Managing E-mail Effectively
Archives Technical Information Series #62
2002
How to Use this Book
This booklet provides an in-depth introduction to all aspects of the management of e-mail, so you may want to focus on those parts of the book that pertain to your interests.
For a general introduction to e-mail and how it works—
Read the “Introduction,” “E-Mail Systems,” and “The Pitfalls of E-Mail”For guidance on how to manage your personal e-mail—
Read “Filing E-Mail,” “E-Mail Retention and Disposition,” and Appendix E, “E-Mail Tips and Netiquette”For hints on how to identify which e-mail are records—
Read “Distinguishing E-Mail Records from Non-Record E-Mail”For information on how long to keep e-mail and in what format—
Read “E-Mail Retention and Disposition”For advice on developing e-mail policies—
Read “E-Mail Policies,” “E-Mail Management Responsibilities,” “User Training,” and appendices A-D, which provide a number of sample policiesFor direction on choosing e-mail software and e-mail management software—
Read “Selecting E-Mail Software”For ideas on how to improve the security of e-mail—
Read “E-Mail Security”For definitions of terms in e-mail management—
Refer to Appendix F, “A Glossary of E-Mail Terms
Introduction
E-mail, or electronic mail, has revolutionized the way people in government, business and private life communicate and transact business. It has become an essential and robust element of many organizations’ business processes. With the inception of e-mail, the formal paper memo is almost entirely a thing of the past, replaced by a simple and easily distributed e-mail message. The problems and expenses of playing phone tag have been reduced as e-mail has made it possible for us to communicate with co-workers, the public, family, and friends, even when they are away from their desks.
And that is the problem. Many office workers now regularly send and receive in excess of 14,000 e-mail messages a year. After multiplying that figure by an average staff size, many organizations are sending and receiving literally millions of electronic messages a year. This situation presents significant management issues. After all, e-mail is the most common source of computer viruses, and e-mail may contain sensitive information that others can easily forward to people who are not authorized to see it. People need to control the flow of e-mail into and out of their electronic mailboxes to ensure that the onslaught of communication does not consume all of their time.
Many local governments and state agencies are now on the verge of implementing electronic government applications that will only increase the number of e-mail messages they receive. They need to institute security methods for e-mail systems, train staff to identify and properly retain the records sent and received via e-mail, and establish policies to manage e-mail so that its benefits always outweigh its drawbacks. This booklet discusses how to manage e-mail messages just as you manage other records, and how to identify, retain, and make them accessible as long as necessary.
E-Mail Systems
An e-mail is an electronic message, including any attached documents, sent from one party to another via a telecommunications system. The term “e-mail” also refers to a computer system that sends and receives e-mail messages. An e-mail system provides the means to create messages electronically, transmit them through a network, and display them on a recipient’s computer. E-mail systems also provide an array of features including editing and document management capabilities, secure transmission, directories of user addresses, and message authentication.
Despite the particular e-mail software you use, there are two general types of e-mail systems: a dialup system, where each user dials into a vendor’s server to send and retrieve e-mail; and a networked system, where an organization has complete control of its e-mail system.
Dialup systems
Most small organizations use dialup systems because they cannot afford or do not have the expertise to maintain their own computer network. You are probably familiar with dialup e-mail in your personal experience with e-mail at home. Whenever you want to send or receive e-mail, you direct your e-mail software to dial into the server of AOL, Juno or some other Internet service provider (ISP). The remote server of the ISP then sends any outgoing messages you have prepared and downloads any e-mail waiting to be delivered to you.
Although dialup systems are convenient, there are some problems associated with them. First, the e-mail address you use does not identify your organization. For instance, your e-mail address might be “jsmith@internet.com,” but if you work for the Town of North Haverbrook no one receiving an e-mail from you can determine this from your e-mail address. Also, with a dialup system your organization does not have control over the e-mail system: you cannot control security, and you cannot verify that staff are using e-mail appropriately. Finally, e-mail will be a less effective tool if staff members must dial into a system each time they want to send or collect e-mail.
Networked systems
Larger organizations and probably all state agencies maintain their e-mail totally under their own control on their own servers, since a networked system is the most convenient option for e-mail service. In this type of system, users are online and connected to their e-mail whenever their computer is on. Since new e-mail will be available without having to dial into a remote server, staff are likely to check and respond to their e-mail frequently throughout the day. This leads to more e-mail messages but also to faster responses to those messages; it allows people to collaborate quickly and efficiently. The organization also has total control over security and maintenance and can schedule these activities for times that will least disrupt the organization’s work.
Networked systems require significant information technology (IT) resources. The IT department will need to set up and maintain a complicated network and a large number of e-mail accounts. The department will need to provide assistance to users having trouble with their e-mail, provide guidance on using passwords, and design and follow backup procedures.
Other access options
As e-mail has become more prevalent, so have the methods for accessing e-mail. However, improved access also includes new troubles for e-mail administrators. In larger organizations, staff often have a secondary means of accessing their e-mail: they can visit a website with any web browser and remotely access their e-mail account. After arriving at the site, users give their username and password and can then read and send e-mail. This is especially useful for people who are frequently away from the office but have access to a computer elsewhere. Also common in larger organizations is a system to provide dialup remote access to e-mail on a central server. In this situation, users can dial directly into their work mail server to read and write e-mail. This technique is used to give people access to their work e-mail from home or from remote offices of the organization.
The advantages of these options are obvious: greater access to e-mail means a greater ability to accomplish one’s job. One drawback is that increased access poses an additional security risk, since there is an additional access point to the e-mail resources through a website. Another drawback is that, by giving people greater access to their work e-mail, the amount of government resources (including staff time and server space) they use for personal e-mail may increase.
The e-mail message
An e-mail message consists of individual units of information divided into an “envelope,” the message itself, and attachments. The envelope, called the message header, contains the mailing address, routing instructions, transmission and receipt data, and other information the system needs to deliver a message correctly. The message itself is the text contained within the e-mail. Most e-mail systems also allow senders to attach documents to messages.
A standard e-mail window with fields for specific types of information (sender, recipient, subject, message, etc.) and buttons that provide greater functionality.
The Pitfalls of E-Mail
As with any other situation in life, you need to understand the potential dangers of e-mail so you can protect yourself from them. There are many ways that poor records management controls over e-mail can lead to problems.
Inadequate retention controls
One of the most common e-mail problems is poor retention practices. In many e-mail systems, individual users maintain thousands of e-mails at any one time. This means that users are not identifying and deleting the messages they no longer need, and it probably means that they are not transferring e-mail records out of their inboxes and outboxes. Over time, overburdened e-mail systems can become slow, and retaining unnecessary e-mail may lead to delays in retrieving important e-mails from a large volume of messages.
Resources wasted responding to information requests
E-mail is discoverable, meaning that opposing counsel in a lawsuit can ask for copies of e-mails (and other records) relevant to the case at hand. This by itself is not a problem, but if you have retained more e-mail than you need to, you will have to promptly retrieve and deliver even more information to the opposing side. The cost of complying with legal discovery can easily reach hundreds or thousands of dollars, so it is in your organization’s best interest to reduce such costs by retaining only the e-mail it needs.
A similar situation exists with Freedom of Information Law (FOIL) requests. If an e-mail has met its retention period and has been destroyed, there is no need on your part to retrieve and present it to a requestor. But if the e-mail still exists and is releasable under FOIL, you will need to retrieve and produce the record. For information on this topic, contact the Committee on Open Government, Department of State, 41 State Street, Albany, NY 12231-0001; telephone, (518) 474-2518; fax, (518) 474-1927; e-mail, opengov@dos.state.ny.us; web, http://www.dos.state.ny.us/coog/coogwww.html.
Potential for lawsuits
Since e-mail messages often contain people’s opinions, there is always the chance that personnel in your organization might send harassing or libelous e-mail messages to others. These messages will often reveal that their source is your organization, which may put your organization in danger of being named as a defendant in a lawsuit.
E-mail formatting
Compared to the plain e-mail message of the past, modern e-mail can often allow the user to enhance the text of a message in dramatic ways. Users can change typefaces, font sizes, and text color, and even include HTML-formatted documents as the text of a message. The problem with all of these features is that they may be totally invisible to the recipient of the message because the latter’s e-mail system may not have the ability to read them. People receiving such e-mails may become annoyed by their inability to read parts of the message or by the fact that the message is littered with incomprehensible HTML tags.
Incompatible attachments
A similar problem can also occur with attachments. Users often attach files to e-mail messages: word processing, database, spreadsheet, image, or sound files. But not all e-mail users have systems that accept attachments, or attachments may not be properly encoded for your recipients’ e-mail systems. If this is the case, the recipients will not be able to access the attached files even if they have the software to read the files.
Forwarded or misdirected e-mail
Unencrypted e-mail is never a private means of transmitting information, although people often treat it as such. Once you have sent an e-mail message to someone, that recipient can easily forward the message to someone else. This can lead to problems associated with unauthorized access to information. An additional problem is that many people have accidentally sent e-mail messages to the wrong person, sometimes with humorous but often with disastrous results (such as lawsuits and firings).
[Sidebar]
Case Study
City of Brockway and Libelous E-MailA few months after giving city personnel access to e-mail, the City of Brockway began to receive complaints from the public. According to the complaints, staff members of the city had been sending insulting e-mails to members of the public using the city’s e-mail system. The complaints came to the city, because each e-mail message identified itself (via its return address) as a message from the city government.
After reviewing the e-mails in question, the city’s records management officer believed that some of the messages were so outrageous that they might be libelous. He discussed the issue with the mayor and the personnel department immediately. The mayor sent a stern e-mail message to all staff warning them that e-mail was meant for official business only and that anyone using e-mail for other purposes could face serious disciplinary actions. The personnel department began a review of the e-mail messages in question and worked with the supervisors to discipline these staff members.
