670 likes | 690 Views
Email Management and Best Practices. Greater Chattanooga Area Chapter. WHY?. Need You Ask????. Emails Can Be Official Records. An electronic mail message or “email” consists of a digitally created, transmitted, and stored message and any attached digital documents.
E N D
Email ManagementandBest Practices Greater Chattanooga Area Chapter
Emails Can Be Official Records An electronic mail message or “email” consists of a digitally created, transmitted, and stored message and any attached digital documents. Federal, state and local governments use email for a variety of tasks such as sending and receiving internal and external correspondence, distributing memos, circulating drafts, disseminating directives, transferring official documents, and supporting various business processes of the organization. As such, email messages are potentially official government records, and as both federal statutes and case laws make clear, email must be included in your overall records management strategy.
Emails Can Be Official Records, continued Email documents that hold information about the day-to-day operations of state and local government must be easy to locate; those that hold information of long-term or permanent value must be adequately protected; and those with transitory value must be deleted when no longer needed. Allowing email to be managed by personal preference or routine system back-ups and administrative procedures that treat all email alike can result in serious legal, operational, and public relations risk. By establishing policies, applying records management procedures, and training users, you can create an environment that promotes successful management of email records.
Average Emails Per User Per Day 123 44 Source: Taneja Group
Records Found Exclusively in Email Shipping Notifications Supplier Contracts Employee Vacation Request Expense Approvals Budget Approvals Project Approvals Internal Correspondence External Correspondence Requisitions Employee review Legal Opinions Filings 3rd Party Subpoenas Quarterly Reviews Vendor Transmittals Contract Negotiations
Emails May Contain Sensitive Data HR Records Sensitive Corporate Financial Data Non-Disclosure Documents Trade Secrets Credit Card Information PCI Health Care Information HIPPA Customer PII Intellectual Property Employee Data - PII
Legal Mandate 1 - Armstrong v. Executive Office of the President In this 1993 case, a federal court found in favor of a group of researchers and nonprofit organizations who wanted to prevent the destruction of email records created during the Reagan administration. The court determined that federal government agency email messages, depending on content, are public records and that complete metadata must be captured and retained with the email record. Although a federal decision, this litigation strongly influenced government agencies at all levels, and agencies began pa paying closer attention to their email records management practices, including the capture of metadata.
Legal Mandate 2 - Zubulake v. UBS Warburg LLC The 2003 case of Zubulake v. UBS Warburg LLC has also been a major influence on the courts when determining what electronic records need to be produced during litigation. The five decisions from this case help provide a baseline standard of what needs to be available for litigation purposes; including ensuring that all relevant documents are able to be discovered, retained, and produced when necessary. The Zubulake decisions also prompted the idea of a ‘litigation hold’ on electronic records. This hold ensures that documents, if they relate to current or future litigation, must be retained as long as necessary, including past their retention period if it has already past.
Legal Mandate 3 - Federal Rules of Civil Procedure In 2006, the Federal Rules of Civil Procedure (FRCP) were amended to specifically address: Discovery issues for “electronically stored information” (ESI) Including email.
Standard Email Metadata Fields Microsoft Outlook has 180 available metadata fields Custodian –Owner of the mail container file or account collected; To –Addressee(s) of the message; From –The e-mail address of the person sending the message; CC –Person(s) copied on the message; BCC –Person(s) blind copied on the message; Date Sent –Date the message was sent; Time Sent –Time the message was sent; Subject –Subject line of the message; ttp://www.craigball.com/metadataguide2011.pdf
Email Metadata Date Received –Date the message was received; Time Received –Time the message was received; Time Opened? Time Read? Attachments –Name(s) or other unique identifier(s) of attachments; Mail Folder Path –Path of the message to its folder from the root of the originating mail account; Message ID –Microsoft Outlook or similar unique message identifier; and Text –The extracted text of the message body.
Where To Store Email Records? Where in e-mail? –E-mail server –Users’ PST files E-mail archiving system SharePoint / other DMS Records management system Printed and stored Which will be your system(s) of record? Does this provide appropriate controls
Principles For Managing Records Preserve original content Apply access controls Apply retention Time- based Event-based Event+Time based Execute Final Disposition (Delete / Expunge)
Zone 1 All emails are automatically deleted from a user's personal inbox after a set time period unless the user marks the email for further use. The common time period is 90 days, but the timeframe is organization definable. This keeps a user's inbox relatively small and current. The user takes no actions against the emails that have no business value, including spam and junk mail that make it past the organization’s filters. The user simple ignores those messages and they will automatically be deleted at the pre-set interval. The user may, at his own discretion, manually delete the messages at his own choosing. : . .
