|
| | 1. | | Call to order.
Minutes note: Meeting called to order at 10:06 a.m. | | | |
|
Not available
|
|
| | 2. | | Roll call.
Minutes note: Present - Larson, Siettmann, Roedel, Jaeger, Madison, Owczarski, Schroeder, Zimmer, Richter, Henke, Spiker
Excused - Meyer-Stearns
Charles Roedel serving as member in place of David Klein for this meeting.
Also present:
Brad Houston, City Records Center Manager
Peter Block, Assistant City Attorney
James Bohl, DOA - Innovation Director
Kate Pawasarat, DOA - Community Analytics Analyst
Maureen Minning, DOA - Innovation Policy Analyst
Members gave brief introductions. | | | |
|
Not available
|
|
| | 3. | | Review and approval of the previous meeting minutes from June 5, 2025.
Minutes note: Mr. Houston said to amend the minutes to reflect his remarks under agenda item 4, a. to state that "attachments" (in lieu of "data") should not be entered into Work Day.
Member Owczarski moved to amend, seconded by member Jaeger, the minutes, as requested. There was no objection.
The meeting minutes from June 5, 2025 were approved, as amended. There was no objection. | | | |
|
Not available
|
|
| | 4. | | Records Retention.
Minutes note: a. Proposed departmental record schedules for review and/or approval.
Mr. Houston gave an overview. Schedules totaled 45 with 23 being closed, 7 new, and 15 amended or renewed schedules. The majority of the schedules for the City Treasurer regarding various records were being closed due to those records being obsolete or superseded by global schedules. Absent a response from the City Attorney's Office, the citywide global schedule for liability waivers had a 1-year retention period.
Atty. Block said that after discussion with colleagues in his office, it would be worthwhile to increase the retention period longer to 3 years if it was not burdensome to do so.
Mr. Houston concurred.
Member Owczarski moved to amend, seconded by member Schroeder, the retention schedules to change the retention period of 1 year to 3 years for schedule no. 25-0006 (citywide global schedule for liability waivers). There was no objection.
Mr. Houston continued. The citywide global schedule for commodity/service specification records was missed from a RMS migration after 1995, had useful historical information, and had a retention period of 1 year. The citywide global schedule for visitor access and appointment logs was being revise from being a renewal with a retention period of 3 years and destroy. DOA Purchasing Division schedules were related to DER schedules from last quarter. The retention period for the X-Files schedule changed to 6 years from 10 years to comport with the State and to reduce the amount of data to be migrated into Work Day. New schedules were created for Preference Program related records related to monitoring compliance with purchasing programs and affidavits submitted as part of a vendor's bid response. DNS schedules for permit/premises related records were simplified to one amended schedule for electronic records, and all other schedules for other mediums were closed. Most of the Health Department schedules were renewals and new series. The cryptosporidiosis related record schedules were changed to closed due to these records being no longer created, and historical records should be preserved under the water examination schedule.
Member Siettmann moved approval, seconded by member Roedel, of the retention schedules, as amended. There was no objection.
b. Update on State Records Board approval of previous schedules.
Mr. Houston gave an update. The State Records Board has not met officially but had objected initially to 3 record schedules from the last meeting pertaining to the Department of Emergency Communications. Technical revision was made to clarify language on the disciplinary provision for one schedule. Schedule no. 250008 regarding personnel related audio files was withdrawn. The board had opined the schedule being duplicative of schedule no. 230030.
c. Discussion on the Data Governance Work Group.
Mr. Houston commented. There was an informal work group with about 10-15 individuals led by James Bohl and Kate Pawasarat. The informal work group cannot make formal recommendations. The committee should determine a formal work group in order to provide formal recommendations and guidance. Lack of a formal body would present records retention and data storage issues. All supporting documentation from the County and City directs that there should be a formal body to provide guidance on data. The City had established its Data Governance Policy before the County, but the County had surpassed the City on creating infrastructure on data governance and a formal body.
Chair Spiker said that he would meet with Mr. Houston, Mr. Bohl, and Ms. Pawasarat further to discuss formalizing the work group and bring back the issue to the full committee to evaluate.
d. Discussion on the secure structure ordinance.
Mr. Houston commented. The ordinance was not drafted well and did not do what it was intended to do. The concern was that the ordinance was not being followed as sensitive building plan records were being uploaded into LMS, Legistar, City websites, and files of various bodies. Those bodies were probably unaware of this issue. He had discussed with DNS on doing some systematic implementations. He was not sure of a way forward. There was no consistency in enforcement of the ordinance. His office was enforcing the ordinance but it was not being done elsewhere. The ordinance should have legal review.
Atty. Block said that practical application of the ordinance was to allow the City to deny public records request for such records. The ordinance did not prohibit posting of such records.
Chair Spiker said that there did not seem to be an audit being done and that the issue of the ordinance pertaining to posting of such records should be further discussed by the newly created City Hall Campus Emergency Preparedness Committee to determine any ordinance changes and/or actions that would be needed.