Soon after, the mayor directed a few individuals to draft a city e-mail policy on the acceptable use of e-mail. Everyone involved realized that a strongly worded e-mail policy promulgated beforehand would have saved the city much grief.
Distinguishing E-Mail Records from Non-Record E-Mail
One of the greatest challenges of managing e-mail effectively is to identify and retain the records transmitted through the system so they are readily available to authorized users. The corollary to this is that users must identify and purge non-records from the system as soon as possible. These seemingly simple objectives require an organization to meet a number of requirements.
First, you must identify an e-mail record and determine where it should be filed. This step requires you to develop guidelines to identify e-mail records and institute filing solutions that ensure you can access and retrieve e-mail records. Accessible records are those that reside in a logical filing system that users can use to retrieve any particular record in a few minutes. A record lost in a blizzard of stockpiled e-mails and a record stored on the hard drive of an obsolete computer are not sufficiently accessible.
You also need to incorporate other records management practices into the day-to-day business of managing your organization’s e-mail. For example, you should segregate official records from transitory information, such as extra copies or preliminary drafts of documents. Because e-mail is easy to use, the proliferation of informal and transitory messages (such as listserv messages) that do not provide evidence of official business transactions is a common problem in e-mail systems. These non-record materials do not need the same degree of control as official records, yet they often accumulate rapidly in e-mail systems.
Many e-mail software programs are actually groupware products in which e-mail is just one feature of a package designed to help groups of people work together on projects. Groupware products often include e-mail, calendaring, scheduling, document sharing and other document management capabilities. The additional information formats in these systems (personal calendars, reminder notes, to-do lists) may or may not be official records, depending on the value of the information they contain. You must also determine the retention periods for any records stored in these formats.
E-mail records
E-mail messages are official records when they are created or received in the course of business and are retained as evidence of official decisions, actions, or transactions. Court rulings have consistently confirmed that e-mail messages may be official records and that organizations must treat them as they do records in other formats. Since many copies of a single e-mail message may exist within a single organization, however, users must identify the record copy, which often but not always will be the sender’s copy. For instance, if the head of a department sends out a policy directive to everyone on staff, every copy of that e-mail is not a record, but the copy in the department head's outbox is.
E-mail messages that are usually records include
Here are a few abbreviated examples of e-mail messages that are probably records:
From: Wally Kogen
To: Vendor
Subject: Contract Clarification
Message: This is a good question.
The intent of that item in the contract
is to…You should maintain the message above in the related contract file since it provides evidence of how your organization defined the intent of a clause of the contract.
From: Brad Goodman
To: Mindy Simmons
Subject: Committee Appointment
Message: You have formally
been appointed to the Department
Improvement Committee…If your organization maintains records of committee assignments, this message provides evidence of who was assigned to that committee, by whom and on what date.
From: Leon Kompowsky
To: Roger Meyers
Subject: Letter of Complaint
Message: Dear sir, I feel
compelled to send you this complaint
about the people working
in your department…Even incoming messages can be records. This letter of complaint is a record of one person’s problem with a department. If your organization had received this as paper mail, you would have treated it as a record, so you should treat this e-mail as a record as well.
[In the Commissioner’s outbox]
From: Commissioner Patterson
To: All Staff
Subject: E-Mail Policy
Message: Please read carefully
and comply with the following
e-mail policy…Notice that this message is the outgoing record copy of a message sent to everyone in a state agency, so you would need to retain only this copy. The significance of this record is that it provides evidence of the exact date and time the commissioner informed staff of this policy.
Non-record e-mail
The definition of official records specifically excludes extra copies of documents, so for this reason alone many messages you receive via e-mail are not records. Some examples of e-mail messages that are usually not records include
The following are a few abbreviated examples of e-mail messages that are probably not records:
From: Kevin Thackwell
To: Alex Whitney
Subject: Re: Draft for Review
Message: Sorry about the
delay. See what you think
about this draft and get back
to me by Thursday at the latest…This message merely provides evidence of work being done on a draft document. Since the draft itself is not a final record, none of this is record material.
From: Laura Powers
To: Staff on 9th Floor
Subject: Party Announcement
Message: Join us on December
17th for our annual holiday
celebration. This year we hope…Party announcements, even if sanctioned by your organization, do not provide evidence of the official transaction of business, so this message is not a record.
From: Hugh Parkfield
To: Lisa Simpson
Subject: Fwd: Joke
Message: Here’s a good one!
A giant grasshopper goes into
a bar and sits down, and the
bartender says…This message is merely a forwarded joke. Not only is this not a message, but many organizations have policies against wasting the organization’s time and resources by sending such jokes.
[In a staff member’s inbox]
From: Commissioner Hibbert
To: All Staff
Subject: E-Mail Policy
Message: Please read carefully
and comply with the following
e-mail policy…This message is a duplicate copy of a message in a single recipient’s inbox. As such, it is not a record.
This illustration of an e-mail inbox shows the number of e-mails remaining from a twelve-day period of work. The messages received include both internal and external messages, messages sent solely to this recipient and those sent to multiple recipients, original messages and responses to messages, direct and forwarded messages, messages sent by individuals and messages sent by automated messaging agents. This volume and variety of e-mail is a common sight for many of today’s office workers, each of whom needs some guidance in managing this flood of information and records.
Filing E-Mail
The first point to keep in mind with filing e-mail is that you only need to file the e-mail that are records. There are two general options for filing and managing e-mail records: print messages and file them in manual filing systems, or transfer e-mail messages to an electronic filing system of some kind. Each option has different advantages and disadvantages, and each requires different degrees of technical support. When selecting a method for retaining e-mail records, make sure that the chosen method meets the needs of users and complies with all recordkeeping requirements. After the development of a new filing system, all users must consistently apply the policies, procedures, and tools for managing e-mail.
General filing guidelines
1. Identify the e-mail
Unless your e-mail system is designed to automatically file received e-mail, the first filing action users have to perform is to open each e-mail message and discover what it says. Just as with traditional paper mail, users will receive all kinds of e-mail and will need to evaluate what to do with each individual piece.
2. Discard useless e-mail
Users should quickly discard junk mail and personal mail. Keeping such e-mail in an inbox takes up storage space and makes it more difficult to locate any e-mail records.
3. Respond to business e-mail
Users should act on business correspondence immediately. Although the filing and maintenance of e-mail records is important, it is more important to conduct the central work of the organization and respond promptly to business e-mail.
4. Identify any e-mail messages that are records
Organizations need to determine which outgoing and incoming messages are records. When users send e-mail messages within their organization, they must maintain copies of those outgoing messages that are records, because those are the record copies. Without this procedure in place, every recipient of an e-mail message broadcast within an organization might try to save the same message, leading to unnecessary duplication. Staff must also be sure to evaluate whether any e-mail they receive from outside the organization is actually a record.
5. File e-mail records
As soon as possible, users should file any correspondence that is directly related to the business functions of the government, including related attachments. Since e-mail messages may actually fit in several different records series, users will first need to identify the appropriate series for the e-mail. Then they can file the e-mail in those series, whether paper or electronic.
Paper filing systems
One option for storing e-mail records is to print them onto paper and file them in a manual filing system. This option is easy to implement, especially where well designed filing systems already exist. It is also an effective way to integrate paper and electronic records where records are created and received in both hard copy and electronic form. Also, paper is a simple solution to the problem of technological obsolescence. Once you print an e-mail, you do not need to keep it in a readable electronic form for its entire retention period.
This option also has several disadvantages. The ability to search for, retrieve, or retransmit documents electronically is lost if messages are deleted after printing. Complete compliance is hard to accomplish if users are responsible for printing, routing, or filing their own messages. This approach is costly because staff must manually print, organize, file, and retrieve the records. All paper filing is prone to inconsistencies and misfiling, and consumes large amounts of paper. If this option is used, you will need to print all address, recipient, distribution, transmission, and receipt information needed to authenticate the content of the messages.
Filing within the e-mail system
Although e-mail systems can provide some filing controls, these systems are generally inadequate as formal filing systems. The main problem with using e-mail systems as filing systems is that they usually allow individuals to file only their own e-mails in folders in their own e-mail accounts, rather than in one central filing area. This means that e-mail messages sent from the same records series but received by different people will not be filed together. Even separate e-mails related to the same case would not be filed together, thereby increasing the chances that users of the records would miss part of the file when looking for information. Also, e-mail messages in one user’s personal filing system remain inaccessible to others who may need access to them.
There are two advantages to filing within an e-mail system. One is that such filing makes it easier to maintain and search the e-mail in its original format. The other advantage is that this solution automatically ensures that all metadata (data about the e-mail message itself) is saved, so there will be no worries about missing any receipt or other information that might be lost if the e-mail was merely printed out.
Filing in folders on a LAN
Another filing alternative is to design an electronic filing system where e-mail messages and other electronic records can be stored, accessed, and managed together on a local area network (LAN). This option has the advantage of providing a consistent method for organizing and retaining electronic records that is accessible to multiple users simultaneously. If a filing system is well designed and maintained, it will provide users with easy and consistent access to organizational records. The use of naming conventions, authentication protocols, and filing systems makes it easy for users to locate the document they need and to ensure that documents retrieved from the filing system have not been altered. The repository should include controls to prevent unnecessary duplication of records and permit regular removal of obsolete records.
The main disadvantage of this approach is that program staff and network administrators must plan for and design a suitable filing structure that makes sense to a large number of people. Also, unless the business process is fully automated and all records are in electronic form, the organization will need to coordinate filing systems for records in paper and electronic formats. If the filing system is large and complex, specialized staff may be needed to manage records in the system.
Storing in an electronic document management system
An electronic document management system is an electronic recordkeeping system that allows for coordinated routing, filing, and retrieval of documents in multiple electronic formats. Usually, a document management system will be able to display many different formats of records without launching the native application for that file format. In such a system, e-mail messages and all possible attachments related to e-mail (word processing documents, spreadsheets, image files, etc.) can be filed together and accessible through the same interface. The advantage of such a system is that the organization can carefully file documents together in multiple data formats whenever they fall within the same file or series.
