University of Exeter
Records Management Guidance Notes: E-mail
1. Introduction
1.1 E-mail is an essential tool for University staff and in many instances forms the only record
of a decision or action taken. The University has a legal obligation under the Freedom of
Information Act to manage records (including emails) effectively. Without appropriate
management there is a risk that important business records are lost and sensitive or
confidential information is inadvertently disclosed.
1.2 This guidance covers the management of email records as opposed to email
correspondence.
Email correspondence can be thought of as the ephemeral
correspondence that should be regularly deleted. Email records are more important, they
record a decision, action or policy and should be managed professionally in the same way
as other records.
1.3 E-mails created for the purpose of University business should be considered as a formal
means of communication and potentially important records. All staff have a responsibility to
create, capture and destroy emails appropriately. It is important that email records are
actively managed to ensure that they remain accessible, comply with legislation and do not
use unnecessary server space.
2. Managing e-mails
2.1 Creating Records
E-mails both internal and external are ‘on the record’ and whatever is written in an e-mail may
be seen by individuals other that than the original recipient. As potential records it is important
that emails contain clear and complete information.
Ensure that the subject line clearly identifies what the message is about, and try to separate
different issues into different emails. Consider who needs to receive a copy of the email and
whether to keep a copy your self.
If you have access to a secure shared server/intranet consider asking colleagues to view files
directly rather than email attachments. More advice on creating emails can be found on IT
Services webpages1.
2.2 Organising and accessing e-mails
E-mails should be organised in the same way as other records. They should be filed, retained
and destroyed as necessary. The value of each email depends upon its content, therefore
emails should be managed differently according to the content of the message e.g. important
student related messages may be put in the student file, other records may be printed and filed
accordingly, or stored electronically.
Access to emails is limited to the owner of the mail box, shared mail boxes can be helpful when
several colleagues regularly need to deal with the same emails, however emails will generally
1
https://its.exeter.ac.uk/email/goodpractice.php
1
CHD
November 2009
be sent to personal email addresses with restricted access. Where possible try to store emails
which have significant importance in a way which enables colleagues to access them, this may
mean printing emails or saving them as text/html files on a shared server.
Before staff leave the University they should review their emails to ensure that access to
records is not lost and that they are transferred out of personal inboxes.
2.3 Deleting e-mails
E-mails should not be retained indefinitely, most do not need to be kept beyond the timeframe of
the subject to which they refer. Outlook will automatically archive emails after a fixed period,
this does not delete the records and should not be used as a substitute for formal retention and
destruction procedures.
Due to the range of information within emails, it is not possible to have standard retention rules
for emails. They should be retained according to their content and in line with equivalent paper
records. Retention periods are decided according to legislative and operational requirements
and their potential historical value. Recommended Retention Schedules are available on the
Records Management website2, if your records are not yet covered by these schedules contact
the Records Manager3 for advice.
3. Determining which emails are records
3.1 Email records should be managed in line with retention schedules whilst email
correspondence should be routinely deleted. In determining which emails are actually
records you should consider:
• Does the email have value to the University?
• Does the email record a University decision?
• Does the email provide evidence of an action taken?
• Does the email have value to other people?
• Is the information covered by a Retention Schedule?
• Am I responsible for retaining this information?
If the answer to any of these is yes, it is likely that the email is a record.
3.2 It is not normally necessary for both the sender and recipient to retain copies of email
records (although they may be kept in the short term for informational value). It will vary
from case to case as to who is responsible for retaining the record, but it will normally be
obvious. For example a committee secretary circulating minutes will be the owner and
therefore responsible for retaining a copy, a member of staff forwarding a Freedom of
Information request to the Records Manager will know that the Records Manager will retain
a copy. In a string of emails it is normally sufficient to keep only the last email sent as long
as it contains all previous emails which are complete and have not been edited.
3.3 Where an email is being used to circulate an attachment, it is unlikely that the email itself
will be part of the record (unless it is required as evidence that the record was sent at a
particular time), it is more likely that the attachment itself is the formal record and the
2
3
http://as.exeter.ac.uk/library/about/special/recordsmanagement/records/guidance/
recordsmanagement@exeter.ac.uk
2
CHD
November 2009
creator would normally be the owner and responsible for its retention. An indicative list of
email records is provided in Annex A.
4. Security and other issues
4.1 Care should be taken before sending any sensitive information via email, the Information
Security team can advise on technical security issues. If email is an appropriate means to
communicate the information you should ensure that the message is sent to the correct
person and remember that if on holiday the individual may have set up an automatic
forward to the address of a colleague. Be careful about sending sensitive information to
generic e-mail accounts that may be accessible by several people.
4.2 Do not leave your e-mail account logged in unless password protected and do not share
password with anyone. If your computer has a single sign in and you are not required to
enter your password to access your email you should lock your computer using the screen
saver when you are away from your desk.
4.3 E-mail is not always the most appropriate form of communication and thought should be
given when deciding how to communicate a message. Often a quick telephone call can
save time, ensure that the message is understood and acted on immediately, other times a
formal signed letter is more appropriate.
3
CHD
November 2009
Annex A
Examples of email records
The following table provides a sample of email categories that are likely to be email records the
list is not exhaustive.
Category
Formal Agreements
Decisions/confirmation of action
Confirmation of completion
Invoices/purchase order
External enquiries
Examples
Approval of contracts, project plans, policies, strategies
Approval to spend money or carry out a particular activity
Project sign off, receipt of goods
Complaints, enquiries, requests for information
The following table provide a sample of email categories that are unlikely to be email records the
list is not exhaustive.
Category
‘For Information’ / Short
reference
External circulars / Marketing
Circulated
papers
meetings/committees
Draft documents for comment
Meeting arrangements
Personal messages
Examples
term News in Brief, updates on building works/maintenance
issues
Mailing list correspondence
for Copies of meeting papers/minutes (these should be
retained by the secretary of the group only)
The author should retain appropriate copies)
Room bookings
Invitation to lunch
4
CHD
November 2009