Skip Navigation

Managing Records: Electronic Records:

Developing a Policy for Managing Email

Table of Contents

Executive Summary
Introduction
Principles and Best Practices
Policy Components
Sample Policies
Policy 1: Village of Hidden Valley
Policy 2: Town of Big Thunder
Policy 3: State Office of Administrative Support and Analysis
Appendix: The Legal Framework

4. Sample Policies

4.1 About the sample policies

This section consists of three sample policies that represent the range of government entities in New York State and the differences that may exist between policies of different types and sizes of organizations. The sequence of the policies represents a progression, from a small organization to a large organization, from a mostly manual system to a system that is almost fully automated, and from a simple policy to a policy that is necessarily more complex.

Policy 1: Village of Hidden Valley

This sample policy is written for a small local government with limited technical capabilities and in-house information technology support. The village's email management system consists of an email server that interacts with a freestanding email archiving appliance. Village staff are responsible for identifying and moving all permanent email records from the email server to a shared file directory, where they are managed with other permanent electronic records. The archiving appliance stores all emails for six years. Several village officials use personal email accounts on their home computers for village-related activities, and the policy includes procedures that address emails on home computers. (The State Archives discourages the use of personal email accounts to conduct public business. In smaller governments, however, this situation may be necessary, especially if board members and other officials do not have an office in a government facility.)

Policy 2: Town of Big Thunder

This sample policy is written for a medium-sized town. It assumes that the town owns an email management system with fairly robust capabilities and has an in-house IT director. The system requires town email users to classify incoming and outgoing messages manually, but then the system files the emails according to how they were classified. The system performs some retention and disposition functions, but does not destroy email records once they have passed their retention periods. The IT director implements destruction outside of the system. In addition, a small number of town officials use email accounts on their home computers for town-related activities. In this case, to discourage the use of personal accounts, the town provides email accounts on the home computers of a small number of town officials.

Policy 3: State Office of Administrative Support and Analysis

This sample policy pertains to a state agency. This agency has an in-house information technology staff, many different program areas, and a large, geographically dispersed staff. The policy that governs the agency's email management system is necessarily more complex than the policy for a small or medium organization, and responsibility for maintaining the system and implementing policy is divided among a larger number of staff. The agency has explicitly prohibited the use of non-agency email accounts and computers for transmitting or receiving work-related emails, although there are provisions, documented in policy, for accommodating staff who travel or telecommute.

4.2 How to use the sample policies

Please note that there are no actual municipalities in New York State called Hidden Valley or Big Thunder, nor is there a State Office of Administrative Support and Analysis. The sample policies for these fictional entities are divided into sections that reflect various aspects of managing email (as outlined in Section 3 of these guidelines). Each section begins with a policy statement, which is then followed by a list of procedures required to carry out that policy.

The State Archives is not promoting or recommending any of the electronic management systems that are featured in the three sample policies. Our goal is to present situations that are realistic and, therefore, sample policies that are useful to our customers.

Do not feel compelled to adopt the policies and procedures for one of the scenarios described above. Instead, use the samples to guide your decisions about the kind of information that may be important for you to include in your own email policy. Governments and agencies should adopt a solution that has as its end result the effective management of all aspects of email (retention and disposition, in addition to access). Develop a policy and procedures manual that best suits your particular needs, either expanding, simplifying, or combining elements of the samples provided in this section. Finally, these samples are not intended to be mutually exclusive. In some cases, a small local government may have a sophisticated system and therefore need a more detailed policy similar to the third sample, or a state agency may choose to adopt simplified strategies outlined in the first two model policies.

 

Sample Policy 1: Village of Hidden Valley

Email Policies and Procedures
Effective October 2008

1. General Policies

1.1 Ownership of email

The village legally owns all emails that employees and officials create and receive when conducting village business, regardless of where employees and officials create and receive the emails. Employees and officials have no promise of personal privacy when using email on behalf of the village.

  • All email users of village email accounts will acknowledge that they understand the village's policy on email ownership each time they log into the village's system.
  • Email users who work at home (the village justice, historian, and board members) should have separate email accounts for village-related emails or, at minimum, should maintain village emails separately from personal emails.

1.2 Training

  • The village clerk will ensure training on the email system for all new village officials and employees, and will also provide ongoing training, especially after upgrades or transitions to new email programs.
  • New employees will not have access to and use of a village email account until they are trained on the village's email policies and procedures.

1.3 Policy review and updating

  • The records advisory board (which includes the village clerk, legal counsel, historian, and treasurer) will review this email policy periodically, especially if the email policy or management system described herein changes.

2. Managing Email

The village manages most email as general correspondence and follows the retention periods for general correspondence in the Records Retention and Disposition Schedule MU-1. The village manages and preserves emails with a retention period of longer than six years in a central file directory on the village's main server, and ensures email with a retention period of six years or less is destroyed after six years.

2.1 Classifying email

  • Email users are responsible for classifying emails, on receipt or before transmission, as either not records or as permanent records. Non-records and permanent records are defined as follows:
  • Emails that are not records include listserv messages distributed to many recipients, spam, broadcast messages received by officials and employees, and personal messages. A user may destroy non-records immediately.
  • Permanent emails document significant policy, decision making, events, or legal issues, or pertain to legal precedents.
  • Users must remove permanent emails from their individual email accounts and store them in the shared file directory on the village's main server.
  • The village's email archiving appliance will capture all emails, including permanent emails, and will prevent modification or deletion of archived email.

2.2 Managing retention and disposition

  • Permanent emails will be managed and preserved in the shared file directory, along with the village's other electronic records (see below under "Preservation").
  • The village clerk will ensure that emails generated during a certain year are purged from the email archiving appliance after six years.
  • Email users who work at home should create two subfolders for permanent and non-permanent (six-year) emails, and delete all non-records. They should then periodically forward the two subfolders to the village clerk, who will file the permanent emails in the shared file directory. It is not necessary for the clerk to manage the non-permanent emails, because the system will automatically collect the emails from the clerk's account and manage the emails as six-year records.
  • In rare instances, email users may receive or send an email or attachment that either does not qualify as correspondence or that they wish to save for longer than six years but not permanently. In such cases, they must forward the email to the village clerk, who will apply the appropriate retention period and file the email in the shared directory. (Users of personal accounts should also follow this procedure.)
  • The email server deletes all messages from individual accounts in the village email server after ninety days. (Users of personal accounts are strongly encouraged to purge these accounts of village-related email according to the same schedule, after forwarding copies of record emails to the village clerk as described above.)
  • Email users may store non-permanent records that they need for daily use on their own computer hard drives. The village clerk will prompt email users to review files on their personal drives annually, and to delete those saved emails that have passed their legal retention periods.
  • Destruction of emails on the archiving appliance may be halted under certain circumstances (see Section 4, "E-Discovery").

2.3 Backups

  • The village clerk will ensure that backups of emails on the email server and the archiving appliance are destroyed according to the retention period stipulated for backups in the Records Retention and Disposition Schedule MU-1.

2.4 Preservation

  • Emails with retention periods greater than six years will be preserved with other electronic files in the village's shared file directory.
  • Emails will be stored in Rich Text format (.rtf) on the email archiving appliance and in the shared directory.
  • Emails stored in the archiving appliance are compressed, but the vendor of the appliance has assured the village that the emails can be decompressed if needed without data loss (as documented in the village's contract with the vendor).
  • The village clerk, with assistance from the village's computer support vendor, will monitor new versions of email software and the archiving appliance to determine whether upgrades are necessary.
  • Backups of the email system and archive are to be used for disaster recovery purposes only, not for retention.

