In light of the recent revelation that Downing Street deletes emails after 3 months. I have three requests for information.
The National Archive page providing guidance on managing emails says: ‘limit what users can keep in personal email accounts by the use of:
- email account quotas OR
- automatic deletion after a set period of time
Downing St said it is following National Archives as guidance as a justification for removing emails. This means government history is being wiped out and at the same time weakening the FOi process.
Is there a plan for the National Archives to change the guidance that states automatic deletion of emails as a way of managing emails to prevent this?
Why is an organisation that thrives on historical documentation suggesting the deletion of any emails regardless of how significant they may appear to the organisation?
Does the National Archives have a process of automatic deletion of their emails?
Question 3 of your request has been handled under the Freedom of Information Act 2000 (FOIA). Questions 1 and 2 do not come within the parameters of a Freedom of Information request. This is because the FOIA only extends to requests for recorded information. It does not require public authorities to answer questions generally, only if they already hold the answers in recorded form. Also, the Act does not extend to requests for information about policies or their implementation, or the merits or demerits of any proposal or action – unless the answer to any such request is already held in recorded form.
However, colleagues in our Information Management department have been able to provide information relating to these questions, which are provided in the attached documentation.
In response to the question ‘Does the National Archives have a process of automatic deletion of their emails?’ I can confirm that The National Archives holds information relevant to your request and we are pleased to be able to provide some of this information to you.
The National Archives asks staff to file key business emails in our Electronic Records Management system, where they are kept in accordance with our disposal schedules. To help facilitate the management of mailboxes we have two auto-delete policies set up on individual mailboxes; deletion on calendar items after 2 years, and sent items after a year. This policy excludes the Executive Directors and team mailboxes.
In response to the question: ‘Is there a plan for The National Archives to change the guidance that states that automatic deletion of emails as a way of managing emails to prevent this?’ our guidance on the management of emails clearly states out that:
‘Emails are an important part of the corporate record for all organisations. For public sector bodies they are public records and are subject to the Public Records Act, the Data Protection Act and the Freedom of Information Act. Therefore they need to be managed in a way that meets legislative requirements.’
It also states that civil servants have an obligation to keep accurate official records under The Civil Service code. Our guidance states that organisations will need to:
- define clearly which emails need to be kept for business or historical value
- communicate simply and often to users the rules for what emails to keep
- keep emails with related digital information in a shared corporate information management system
- limit what users can keep in personal email accounts by the use of:
– email account quotas OR
– automatic deletion after a set period of time
Automatic deletion of emails after a set period of time is a common tool used to manage email and used alongside other information management policies is one suggested way organisations could manage their emails.
Our guidance also states that organisations should support users in managing their email correctly:
‘Ensure that users understand the benefits to them of managing their email correctly, for instance that emails can be found in a timely way and emails will not be lost as a result of automatic deletion periods.
Lost emails can prevent work from being carried out, create unnecessary duplicated effort or cause damage to the organisation or user through not meeting legislative requirements.
Organisations should ensure that email management is part of the corporate induction process.
It is important that leavers file any emails of corporate value and that email accounts are then deleted. Organisations should also monitor compliance with corporate information management policies and assess risks. Individual compliance should be reflected, if possible, in staff performance reviews.’
Our guidance is reviewed and updated regularly.
In response to the query ‘Why is an organisation that thrives on historical documentation suggesting the deletion of any emails regardless of how significant they may appear to the organisation?’ In practice only a percentage of emails will contain information of value or importance to the business. Keeping all emails can result in a significant burden to organisations and can create inefficiency and increases the risk of non-compliance. By identifying which emails are of value and storing them with other relevant information organisations can be more confident that emails are retained only as long as they are required.
Understanding what information to keep and disposing of information that is no longer needed is an important part of effective information management. Disposing of information is something organisations are required to do under legislation such as the Public Records Act and Data Protection Act.
12. Authorities should define how long they need to keep particular records, should dispose of them when they are no longer needed and should be able to explain why records are no longer held.
12.2. As a general principle, records should be kept for as long as they are needed by the authority: for reference or accountability purposes, to comply with regulatory requirements or to protect legal and other rights and interests. Destruction at the end of this period ensures that office and server space are not used and costs are not incurred in maintaining records that are no longer required.
For records containing personal information it also ensures compliance with the 5th data protection principle which requires that personal data is kept only for as long as it is needed.
12.3. Records should not be kept after they have ceased to be of use to the authority unless:
a) They are known to be the subject of litigation or a request for information. If so, destruction should be delayed until the litigation is complete or, in the case of a request for information, all relevant complaint and appeal provisions have been exhausted;
b) They have long-term value for historical or other research and have been or should be selected for permanent preservation. (Note that records containing personal information can be kept indefinitely for historical research purposes because they thereby become exempt from the 5th data protection principle.)
c) They contain or relate to information recently released in response to a request under the Act. This may indicate historical value and destruction should be delayed while this is re-assessed.