Member Owczarski concurred and said he, as co-chair of the City Hall Campus Emergency Preparedness Committee, will schedule the matter at its next meeting. | | | |
|
Not available
|
|
| | 5. | | Information and Technology Management Division.
Minutes note: a. Review of citywide compliance with IT policies.
Member Siettmann commented. The matter was a result of a Comptroller's Office audit finding. ITMD has checked with all departments on their compliance with IT policies from their office. All departments responded being compliant and adhering to the IT policies except for the Police Department, which has its own more restrictive policies internally. The audit finding could be closed out. Those departmental internal policies should be shared and reviewed by ITMD, including any changes to their internal policies or citywide IT policies.
Vice-chair Henke added that guidelines could be changed but citywide IT policy changes would require review and approval by the committee and the Common Council.
b. Discussion on formalizing review of independently created internal systems and applications.
Vice-chair Henke commented. The question was raised at the last meeting. There was city ordinance (Ch. 310-4) that provided some formal structure and descriptions but there was no formal enforcement review mechanism. He had good working relationships with departments. The departmental IT updates provided to the committee was adequate. He did not want to put extra burden on departments to make other kind of reporting.
Member Madison said that his department was asked annually to provide a general listing of all their IT applications.
Chair Spiker said that there needed to be a structure in place for ITMD to be informed of internal systems and applications, relationships should not be depended upon, a good starting point would to have an audit done, and for there to be baseline review of those systems by ITMD.
Vice-chair Henke said that the annual department IT applications inquiry was part of ITMD's annual budget process. He would include in his action plan review of that inquiry and expand it for internal systems and applications to be identified.
Member Larson said that the genesis of the discussion today came from the Police Department's creation of a software catalog case management system utilizing currently available enterprise applications.
Vice-chair Henke said that a priority next year was to have an enterprise software catalog and he would update ITMD's budgetary annual IT survey instructions to departments listing their applications and software by next cycle.
c. Update on long-term plans for AI tools.
Vice-chair Henke commented. The free trial of GovAI had expired. They were working with the Innovation Office to extend the vendor contract for the trial to the end of the year. GovAI would be an enterprise tool. Training was being determined, and use agent cases were being looked at.
Mr. Bohl said that the trial extension would still be at a discount, and they would discuss including GovAI in the 2026 budget to be an enterprise tool.
Chair Spiker said that he would ask departments to respond to their use of and impacts from using AI tools going forward and that efficiencies should be looked at considering budget cuts.
d. Update on recent phishing campaign.
Member Siettmann gave an update. October would be Cyber Security Month when the annual cyber security training would be implemented typically. Phishing tests done in 2021 yielded a 24% fail rate for City employees. First required mandatory monthly trainings had a 66% participation rate. The subsequent year had non-mandatory trainings resulting in a 33% participation rate. There is a correlation for an increase in the phishing test fail rate of 20% presently since trainings had become non-mandatory. AI and phishing had become more sophisticated, and it was important for employees to be trained. Non-mandatory monthly trainings would be implemented starting in November and an annual mandatory training. She was looking for ideas on creating cyber security awareness and incentives to train. Examples would include sending out informational e-notifications, making trainings be a part of the Health Rewards program, and providing information on the MINT. She had talked to DER but it was too late to include trainings into the Health Rewards program.
Member Schroeder said that there were physical cyber security trainings, videos, and emails regarding phishing done during her time with the Department of Justice.
Ms. Minning said that cyber security efforts of private corporations should be looked at and for routine emails on phishing to go out to employees.
There was discussion on implementing an annual mandatory training, the recent phishing wiring case for the City, and that disabling of external hyperlinks would be hard to do.
Member Richter inquired for more results to be shared to the respective department head of IT head concerning those who would fail their cyber security tests or trainings, especially for elected officials.
Member Siettmann said that results were shared with respective department IT heads or department managers. She could also send results to department heads accordingly.
Chair Spiker said that department heads would have the authority to enforce trainings and that he will put in a Common Council legislative file on phishing and cyber security to help assist ITMD. | | | |
|
Not available
|
|
| | 6. | | Department IT updates and/or announcements.
Minutes note: a. Common Council - City Clerk.
b. City Comptroller.
c. City Treasurer.
These items were not discussed and held over to the next meeting. | | | |
|
Not available
|
|
| | 7. | | Next steps.
Minutes note: a. Agenda items for the next meeting.
To be determined.
b. Next meeting date and time (Thrs., Dec. 4, 2025 at 1 p.m.). | | | |
|
Not available
|
|
| | 8. | | Adjournment.
Minutes note: Meeting adjourned at 11:36 a.m.
Chris Lee, Staff Assistant
Council Records Section
City Clerk's Office | | | |
|
Not available
|
|
| | | | Meeting materials for this meeting can be found within the following file: | | | |
|
Not available
|
|
250690
| 0 | | Communication | Communication relating to the matters to be considered by the City Information Management Committee at its September 4, 2025 meeting. | | | |
Action details
|
Not available
|
|