records Administration also issued guidance to provide Federal agencies with additional records management guidance for electronic messages and assist agencies in developing strategies for managing such messages. The Department has issued two directives to establish its overall policies and procedures for compliance with the Act and its amendments, specific to the Department's records retention and disposition schedules and records and information management program. The directive states t hat it is the policy of the Department to create, preserve, maintain, use, and dispose of Federal records in accordance with Federal records management laws. It also prohibits the use of personal accounts to conduct government business. However, the policy states that if a Federal record is created or received in a personal account, an employee must forward the message to the Department's email system or printed to paper for recordkeeping. Results of Review 1. Determine whether the Secretary of Education or other senior political officials have used personal email accounts to conduct government business. The Department's policy prohibits its employees from using personal accounts to conduct government business, except for exceptional circumstances when their Department email accounts are unavailable. Of the 51 survey responses that we reviewed, 40 political officials (78 percent) stated that they have used their personal email and/or messaging accounts to conduct government business. The officials' reasons for using these accounts included: (1) experiencing technical difficulties with their government-furnished equipment, (2) needing to print documents when they were away from the office, (3) conducting work after hours, and (4) receiving communications from colleagues that the officials interacted with prior to their position at the Department. The Department's training or policy does not explain what constitutes an exceptional circumstance to justify use of personal email or messaging. 2 The Department's training could be improved by more clearly explaining when it is appropriate to use personal email or messaging for official business. In the Secretary's response to the survey, she stated that it was not her practice to conduct government business using personal accounts, and where she was aware that emails on a personal account involved government business, the Secretary stated she took steps to ensure that such communications have been directed to the Department's email system. We reviewed the Department's email system and did not find evidence of active or extensive use of personal email by the Secretary. We identified four personal email addresses belonging to the Secretary and reviewed the Department's email system for any 2 In the survey, we did not ask the officials to specify why government resources were unavailable in each instance of use of a personal account. 4 email sent to and from the accounts. We found a limited number (less than 100) sent or received between January 20, 2017, and April 10, 2018. Most messages occurred during the first 6 months of 2017 and were from a single writer who was offering advice on potential candidates for Department positions. The writer also included other Department employees on messages using their Department email addresses. We identified six messages sent by the Secretary to a Department email account during this period; five related to official business. 2. Determine whether all emails related to government activities or public policy are being properly preserved as public records. All Department employees are required to take records management training annually in which they are informed of their responsibilities for preserving electronic messages that are created outside of official accounts that automatically capture employee communications. In addition, all new political appointees to the Department receive this training after arrival directly from the Chief Privacy Officer. According to the former Chief Privacy Officer, she trained every political appointee and personally briefed the Secretary on records management requirements. The training instructs employees that it is Department policy to create, preserve, maintain, use, and dispose of Federal records in accordance with Federal records management laws and policies. The training states that employees are prohibited from using personal email or messaging accounts to conduct official government business. It further states that if a personal email or messaging account is used to create or send a record, the employee must forward the message to the Department's email system within 20 days. Although the Department's written policy states only that a record in a personal account should be forwarded to the Department's email system, 44 U.S.C. § 2911 requires any record created or sent with a nonofficial messaging account must be sent to the official account of the employee. The Department's training was consistent with the requirements of 44 U.S.C. § 2911. The Acting Chief Privacy Officer, who conducted the training for political appointees, explained that the employee must forward the email to his/her own Department email account. The Acting Chief Privacy Officer further explained that if there was a FOIA request for that employee's records, the record needs to be in his/her own email account in order to enable a proper search for responsive documents. 3 The Department's written policy on records management could be improved by updating it to reflect the statutory requirements and the Department's training. In response to the survey, 20 of 51 political appointees (39 percent) stated that they used their personal email and/or messaging accounts to conduct government business more than 3 According to the former Chief Privacy Officer, all emails are automatically stored by the Department and are not destroyed or deleted. 5 10 times and forwarded all of the emails and/or messages to a Department email account. The Secretary's survey response noted that where she was aware that emails on a personal account involved government business, the Secretary stated she took steps to ensure that such communications were directed to the Department's email system. To confirm that emails were forwarded to Department accounts as reported on survey responses, we reviewed the Department email accounts of four political officials in addition to the Secretary. We found evidence of the four officials forwarding communications from their personal accounts to their Department account. Messages involving the Secretary's personal email accounts were preserved in the accounts of other Department political employees included on the messages. We did not identify any instances where the Secretary forwarded emails from her personal accounts to her Department email accounts. We determined that, based on the Secretary's response to our survey and our review of her Department email accounts, the Secretary's emails related to government business were not always being properly preserved. During our review, the Office of the Secretary informed us that it was taking additional steps to identify and preserve emails in the Secretary's personal accounts that may have involved government business, including forwarding such emails to the Secretary's Department account. We reviewed messages provided to us from this process and determined that they were generally from individuals congratulating the Secretary on her confirmation or providing her with recommendations on staffing at the Department and advice on her new position. 3. Determine whether all emails related to government activities or public policy are being reviewed in response to FOIA requests. The former Chief Privacy Officer stated that to identify emails responsive to the FOIA request, the Department will either (1) search the email archiving system using the provided search terms or (2) ask the official named in the request to review their emails and identify those that are related to the topic. She said the responsible FOIA Coordinator will review the emails and determine which ones should be included in the Department's response. The former Chief Privacy Officer said that a small percentage of the Department's FOIA requests are responded to by searching the email archiving system. She stated that the Department assumes that officials will act in good faith in their search and will provide all responsive documents. She said that the Department does not perform verification to ensure that officials provided all responsive emails. Of the eight FOIA requests that we reviewed, five requests were closed with Department responses as of May 31, 2018. 4 For two requests, the Department included emails that it stated were responsive to the requests. For the three remaining requests, the Department responded that after searching its files, there were no responsive documents to the 4 As of April 5, 2019, the other three requests remained open. 6 requests. However, we identified emails that were responsive to one request. Specifically, this request asked for all communications sent to or from any nongovernmental email address established, controlled, or used by the Secretary from January 20, 2017, to the date the Department conducted the search. On June 7, 2017, the Department's response stated that the request was assigned to staff in the Office of the Secretary to search for responsive records. It further stated that after a search of their files, the staff were unable to locate any documents that were responsive to the request. We identified three emails that were sent between the Secretary's personal email account and Office of the Secretary staff from March-April 2017. The Deputy Director of the Executive Secretariat, within the Office of the Secretary, stated that after receiving the FOIA request, the Director of the Executive Secretariat spoke with the Secretary's former Chief of Staff who said there were no records responsive to the request. The Deputy Director stated that no other search of records was performed. The Department's FOIA procedures could be improved if for any request related to use of personal email by Department employees, the Department requires the affected employee to search for responsive email and respond to the FOIA Service Center confirming that search was completed. 4. Determine if there are other irregularities in the email or communications activities of senior political appointees that could violate Federal statutes. Based on our limited review, we did not identify any irregularities other than the issues identified in items 2 and 3 above. 7
Political Appointees' Compliance with Federal Laws, Regulations, and Department Policies Regarding the Use of Email
Published by the Department of Education, Office of Inspector General on 2019-05-16.
Below is a raw (and likely hideous) rendition of the original report. (PDF)