Email needs to be managed just like any other record. Many business transactions and decisions are commonly recorded in email messages and it is important that these are managed appropriately and captured as records at the appropriate stage.
The widespread and often informal use of email means that messages with corporate value will frequently be sent and received alongside many others of temporary or inconsequential value. Users need to know how to differentiate between these and recognise whose responsibility it is to capture relevant emails within the organisation's record keeping system. Email records which remain in personal mailboxes will be less accessible to the wider organisation and run the risk of being lost.
While managing emails can prove time consuming and may be regarded by many users as an imposition, a consistent organisation-wide approach needs to be adopted to ensure that corporate email records are not lost.
A starting point is to develop an organisational policy which takes into account legal and business requirements, defines appropriate use and sets out clearly how email will be managed.
The policy should define what types of emails are to be captured within the organisation's record keeping system, when they should be captured and identify which users will be responsible for doing this. Guidance should be provided on what constitutes a corporate record and how to identify one. Consideration needs to be given to which party in an email exchange or thread will be responsible for capturing the emails. Your organisation's email policy should also incorporate a rule on how long emails are to be kept in individual mailboxes.
As well as covering the records management of emails, the policy should address personal privacy issues and govern who will be able to access emails. The policy should also embrace your organisation's IT acceptable use policy and emphasise the importance of neither creating nor soliciting inappropriate content.
Reducing the Volume of Emails to Manage
Emails that are trivial or have no long-term corporate value should be deleted as soon as possible. Keeping emails that have no corporate value is not good records management practice. The Data Protection Act also requires that personal data should not be kept for longer than is necessary so emails containing personal information should not be retained indefinitely.
Users can be encouraged to try to create fewer emails by not treating email as the default for communication, where another medium, for instance a conversation in person or by telephone, may be more appropriate. They can also reduce the size of emails by avoiding sending attachments to multiple recipients. For documents which require wider circulation or distribution, 'publish and point' procedures should be followed. Instead of attaching the document to an email message, which will provide each recipient with an individual copy, a version of the document should be placed on the EDRM, intranet or shared workspace. Recipients can then be directed to retrieve the document by including a pointer or link in an email message, which will lead the recipient to the master version. Distributing documents in this way helps encourage a culture of information sharing within your organisation. It also reduces the number of working copies of documents in disparate user folders, while the performance of the corporate network will be improved by avoiding the unnecessary transmission of large attachments.
Capturing Email Records
How and where you capture your emails will depend on what system you have in place to manage your other records. If your organisation is using an EDRM system it should be relatively straightforward to capture emails with corporate value in the system. If you are managing your records on shared drives emails can be moved to and stored in the business classification scheme folders on the drives.
Emails should be stored in a format in which the representation of the original email record remains accurate and authentic. Formats which restrict functionality or prevent the retention of attachments and metadata should be avoided. For the most widely used email client, MS Outlook, this would mean storing emails as Outlook message format (.msg) files. Some other email clients may not support the capture of emails with attachments in a record keeping system without some loss of information. For an email to retain its authenticity and completeness all sender and recipient information, transmission data and attachments need to be maintained as part of the email record.
MS Outlook emails can be archived in .pst files. While this is a convenient and popular way to retain access to emails in an individual email client, particularly if a limit has been placed on the size of the mailbox, it is not without risk. These aggregated files are not stable and should they become corrupted then access to all emails in the file will be lost. In any case archiving emails in personal .pst file, while convenient for the individual user, does not support information sharing throughout the organisation or effective records management and may result in emails containing personal data being retained for longer than is appropriate.
Emails captured in a record keeping system need to be accurately named. The subject heading of an email will often not provide an adequate description of content and may frequently be repeated in other emails. Naming conventions which are used for other documents should be followed for emails. Message prefixes such as FW: or RE: should not be retained. Documents that are attached to emails also need to be properly named. Should an attachment be separated from the email it was sent in both records may lose context and meaning without accurate naming.
Many users are content to keep all their emails in their personal mailbox and will continue to do so unless forced to do otherwise. It is better if emails are saved in the corporate records management system when they are first sent and received as users will have even less interest in managing emails as their active use declines.
A common organisational approach to encourage users to proactively manage their email is to place a limit on the size of personal mailboxes. However, this will not necessarily encourage users to manage emails on a regular and consistent basis as they may only deal with emails in a reactive way once their mailbox limit is reached. A more effective strategy to compel users to save their emails within their record keeping system is to automatically delete content from inboxes after a defined time period – for example once emails are three months old. Both approaches will only work if the user is denied the option to save emails in other locations. A dictatorial approach may not suit every organisation and the right balance needs to be struck between user experience and organisational risk.
It is important to ensure that emails which have been identified for destruction are permanently deleted. Deleting an email from a personal mailbox may still leave other copies out there in the mailboxes of the original sender or other recipients, reinforcing the necessity of an organisation wide approach to email management. Deleting emails from mailboxes will not usually result in their immediate permanent deletion since they will continue to be stored on the email server for the period set by your system administrator. If you make use of web-based email, you should be aware that deleted messages will also commonly be retained on offline backup systems by the service provider for periods which may not always be clearly defined.
Some organisations use email archiving solutions to help manage their email. A common impetus may be to achieve greater control over corporate email in order to meet regulatory requirements or to reduce costs and pressures on server storage space. Email archiving solutions automate the transfer of emails out of a primary email application into storage on another server. Some solutions may be able to filter messages and to classify and apply retention rules, and they will usually incorporate a discovery tool to help users search the email archive.
While automating the management of email may appear attractive, there are significant limitations to what can be achieved. Email archiving software may be able to filter out duplicate and unsolicited emails, but is unlikely to prove so successful at differentiating between important, non essential and personal emails, without some user input. Automated classification will usually be fairly basic and unable to match the ability of a user to interpret and classify corporate communication. It can also be difficult to vary retention periods.
As the titles of emails will not be renamed to more accurately reflect their content, there may also be limitations on how easily you can search and retrieve archived emails. A further shortcoming is that email records which are stored in a detached system will remain separated from related records captured in the organisation's main record keeping system. If the archiving solution is unable to accurately apply retention periods then emails may also be retained for longer than is necessary or appropriate, heightenting the risk of a data protection breach.
Given some of the potential drawbacks any decision to adopt an email archiving solution needs to be carefully considered. The regulatory framework in which an organisation operates must always be taken into account when determining whether such a strategy would be appropriate. A compromise may be to use email archiving software to reduce email volume by filtering out extraneous content before manually applying your retention policy to the records that remain. If you do decide to implement an email archiving solution you should make sure that clear rules are put in place to achieve the required standard of records management before any system is introduced.
National Records of Scotland's own email policy covers the handling of sensitive information in emails, responsibilities for managing email, and the retention and disposal of emails.
National Records of Scotland Managing Email Policy (230 KB PDF)
JISC's infoKit on managing email provides guidance on an organisational approach to email management.
The National Archives' guide to managing digital records without an electronic record management system also includes an extensive section on email management.
The National Archives has also published ‘Guidance principles on the auto-deletion of emails’. (96 KB PDF)
The Digital Curation Centre has published a chapter on curating emails as part of its Digital Curation Manual. This outlines a framework for email curation and preservation, and examines current approaches and the challenges to successful email management and longer-term curation.
The Digital Preservation Coalition has published a Technology Watch Report on preserving email, written by Chris Prom, which looks at practical steps for the long-term preservation of email. It includes a section on tools which can be used to support email preservation work.
Preserving Email (39.2 MB PDF)
If you encounter difficulties opening linked websites listed on this page please contact us at firstname.lastname@example.org.