Zone 2 The emails in this zone have business value to the user, but are not records. Should the user choose to retain the messages longer than the 90 day pre-set period, then the user may drag and drop the messages into a Zone 2 folder in his mailbox. New content in the user’s Zone 2 folder will be detected by the organization’s email archiving system. The new Zone 2 content will then be automatically captured and moved into the email archive system for de-duplication and storage. The system could be configured to permit convenience copies of Zone 2 content to be left behind in the user’s inbox. Convenience copies will also be automatically deleted after 90 days. : . .
Zone 3 User drags and drops the messages that they judge to be organizational records into the Zone 3 folder for preservation. For manual classification, the user is prompted by the records management system to classify the message and/or attachments. Most top tier records management vendors provide auto-classification tools. Users need only to drag and drop Zone 3 messages into the Zone folder and the auto-classification software does the rest. Emails and attachments that are left behind in the Zone 3 folders may also be scheduled for automatic deletion after 90 days.
Advantages of 3 Zone Approach Emails are managed appropriately according to content and function. Spam and junk emails are automatically deleted without requiring user intervention. Emails that have business value will be set aside for archiving by the mailbox owner. Emails that meet the organization’s definition of a record will be automatically captured and classified using auto-classification tools.
Advantages of 3 Zone Approach, continued Archived email will be de-duplicated so that a single copy is retained [Zone 2] Email records will be de-duplicated so that a single copy is retained [Zone 3] Retention periods will be applied to all email content Records management discipline will be applied to all content designated as records Emails will be deleted when they reach the end of their retention (unless a hold is applied).
Disadvantages of 3 Zone Approach Relies upon the users to (1) identify and (2) drag and drop messages into the Zone 2 or Zone 3 folders Users may be required to use multiple search tools, each with a different user interface, to search for emails. Users may be required to the use the search tools provided by the email system to search for content in Zone 1. Users may be required to use the search tools provided by the email archival system to search for Zone 2 content. And, finally, users may be required to use the search tools provided by the records management application to search for Zone 3 records.
Capstone Developed by NARA Emails are their own record category No classification of email is needed All email will be retained with one of two possible retentions applied. Permanent Temporary Monolithic retention applied to temporary mail 5 years 7 years 10 years
Capstone Capstone should improve email records management by simplifying the records schedule for email, and automating email capture and management. Capstone should greatly reduce the records management burden on individual email users by: basing email records retention on the mailbox owner’s role in AGENCY rather than on the content of each email record. and automating email capture and management according to the simplified, role-based Capstone retention periods.
Advantages of Capstone Email is retained systematically for a specified period Business as usual for users Meets retention requirements for monolithic period(s) Facilitates legal holds No training of auto-classification tools is required Implementation will be completely transparent to users Low cost to implement Easiest email management solution for both users and records administrators
Disadvantages of Capstone AGENCY users will still have to understand that the materials they create and receive day-to-day may or may not be records, whether email or not, and to use tools in the email system to weed out non-records (including personal emails) before capture as an official record. AGENCY will provide guidance and training on how to use both the email system and the electronic recordkeeping system. This will include identifying record and non-record email, weeding out non-record email, and other filing requirements and responsibilities When business needs require email records to be retained with other records (such as part of a case file) in another recordkeeping system, you should manage these records outside of the electronic recordkeeping system and retain them according to the appropriate AGENCY Records Schedule series instructions.