3. Access to Email

Emails must be accessible for the duration of their retention periods. Emails are public records that are open and accessible to the public under the same conditions as all other village records.

  • Email users have access to the emails in their individual accounts in the village system for ninety days. If they need access to some emails for longer than ninety days, they must save those emails on their personal hard drives.
  • Permanent emails are filed in the directory first by village department and thereafter by subject or document type. Users have read-only access to emails in the shared directory, with some important exceptions. Access to certain emails relating to ongoing law enforcement investigations, court actions, and personnel matters may be restricted by law to specific individuals in village government. The village clerk will maintain a list of types of emails where access is severely restricted.
  • The village clerk, as records access officer, will respond to all FOIL requests involving email and, if necessary, will confer with legal counsel about an appropriate response (especially if a request is denied).

4. E-discovery

Village staff and officials must be aware that all email messages, including personal communications, may be subject to discovery proceedings in legal actions, and all must respond appropriately to an impending legal action involving email.

  • Legal counsel will work with the village clerk to establish procedures for preserving evidence relating to imminent or ongoing legal actions.
  • If a village staff member or official becomes aware of potential litigation, it is his or her responsibility to notify legal counsel immediately. Counsel will determine what action, if any, needs to be taken.
  • Legal counsel will work with the presiding judge and opposing counsel to narrow the parameters of a records search as much as possible.
  • The village clerk, working with the village's computer support vendor, will ensure that records of potential relevance in the archive remain accessible for the full extent of the proceeding, which may require moving relevant email records to removable storage media.
  • All measures taken in response to an e-discovery action will apply to village-related emails that are retained by email users working on home computers.

5. Appropriate Use

Appropriate use will be handled as a security issue. Violation of the village's appropriate use policy can threaten the village's computer system, make the village vulnerable to legal action, and cause irreparable damage to the village's reputation.

5.1. Responsibility for appropriate use and system security

  • All email users are expected to know the difference between appropriate and inappropriate use of email. This appropriate use policy applies to anyone who is representing the village, even if that person is using a personal account on a home computer.
  • All users will be prompted to acknowledge their personal responsibility for using email appropriately every time they log into their village email accounts.

5.2 Inappropriate uses of email

Email is provided as a tool to assist village employees and officials in their day-to-day work, facilitating communication with each other, our constituency, and other stakeholders. The village email system is intended for official communications only, and it is everyone's responsibility to limit personal use of the system.

It is not acceptable to use the Village of Hidden Valley's email for

  • any illegal purpose
  • transmitting threatening, obscene, or harassing materials or messages
  • distributing confidential village data and information
  • interfering with or disrupting network users, services, or equipment
  • private purposes, such as marketing or business transactions
  • installing copyrighted software or computer files illegally
  • promoting religious and political causes
  • unauthorized not-for-profit business activities
  • private advertising of products or services
  • Modifying, obtaining, or seeking information about files or data belonging to other users, without explicit permission to do so

5.3 Enforcing appropriate use

  • The village has the right to address instances of email misuse through disciplinary action or termination, if necessary.
  • Messages relating to or in support of illegal activities must be reported to the appropriate authorities.
  • The village clerk has access rights to all email on the archiving appliance to monitor and ensure system security.
  • The village board will review alleged violations of the email appropriate use policy on a case-by-case basis.

6. Technical Security

The village's computer support vendor has primary responsibility for overseeing the technical security of the village's email management system.

  • The village's computer support vendor is responsible for providing and maintaining up-to-date anti-virus software, firewalls, and spam filters to protect the overall system from malicious email messages and other forms of sabotage.
  • In the event that email users receive unsolicited email (spam) or email with unexpected and suspect attachments, they must delete these emails and report them to the village clerk, who will confer with the village's computer vendor to assess the security risk.
  • Users should exercise similar care when linking to external websites from unsolicited messages.
  • Email users must employ passwords to access their email in the village email system and must change their passwords periodically.
  • As a general rule, email users must not share their passwords with other village officials or employees. In cases of planned or emergency absences, other personnel may be allowed to access the absent person's email, with prior approval from the village clerk.

7. Staff Departure

  • If a staff member or official separates from the village, the village clerk will place a hold on the email account of that individual until the account and computer can be reviewed for record content.
  • Any village emails maintained on a home computer by a former employee must be transferred to the village clerk for review and disposition.

8. Training

All village employees and officials will be trained in established email use and management policies.

Training will be provided to all village email users within the first ten days of employment or appointment, and to all employees when the policy is revised or the village changes its current email management system.

The village clerk will provide or arrange for training that will address the following topics:

  • identifying records, permanent records, and general records management practices
  • responsibilities of employees in records and email management
  • costs to the village and the individual of not managing email
  • use of the village email application and its relationship to non-system village email
  • appropriate use of village email accounts
  • responding to legal actions and FOIL requests

Training materials can also be obtained by contacting the village clerk.

Other Responsibilities

The person or persons responsible for certain functions associated with managing email are indicated throughout this email policy in boldface. Other responsible parties (and their respective responsibilities) are listed below.

1. Village mayor and village board

  • ensure an adequate budget allowance for maintaining the email management system
  • promote, support, and enforce this email policy
  • review alleged violations of the email appropriate use policy on a case-by-case basis and adopt disciplinary measures as needed

2. Village counsel

  • reviews and approves contracts with vendors to ensure they are consistent with village law and with the village's internal procurement practices

3. Village bookkeeper

  • maintains an inventory of all computer hardware and software as part of the village's fixed assets inventory

4. Computer support vendor

  • implements user profiles to allow village staff and officials to access the email and other records management applications

 

Sample Policy 2: Town of Big Thunder

Email Policies and Procedures
Effective October 2008

Email Management System Capabilities

Below are the capabilities of the management system maintained in town hall. The town also provides email accounts on the home computers of a small number of town officials who occasionally work at home. These accounts exist separately from the internal management system and do not have the following capabilities.

  1. Captures the text, attachments, and transmission data of an email message.

  2. Prompts individual users via a dialog checkbox (with three choices, as described under "Classifying Emails") to classify incoming and outgoing email messages before closing or sending the messages, and thus manages emails based on how users classify them.

  3. Includes an archiving module for permanent and six-year records with an interface that mirrors the main email interface, to reduce the need for further training.

  4. Stores permanent and six-year emails and their attachments in the email archive immediately upon receipt, replacing the actual file on an individual desktop with a stub file that links to the file in the email archive; deletes the archive pointers and short-term messages from the email system after sixty days, unless they are flagged for longer retention.

  5. Saves only one instance of emails as they are moved to the central email repository and destroys the copies.

  6. Prevents modification or deletion of archived email to ensure the town's email records are legally admissible in court. If a user forwards or replies to an archived email, the user creates a new email record.

  7. Archives individual emails in a directory structure that is arranged according to different departments. Access to individual emails within a department or across the archives is primarily via a search engine.

  8. Permits litigation holds that suspend destruction of those records (including backups) that may be relevant to an impending lawsuit.

1. General Policies

The town legally owns all emails that employees and officials create and receive in the process of conducting business on behalf of the town and its constituents. Employees and officials have no promise of personal privacy.

1.1 Ownership of email

All users of town email will be prompted to acknowledge that they understand this concept of ownership each time they log into the system.