Some document management systems, called records management applications (RMAs), even allow for full retention controls over each e-mail. With an RMA, each user can associate the applicable retention period to each document or each folder of documents. The RMA will then track retention periods for each document in the system, simplifying the process of managing retention for thousands of e-mail documents.
Filing in parallel paper and electronic systems
One filing solution is to maintain separate but parallel paper and electronic systems. In such a system, e-mail records are retained as electronic documents and correspondence received as paper mail is saved in a paper filing system. This compromise solution has a few perils associated with it. With two filing systems, there is always the danger that they will not be perfectly parallel and that conflicting filing standards will exist in each system. Also, users are less likely to search two separate systems, and might thus fail to retrieve some related records. Both these problems can lead to difficulty in finding and retrieving records—which is exactly the problem that filing systems are supposed to solve.
Individual vs centralized filing
Most e-mail filing systems rely on the quirky filing structures of disparate individuals handling only their own e-mail. This situation leads to unsystematic and incomplete filing systems that are inaccessible to most people in the organization. A better solution is to centralize the filing of e-mail in some manner, so that all information resources are under the control of the organization and available to those who need them. Unfortunately, few organizations have tried to institute centralized electronic filing.
[Sidebar]
Case Study
Legal Discovery and the Special Services AgencySpecial Services Agency (SSA) staff decided years ago to retain all e-mail backup tapes forever. The agency believed that this was the simplest and cheapest way to retain e-mail, because they would not have to waste personnel time identifying retention periods for the thousands of e-mails they were sending and receiving each month.
A decade after that decision, a lawsuit was brought against the SSA, and a court ordered the agency to turn over copies of all documents related to the suit, including e-mail. Since the e-mail messages still existed, the agency was forced to restore all ten years of backed-up messages and to weed through them to find pertinent documents. This process took the agency three months, hundreds of hours of personnel time, and thousands of dollars in vendor costs.
After suffering through this expense, the agency decided to develop procedures to identify, file, and retain e-mail records as long as necessary, but to discard all non-record e-mail expeditiously. They followed up with training sessions for all staff. Although this change in work habits took time and money, the agency expected to gain it all back given the increased speed with which they could now retrieve agency e-mail records.
E-Mail Retention and Disposition
Records retention can often be difficult to manage, but it is particularly problematic in an e-mail system, where individual users (instead of centralized records management staff) manage the documents in the system. Each organization must develop its own system to manage retention and disposition and inform staff of that system through policies and procedures. It is particularly important for the organization to develop uniform practices for maintaining those e-mails that are records and for organizing those records to ensure their continued accessibility as a corporate resource.
As with other records, retention periods for e-mail records are based on their administrative, legal, fiscal, and research value. Generally, specific e-mail records will have the same retention periods as records in other formats that are related to the same program function or activity. Before you can identify the retention period of a particular set of e-mail messages, you must identify what type of record the e-mail actually is and which records series it falls under.
Records retention of e-mail for state agencies
State agencies can identify retention periods for some e-mail records in the State Archives’ General Retention and Disposition Schedule for New York State Government Records, which establishes retention requirements for many common types of records in state government. Agencies may follow the retention periods authorized in the general schedule simply by notifying the State Archives of their intention to use that schedule. However, staff should consult with their agency records management officer before using the general schedule to verify that the agency has notified the State Archives of its intent to use the schedule and that the agency has not developed its own records retention plans in place of general schedule items.
Because the general schedule doesn’t cover all records that a state agency might create, agencies may need to schedule certain e-mail records separately. In such instances, the agency should first determine if there is a specific records series that covers the function of the e-mail in question. If no agency-specific schedule covers that function, agencies should schedule e-mail records in conjunction with other records related to the function. For instance, schedule any e-mails concerning a contract file with that series of contracts. For more information on scheduling state agency records, contact the State Archives at (518) 474-6926.
Records retention of e-mail for local governments
Local governments can find the retention periods for e-mail records in one of four different general schedules: the CO-2 for counties, the ED-1 for schools and BOCES, the MI-1 for miscellaneous governments, and the MU-1 for municipalities. The basic guidelines to follow when trying to decide if an e-mail and its attachments are records are to determine if they document the business of the government, decide what records series they belong in, and find what item in the appropriate schedule covers that series. Local governments can determine the retention period for those records by consulting the applicable local government retention schedule. Most e-mail will be correspondence or memoranda, but related attachments may actually be reports, correspondence, or a number of other kinds of records.
Metadata
Although the message itself is the central part of any e-mail, each e-mail actually carries with it a good deal of metadata about the e-mail message itself. This metadata includes information about who sent the e-mail and to whom, the date of sending and receipt, the subject (as it appears in the subject line), the routing of the e-mail, and even (in centrally controlled systems) when a recipient opened a message. Metadata helps to put e-mail messages in context, and a complete set of metadata provides a complete history of the message. When considering any retention strategy for e-mail, you must determine what metadata to maintain to ensure that the e-mail can be accurately interpreted and used in the future. For most purposes, the metadata that is printed out with any e-mail message is sufficient (sender, recipient, date, subject). However, in some cases the verification of receipt, as well as the exact time the message was sent, may be important.
Sample metadata that an e-mail system saves for each message it handles. Note that this metadata window includes much more information about the message than is held in the visible header of the message. For instance, it includes the exact time the message was delivered and opened, the size of the message, and a large number of options. With this information, a reader has a complete record of the e-mail message.
Preservation of e-mail
The final step in any records retention program is to preserve the permanent records of the organization. There are three basic methods of preservation for e-mail: electronic, paper, and microfilm.
If you choose to save e-mail in electronic form, you will need to ensure that all permanent e-mails remain readable and accessible in this form and that you maintain a backup copy of these records. This will usually require your organization either to migrate e-mails periodically from one e-mail format to a newer one, or to save the e-mail in a standard format. For instance, an organization could save each e-mail record as a text file (sometimes called an ASCII file), because that is a standard format that will remain readable indefinitely. This solution is time-consuming, however, since it requires someone in the organization to save each e-mail message as a text file. The advantage of this solution is that most e-mail systems already allow users to save messages and any associated metadata as text files, so the organization will not have to purchase any additional software.
If you choose paper as a preservation medium, you will need to print out each e-mail, along with any attachments and all necessary metadata. If you choose microfilm, you will face all of the issues regarding paper, plus the need to take an additional step of converting the records to microfilm. Deciding what technique to use depends on such issues as the technical capability of your staff, your access needs, and costs.
State Archives staff can advise state agencies and local governments on the preservation of e-mail. The Archives also helps state agencies identify records with long-term or archival value. Agencies may transfer archival records to the State Archives, with prior approval, when they no longer need to maintain them in their offices.
[Sidebar]
Case Study
Shelbyville City School District and Access to E-MailThe Shelbyville City School District never took the time to identify which of its saved e-mail messages were actually records. While the district was planning to implement a new e-mail system and destroy all the e-mail in its old system, staff discovered that many of the messages contained important personnel and planning records that were not maintained in hard copy or any other format.
The district discovered that it could not migrate the old e-mails to the new system because the cost was prohibitively expensive, yet it believed there was no other way to save the messages electronically. So the district used temporary staff to print out all the e-mail from the old system and then had office personnel separate the records from non-records.
After this project proved a massive failure, using up excessive amounts of staff time and paper, the district records management officer decided to investigate other solutions to this problem. After paying for a study to find the best solution for managing its e-mail problems, the district installed an electronic document management system to handle the filing and retention of all its e-mail and saved all e-mail messages as easily usable text files.
E-Mail Security
Because your organization will have to depend on e-mail to make and document decisions, you need to have protections in place to ensure that e-mail records are authentic and secure. System security should also protect e-mail records against unauthorized access, and actions that might cause their damage or loss. Just as you need to secure paper records, you need to protect e-mail records.
Protecting records in computer systems begins by identifying potential threats to the system. These threats, both intentional and unintentional, internal and external, include physical threats to buildings and computer facilities as well as natural disasters and environmental threats. Other dangers are computer hardware and software failures, sabotage (such as viruses), and damage caused by unauthorized users posing as authorized users. Even simple human error (such as accidental deletion of e-mails) is a security threat to the e-mail system.
The appropriate strategy and level of security to protect e-mail depends on the risks involved, the value of the records, and the possible costs in the event of loss. To ensure the security and authenticity of e-mail records, e-mail systems must, at the very least, have controls that restrict who can create or access files. Since security measures can be costly to design and maintain, program managers and network administrators should work together to assess risks and to design security measures that fit the degree of risk.
Passwords
One of the most obvious risks to e-mail is that unauthorized users may gain access to e-mail stored on your servers. Password protection helps restrict access to authorized users. Use of passwords in an e-mail system is a responsibility shared by the network administrators and all e-mail users. Administrators must set up password systems and ensure that users change their passwords regularly. Users must keep their passwords secret, change them on schedule, and comply with password standards.
Access rights
Network administrators can further restrict access by giving only specific individuals the right to add, alter, or delete messages stored in specific folders on a LAN. Internal threats are always a potential security problem, and limiting access to files only to those who need that access for their work will reduce the probability of this problem.
Restricting distribution of confidential information
Many organizations handle sensitive information each day, including patient data, student records, and the social security numbers of personnel. Because of the sensitivity of such data, organizations should not transmit this information via e-mail unless it is encrypted. So one simple solution is to send any confidential data only via fax or paper mail, which are generally more secure means of transmission.
Security labels
Though these provide only a modicum of protection, security labels, such as “urgent,” “confidential,” or “acknowledgment requested,” attached to an e-mail message by the sender inform recipients of special privacy and handling requirements. These labels remind both senders and recipients to take extra precautions when handling these records.
