Emails are an important part of the corporate record for all organisations. For public sector bodies they are public records and are subject to the Public Records Act, the Data Protection Act and the Freedom of Information Act. Therefore they need to be managed in a way that meets legislative requirements.
All civil servants have an obligation to keep accurate official records under the Civil Service Code.
You will need to:
- define clearly which emails need to be kept for business or historical value
- communicate simply and often to users the rules for what emails to keep
- keep emails with related digital information in a shared corporate information management system
limit what users can keep in personal email accounts by the use of:
– email account quotas OR
– automatic deletion after a set period of time
See our Guidance principles on the auto-deletion of email (PDF, 0.08 Mb).
Do not use any system that changes an email’s format into one that is no longer usable (e.g. a text file). Find out more about suitable file formats.
Implementing a policy
It is not necessary to develop an individual policy for the management of emails. They should be covered by the wider information management policy. For some organisations it may, however, be the only way of reinforcing the importance of users’ responsibility to manage all digital information appropriately.
Any policy for email management should reflect your existing information management policy, ensuring it aligns with your business requirements for information management (PDF, 0.19 Mb)
Support users in managing email
Ensure that users understand the benefits to them of managing their email correctly, for instance that emails can be found in a timely way and emails will not be lost as a result of automatic deletion periods.
Lost emails can prevent work from being carried out, create unnecessary duplicated effort or cause damage to the organisation or user through not meeting legislative requirements.
You should ensure that email management is part of the corporate induction process. It is important that leavers file any emails of corporate value and that email accounts are then deleted.
Monitor compliance with corporate information management policies and assess risks. Individual compliance should be reflected, if possible, in staff performance reviews.
Often the issue is a cultural one, where users are simply reluctant or too busy to manage emails. When reviewing why users aren’t managing emails it’s important to check:
- Are they aware of your information management policy?
- Are they aware of their responsibility to manage emails of business value?
- Do they know how to use the systems designed to manage emails?
- Does the system intended to store and manage emails actually work?
- Does the process meet both user and business needs?
The answers to these questions will allow you to form a strategy to enable users to manage emails in the way that you want them to, without impeding their ability to do their job.
Decide which emails to keep
It is tempting to assume that because email metadata provides a ‘receipt’ of correspondence (particularly when used to transmit an attachment) you should keep them all. In practice only a percentage of emails will contain information of value or importance to the business. Keeping all emails will result in a significant storage burden to your organisation, create inefficiency and increase the risk of non-compliance.
By identifying which emails are of value and locating them with other relevant information, you can be more confident that they are retained only as long as they are required.
Ensure emails remain usable
There is no standard format that emails should be kept in within an information management system. The key aspect in making a decision is that they remain usable. Emails are usable when they can:
- be opened by any user without a specific email application
- show the full content in a readable manner to any user
- show all attachments and allow them to be opened by any user
- be used (forwarded, replied to etc) by any user
Understand the risks around using email archiving systems
While potentially useful for backup purposes in a short to mid-term, the use of email archiving systems presents some risks in terms of information management:
- Loss of contextual information when emails are bundled into a large compressed file
- Difficulty in determining which emails are of value and which can be disposed of due to loss of context
- Inaccurate or inadequate search returns due to large volumes of email
- Over or under restriction on access due to limited access controls
- Inability to implement disposal due to limited disposal functionality
Remember that email archiving systems do not manage email, they only store them.