Town officials and employees who do not have offices in a town facility or who must work after hours may sometimes conduct town business on home computers. These individuals must recognize that all town-related emails are public records that are covered by the Records Retention and Disposition Schedule MU-1 and by this town email policy, and are subject to disclosure under FOIL, a court action, or an audit.

Town officials and employees who work at home should have a separate town email account on their own computer. They should periodically forward town-related emails to the town clerk in folders that reflect the classification system described below (see "Classifying Emails").

1.2 Roles and Responsibilities

The management of email is the responsibility of town officials at all levels and includes everyone who uses email to conduct town business.

Below are the individuals who have specific responsibilities for managing the town's email. These responsibilities are indicated throughout this policy under each main subject heading and are also listed at the end under "Summary of Responsibilities."

  1. Town clerk, who is by law the town's records management officer (RMO), and who also functions as the records access officer

  2. Town attorney, whose services are retained by the town under contract

  3. Town supervisor and town board [or town council]

  4. Town bookkeeper [or deputy town supervisor or other appropriate official]

  5. Town IT director [or computer support vendor]

  6. Records advisory board, whose members are currently the town clerk (as RMO), town historian, legal counsel, and bookkeeper

  7. Email users, who can be anyone using email (including a town account on a home computer) to conduct business as a town staff member, elected official, or paid service provider. The town currently has approximately fifty email users.

1.3 Training

No employee will have use of a town email account without appropriate initial and ongoing training.

New employees will not have access to and use of a town email account until they are trained on the town's policies and procedures for managing email.

Ongoing training will be offered after upgrades, transitions to new email programs, and on an as-needed basis (at the request of an employee or if correction is required). See Section 10 for a description of the extent of our training program.

1.4 Policy review and updating

To ensure that this policy is current and relevant, it will be reviewed according to a set schedule and updated as needed.

The records advisory board will review this policy annually and modify it as needed to ensure that it is up to date.

The next review and revision of this policy will be in October 2009.

2. Maintaining the Email Management System

The technical maintenance of the system will be a coordinated effort involving several key players with defined roles and responsibilities.

2.1 Town supervisor and town board

  1. ensures an adequate budget for maintaining the email management system

  2. promotes, supports, and enforces this and other records management policies

2.2 Town clerk (as RMO)

a. ensures that appropriate state retention requirements are applied to all system documentation and associated records (use logs, group address books, master password register)

b. ensures that the current system and all future enhancements meet federal and state records requirements

2.3 Town IT director

  1. maintains the technical capabilities of the email management system through scheduled upgrades and migration

  2. implements user profiles to allow town officials and employees to access the email and other records management applications

2.4 Legal counsel reviews and approves contracts with vendors to ensure they are consistent with town law and with the town's internal procurement practices.

2.5 Town bookkeeper maintains an inventory of all computer hardware and software as part of the town's fixed assets inventory.

3. Classifying Emails

All email will be managed as correspondence according to a predetermined classification system. Users must classify email immediately on receipt or before transmission, and the system will automatically manage the email based on how the email is classified.

3.1 Classification system

Non-records

Email users are responsible for evaluating each email they receive to determine if it is or is not a record. Non-record emails are those that do not relate to the business or interests of this town. Non-records include listserv messages distributed to many recipients, spam, broadcast messages received by town officials and employees, and personal messages. A user may destroy non-record emails on receipt.

In addition, the town maintains a spam filter program that identifies and deletes all email that is presumably of a non-business nature, based on a combination of the sender name and address, keywords in the subject line, and the name of the attachment. Employees and officials have the opportunity to review filtered emails to determine whether any need to be restored, along with any attachments, to their mailboxes.

Email records

For email records, the town maintains an email management system that requires users to classify emails they send and receive through use of a dialog checkbox (with three choices) that appears when users try to send or close an email. The three categories that appear in the dialog checkbox are

  1. Permanent: Emails that document significant policies, decision making, or events, or dealing with legal precedents or significant legal issues. The system will route permanent emails to the email archive and flag them for permanent retention.

  2. General: Emails that contain legal, fiscal, or administrative information relating to town business; for example, those that initiate, authorize, or complete a town business transaction, and those that may be subject to a fiscal audit. The system will transfer general business emails to the email archive and flag them with a retention period of six years.

  3. Short-term: All of the emails listed below will be deleted from the system after sixty days unless they are deleted individually before that time.

    1. Emails having no informational, administrative, or fiscal value, such as transmittals, cover letters, invitations, and appointments

    2. Email records that are duplicates of official record copies. For example, if a recipient prints and files an email in a paper records system or stores a copy of that email on a shared network drive, that recipient may apply a shorter retention period to the email copy.

    3. Emails that are not records

    4. Individual emails that together constitute a continuous thread. The person who initiated the thread should classify the last email, containing all exchanges on the topic, as either permanent or general (six year) and the individual messages as appropriate for destruction after sixty days.

The categories above generally parallel the categories for correspondence indicated under item 10 in the State Archives' Records Retention and Disposition Schedule MU-1. The legal retention for emails with short-term fiscal, legal, or administrative value has been extended from "0 after no longer needed" to sixty days, for the convenience of email users.

Email users who use a town account on a home computer should create three subfolders that reflect the classification system above (Permanent, General, and Short-term). They should then periodically forward the folders to the town clerk, who will integrate the emails into the town's email management system.

In certain isolated instances, town officials and employees may receive or send emails that do not qualify as correspondence and therefore don't fit the three categories in the classification system. In such cases, they must forward these emails to the town clerk, who has the capability to override the classification system and apply retention periods other than permanent, six year, or sixty days, when appropriate. (Users of personal accounts should also follow this procedure.)

If a user receives an attachment with a retention period longer than the retention period of the message, the user must indicate in the checkbox the longer of the two periods.

The town clerk, as RMO, is responsible for working with staff and officials to clarify and provide ongoing training on which emails fall into each category and which emails may be exceptions to the classification system.

The records advisory board will periodically review the classification system to ensure that it reflects email use.

3.2 Compliance

The RMO, working with the town's technology vendor, will periodically audit the system to ensure users are classifying emails correctly. Those users who are not complying with the procedures will be required to undergo further training. If the problem persists, a user may lose his or her email privileges.

4. Access to Email

Access to email must be possible for the full retention period of the email but subject to strict controls to ensure against unauthorized or inappropriate access.

Users generally are limited to access to their own emails, unless they can demonstrate a need for access to the emails of another individual or department (for example, if they are working on a collaborative project or share a job function).

Email users have access to the emails in their individual accounts for sixty days, after which the emails will be purged. Users can continue accessing permanent and six-year emails that are older than sixty days in the email archive.

Users may file emails in their personal email accounts in any manner that is convenient to them. In the email archives, however, emails are filed first by department, and then by retention and disposition rather than by subject area or document type.

Town staff and officials must rely on a search engine to find individual emails.
To enhance searching, email users must assign intelligible subject lines to all outgoing emails. Users are encouraged to use consistent, meaningful terminology that mirrors file titles in the town's conventional paper filing system.

The town clerk, as RMO, and the IT director have access to all town email records in the email archive and can allow access to legal counsel and others on an as-needed basis. Access to certain emails relating to law enforcement investigations, court actions, and personnel matters may be restricted by law to specific individuals in town government. The town clerk will maintain a list of types of emails to which access must be restricted.

The town clerk, as records access officer, will respond to all FOIL requests involving email.

The IT director is responsible for ensuring access to email records for the duration of their retention periods.