Virus protection
Virus protection is essential to any computer system that includes e-mail as one of its components, because e-mail will always be a possible entryway for computer viruses. Information technology staff should ensure that up-to-date virus protection software is loaded on each computer. Even users of dialup e-mail need to ensure that their virus software is current, especially since virus protection software is quite inexpensive in comparison to the costs of recovering from a virus attack. Virus software often has a semi-automated update feature that reminds users whenever they are online that a software update is available.
Backup procedures
A standard protection for any electronic information system is to back up the system’s contents on a regular schedule. Most large-scale in-house e-mail systems will routinely back up all e-mail in all accounts at the end of every business day. Backups provide additional protection against any possible loss of records. However, all backups should follow two simple rules: each backup should be verified to ensure it has worked, and backups should always be stored offsite to provide extra protection in case of a large-scale disaster, such as a fire or flood. It doesn’t matter how many backups you have if you have stored them all together in a building that has just burned down.
Audit trails
System audit trails automatically record login attempts and the creation, transmission, receipt, filing, retrieval, and deletion of electronic files on a network. System administrators can use audit trails to verify that users are following security procedures and are not accessing or modifying files without authorization.
Electronic signatures and encryption
For sensitive electronic transmissions, you might consider using encryption and electronic signatures. Encryption can ensure that the contents of an e-mail remain secret and unreadable even if an outside party captures the e-mail during transmission. Electronic signatures authenticate that an e-mail has come from the person identified in the e-mail as the sender of the material. Encryption and electronic signatures, however, are fairly complex technologies requiring that both the sender and recipient of an e-mail message comply with precise standards and essentially function as part of the same security network.
Network security
In addition to any security measures designed specifically for e-mail, a network-based computing system will need to have in place standard pieces of information security. These pieces might include firewalls (software and hardware mechanisms that deny access to computing systems to unauthorized users), daily review of security logs, and user security training.
Selecting E-Mail Software
E-mail users are more likely to file and retain e-mail records when the e-mail system they have supports their day-to-day work and is easy to use. Therefore, the effective management of e-mail requires that an organization first decide what it needs the software to do before trying to select any software.
E-mail software
Once a decision is made to install a new e-mail software program, staff should conduct a thorough analysis of the proposed uses for e-mail and identify the requirements for the system. Such an analysis will help ensure the selection of software that will support the business processes of your organization. When selecting an e-mail package consider user friendliness, the ability to integrate e-mail with an existing LAN, whether new hardware is required, overall costs, and compatibility with other software used by your organization. Addressing these factors will lower the costs of acquisition and maintenance and can reduce the amount of user training and support that is needed.
The capabilities of the e-mail software will also have an impact on an organization’s ability to manage its e-mail records. Most e-mail packages include features that make it possible to distribute messages to groups, organize messages into folders, move messages to document management systems, and print messages for filing in manual systems. Some software packages capture standard information on each e-mail message (subject, document type of any attachments, and identifying information) and can provide automatic routing, deletion, or removal of messages to offline storage based on pre-defined conditions. For instance, the system could be designed to automatically route mail from a certain sender or with certain terms in the subject line to a specific file folder. Selecting e-mail software with these capabilities and setting up the system to exploit them can automate many aspects of the management of e-mail.
Some e-mail systems automatically create metadata that identify the record creator, transmission and receipt date and time, recipient, and status of each e-mail. If your organization will use e-mail messages as evidence of decisions and transactions, you must capture this metadata with each e-mail message. This metadata will prove that the sender is who he or she claims to be, that the message actually was sent, and that it was received and viewed by the recipient.
E-mail management software
There are many software products on the market today that provide additional ways to manage your e-mail. These products have features that are not typically available in e-mail software packages. Organizations should choose these additional products to address specific needs they have regarding the management of e-mail.
There are many different types of functionality these e-mail management packages include. Some focus on improving access to e-mail. These packages store all e-mail messages of an organization in a single electronic repository, set access rights to different parts of the repository, and provide an improved method to search for e-mail (including online web access). These packages sometimes allow you to set rules that allow the software to automatically weed some non-record e-mail and spam from the system before storage. Some packages improve access by capturing metadata on the e-mail (sender, recipient, subject, date, etc.), along with the text of the e-mail messages and all attachments; this information is then used as an index to all e-mail stored on the system.
Some software packages focus on monitoring and controlling the content of e-mail messages. Some of these identify and reject incoming e-mail messages, based on specific words that appear within them. Other packages allow the e-mail administrator to check for certain terms within the text of outgoing messages as a way to ensure that e-mail is being used for business uses only.
A wide variety of software packages provide various methods for the secure delivery of e-mail documents. At least one product allows a sender to set a time period after which the transmitted e-mail will become unreadable—even while resting, apparently safely, in another person’s inbox. Many products allow users to encrypt e-mail so that only the intended recipient can read the e-mail. Some products can deny a recipient of an e-mail message the ability to copy, print, or even forward that message. Other products enable the sender to follow an e-mail message after sending it, thereby tracking where the recipient forwards the message.
E-Mail Policies
Although it is best to develop e-mail policies before instituting an e-mail system, few organizations have that luxury. E-mail policies should establish general guidance on the acceptable use of e-mail, on access and privacy protection of e-mail, and on the management and retention of e-mail. Policies should also define the roles and responsibilities of users, managers, technical staff, and records management staff. Policies will help staff use e-mail properly, reduce the risk of loss and unauthorized access, and increase the quality of records. The State Archives recommends that state agencies and local governments develop e-mail policies that address these issues.
Acceptable use
Organizations provide e-mail services, like other means of communication, to support official business. Therefore, policies should define the proper use of e-mail and set limits on personal use. Organizations may set the same strict limitations on personal use of e-mail that exist for telephone, fax, and postal mail. Recognizing that some personal communications are unavoidable, however, some organizations permit internal personal use within specific limits, such as announcements of work-related social events or during scheduled breaks. For instance, one state agency allows users to use the Internet during their breaks for 15 minutes per day, so long as the use is not obscene, libelous or criminal. Other organizations have determined that it is safer to prohibit any personal use of e-mail, since it is too difficult to define acceptable non-business use. Your organization should develop an acceptable use policy that suits its culture.
Access and privacy protection
E-mail policies must comply with the Freedom of Information Law (FOIL) and (for state agencies) the Personal Privacy Protection Law (PPPL) because an e-mail message is a record for the purposes of both laws. FOIL establishes the right of the public to access government records unless a specific exemption applies. PPPL requires state agencies to identify and protect personal information about individuals stored in any records system.
According to the federal Electronic Communications Privacy Act (ECPA), e-mail users have a reasonable expectation of privacy protection for their e-mail. The purpose of this law is to protect the privacy of e-mail and to provide a means to prosecute anyone who will not respect that privacy: no one except the sender and the intended recipient can read a particular e-mail. Disclosure or use of the message contents by any party, other than the sender and the intended recipient, is prohibited. An exception to ECPA allows employers the right to monitor employee communications if done in the usual course of business for legitimate business purposes.
Policies should inform users that e-mail messages sent or received through the organization’s e-mail system can be accessed and monitored in the normal course of business, may be releasable to the public under FOIL and are subject to discovery proceedings in legal actions. State agencies will also need to ensure that measures are in place to provide for the privacy protection required by PPPL. For information on this topic, contact the Committee on Open Government, Department of State, 41 State Street, Albany, NY 12231-0001; telephone, (518) 474-2518; fax, (518) 474-1927; e-mail, opengov@dos.state.ny.us; web, http://www.dos.state.ny.us/coog/coogwww.html.
Limiting e-mail accounts
Some organizations have specific policies that restrict who within the organization may have an e-mail account. Only those personnel who have a specific business need to communicate outside the organization are authorized to have an e-mail account. This policy helps to restrict the size of any potential e-mail issues by limiting the number of possible users. However, such a policy will also limit the ability of the organization to use e-mail as an internal communication and collaboration tool.
Filing of e-mail
Policies or procedures should explain to users how and where to file e-mail and what format to use for filing. There may be specific procedures for filing e-mail in certain records series or for associating e-mail in electronic form with the paper portion of that file. Also, different departments or units may develop specific filing procedures and guidelines for specific records series under their control.
Retention and disposition
Policies should outline the responsibility of users to destroy non-record e-mail when no longer needed and to retain e-mail records in appropriate filing systems. Policies should also explain when an e-mail is a record and when it isn’t. Policies should identify the components of an e-mail record that must be saved, including at least the message, the identities of the sender and all recipients, the date, and attachments. Policies may indicate what metadata to preserve to ensure the retention of a complete record.
Security standards
Policies should outline the security standards users must follow. These include what standards to follow when creating and changing passwords and how to ensure viruses are not propagated through the e-mail system. Policies should also forbid the use of other users’ e-mail accounts.
Writing standards for e-mail
Given that every e-mail sent from your organization is part of your public face, it is important that users consider e-mail to be formal correspondence. Policies can require that e-mail messages always include a sensible subject field and salutations (such as “Dear Mr. Smith:”). All outgoing e-mail messages should include a full e-mail signature, with the name, address, phone number, and e-mail address of the sender. Some organizations require each e-mail to include disclaimers (such as “Information herein does not necessarily reflect the policy of…”). Organizations should also require users to follow proper etiquette in all e-mail correspondence.
Disciplinary action
Policies should indicate what disciplinary or corrective action will take place if a user fails to conform to policy.
E-Mail Management Responsibilities
To prevent confusion about responsibilities, written policies should identify who is responsible for each element of e-mail management. Then the organization should disseminate the policy widely, since e-mail policies are effective only if personnel understand them. Periodic distribution of the organization’s e-mail policy through the e-mail system itself is a good way to reach all users. Systems administrators can also design special banners or help screens with directives about privacy, access, and retention of specific types of documents. The State Archives also recommends that organizations include an orientation to e-mail policies and a review of user responsibilities in any training they provide on the use of e-mail software.
