NAMA Operations

This question relates to NAMA's email policy, which allows it to delete all emails of staff one year after they have left the agency. This policy was applied retrospectively and, coincidentally, came into effect one month before NAMA was to become subject to freedom of information. I wrote to the Minister about this matter on 8 February and his response was that he would look into it. I know the Minister is a busy man and has plenty to do but I hope he is not ignoring what is going on in NAMA.

It is important to clarify that any suggestion that NAMA deletes all emails of staff members one year after departure is not correct. I am advised that, as a first step, NAMA ensures that all emails of business or long-term value are retained in the appropriate repositories. Only when managers are assured that such records have been retained and stored can they authorise the deletion of ephemeral and transitory emails that have no business value. The Deputy will appreciate that there is a big difference between this sensible policy and a blanket policy of deleting all emails regardless of content or value, which is not, and never has been, NAMA policy. 

Since this matter was last raised in December, officials of my Department have discussed the issue further with NAMA, which has advised that its email retention policy is in line with best practice among public and private organisations. I am further advised that the implementation of the policy ensures that all key records held by NAMA are retained and that they will therefore be available, if required, for business purposes and for the purposes of legal discovery and the fulfilment of NAMA's obligations into the future.

In regard to staff emails specifically, I am advised that NAMA policy is to retain the mail servers of staff for at least one year after their departure from the agency. This is to facilitate business continuity and to enable line managers to ensure that business and long-term value records are saved to the appropriate repository. When managers are assured that such records have been retained and stored, they may authorise the deletion of transitory emails that have no business value.

I am further advised that this policy adheres to the guidance contained in the code of practice for freedom of information, FOI, and section 48 of the Freedom of Information Act.

The truth is that NAMA can delete what it likes and that is what it is doing. The policy of deleting staff emails 12 months after they have left the agency is not in line with the approach of any similar organisation in the public sector. No other State agency has this policy. According to the National Management Treasury Agency, NTMA, NAMA's parent agency, it has no set timeframe regarding the retention or deletion of emails. Why would NAMA delete emails when the NTMA does not do so? Is the Minister aware that all NAMA emails are on the NTMA email server? A copy of all emails sent and received on the NTMA's network are stored on what is known as "the vault" such that even if NAMA deletes an email at its end, it remains on the vault. However, when an FOI request is submitted the vault is not searched. NAMA is erasing the history of what goes on within the organisation and ensuring that it is not open to any embarrassment as a result of FOI requests. Will the Minister inquire if the commission of inquiry established to investigate NAMA had access to the emails located on the NTMA vault and if An Garda Síochána had access to all emails stored on it when investigating leaked allegations?

The Deputy asked two specific questions - on the commission of inquiry and on the role of An Garda Síochána in respect of NAMA - to which I do not have answers. However, I will make inquiries and revert to him with replies. When the Deputy initially raised this matter with me a number of months ago, my Department and I inquired into the policy in this area and I have shared the relevant information with the Deputy.

I have reviewed the policy of the NTMA.

I have already shared the NTMA's email retention policy with the Deputy but I will highlight it again. The NTMA does not have a set timeframe applying to the retention of emails. The retention period for emails is determined by the content and context of the correspondence. NAMA retains emails for one year in the way I have described. It then makes a further decision on the email depending on its sensitivity or its relevance to the operation of business.

The Deputy asked me two additional questions. I will check the answers to them.

NAMA's approach to the control and retention of data borders on the criminal. There have been two cases in the past month in this regard. In one case, NAMA has been heavily criticised for its approach to data and information held within the agency. The Data Protection Commissioner found that NAMA was in breach of its obligations under data protection law in its response to a request for data from the O'Flynn group. The O'Flynns had asked for all data on them held by NAMA, which is their right. NAMA initially agreed to undertake a full search for it but 14 months later it told the Data Protection Commissioner that it had decided to do no searches. The Data Protection Commissioner rightly found this completely unacceptable and stated that NAMA was in breach of its statutory functions. It is a shocking case which highlights NAMA's complete disregard for the law, something with which it has no problem.

Another case that was before the courts highlighted that NAMA's approach to records is farcical. NAMA official Peter Malbasha stated that it had no records or minutes of 62 meetings which took place with a developer, despite the fact that the developer saw minutes being taken. NAMA is a law unto itself and nobody is holding it to account.

I completely reject the inference by the Deputy that what it is doing is in any way criminal or nearly criminal. The Deputy might have a different view on the matter but NAMA's current policy on the management of emails is consistent with its obligations under freedom of information legislation and with regard to best practice on how these records can be filed and for how long they should be kept.

On the Deputy's point about the Data Protection Commissioner, he is correct that the Data Protection Commissioner recently found against NAMA in respect of a breach of its obligation to certain debtors. However, I am advised that there are two points to be made on this. First, the board of NAMA is currently considering the ruling of the Data Protection Commissioner and it will respond to it. Second, I am informed that the ruling made by the Data Protection Commissioner is separate from the matter the Deputy raised with me.