5. Retention and Disposition

The system will manage the retention and disposition of sixty-day email automatically, and support the retention and disposition process for permanent and general emails. Certain circumstances (legal proceedings, FOIL request, audits, staff departures) will require that the town be prepared to suspend or supersede retention and disposition procedures.

5.1 Managing retention and disposition

The town clerk, as RMO, is responsible for advising on all retention and disposition issues associated with email, including the retention and destruction of backups.

Working with the RMO, the IT director ensures that appropriate technical measures are in place to preserve permanent and six-year emails (see "Preservation" section), destroy emails that have passed their retention periods, and halt the destruction of email, if needed.

Legal counsel is responsible for initiating the process of halting the destruction of records, including email and email system backups, in response to an impending legal case or some other need. Legal counsel must alert the town clerk (as RMO), who will contact the IT director to halt the destruction process.

Retention and disposition is tied to the town's classification system for email records, as indicated under Section 3, "Classifying Emails." Email users classify, and the system tags, emails as either permanent, general (six-year), or short-term (sixty-day) records when they receive or send an email.

The town clerk can apply a retention period that is not part of the classification system (permanent, six year, or sixty days) in isolated instances when appropriate.

5.2 Backups

The town creates backups of its email system as a disaster management strategy only. Backups are not intended to be archival copies of permanent records.

The Records Retention and Disposition Schedule MU-1 indicates that system backups should be retained for three backup cycles. Retaining backups for longer than the defined retention period exposes the town to unnecessary risks in the form of lengthy records searches if the town is served with a court order.

5.3 Suspending retention

The town is aware of its legal obligation to suspend all retention and disposition activities in the event of an impending lawsuit (see Section 6, "E-Discovery"). Emails may be retained once their retention periods have expired if needed for an impending or ongoing fiscal or program audit or a legal investigation.

5.4 Destruction

The system identifies the email records that must be destroyed after six years.

The IT director is responsible for destroying obsolete records, with prior approval from the town clerk. The current method of destruction is for the IT director to transfer records that have passed their retention periods onto CDs and arrange for the physical destruction of that storage media.

5.5 Staff Departure

If a staff member or official separates from the town, the town clerk must place a hold on the email account of that individual until the account and computer can be reviewed for record content.

This requirement may be waived when enough notice is provided in advance by the departing staff member so that the individual can appropriately deal with the records and is able to demonstrate this to the town clerk.

Any town emails maintained on a home computer by a former employee must be transferred to the town clerk for review and disposition.

6. E-discovery

Town staff and officials must be aware that all email messages, including personal communications, may be subject to discovery proceedings in legal actions, and all must know the appropriate response to an impending legal action.

Legal counsel will work with the town clerk (as RMO) to establish internal procedures for preserving evidence relating to imminent or ongoing legal actions. These procedures are subject to review by the town's records advisory board.

If a town staff member or official becomes aware of potential litigation, it is his or her responsibility to notify legal counsel immediately. The town attorney will determine what action, if any, needs to be taken.

Legal counsel will work with the presiding judge and opposing counsel to narrow the parameters of a records search as much as possible so as not to overburden the town's technical infrastructure.

In the event of an extended legal proceeding, the town clerk, working with the town's IT director, must ensure that records of potential relevance to the case remain accessible for the full extent of the proceeding, which may require moving relevant email records offline to storage media or a detachable drive.

7. Appropriate Use

Appropriate use will be handled and enforced as a serious security issue. Violation of the town's appropriate use policy can threaten the town's computer system, make the town vulnerable to legal action, and cause irreparable damage to the town's reputation.

7.1 Responsibility for appropriate use and system security

All users of the town's email are expected to know the difference between appropriate and inappropriate use of email. This appropriate use policy applies to anyone who is sending or receiving email as a representative of the town, even if that person is using an account on a home computer.

All users will be prompted to acknowledge their personal responsibility for using email appropriately every time they log into their email accounts.

7.2 Inappropriate uses of email

Email is provided as a tool to assist town employees and officials in their day-to-day work, facilitating communication with each other, our constituency, and other stakeholders. It is intended for official communication only, and it is everyone's responsibility to limit personal use of the system.

It is not acceptable to use the Town of Big Thunder's email services for

  1. activities unrelated to official assignments or job responsibilities

  2. any illegal purpose

  3. transmitting threatening, obscene, or harassing materials or messages

  4. distributing confidential town data and information

  5. interfering with or disrupting network users, services, or equipment

  6. private purposes, such as marketing or business transactions

  7. installing copyrighted software or computer files illegally

  8. promoting religious and political causes

  9. unauthorized not-for-profit business activities

  10. private advertising of products or services

  11. any activity meant to foster personal financial gain

  12. modifying, obtaining, or seeking information about files or data that belong to other users, without explicit permission to do so

7.3 Enforcing appropriate use

The town has the right and responsibility toa. log network use and monitor file server space utilization by users

  1. limit the personal use of email and emphasize to users that they have no promise of personal privacy

  2. restrict listserv membership to those listservs that are directly related to the job and the work of the town

  3. post key points of acceptable use onscreen when users log on to the email system

  4. add an automatic disclaimer with the basic principles of appropriate use at the end of all outgoing messages

  5. make clear that misuse will be addressed through disciplinary action or termination, if necessary, and that messages relating to or in support of illegal activities will be reported to the appropriate authorities

The town clerk and IT director have universal access rights to all email so they can monitor and ensure system security.

The town governing board will review alleged violations of the email appropriate use policy on a case-by-case basis. Violations of the policy that are not promptly remedied may result in termination of Internet and email services for the person at fault.

8. Technical Security

The town's IT director has primary responsibility for overseeing the technical security of the town's email management system, but the security of the town's system requires the cooperation of all email users. Technical security is ensured through a system of controls that include anti-virus software, firewalls, filters, and passwords.

8.1 System security features

The IT director is responsible for providing and maintaining up-to-date anti-virus software, firewalls, spam filters, and logs to identify unusual activity and to protect the overall system from malicious email messages and other forms of sabotage.

8.2 Handling suspect emails

In the event that email users receive unsolicited email (spam) or email with unexpected and suspect attachments, they must delete these emails and report them to the town clerk, who will confer with the town's computer vendor to assess the security risk. Under no circumstances should users open suspect email attachments. Users should exercise similar care when linking to external websites from unsolicited messages.

8.3 Reviewing filtered emails

Employees and officials have the opportunity to review filtered emails to see whether any should be restored to their mailboxes, along with any attachments. If work-related emails from the same source are consistently blocked, the user should contact the IT director to determine whether emails from that source can enter the user's account unimpeded.

8.4 Passwords

All users must use passwords to access their email. As a general rule, they must not share their passwords with other town officials or employees. In cases of planned or emergency absences, other personnel may be allowed to access the absent person's email, with prior approval from the town clerk.

Users will also be required to change their passwords periodically. The IT director will alert users when it is time to initiate the password change.

9. Preservation

Except where indicated the town will apply all preservation standards described in this section to both the permanent and general (six-year) email records, to ensure that even non-permanent records are accessible for their full retention periods in spite of rapidly changing technology.

9.1 Storing long-term email

As previously stated, end users will identify and isolate all records with a long-term retention period by indicating whether email records are permanent or general (six-year) before saving or closing messages.

The system will move permanent and six-year emails to the archiving server on receipt.

The IT director will ensure that email categorized as general is destroyed after six years and that permanent email is transferred from the email archive server onto temporary storage media after six years.