Administrative responsibilities
Program managers and administrators develop e-mail policies, inform all end users of the policies and of their responsibilities, and monitor systems to ensure that e-mail is used appropriately and only for official business.
Information technology responsibilities
Information technology staff establish hardware and software standards, assist with software selection, and train users. The network administrator usually is responsible for security, application development, system backup, and disaster recovery. These activities may include some that are part of the organization’s overall security program, such as protecting the network from attack by maintaining and monitoring a firewall.
Records management responsibilities
Records management staff should identify recordkeeping requirements and coordinate management of e-mail and other records in the organization. The records management officer must ensure there are suitable filing systems and retention controls for all e-mail records. The records access officer needs to ensure adequate access to any e-mail records that may be requested under FOIL.
User responsibilities
All e-mail users are responsible for proper use of e-mail and for certain aspects of the management of records in e-mail systems. Users should limit their use of e-mail to official business, respond promptly to messages, protect e-mail messages from unauthorized release to third parties, and remove personal and transitory messages from personal inboxes and outboxes on a regular basis. Users must also transfer official records to a filing system, protect e-mail messages from inadvertent loss or destruction, and coordinate disposition of official records with their records management officer.
User Training
User training is an essential ingredient in any effective e-mail management system. Training should focus on teaching users how to use their e-mail software, how to follow e-mail policies, what their responsibilities are as users, and how to identify e-mail records. Training can take place in many different ways. Formal training sessions can both inform users of their records management responsibilities and demonstrate how to use the e-mail software package to manage e-mail. Periodic blanket e-mail messages can remind users of e-mail retention policies and procedures. Pop-up windows that appear when users turn on their computers can serve as reminders to use e-mail for official business only. Laminated desktop cards can outline users’ responsibilities concerning e-mail.
E-Mail policies
All users must be familiar with the e-mail policies of their organization, including policies on acceptable use, managing e-mail records, and security. Such policies should be available to users on intranets or local area networks whenever possible.
Passwords
To ensure that e-mail records are secure and protected, users should be trained to choose passwords that are difficult for others to guess, refrain from sharing or disclosing passwords, and change passwords on a regular basis. Most information technology departments encourage users to design passwords that are easy for the individual user to remember, yet are difficult to guess at because they contain a combination of letters (mixed upper and lower case), numerals, and symbols (such as # and &). Designing passwords in this way can protect against dictionary attacks, where people try to guess the passwords in an e-mail system by testing every possible sequence of letters.
Viruses
Users will always require training in how to identify and incapacitate computer viruses received via e-mail. This is particularly important because e-mail is the most common transmission method for viruses. Users should learn to be suspicious of any attachments they receive via e-mail, even those received from people they know, since any unexpected attachment might contain a virus, which if launched might cost your organization thousands of dollars of personnel time.
Identifying and filing e-mail records
Users need to know how to manage the e-mail that fills their inboxes and outboxes: which e-mails are non-records that can be deleted immediately, which are records that need to be kept for a short time in the e-mail system itself, and which are important records that must be filed.
Netiquette
Since the users of your e-mail system are public servants, they should be careful to follow the principles of proper online etiquette.
Conclusion
The problem of managing e-mail is one of the most visible and problematic issues in electronic records management. What sets e-mail apart is its huge bulk, its constant presence in people’s lives, and the difficulty it presents to those trying to identify the records hidden within it. The goal of any program to manage e-mail should be to integrate e-mail into a total records management program, one that covers all records—paper, electronic or otherwise.
For More Information and Assistance
The State Archives provides direct advice to state agencies and local governments on filing e-mail, setting retention periods for e-mail and developing related policies. The Archives also has workshops and web-based services that provide direction on all aspects of managing e-mail. The Archives has regional offices throughout the state, and each office has an expert records specialist who can visit you and provide technical advice and assistance. Archives services also include publications and workshops on a wide variety of records management topics. For further information, contact your regional office or the following:
Government Records Services
New York State Archives
State Education Department
9A47 Cultural Education Center
Albany, New York 12230
www.archives.nysed.gov
(518) 474‑6926
Appendix A
This appendix provides a copy of the Office for Technology’s general guidance on the use of e-mail by state agencies, though it is also a useful guide for local governments. This OFT policy also includes a basic sample e-mail policy. Consult http://www.oft.state.ny.us/policy/index.html for any updates to this policy.
Office for Technology
New York State Use of Electronic Mail
Technology Policy 96-14
Subject: New York State Use of Electronic Mail
Date: June 11, 1996
Introduction
Electronic mail (e-mail) refers to the electronic transfer of information typically in the form of electronic messages, memoranda, and attached documents from a sending party to one or more receiving parties via an intermediate telecommunications system. E-mail is helping State agencies improve the way they conduct business by providing a quick and cost-effective means to create, transmit, and respond to messages and documents electronically. Well-designed and properly managed e-mail systems expedite business communications, reduce paperwork, and automate routine office tasks thereby increasing productivity and reducing costs. These opportunities are, however, at risk if e-mail systems are not managed effectively.
Purpose and General Policy
The purpose of this policy is to promote the use of e-mail as an efficient communication and data gathering tool, and to ensure that State agencies have the information necessary to use e-mail to their best advantage in supporting agency business. By establishing and maintaining compliance with a policy for appropriate use of e-mail, risks and costs to agencies can be mitigated while the valuable potential of this communication tool is realized.
State agencies should ensure that e-mail is used for internal and external communications that serve legitimate government functions and purposes. The information communicated over agency e-mail systems is subject to the same laws, regulations, policies, and other requirements as information communicated in other written forms and formats. Each State agency is responsible for promulgating policies, establishing management practices, and designing e-mail applications that:
Agencies with special requirements for information confidentiality (for example, confidential client records) may be required to establish additional safeguards to protect this data.
Agency E-Mail Use Policy
Each agency is responsible for promulgating and insuring compliance with a policy governing the use of e-mail. Policies originally designed for paper correspondence or telephone use may not adequately apply to e-mail. This policy document should, at the minimum, include the following elements:
Proper Use By:
Agency Responsibility By:
Legal Considerations By:
Each agency's e-mail policy should account for the agency's particular needs, mission, available technology, level of staff training, size, geographic diversity, and organizational culture. All policies should be clear and practical, and consistent with existing State information resource management, records management, and other policies. A copy of a sample agency e-mail use policy is attached.
Assistance and Support
If agencies need assistance in developing e-mail policies, they should contact the State Archives and Records Administration (SARA) [the State Archives]. SARA [the Archives] provides training and direct assistance on developing such policies and other records management issues raised by the use of advanced information technologies. It has published Managing Records in E-mail Systems which provides agencies with guidelines for developing policies and establishing procedures for the effective management of records created and captured in e-mail systems. As agencies develop e- mail policies, they are encouraged to share them with SARA [the Archives] so it can provide other agencies with examples of existing agency policies that can serve as models of best practices.
Attachment A-1
E-Mail Use
Sample Agency Policy
Purpose and Goals
E-mail is one of [name of agency] core internal and external communication methods. The purpose of this policy is to ensure that e-mail systems used by agency staff support agency business functions to their fullest capacity. This policy advises staff and management of their responsibilities and provides guidance in managing information communicated by e-mail.
Access to E-mail Services
E-Mail services are provided to _______________________ (all staff? those staff deemed to require e-mail based on specific program areas? staff whose job functions require it? staff as resources allow?) To request access, contact __________________.
Use of E-Mail
E-mail services, like other means of communication, are to be used to support agency business. Staff may use e-mail to communicate informally with others in the agency so long as the communication meets professional standards of conduct. Staff may use e-mail to communicate outside of the agency when such communications are related to legitimate business activities and are within their job assignments or responsibilities. Staff will not use e-mail for illegal, disruptive, unethical or unprofessional activities, or for personal gain, or for any purpose that would jeopardize the legitimate interests of the State.
Privacy and Access
E-mail messages are not personal and private. E-mail system administrators will not routinely monitor individual staff member's e-mail and will take reasonable precautions to protect the privacy of e-mail. However, program managers and technical staff may access an employee's e-mail:
A staff member is prohibited from accessing another user's e-mail without his or her permission.
E-mail messages sent or received in conjunction with agency business may:
All e-mail messages including personal communications may be subject to discovery proceedings in legal actions.
Security
E-mail security is a joint responsibility of agency technical staff and e-mail users. Users must take all reasonable precautions, including safeguarding and changing passwords, to prevent the use of the account by unauthorized individuals.
Management and Retention of E-mail Communications
Applicable to all e-mail messages and attachments
Since e-mail is a communications system, messages should not be retained for extended periods of time. Users should remove all e-mail communications in a timely fashion. If a user needs to retain information in an e-mail message for an extended period, he or she should transfer it from the e-mail system to an appropriate electronic or other filing system. E-mail administrators are authorized to remove any information retained in an e-mail system that is more than ___ days old.
Applicable to records communicated via e-mail
E-mail created in the normal course of official business and retained as evidence of official policies, actions, decisions or transactions are records subject to records management requirements under the Arts and Cultural Affairs Law and specific program requirements.
Examples of messages sent by e-mail that typically are records include:
Some examples of messages that typically do not constitute records are:
Record Retention
Records communicated using e-mail need to be identified, managed, protected, and retained as long as they are needed to meet operational, legal, audit, research or other requirements. Records needed to support program functions should be retained, managed, and accessible in existing filing system outside the e-mail system in accordance with the appropriate program unit's standard practices.
Records communicated via e-mail will be disposed of within the record keeping system in which they have been filed in accordance with a Records Disposition Authorization (RDA) approved by State Archives and Records Administration (SARA) [the New York State Archives]. Program managers should consult with the Agency Records Management Officer concerning RDAs applicable to their program's records.
Users should:
Roles and Responsibilities
Agency executive management will insure that policies are implemented by program unit management and unit supervisors. Program unit managers and supervisors will develop and/or publicize record keeping practices in their area of responsibility including the routing, format, and filing of records communicated via e-mail. They will train staff in appropriate use and be responsible for ensuring the security of physical devices, passwords, and proper usage.