Email Managed Folders Managed folders are pre-defined folders with assigned retention periods to aid users with personal email management and institutional compliance. Retention periods vary for each folder and should be used conscientiously. Users should be prohibited from storing or establishing rules to store all messages to long-term storage folders Calendars: Entries are retained for 2 years. Inbox: Messages are retained for 12 months from the date of the message Sent Mail: Messages are retained for 2 years from the date of the message Drafts: Messages are retained for one month from the date of the draft Junk Mail: Messages are retained for one month from the date of the message. Deleted Items: Messages are retained for 3 days and are available for users to recover from the server for 30 days. Managed Folders: Marked permanent, 10 years, 5 years, 3 years, and 2 years
Creating Email Managed Folders Trash Medium Term Records 5 year retention Long Term Records 10 year retention Short Term Records 2 year retention Working Documents up to 1 year retention Indefinite Event-driven retention
Email File Plan Considerations Identify which records to be retained exclusively in e-mail vs. other media Specify which function or organization will be record owner (vs. convenience copies) Determine any necessary role or function requirements Address country-specific privacy exceptions or customizations Segment go-forward vs. legacy data Create archiving and e-mail server system configuration settings Determine strategy for permanent and indefinite records
Email File Plan Advantages Users work with folders within Outlook, which are familiar and comfortable, filing e-mail as usual • Results in immediate and sustained reduction in e-mail volume • Accepted process, recommended by The Sedona Conference for legal defensibility • Exceptions can be made for high-impact Executives for longer retention and initial hand-holding to setup folder structures and migrate legacy data
Email File Plan Disadvantages Requires RIM training, audit, & monitoring • Places burden on employees to classify records to save them longer than a default period • One Time Employee burden to classify “Legacy” e-mail • One Time IT project to ingest PSTs into Archive
Email Archiving HOW?
Best Practices Responsibility to Declare an Email Record. Policy should dictate that the sender/originator is responsible for saving the message as a record, not the internal recipients. Impact of copying and forwarding function. Email has the capability of being copied and forwarded to numerous individuals, and messages may be retained long after the intended function has been completed. Keep email free of personal opinions and inappropriate commentary. Never create a message that you would not want to appear on television or in the newspaper. Use of Distribution Lists. If you send to a "distribution list," you must also keep a copy of the members of that list for as long as you are required to keep the message itself. It is of little value to know that the "Security Alert" notice went to "Security Team A" without knowing if Joe Coordinator was on the list and received the message
Best Practices Handling Attachments. The content of the attachment will determine if it is a record. If the attachment is a record, the message should be treated as a compound document, and the relationships between all components of the message must be maintained to ensure a complete and accurate record. If the electronic message is a record and contains attachments, the attachments must be retained as part of the record. Retention should be defined by the longer of (1) the retention requirements for the message or (2) the retention requirements for the attachment. If your office transmits attachments via email, when possible, consider placing the documents on a shared drive or making them available across a local area network. This will ease the pressure on the users who must manage the attachments, and on the email system's storage capacity.
Best Practices Handling Drafts. Usually, drafts are not retained as official record copies because they do not represent the final, authorized position of the organization. Drafts should be purged immediately after the final version has been approved. Handling Copies/Duplicates. Departments commonly use email to disseminate information to groups of personnel. This practice results in the creation of multiple copies of the same message. The official record copy is usually the creator's copy and the creator is responsible for retention of the record. If the message and/or the attachment is edited and then forwarded, the forwarding individual (rather than the message creator) is considered the official record copy owner and responsible for the record's retention. All other copies of the message should be deleted as soon as they are no longer needed by the recipient.
Best Practices Handling EMail Threads. A thread, also called a string, is an email conversation of at least one response on a similar subject. The conversation can be broken or continued over time, or the topic changed during the conversation. After the last email message on the original topic is sent, the individual responsible for maintaining the record copy shall file the thread according to content, not necessarily by subject line. The date filed is the start trigger for the retention period. All other participants in the message thread should delete their copy as soon as it is no longer needed. Transmission of Confidential and Sensitive Information. Do NOT use email to communicate confidential or sensitive (PII, PHI) records unless authorized by policy.
Best Practices Email records must be maintained in a usable format throughout the approved retention period. If the record is to be maintained in an electronic format, it must be migrated to new software and storage media as upgrades occur. If the email is printed out and retained in paper form, all envelope information must be printed and retained with the record. Email records should be deleted promptly as soon as the approved retention period has expired. Deleting records systematically and promptly limits risks in the retention of records that are no longer needed and significantly reduces space and cost requirements to maintain the email. Approved retention times must also be applied to backups containing copies of the email records. If the records continue to be maintained on backups beyond the approved retention time periods, the information still remains accessible and subject to discovery and open record requests.
Best Practices Netiquette and communication standards. When creating records using email, follow standards you would use in formal business communications, i.e. use standard business letter layout, business language, and proper grammar and punctuation. See "Netiquette Guide" for additional information.