9.2 Software upgrades

The town clerk, with assistance from the IT director, will monitor new versions of email software to determine whether an upgrade is necessary, balancing the need to ensure accessibility for the full retention period against data loss that may occur with each data migration.

9.3 Format standard

The town has adopted XML as its long-term format standard for permanent and general (six-year) email records to ensure accessibility for the full retention period and to facilitate any future migrations.

9.4 Backups and long-term preservation

Backups of the email system are to be used for disaster recovery purposes only, for retention purposes. Data on backups are not indexed and are in a proprietary compression format, making it less likely that the data will be accessible long-term.

9.5 Media integrity

The town will ensure the ongoing integrity of media used to store long-term and permanent emails, as stipulated in the Regulations of the Commissioner of Education (Part 185, 8NYCRR).

10. Training

All town employees and officials will be trained in established email use and management policies. Training will occur immediately after employment or appointment and thereafter on a regular basis.

Training will be provided within the first ten days of employment or appointment, to all employees on an annual basis, and when the policy is revised.

The town clerk (RMO) will provide or arrange for training that will cover the technical aspects of the email system and the records management responsibilities of email users.

Employees who do not attend ongoing email use and management training are at risk of forfeiting their email use privileges. Training will address the following topics:

  1. Identifying records and general records management practices

  2. Responsibilities of employees in records and email management

  3. The costs to the town and the individual of not managing email

  4. Use of the town email application

  5. Appropriate use of their town email account

  6. How to write and communicate effectively via email

  7. Responding to legal actions and FOIL requests

Training materials can also be obtained by contacting the town clerk for a copy.

Summary of Responsibilities

1. Town clerk ensures the maintenance of all necessary system documentation and associated records for the mandated retention period

  1. ensures the maintenance of all necessary system documentation and associated records for the mandated retention period

  2. ensures the current email management system and future enhancements meet federal and state records requirements

  3. works with individual email users to clarify and provide ongoing training on classifying emails

  4. periodically audits the system to ensure appropriate classification

  5. allows access to emails in the email archives to legal counsel and others on an as-needed basis

  6. responds to all FOIL requests involving email

  7. advises on retention and disposition issues associated with email

  8. ensures that records involved in a protracted legal case remain accessible for the full extent of the proceeding

2. Town supervisor and town board [or town council]ensure an adequate budget for maintaining the email management system

  1. ensure an adequate budget for maintaining the email management system

  2. promote, support, and enforce the email and other records management policies

  3. review alleged violations of the email appropriate use policy on a case-by-case basis and adopt disciplinary measures as needed

3. Town attorney

  1. reviews and approves contracts with vendors to ensure they are consistent with town law and with the town's internal procurement practices

  2. initiates the process of halting the destruction of records in response to an impending legal case

  3. works with the town clerk (as RMO) to establish internal procedures for preserving evidence relating to imminent or ongoing legal actions

  4. works with the presiding judge and opposing counsel to define the parameters of a records search

4. Town bookkeeper [or deputy town clerk, or town manager]

  1. maintains an inventory of all computer hardware and software as part of the town's fixed assets inventory

5. IT director

  1. maintains the technical capabilities of the email management system through scheduled upgrades and migration

  2. implements user profiles to allow town staff and officials to access the email and other records management applications

  3. ensures access to email records for the duration of their retention period

  4. ensures that appropriate technical measures are in place to preserve permanent and six-year emails, completely and appropriately destroys emails that have passed their retention periods, and halts the destruction of email, if needed

  5. has primary responsibility for ensuring the technical security of the town's email management system

6. Records advisory board

  1. reviews this policy annually and modifies it as needed to ensure that it is up to date

  2. reviews the classification system to ensure that it continues to reflect actual email use

  3. reviews procedures for responding to an e-discovery action

7. Email users

  1. acknowledge they understand that the town owns all emails and that they have no expectation of personal privacy when using the system

  2. will not use personal email accounts to conduct town business, except in emergencies or when they cannot access a town email account

  3. classify email immediately on receipt or before transmission, identifying and deleting non-record emails and choosing one of three categories to assign to the email records

  4. assign intelligible subject lines to all outgoing emails

  5. notify legal counsel immediately on becoming aware of potential litigation that may involve email messages

  6. know and acknowledge, each time they log in, the appropriate and inappropriate use of email

  7. undergo training when beginning to work for the town and on an as-needed basis

Sample Policy 3:

State Office of Administrative Support and Analysis
Email Policies and Procedures

Effective October 2008

1. General Policy

Email is an information asset that is owned by the Office of Administrative Support and Analysis and therefore by the state and people of New York. As such, the agency is required to manage the email system appropriately and in a manner that is compliant with current laws and regulations. The management of email is the responsibility of everyone in the agency.

1.1 Purpose of this email policy

  1. Ensure the efficient management of email is a continuing administrative function of this agency

  2. Provide a clear legal basis for actions pertaining to email and a clear definition of who is responsible for each aspect of managing email

  3. Protect the rights and assets of the public and taxpayers by maintaining accessible, secure email records

  4. Ensure the systematic legal destruction of obsolete email records and preserve those emails that are permanent records

  5. Provide information quickly and easily when needed internally and by the general public

  6. Integrate email management into the agency's overall records management program

  7. Allow for the efficient extraction and transfer of archival email records to the State Archives

1.2 Ownership of emails

All agency staff are advised that the emails they use in their daily work are not their personal property. Staff should have no expectation of personal privacy for any email messages they create, receive, and maintain on their agency email accounts. All users of the email system will be asked to sign a statement acknowledging their understanding of this concept of ownership when first assigned an email account.

1.3 Staff who telecommute or travel

All users must be aware that any business-related emails they create on personal email accounts are subject to disclosure under FOIL, a court action, or an audit.

Program unit managers who supervise an employee who works at home on a regular basis (because of reasonable accommodation, for example) must contact the IT unit to acquire an agency-owned laptop for that employee.

Similarly, staff who conduct official business when traveling on behalf of the agency must use an agency laptop or PDA for state business, or rely solely on web access to their email accounts.

The IT unit will assign and distribute laptops or PDAs as needed, ensure each assigned laptop has the appropriate security controls, and provide dial-in and wireless access for each employee using an agency laptop to conduct agency business.

1.4 Instant messaging (IM) and voicemail

Currently only field staff use instant messaging (IM), and these messages are captured in our email system. These policies and procedures apply to the captured messages, as they do to all email messages. If, at some point in the future, agency voicemails are recorded and captured in our email system (voicemail via Voice Over Internet Protocol technology), these policies and procedures will also apply to the captured voicemails.

1.5 Roles and Responsibilities

Listed below are the staff members who have specific responsibilities for managing email. These responsibilities are indicated throughout this policy under each subject area. A comprehensive "Summary of Responsibilities" comprises Section 12.

  1. Records management officer (RMO), who is appointed pursuant to the Regulations of the Commissioner of Education and is the head of administrative services. The management of email is only one of the responsibilities the RMO has for coordinating the agency's records management program.

  2. Records access officer, who works in the Office of Counsel and is designated pursuant to the Freedom of Information Law

  3. Information security officer (ISO), who is appointed pursuant to CSCIC's Information Security Policy. The secure transmission and storage of email is only one of the responsibilities the ISO has for developing and overseeing information security operations. The ISO reports directly to the chief information officer (CIO).

  4. Information technology (IT) staff

  5. Program unit managers

  6. Legal counsel

  7. Records coordination committee, which consists of records liaisons from each program area. The director of information technology and the records access officer are ex-officio members of the committee.