Agency network administrators and internal control (and/or internal audit) staff are responsible for e-mail security, backup, and disaster recovery.
All e-mail users should:
Policy Review and Update
The _______________________ or designee will periodically review and update this policy as new technologies and organizational changes are planned and implemented. Questions concerning this policy should be directed to ________.
Appendix B
This appendix provides a copy of the New York State Office of Parks’ fairly detailed e-mail policy. Based on the Office for Technology’s sample policy, this policy demonstrates how to expand a sample policy into a policy applicable to and useful for your organization.
New York State Office of Parks, Recreation and Historic Preservation
ACCEPTABLE E-MAIL USE POLICY
Policy and Goals
E-mail is one of the New York State Office of Parks, Recreation and Historic Preservation's core internal and external communication methods. The purpose of this policy is to ensure that e-mail systems used by agency staff support agency business functions to their fullest capacity. The policy advises staff and management of their responsibilities and provides guidance in managing information communicated by e-mail.
Acceptable Use of Parks Computer Equipment
Computer hardware and software is intended for the sole benefit of the management and operational effectiveness of the State Parks Agency. Computers shall be used for Parks’ work only. Unapproved or non-business use may terminate your privilege to use such technology and furthermore, could lead to appropriate disciplinary actions. The following banner appears on all screens prior to login. Do not attempt to log on unless you are an authorized user. Any attempts to gain access to a State Parks computer by an unauthorized user may result in criminal, civil, and/or administrative action.
Access to E-mail Services
E-mail services are provided to those staff whose job functions require it. To request access, regional staffs should contact their data coordinators. Albany staff should contact the Information Systems Help Desk at (518) 486-1888.
Acceptable and Unacceptable Use of E-mail
E-mail services, which include the electronic transmission of mail, documents, files, data, and other information, like other means of communication, are to be used to support agency business.
Staff may use e-mail to communicate within the agency and outside of the agency when such communications are related to legitimate business activities and are within their job assignments or responsibilities. Staff will not use e-mail for illegal, disruptive, unethical or unprofessional activities, or for personal gain, or for any purpose that would jeopardize the legitimate interests of the state.
To effectively utilize electronic mail, certain rules must be adhered to in order to protect the agency’s interests.
Privacy and Access
E-mail messages are not personal and private and as with other correspondence, is the property of Parks.
E-mail messages sent or received in conjunction with agency business may:
All e-mail messages may be subject to discovery proceedings in legal actions.
Security
E-mail security is a joint responsibility of agency technical staff and e-mail users. E-mail and documents on the Outlook system are saved to tape on a daily basis when they are created or updated and routinely saved during the weekly system backup. Users are personally accountable for all access through their account and must take all reasonable precautions to prevent access by unauthorized individuals. These include safeguarding and changing passwords every 45 days, never sharing their password with others, as well as never leaving their terminals and computers logged in and unattended. Supervisors should not require their employees to share logins and passwords with them. Shared file areas can be established for files and documents that need to be accessed or updated by two or more staff precluding the need to share passwords and logins. Any potential or actual unauthorized use of an employee's account should be reported to the Chief of Data Processing at (518) 486-1886.
Management and Retention of E-mail Communications
E-mail, created or received by New York State government employees in connection with official business, is a record that is subject to access, privacy and records management laws and regulations. E-mail communicated through e-mail systems must be identified and managed as any other document.
E-mail created in the normal course of official business and retained as evidence of official policies, actions, decisions or transactions are records subject to records management requirements under the Arts and Cultural Affairs law and specific program requirements.
E-mail, as well as documents, are considered part of a record series and should follow the retention established by the record disposition authorization.
Examples of messages sent by e-mail that typically are records include:
Management and Retention of E-mail Communications cont.
Some examples of messages that typically do not constitute records are:
Records transmitted through e-mail have the same retention periods as records in other formats that relate to the same program function or activity. Since e-mail is a communications system, messages should not be retained in the Inbox area for extended periods of time. If a user needs to retain information it should be converted to a paper document or to an MS Word document and stored in a file folder on the server, or in the case of remote users, on the “D” drive. E-mail administrators are authorized to remove any information retained in an e-mail system (i.e. Inbox, Delete and Sent areas) that is more than 90 days old regardless of whether the mail has been viewed.
Every night those documents and files that have been received, created or updated on our servers are backed up. At the end of each week a complete or full backup of all data is performed. This full backup is stored off-site for three months. After that retention period, the tapes are systematically written over.
Records communicated using e-mail need to be identified, managed, protected, and retained as long as they are needed to meet operational, legal, audit, research or other requirements. Records needed to support program functions should be retained, managed and accessible in an existing filing system outside the e-mail system in accordance with the appropriate program unit's standard practices.
Records communicated via e-mail will be disposed of within the record keeping system in which they have been filed, in accordance with a Records Disposition Authorization (RDA) approved by State Archives and Records Administration (SARA) [the State Archives]. Program managers should consult with the Agency Records Management Officer in the Bureau of Information Systems at (518) 473-6458 concerning RDAs applicable to their program's records.
Users should:
Policy Review and Update
The Bureau of Information Systems will periodically review and update this policy as new technologies and organizational changes are planned and implemented. Questions concerning this policy should be directed to the Chief of Data Processing Services.
Appendix C
This appendix provides a copy of the New York State Office of Park’s e-mail policy acknowledgement form. Once signed, this form is saved as evidence that all users of the office’s e-mail system understand their responsibilities regarding the use and management of e-mail.
New York State Office of Parks, Recreation and Historic Preservation
E-mail Policy Acknowledgement Form
By submitting and signing this form, I state that I have read and understand the attached E-mail Policy and agree to the terms and conditions of this policy. I understand that non-compliance with this agreement can result in immediate suspension of any and/or all network access as well as investigation, and/or referral for disciplinary action.
I also understand that logging and monitoring of keystrokes and other monitoring activities may occur while alleged security breaches are being investigated.
I will not allow others to use my login or password. This is my account and I am responsible for any and all activity attributable to the use of this account. Staff requiring access to my files and mail in my absence should be trusted colleagues. They may be given delegate rights. If I am given delegate rights to another’s area, I agree to respect that individual’s right to confidentiality.
If I receive any suspicious, threatening or harassing material, or if I suspect that I might have received a virus, I will notify Information Systems.
Upon leaving NYS Parks employment, I will notify the Information Systems bureau immediately.
Print Name: ______________________________________________________
Signature: ______________________________________________________
Title: ______________________________________________________
Please check your status:
Permanent Employee Long Term Seasonal/Annual Salaried Employee
Seasonal Employee Volunteer/NHT/Employment Agency
Region/Bureau: ___________________________________________________
Date: ___________________________________________________________
Retain the Policy Statement for your files.
Appendix D
This appendix provides a copy of Monroe County’s simple and to-the-point e-mail policy, which doubles as an e-mail policy acknowledgement form.
Monroe County Internet and Electronic Mail Policy
As of August 6, 1999
Objective:
The Internet’s ability to reach millions of customers worldwide and its proven role as an efficient method of external communications has companies of all types and sizes mobilizing to acquire Internet access. As Monroe County expands its usage of the Internet for such things as e-mail, research, and collaborative computing, it is providing opportunities for employees to be more productive. Access to the Internet can help employees do their jobs better by providing them with a fast, inexpensive communication and research tool. At the same time, this access provides opportunities for abuse and misuse that can negatively impact productivity and expose the County to potential liabilities. Therefore, we have established a set of guidelines for this technology to which Monroe County employees must adhere.
Electronic mail is a strategic business tool to facilitate communication between employees and other business organizations. Monroe County’s E-Mail systems are County property and are intended to be used for Official County business. All messages sent or received via E-Mail are County property. It is against County policy to use E-Mail or the Internet for any unlawful endeavor.
Employer Rights:
Monroe County reserves and intends to exercise the right to access and disclose contents of E-Mail messages for example, but not limited to, the following reasons:
Usage Guidelines:
Employees must exercise restraint when sending very large files or inappropriately sending messages to a large number of recipients which unnecessarily consume network resources that are needed for other County business.
When the County grants an employee Internet access or an E-mail account, it is the responsibility of the employee to adhere to the following guidelines:
Reporting of Security Violations:
Any employee’s suspected unauthorized use of E-Mail and/or the Internet should be reported immediately to the department head, Human Resources, and the IS Director.
Compliance:
Any violation(s) of this policy may result in disciplinary action up to and including termination.
By signing this form, I agree to abide by all of the above requirements.
___________________________ ________________
Signature Date
___________________________
Department
Appendix E
E-Mail Tips and Netiquette
E-mail is still a new communication method for many people. These tips will help you manage your e-mail messages and will help ensure your messages are polite and professional.
Filing Tips
Because of the exponential increase in e-mail, it is increasingly important to delete, after the first reading, as many messages as possible. This simple technique can easily reduce the quantity of e-mail messages you need to handle later by 50% or more.
After you have deleted non-record e-mail, take time to identify those messages that are records and to add them to a filing system. This step may require you to print out the e-mail and file it in a paper system or to store an electronic copy of the e-mail in an electronic system.
E-mail sent and received by a single individual usually belongs to any number of records series: general correspondence, contract files, minutes, memoranda, etc. So be sure to treat individual e-mail messages as part of one of those specific series, rather than as part of a vague general series called “E-Mail.”
Writing Tips
Use salutations (“Dear Mr. Smith:”) and a closing signature line in your e-mails. While using organization e-mail, you are serving as an agent of the organization, so treat e-mail as formal correspondence. Your signature line should include your name, title, organization, address, phone number, and e-mail address, so your correspondents know who you are and can contact you easily.
Spelling and grammar mistakes can be just as distracting in an e-mail message as they are in other written communications. Take the time to proofread your messages, especially messages used to communicate official business. Most e-mail packages now come with a spellchecker, so use it if necessary.