  8. Email user, who is anyone assigned an account on the agency's email server

  9. State Archives, which eventually acquires legal and physical custody of the agency's archival email records

1.6 Training

No employee will receive an email account before undergoing training on the agency's policies and procedures for managing email. Training will also be offered after upgrades, transitions to new email programs, and on an as-needed basis (at the request of an employee or if correction is required). See Section 11 for a description of the extent of our training program.

1.7 Policy review and updating

The records coordination committee will review this policy annually and modify the policy as needed to ensure it is up to date.

This policy is scheduled for review and updating in August 2009.

2. The Email Management System

The Office of Administrative Support and Analysis has invested in an email management system that is a component of the agency's enterprise content management (ECM) system. The email system is designed to handle most aspects of managing email automatically.

2.1 System specifications

[Here a government or agency may indicate the name of the email program used, its relationship (if any) to other electronic systems, the geographic scope of the system, and any other physical or technical aspects of the email system that gives context to the email policies and procedures.]

2.2 System capabilities

  1. Filters spam messages, providing users with a listing of filtered email for their review.

  2. Captures instant messages sent and received by field officers, and has the capability to capture voicemail sent via Voice Over Internet Protocol.

  3. Filters for suspect content (explicit or harassing language) according to a predefined list of terms or combinations of terms. Also identifies and filters messages sent to external recipients that may contain Social Security numbers or other confidential information.

  4. Captures the text of the email message, attachments, and transmission data that identify the sender and recipients and the date and time the message was sent or received.

  5. Files emails in a file directory structure with one to two file folder levels (by function/retention and document type), based on predetermined business rules for each program area. File folders are linked to retention periods in the classification system. For more detail, see "Classifying Email."

  6. Stores all emails and their attachments in the ECM repository immediately on receipt, saving only one instance of emails in the repository and destroying the copies.

  7. Associates an email and its respective attachment.

  8. Provides secure levels of access (read-only or no access) down to the individual folder level in the repository, as appropriate.

  9. Provides a directory structure and search engine for all emails to which a user is allowed access in the repository.

  10. Prevents modification or deletion of emails once they are in the repository, to ensure their legal admissibility. If a user forwards or replies to an archived email, the user creates a new email record.

  11. Prompts IT staff when email records are ready for destruction, based on how users have classified them. IT staff then confer with the RMO to verify the records have passed their official retention periods.

  12. Includes a scrubbing application that is compliant with standards for secure data destruction established by the U.S. Department of Defense. Only staff in the IT unit can activate the scrubbing application, but only with prior approval from the RMO.

  13. Permits litigation holds that suspend destruction of records (including backups) that may be relevant to an impending lawsuit.

  14. Converts emails and attachments to XML while retaining the original message formats.

3. Maintaining the Email Management System

System maintenance requires the involvement and cooperation of many individual across the agency, including all users of the agency's email system.

3.1 Program unit managers

  1. support the work of the RMO

  2. ensure policy development and enforce compliance with policy

  3. foster cooperation between program areas

  4. ensure ongoing financial support for the technology, staffing, and staff training required to support a policy-based email program

3.2 Records management officer

  1. works with the IT unit and the State Archives to address all necessary system documentation and associated records (use logs, group address books, master password register) in a records schedule

  2. ensures that the current system and all future enhancements meet federal and state records requirements, including retention and disposition

  3. works with the agency's staff development unit to ensure all staff are educated on the records management aspects of email

3.3 Information security officer (ISO)

  1. works with IT unit staff to ensure all appropriate security controls are implemented and maintained

  2. works with the agency's staff development unit to provide annual, mandatory training to all staff on their role in managing email appropriately to ensure the security of the agency's information assets.

  3. monitors email use, reports to program managers about evidence of abuse, and administers corrective action to those staff members who are found to be misusing email

  4. develops and maintains the agency's overall information security policy, of which email management is one component

3.4 Information technology (IT) unit staff

  1. maintains the technical capabilities of the email management system through scheduled upgrades and migration

  2. implements and maintains user profiles to allow staff to access email and other records management applications in the ECM

  3. maintains an inventory of all computer hardware and software

  4. provides technical training on how to use the email system

  5. with approval from the RMO, implements the scrubbing application to destroy obsolete email records completely

3.5 Legal counsel reviews and approves contracts with vendors to ensure they are consistent with the state's technology procurement practices, as outlined by the Office for Technology, and with the agency's records management and email policies

3.6 Email users

  1. support the work of the RMO

  2. attend records management, security, and technical training on email

  3. classify all email promptly and appropriately

  4. understand the policies relating to email and manage their own email accounts in accordance with those policies

  5. report evidence of misuse or security breaches

4. Classifying Emails

The system will manage email according to business rules established during system design to reflect the use of email by individual program units and, in some instances, job functions. Users must classify email immediately on receipt or before transmission, and the system will manage the email based on how the email is classified.

4.1 Classification system

The system includes a spam filter program that identifies and deletes all emails that are of a non-business nature, based on a combination of the sender's name and address and keywords in the subject line and body of the email. Staff have the opportunity to review filtered emails to verify whether or not the emails are spam.

The system prompts individual users with a checkbox to classify incoming and outgoing email messages before closing or sending. The contents of the checkbox are customized for program unit areas that share the same function.

  1. The checkbox has no more than five choices for the function of the email records; each choice in the checkbox is linked to a file folder in the repository's directory structure, which is, in turn, linked to a retention period in a State Archives' retention schedule.

  2. The agency has worked with the State Archives to develop retentions based on function rather than on records series, to reduce the number of possible retention periods in a single program area.

  3. One choice in the checkbox is "not record." Emails that are not records are those that do not pertain to the business or interests of this agency. Non-records include personal messages and listserv messages distributed to many recipients. If a user checks "not record," the system deletes that email.

  4. Depending on the program unit to which a user belongs, the user's choice in the first checkbox may trigger a second checkbox indicating document type.

  5. The system then automatically files records chronologically.

The RMO, working with individual records liaisons, will periodically review the classification system to ensure that it reflects email use and the appropriate retention periods for email in their program areas.

The records coordination committee will review and coordinate requests for changes to the classification system with IT staff.

4.2 Compliance

The RMO, working with the program unit liaisons and the IT director, will periodically audit the system to ensure users are classifying emails correctly. Those users who are not complying with the procedures will be required to undergo further training. If the problem persists, a user may be subject to disciplinary measures.

5. Access to Email

Access to email must be possible for the full retention of the email but is subject to strict controls to ensure against unauthorized or inappropriate access.

5.1 Internal access

Users generally have access to their own emails in the repository and to units with which they share a specific job-related function. They can access the emails of other departments if they demonstrate the need (for example, if they are working on a collaborative project). Access to emails in the repository is read-only.

Users can search through files of emails in the repository based on records function or use the repository's search engine. To enhance searching, email users must assign intelligible subject lines to all outgoing emails. Users are encouraged to use consistent, meaningful terminology that mirrors file titles in the agency's other filing systems.

The IT director and ISO have access to all agency email records in the repository, and can allow access to legal counsel and others on an as-needed basis. Access to certain emails relating to legal investigations, court actions, and personnel matters may be restricted by law to specific individuals in the agency. The agency RMO will maintain a list of types of emails to which access must be severely restricted.

The IT unit is responsible for ensuring access to email records for the duration of their retention period.