The subject line of an e-mail message serves a number of important purposes. It enables busy people to discern the subject of a message and decide when to read it, it can index the message in mailboxes and electronic folders, and it may help identify what messages are records and need to be transferred to a central recordkeeping system.
If a message refers to an earlier e-mail, include enough of the original message to make the message clear. To avoid confusion or misinterpretation, refer to any related e-mail message and make clear the topic under discussion.
If you are sending the text of the message you received with your response, do not place that response at the bottom of e-mail. That will only annoy the person receiving your e-mail. Always put your message on top, where it is easy to find.
Make your messages concise, not cryptic. Shorter paragraphs have more impact and are more likely to be read by busy people. Most people can only grasp a limited number of ideas within a single paragraph, especially on a computer screen. Use the white space between paragraphs to enhance the look and clarity of an e-mail message.
Every message you send creates work for someone else who must read, consider, and deal with the message. Forward e-mail messages to others only if you are sure the recipients will welcome the message. Do not send people jokes, trivia, and chain letters. These waste your organization’s resources and others’ work time.
Some people feel a compulsion to respond to almost every e-mail message they receive, sometimes just by saying “I agree” or “Thanks.” It may sometimes be important to do this to confirm that you have received the message, but remember that each message you send will take up someone’s time.
Only copy others in your e-mail when you are sure that the main recipient of the message will not be offended or hurt. Be careful using blind copy (bcc) to copy a message to a second person without informing the main recipient; those who are blind copied might not realize it and may respond to you and the original recipient, leading to possible embarrassment and conflict.
People often misconstrue attempts at humor and sarcasm in e-mail messages, and then they take offense. This is because they have no physical cues to help interpret the context of your message. Certainly, humor and sarcasm have little use in business correspondence, but even when writing an informal message to a colleague be sure to identify humor to avoid confusion.
If you are upset by an e-mail message you have received, wait before you send a message. An emotional message sent in haste will always do more damage than good. Take the time to calm down, and then speak with the person who sent you the message.
Do not put all of the text of your message in capital letters, because the recipient will probably interpret uppercase text as yelling.
This is inappropriate and counterproductive for obvious reasons and reflects badly on the individual and the entire organization. Such messages may also make you and your organization vulnerable to legal actions such as libel suits.
Others may not have the same e-mail features or capabilities you have, so avoid features like bold, underline, special typefaces, and even tabs. For the same reason, use attachments sparingly. These can slow down your recipient’s e-mail system. Some systems accept no attachments or use different encoding methods for attachments, and the recipient may also not have the software needed to view the attachment.
If you have to send confidential information via e-mail, send it encrypted or not at all. Unless encrypted, e-mail is not a secure transmission method.
Other Tips
Most e-mail systems will allow you to add your name to them so that your outgoing e-mail messages will identify themselves with your name (rather than merely with your e-mail address). Adding your name here makes it easier for people to see who mail is coming from, because your e-mail system will then prefix your personal name before your e-mail address. So people will see “John Smith” on the screen instead of the less clear “jsmith@internet.com.” In managed e-mail systems in large organizations, the e-mail administrators usually add users’ names as part of their job. But in small organizations using simple dialup accounts, you will probably have to do this yourself.
Do not invade others’ privacy. Do not forward or quote messages without permission. Do not read other people’s mail.
Assume any e-mail you write will be around for a long time and can be forwarded to others indefinitely. Remember that any e-mail you write is easy to copy and transmit.
Many people work at desks with almost constant access to their e-mail, and in such an environment people tend to expect immediate responses. Keep this in mind while responding to messages. But also keep in mind that you might have developed an unreasonable expectation of immediate response. If you think someone expects an immediate response but you don’t have the time to respond right away, send a message saying you will respond as soon as possible.
Appendix F
A Glossary of E-Mail Terms
This glossary defines terms related to the management of e-mail and the management of records sent or received via e-mail systems. Most of these terms appear within the text itself, but the glossary contains a few other terms that readers may run across while addressing the management of e-mail.
access rights. the privileges that a user has to certain resources on a computer system (such as read rights to an electronic folder, allowing the user to read but not change anything in a folder; or write rights, allowing the user to save and modify a document in a certain folder)
active record. a record used frequently (for paper records, at least once per month per file drawer)
address book. a list of e-mail addresses compiled by a user, sometimes with help from the e-mail system itself
administrative value. the usefulness of a record to an organization in the conduct of its daily business
alert. an audible or visual message from an electronic system informing a user of an error or a change in the system's operation (such as a beep that signals the receipt of an e-mail message in an inbox)
archival record. a record that should be kept permanently because of its administrative, legal, fiscal, or research value; also called “historical record”
archival value. the long-term usefulness of a record for historical or other research that determines whether a record should be kept permanently
ASCII. American Standard Code for Information Interchange; a very common computer code used to preserve and present the Latin alphabet, punctuation marks, some symbols and simple text formatting (including spaces and carriage returns)
attachment. any computer file (word processing, database, picture, etc.) associated with an e-mail message so that the file is received along with the e-mail message
audit trail. a record of what operations someone has performed (additions, deletions, modifications) while on a computer system during a specific period of time
authenticity. the verification that a record has not been altered or manipulated in any way and is what it claims to be
automated access. access provided to records through electronic databases or other electronic means
autoresponder. an automated program that returns a pre-written e-mail message after having received a message (used, for example, when a user is on vacation and wants to tell any correspondent not to expect as quick a reply as usual)
back up. to copy an electronic record to ensure its information will not be lost
backup. a copy of an electronic record maintained to protect the information from loss
bcc. the box on an e-mail window where a sender can place the e-mail address of a blind copied recipient. See also “blind carbon copy (bcc)”
blind carbon copy (bcc). to send a copy of an e-mail message to a recipient without the knowledge of the other recipients
browser. See “web browser”
cc. the box on an e-mail window where a sender can place the e-mail address of a copied recipient. See also “carbon copy”
carbon copy (cc). to send a copy of an e-mail message to users who are not directly involved in the message but who may benefit from the information
computer virus. See “virus”
confidential record. a record that is not open to the public, usually to protect the privacy rights of individuals; sometimes called "restricted record"
convenience copy. an unofficial copy of a record maintained for ease of access and reference
data format. a specific type of computer file, such as a Microsoft Word 97 file or a JPEG image file
data migration. See “migration”
database management system. a software system used to access and retrieve data stored in a database
decryption. the process of taking an encrypted computer file and converting it back into a readable form
delete. to remove, but not necessarily destroy, all or part of a computer file
dictionary attack. a systematic assault against all passwords in an e-mail system by testing every possible sequence of letters for the passwords
discoverable. able to be released to the other party in a lawsuit under the rules of discovery
discovery. compulsory disclosure of documents in the possession of the other party, once a legal action has been initiated
disposition. the authorized action to dispose of records by destruction or transfer
document. a single record item; a container of information in any medium, generated in the normal course of business, that facilitates the management of that information (such as a letter, an e-mail message, or a completed form)
document management system. See “electronic document management system”
document profile. See “file profile”
e-. a prefix meaning "electronic," used most frequently to designate something that is carried out online
e-mail
1. a computer system that enables users to create, transmit, receive, file, and respond to messages electronically
2. a message or messages sent and received in electronic form via computer networks
e-mail account. an individual e-mail user’s mailbox and associated rights to use that mailbox
e-mail address. the character string used to allow computer systems to route an e-mail to the intended recipient, usually consisting of a username, the @ symbol, and a domain name (for instance, “jsmith@internet.com”)
e-mail administrator. the person responsible for maintaining an e-mail system, including all mailboxes on that system
e-mail message. a document created or received on an electronic mail system
e-mail system. a computer system that enables users to create, transmit, receive, file, and respond to messages electronically
E-Sign. See “Electronic Signatures in Global and National Commerce Act”
e-signature. See “electronic signature”
ECPA. See “Electronic Communications Privacy Act”
Electronic Communications Privacy Act (ECPA). federal legislation that outlines what constitutes an invasion of privacy when electronic communications (including e-mail, pagers, cellular telephones, and computer transmissions) are involved
electronic document management system. a computerized system that enables the creation, modification, routing, storage, retrieval, and distribution of documents in multiple electronic formats through a single interface
electronic information system. a computer-based system that supports the acquisition, creation, storage, processing, management of, and/or access to information
electronic mail. See “e-mail”
electronic record
(definition from ESRA) "information evidencing any action, transaction, occurrence, event or other activity produced by or stored in an information technology system and capable of being accurately produced in a tangible form"
(simple definition) a record that is in electronic form
electronic recordkeeping system. an electronic information system that supports the collection, organization, and categorization of electronic records
electronic records management. the application of records management principles to electronic records
electronic signature. (definition from ESRA) "an electronic identifier, including without limitation a digital signature, which is unique to the person using it, capable of verification, under the sole control of the person using it, attached to or associated with data in such a manner that authenticates the attachment of the signature to particular data and the integrity of the data transmitted, and intended by the party using it to have the same force and effect as the use of a signature affixed by a hand"
Electronic Signatures and Records Act (ESRA). New York legislation passed in 1999 to ensure that electronic signatures are legally binding in government and to clarify the authority of government agencies to create and maintain records created by computers in electronic form
Electronic Signatures in Global and National Commerce Act (E-Sign). federal legislation enacted in 2000 that makes electronic signatures legally binding and allows contracting parties to choose the technology for authenticating their transactions without government intervention
encryption. a security method that encodes information into seemingly random bits that must be decrypted to be viewed
ESRA. See “Electronic Signatures and Records Act”
file
(noun) a collection of related records that are treated as a unit, sometimes used synonymously with "records series" and sometimes referring to the contents of one case or file folder
(verb) to arrange documents into a logical sequence
file format. See “data format”
file profile. a set of metadata on a single document; also called “document profile”
One view of a file profile for a Microsoft Word document