5.2 Public access to emails

The agency provides public access to records in accordance with the New York State Freedom of Information Law (FOIL).

The records access officer will confer with the appropriate program unit and the IT director to prepare an appropriate, timely response to a FOIL request involving email.

FOIL requests received via email must be answered by email, if the agency has the ability to do so.

The records access officer will respond to a FOIL request within five business days. There are three responses the agency may make:

  1. Make the emails available

  2. Deny access in writing (citing the reasons for denial)

  3. Furnish a written acknowledgment of receipt of the request and a statement of the approximate date when the request will be granted or denied

If a request for access is denied, an appeals procedure is available. If the RMO (as records access officer) intends to deny access, the RMO must consult with legal counsel to ensure that this is an appropriate response.

6. Retention and Disposition

The system will manage retention and disposition on a regular basis, according to the classification that users assign to emails. Certain circumstances (legal proceedings, FOIL requests, audits, staff departures) will require the agency to suspend or supersede standard retention and disposition practices.

6.1 Managing retention and disposition

The RMO is responsible for advising on all retention and disposition issues associated with email, including the retention and destruction of backups.

Working with the RMO, IT staff will ensure that appropriate technical measures are in place to preserve emails (see Section 10, "Preservation"), destroy emails that have passed their retention periods, and halt the destruction of email, if needed.

Working with the RMO, IT staff will identify, extract, and transfer archival email records to the State Archives.

Legal counsel is responsible for initiating the process of halting the destruction of records, including email and email system backups, in response to an impending legal case or some other need.

Email users are responsible for classifying emails appropriately, since the agency's classification system is tied to retention rules.

6.2 Backups

The agency creates backups of its email system as a disaster management strategy only. Backups are not intended to be preservation copies of permanent records.

The State Archives' general records retention schedule indicates that system backups should be retained for three backup cycles. Retaining backups for longer than the defined retention period exposes the agency to unnecessary risks in the form of lengthy records searches if the agency is served with a court order.

6.3 Suspending retention

The agency must suspend all retention and disposition activities in the event of an impending lawsuit (see Section 7, "E-Discovery"). Emails may also be retained once their retention periods have expired if needed for an impending or ongoing fiscal or program audit or legal investigation.

6.4 Destruction

The system alerts IT staff when records have passed their official retention periods and are ready for destruction. IT staff notify the RMO, who authorizes destruction after conferring with the appropriate program unit liaison.

IT staff implement destruction, using the system's scrubbing application for secure destruction.

6.5 Staff departure

If a staff member will be separating from the agency, that staff member's supervisor must notify IT to place a hold on the account until the staff member's email, computer, and (if field staff) any portable communications tools can be reviewed for record content.

This requirement may be waived when enough notice is provided by the departing employee so that the employee can appropriately dispense with his or her records and can demonstrate this to the program area supervisor.

7. E-discovery

Agency staff must be aware that all email messages, including personal communications, may be subject to discovery proceedings in legal actions. All staff must know the appropriate response to an impending legal action.

Legal counsel (who is also the records access officer) will work with the agency RMO to establish internal procedures for preserving evidence relating to imminent or ongoing legal actions. These procedures are subject to review by the agency's records coordination committee.

If an agency staff member becomes aware of potential litigation, it is his or her responsibility to notify legal counsel immediately. Legal counsel will determine what action, if any, needs to be taken.

Legal counsel will work with the presiding judge and opposing counsel to narrow the parameters of a records search involving emails as much as possible so as not to overburden the agency's technical infrastructure.

In the event of an extended legal proceeding, the RMO, working with IT, will ensure that records of potential relevance to the case remain accessible for the full extent of the proceeding, which may require moving relevant email records offline to storage media or a detachable drive.

8. Appropriate Use

Appropriate use is a security issue. Violation of the agency's appropriate use policy can threaten the agency's computer system, make the agency vulnerable to legal action, and cause irreparable damage to the agency's reputation.

8.1 Appropriate use and system security

All users of the agency's email are expected to know the difference between appropriate and inappropriate use of email.

All users must acknowledge their personal responsibility for using email appropriately as a part of their orientation into the agency and thereafter each time they log into the system.

8.2 Inappropriate uses of email

Email is provided as a tool to assist agency employees in their day-to-day work. It is intended for official communications only, and it is everyone's responsibility to limit personal use of the system.

Conversely, the use of personal email accounts and technology to conduct agency business is explicitly prohibited. Personal email accounts and equipment suspected of being utilized to conduct agency business may be subject to search or seizure in the event of legal action that involves agency records.

It is not acceptable to use the agency email services for

  1. activities unrelated to official assignments or job responsibilities

  2. any illegal purpose

  3. transmitting threatening, obscene, or harassing materials or messages

  4. unauthorized distribution of agency data and information

  5. interfering with or disrupting network users, services, or equipment

  6. private purposes, such as marketing or business transactions

  7. installing copyrighted software or computer files illegally

  8. promoting religious and political causes

  9. unauthorized not-for-profit business activities

  10. private advertising of products or services

  11. Modifying, copying, or seeking information about files or data belonging to other users, without explicit permission to do so

8.3 Enforcing appropriate use

The agency has the right and responsibility to

  1. log network use and monitor file server space utilization by users

  2. limit the personal use of email and emphasize to users that they should have no expectation of personal privacy

  3. restrict listserv membership to those listservs that are directly related to the job and the work of the agency

  4. add an automatic disclaimer with the basic principles of the agency's appropriate use policy at the end of all outgoing messages

  5. make clear that misuse will be addressed through disciplinary action or termination, if necessary, and that messages relating to or in support of illegal activities must be reported to the appropriate authorities

The ISO and IT director have universal access rights to all email so they can monitor and ensure system security.

The agency's governing board will review alleged violations of the email appropriate use policy on a case-by-case basis. Violations of the policy that are not promptly remedied will result in termination of Internet and email services for the person at fault, and referral for disciplinary actions as appropriate.

8.4 Alternatives to email for work-related activities

Email is not appropriate for transmitting and documenting the following work-related activities:

  1. Information on impending personnel actions, such as employee disciplinary matters and performance evaluations

  2. Confidential information or information that can be used to breach personal privacy (such as Social Security numbers or medical information)

  3. Information that may jeopardize facility security

  4. Formal or official communications that merit a printed or electronic document because of their importance

In the above instances, staff are advised not to use email and, when needed, seek alternative forms of recordkeeping or create no unnecessary records. In addition, staff involved in cooperative projects may decide to use collaboration software or a shared directory rather than email to document and share information about that project.

9. Technical Security

The ISO and IT unit will work together to ensure the technical viability of the email management system, including providing training for and monitoring the use of all email users.

9.1 Staff training

The ISO has primary responsibility for formulating the agency's technical security policy and training staff about it. To provide effective training, the ISO will work with the agency's staff development unit.

9.2 System security controls

The IT unit works with the ISO to implement technical security measures for the agency's email management system. IT staff are responsible for providing and maintaining up-to-date anti-virus software, firewalls, spam filters, and intrusion detection logs to protect the overall system from malicious email messages and other forms of sabotage.

9.3 Handling suspect content

In the event that email users receive unsolicited email (spam) or email with unexpected and suspect attachments, they must delete the emails and report them to the ISO, who will confer with IT staff to assess the security risk. Under no circumstances should users open suspect email attachments.

Users must exercise similar care when linking to external websites from unsolicited messages.