filing system. a pre-defined plan using numbers, letters, or keywords to identify and organize records in a systematic scheme
filter. to select certain items from an electronic folder or database by determining how they fit specific criteria
firewall. a security system that uses hardware and/or software mechanisms to prevent unauthorized users from accessing an organization's internal computer network
fiscal value. the usefulness of a record in documenting monetary decisions and activities
flame. an angry or rude e-mail message
folder. an electronic receptacle used to store electronic files
FOIL. See “Freedom of Information Law”
forward. to send a received e-mail message on to someone else
Freedom of Information Law (FOIL). the New York State law that outlines the rights of the public to access public records
groupware. a type of software that allows multiple workers to cooperate on projects electronically
hard copy. a printed or paper copy of an electronic document
header. the first part of a received e-mail message containing information about the routing of the message
historical value. the value of a document to support historical research; similar to “archival value”
HTML. Hypertext Markup Language; the standard computer language used to add tags to a document so it can be interpreted by a web browser
hyperlink. a point (such as an icon, graphic or word) in an electronic document that, when clicked, automatically takes a user to another section of that document or to another document altogether
Hypertext Markup Language. See “HTML”
inbox. the part of an e-mail system where a user’s incoming mail is stored
information services. See “information technology”
information technology (IT). the system for managing the entire range of computing, telecommunications and information; sometimes called “information services (IS)” or “management information services (MIS)”
interface. the place at which a computer program and a human user interact; the specific layout and functionality of a screen in a computer program
Internet. the master network of interconnected computer networks that allows the rapid transfer of information in electronic form between computers over large distances
Internet service provider (ISP). a company that provides Internet access and related services
intranet. a closed network that uses web-based technology to allow an individual organization to conduct its internal business
IS. See “information services”
ISP. See “Internet service provider”
IT. See “Information Technology”
LAN. See “local area network”
legal value. the usefulness of a record to support an organization's business agreements and ownership rights, and to document the rights of citizens
link. a hyperlink
listserv. a discussion group that uses e-mail to allow a group of people with common interests to communicate about that topic
local area network (LAN). a network within a limited geographic area (usually under one mile) that allows personal computers to communicate directly with one another and share data
log in. to begin a user session on a computer by authenticating one’s identity, usually by using a username and its associated password
login. a beginning of a computer session that requires authenticating one’s identity
mail server. a networked computer that provides e-mail services to other computers in the network
mailbox. the area in a computer system where the incoming and outgoing e-mail for an individual user is stored
mailing list. an automated list of e-mail addresses used to distribute e-mail messages to a number of people at the same time
management information services. See "information technology"
message header. See “header”
metadata. information describing a set of data (such as the subject, date, and recipients of an e-mail record)
microfilm. a photographic reproduction of documents in miniature on fine-grain, high-resolution film
migration. the periodic transfer of data from one electronic system to another to retain the integrity of the data and to allow users to continue to use the data in the face of changing technology; sometimes called "data migration"
MIME. See “Multipurpose Internet Mail Extension”
MIS. management information services; see "information technology"
Multipurpose Internet Mail Extension (MIME). the most common standard encoding method for e-mail attachments. See also “uuencoding”
needs assessment. a report that systematically examines a records management problem, evaluates solutions, and recommends a solution
netiquette. network etiquette; acceptable practices of online communication
network. a system of computers and related devices interconnected so that they can communicate together
non-record. an information format (such as an outside publication, blank form, or instruction manual) that is not an official record and therefore does not require retention
obsolete record. a record that has met its retention period, is no longer useful to the organization, and may be destroyed
official copy. an original record or a copy of an original record that is used to meet the minimum retention period for that record; also called “record copy”
official record. a record produced or received in the formal conduct of official business
outbox. the part of an e-mail system where a user's sent mail is stored
password. a character string usually selected by a user, known to the computer system, and used in conjunction with an associated username to identify the user and allow access to the system
Personal Privacy Protection Law (PPPL). New York legislation that applies to state agencies and that protects citizens from the random collection of personal information, enables citizens to access and correct information maintained about them, and regulates the disclosure of personal information by state agencies
policy. a broad document that specifies a general rule for records and information management in an organization
POP. See “post office protocol”
post office protocol (POP). a set of rules used to provide dialup e-mail services and that holds unread e-mail until the user accesses the account
PPPL. See “Personal Privacy Protection Law”
procedure. a detailed document that specifies step-by-step rules for records and information management in an organization
protocol. the definition of specific rules two or more computers will follow when communicating
queue. a structure that organizes e-mail messages in the order of their receipt or creation
recipient. a person who receives an e-mail message
record.
1. informal definition: information, in any format, that is created by an organization or received in the formal operation of its responsibilities
2. legal definition for local governments in New York State: any book, paper, map, photograph, microphotograph or any other information storage device regardless of physical form or characteristic which is the property of the state or any state agency, department, division, board, bureau, commission, county, city, town, village, district or any subdivision thereof by whatever name designated in or on which any entry has been made or is required to be made by law, or which any officer or employee of any said bodies has received or is required to receive for filing
3. legal definition for state agencies in New York State (plural): all books, papers, maps, photographs, or other documentary materials, regardless of physical form or characteristics, made or received by any agency of the state or by the legislature or the judiciary in pursuance of law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities, or because of the information contained therein
record copy. See “official copy”
records access officer. the individual in a government office in New York State responsible for verifying and authorizing public use of government records
records management. the systematic control of all records throughout their life cycle
records management application (RMA). an electronic document management system that includes automated retention controls as described by the Department of Defense standard DoD 5015.2-STD
records management officer. the person responsible for overseeing a records management program for a state agency or local government in New York State
records retention schedule. a list of records series titles that indicates the length of time to maintain each series; more formally called a “records retention and disposition schedule”
records series. a group of related records (i.e., minutes of a board, payrolls, and purchase orders) that are normally used and filed as a unit and that normally have the same retention requirements
reply. to respond to an e-mail message
restricted record. See "confidential record"
retention. the process of keeping records for the amount of time required by administrative, fiscal, legal, or historical value and use; also called "records retention"
retention period. the amount of time a record must be kept to meet administrative, fiscal, legal, or historical requirements
RMA. See “records management application (RMA)”
RMO. See “records management officer (RMO)”
routing. the process of determining the path to transmit an e-mail message over a network
schedule
(noun) See “records retention schedule”
(verb) to determine and formalize the retention period for a records series
security. the protection records by controlling which users can access which documents and for what purpose
security log. a chronological list maintained by a software application (such as a firewall) of access and use of a computer system, including any attacks or attempted logins that were blocked
sender. a person who transmits an e-mail message
series. See “records series”
server. a computer or a software program that supplies data and responds to requests from workstations over a network
signature line. a set of usually four to eight lines of text placed automatically by an e-mail system at the end of an outgoing e-mail message to provide the reader with the sender's contact information; sometimes called a "signature" or "e-mail signature"
Simple Mail Transport Protocol (SMTP). the most common protocol used for transferring e-mail across the Internet
SMTP. See “Simple Mail Transport Protocol”
social engineering. any techniques that trick users of a computer system to compromise the security of that system (by convincing them, for instance, that it is safe to reveal their passwords or to launch a program that is actually a virus)
software. programs that run operations on a computer
spam. unsolicited bulk e-mail messages
system administrator. the person responsible for maintaining a computer system such as a local area network or an e-mail system
tag. a command within an electronic document that indicates how to format parts of the document (such as HTML tags that specify the typeface and size of a word)
<tr>
<td valign="bottom" align="left"><font face="Arial Narrow"><strong><font size="2"
color="#000000"><img src="images/Grnball.gif" alt="Bullet" width="11" height="11"> </font><font size="2"
color="#0000FF"><a href="http://www.ogs.state.ny.us/telecom/individuals/default.asp">OGS
Phone List</a></font></strong></font></td>
<td valign="bottom" align="left"><font size="2" color="#000000"
face="Arial Narrow"><strong><img src="images/Grnball.gif" alt="Bullet" width="11" height="11"> <a
href="atwork/webtools.htm">World Wide Web Tools</a></strong></font></td>
</tr>
A section of HTML showing a large number of tags (that information between these punctuation marks: <>).
TCP/IP. See “Transport Control Protocol/Internet Protocol”
technological obsolescence. the tendency for any component of a computer technology (hardware, software, and data formats) to become unusable as time goes on because all the necessary other components that allow it to work are no longer available in the new computing environment
telecommunications. generally, the communication of information through electronically transmitted signals; specifically, the communication of information over the Internet or other electronic networks
text file (.txt). a computer file that contains nothing but ASCII text and formatting and, therefore, can be read by many different types of computer programs
Transport Control Protocol/Internet Protocol (TCP/IP). the basic communications system that allows communication between computers via the Internet
trojan horse. an apparently harmless set of computer code that sneaks a computer virus onto a computer system; sometimes simply called “trojan”
.txt. See “text file”
Uniform Resource Locator (URL). the location or address of a resource on the Internet (such as www.archives.nysed.gov)
URL. See “Uniform Resource Locator”
username. the name used to identify a user of a computer system, usually some abbreviation of the person’s name (such as “jsmith” for “John Smith”), and used in conjunction with a password to verify the user’s identity
uuencoding. unix to unix encoding; the older of the two encoding standards for e-mail. See also “MIME.”
virus. a piece of computer code that, once loaded onto a computer, carries out mischief or destruction against your computer system
Web. See “World Wide Web”
web browser. computer software that allows a user to see content on the Web
web-based. occurring over the Web
webpage. a single document on the Web
website. a collection of webpages on the World Wide Web
World Wide Web (the Web). the portion of the Internet that supports the presentation of information formatted in HTML, including hyperlinks so users can move quickly to other resources
worm. a type of computer virus that spreads itself usually by creating copies of itself in each computer's memory
WWW. See “World Wide Web”