9.4 Handling filtered email

Agency staff have the opportunity to review filtered emails to see whether any of them should be restored to their mailboxes, along with any attachments. If work-related emails from the same source are consistently blocked, the user should contact the IT unit to determine whether emails from that source can enter the user's account unimpeded.

9.5 Passwords

All users must use passwords to access their email. They must not share their passwords with anyone who works in the agency or with anyone outside the workplace.

The system will enforce the use of passwords for emails by prompting employees to change their passwords every six months. Employees who fail to change their passwords when prompted will lose access to their email accounts. Reinstatement of access privileges will be possible only by working with IT staff.

10. Preservation

The agency will apply all preservation standards described below to any records with a retention period of longer than three years to ensure that even the non-permanent records are accessible for their full retention period in spite of rapidly changing technology.

10.1 Software upgrades

IT staff will monitor new versions of email software to determine whether an upgrade is necessary, balancing the need to ensure accessibility for the full retention period against data loss that may occur with each data migration.

10.2 Format standard

The agency has adopted XML as its long-term format standard to ensure accessibility for the full retention period and to facilitate any future migrations. The system automatically creates a copy of each email in XML.

10.3 Backups and long-term preservation

Backups of the email system are to be used for disaster recovery purposes only, not for retention purposes. Data on backups are not indexed and are in a proprietary compression format, making it less likely that data will be accessible long-term.

10.4 Media integrity

Per regulations, IT staff will institute the following maintenance procedures for electronic media that contain permanent emails:

  1. Verify the media are free of potentially damaging errors.

  2. Rewind under constant tension all tapes at least every two years.

  3. Annually test a three-percent statistical sample of all units of media to identify any loss of data and to discover and correct the causes of data loss.

  4. Copy immediately onto new media any permanent or archival emails stored on media that contain a significant number of errors or show signs of physical degradation.

  5. Copy all permanent or archival emails onto new media before the media are expected to fail, and always before the media are ten years old.

  6. Prepare external labels to identify each media unit, the name of the organizational unit responsible for the records, and the records title.

10.5 Transferring archival email records to the State Archives

The agency will request that State Archives staff appraise potentially archival records for possible transfer to the State Archives. Some email messages may be retained in the agency permanently for long-term administrative use, although they may not be archival. Prior to transferring the email records, the RMO will work with the State Archives to ensure that the records are stored on removable storage media and in formats that are consistent with State Archives standards.

11. Training

Training on the technical aspects of the email system, these email management policies, security, and appropriate use will be part of a new staff member's orientation and will thereafter be ongoing.

All agency employees will be trained on these email management policies within the first ten days of their employment and thereafter on an annual basis or whenever the policy is revised.

The RMO will provide or arrange for training that will cover the records management issues associated with email and the records management responsibilities of email users.

IT staff will ensure that all employees receive training on the technical capabilities of the email program.

The ISO will implement annual, mandatory training on system security, including the use of email and the Internet.

Employees who do not attend mandatory email use and management training are at risk of forfeiting their email use privileges. Training will address the following topics:

  1. Identifying records and general records management practices

  2. Responsibilities of employees in records and email management

  3. The costs to the organization and the individual of not managing email

  4. Use of the government email application

  5. Appropriate use of their government email account

  6. How to write and communicate effectively via email

  7. Responding to legal actions and FOIL requests

Training materials will be made available on the agency's intranet site, and can also be obtained by contacting the agency's RMO for a copy.

12. Summary of Responsibilities

12.1 Records management officer (RMO)

  1. works with the IT unit and the State Archives to address all necessary system documentation and associated records (use logs, group address books, master password register) in a records schedule

  2. ensures that the current system and all future enhancements meet federal and state records requirements, including retention and disposition

  3. works with the agency's staff development unit to ensure all staff are educated on the records management aspects of email

  4. works with the program unit liaisons and the IT director to audit the system periodically and to ensure users are classifying emails correctly

  5. advises on all retention and disposition issues associated with email, including the retention and destruction of backups

  6. works with IT to identify, extract, and transfer archival records to the State Archives

  7. approves destruction of obsolete records, after conferring with the appropriate program area liaison

12.2 Legal counsel

  1. (as records access officer) confers with the appropriate program unit liaison and the IT director to prepare responses to FOIL requests within five business days

  2. reviews and approves contracts with vendors to ensure they are consistent with the state's technology procurement practices, as outlined by the Office for Technology, and with the agency's records management and email policies

  3. initiates the process of halting the destruction of emails in response to an impending legal case or some other need

  4. works with the agency RMO to establish internal procedures for preserving evidence relating to imminent or ongoing legal actions

  5. works with the presiding judge and opposing counsel to narrow the parameters of a records search involving emails as much as possible

12.3 Information security officer (ISO)

  1. works with IT staff to ensure all appropriate security controls are implemented and maintained

  2. provides annual mandatory training to all staff on their role in managing email appropriately to ensure the security of the agency's information assets

  3. monitors email use and administers corrective action to those staff members who are found to be misusing email

  4. develops and maintains the agency's overall information security policy, of which email management is one component

  5. has universal access rights to all email, to monitor and ensure system security

12.4 Information technology (IT) staff

  1. assign and distribute laptops as needed, ensure each assigned laptop has the appropriate security controls, and provide dial-in and wireless access to each employee using an agency laptop to conduct agency business.

  2. maintain the technical capabilities of the email management system through scheduled upgrades and migration

  3. implement and maintain user profiles to allow staff to access email and other records management applications in the ECM

  4. maintain an inventory of all computer hardware and software

  5. provide technical training on how to use the email system

  6. ensure that appropriate technical measures are in place to preserve emails, completely and appropriately destroy emails that have passed their retention periods, and halt the destruction of email, if needed.

  7. implement destruction of obsolete records, with approval from the RMO

  8. work with the RMO to extract and transfer archival email records to the State Archives

  9. ensure that records of potential relevance to a legal case remain accessible for the full extent of the proceeding

12.5 Program unit managers

  1. must contact the IT unit to acquire an agency-owned laptop for employees who work at home or travel

  2. support the work of the RMO

  3. ensure policy development and enforce compliance with policy

  4. foster cooperation between program areas

  5. ensure ongoing financial support for the technology, staffing, and staff training required to support a policy-based email program

  6. notify IT about an impending staff departure to review that staff member's email account for record content

12.6 Records coordination committee

  1. reviews this policy annually and modifies the policy as needed to ensure it is up to date

  2. reviews the classification system to ensure that it reflects email use in each program area

  3. with IT staff, reviews and coordinates requests for changes to the classification system

  4. reviews, updates, and approves procedures for responding to e-discovery

12.7 Email users

  1. support the work of the RMO

  2. attend records management, security, and technical training on email

  3. apply policy relating to email and manage their own email accounts in accordance with that policy

  4. report evidence of misuse or security breaches

  5. classify incoming and outgoing email messages before closing or sending the messages

  6. understand the difference between appropriate and inappropriate uses of email

  7. acknowledge their personal responsibility for using email appropriately as a part of their orientation into the agency and thereafter when logging into the system.

  8. implement security measures for their email accounts (such as the use of passwords), as outlined in policy

12.8 State Archives

  1. appraises potentially archival email records, and acquires legal and physical custody of all archival email records

  2. provides technical advice on all aspects of managing email records, including retention and disposition
To report technical problems with this web site, please contact the New York State Archives at ARCHINFO@mail.nysed.gov.

The New York State Archives is part of the Office of Cultural Education, an office of the New York State Education Department. Privacy Policy - Terms of Use - New York State