Government

Previous | Table of Contents | Next

Email Management Guidelines

2. Institutions must collect and capture all business-related email

In accordance with the Policy on Information Management, institutions are obligated to collect, create, receive and capture all business related records including email that contains corporate memory information or data used to make a decision or to initiate an action.

• To support service delivery, informed policy and decision making, and business, legal, and accountability requirements
• To ensure its relevance, reliability, and completeness
• To optimize its sharing and re-use, in accordance with policy and legal obligations
• To document decisions and decision-making processes to account for government operations, reconstruct the evolution of policies and programs, support the continuity of government and its decision-making, and allow for independent audit and review
• To reduce the response burden by avoiding the unnecessary collection of information.

There are some fundamental questions relating to management of all of these records, and one is the matter of how many instances of a record should be allowed to exist. The more copies, and the more places they can be kept, the more challenging it is to manage them. In order to facilitate the next step in the Life Cycle (Organization), it is also important that metadata, information about the messages be preserved. Metadata may include the name of the sender and the names of intended recipients, date sent, date received, subject and many other details that can be used to file and retrieve the messages at a later date.

Expected Outcome

In any given federal government institution, the following benchmarks will have been achieved:

• All users of email will create, send, receive, forward and store email messages in accordance with these Email Management Guidelines and all applicable recommendations.
• Employees will know which messages to keep or dispose of, and will manage their own individual mailboxes and folders on a regular basis.
• Only one instance of an email message will be kept, and it will be kept in an approved repository where it will have the status of "copy of record."
• Attachments will be stored with the message, or, if not, will be reliably linked to the message.
• Metadata related to email messages will be preserved.

2.1. Create, send and store email messages in an organized way

Any message that contains information used in (or considered in, or about) a transaction, decision or action taken in the course of business of a government institution, should be preserved..

The following diagram illustrates the recommended process for creating, sending and storing email messages in the Government of Canada.

Step 1: Start  -  you create an email message

Step 2:

1. Decide if message is not departmental business. If message is not departmental business the process ends and the message can be deleted at will
2. Decide that message is departmental business, if yes proceed to step 3.

Step 3: If it is departmental business, decide if it is a Transitory Record or a Business Record. Transitory Records should be retained until they are no longer useful and at that point the message can be deleted. End of process. Business Records should be classified. Option one: set maximum retention period, per legislation. Option two: set (minimum) retention period per schedule.

Step 4  -  After message has been retained as a business record for the appropriate period, there are three possibilities:

1. be designated as an Archival Record and retained as a permanent record. Process ends.
2. In some special cases, you or the organization may identify that this message will be (or may be) required as evidence in a legal proceeding. Or, if you or the organization have reason to believe that it may be required as evidence. In this situation, legal counsel should be informed of the message’s existence and they will initiate a retention hold order if appropriate.
3. Be scheduled for disposal, or a hold order is applied to extend retention period. At the designated time the message should be deleted. Process ends.

2.2. Receive and store email messages in an organized way

Any received message that contains information used in (or considered in, or about) and that results in a transaction, decision or action taken in the course of business of a government institution, should be preserved.

The following diagram illustrates the recommended process for receiving and storing email messages in institutions.

Step 1: You receive an email

Step 2:

1. if message is not departmental business, delete at will. End of process.
2. If message is departmental business but not your direct responsibility, forward to the appropriate party and confirm receipt. Your part of the process ends.
3. If the message is departmental business, and you are responsible for any decision, response, or action then proceed to step 3.

Step 3:

1. if the record is Transitory, keep it until it is no longer useful and then delete at will. End of process.
2. If the record is a business record, it will be classified either for the maximum legislated retention period or as a record that can be retained for the minimum period and disposition according to a schedule.

Step 4: Once retention period is over, there are three possible outcomes.

1. Message is considered an Archival Record, and it is retained permanently. End of process.
2. In some special cases, you or the organization may identify that this message will be (or may be) required as evidence in a legal proceeding. Or, if you or the organization have reason to believe that it may be required as evidence. In this situation, legal counsel should be informed of the message’s existence and they will initiate a retention hold order if appropriate.
3. Message can either be scheduled for disposal, or a hold order can be applied and an extension can be applied to the retention period. The process ends with the disposal of the record.

2.3. Manage individual mailboxes and folders on a regular basis

To manage individual mailboxes (inboxes, sent items, deleted items), messages should be classified and moved to an appropriate repository on a regular basis. Transitory email messages may be moved to the delete folder.

2.4. Keep only one instance of an email message

Where possible, Institutions should keep one instance (and only one instance, other than a backup copy for disaster recovery), along with metadata and attachments, as an official record in a repository which it operates or controls. For greater clarity, the email application itself is to be considered as a communications device and not as a storage utility. An email message should be moved to a separate record keeping repository as soon as operationally possible. Since any copy of an email message that is kept is discoverable in legal proceedings, no other copies of the email message should be kept in any other repository or by any individual in the organization. Deletion destroys the pointer to an email message, but does not destroy the message itself. The message will persist until it is actually overwritten.

For example, an email message should not be stored on a user's hard drive. However, a transitory copy of an email may be kept on a memory stick or hard drive of a laptop computer while required for a presentation - but should be securely deleted after the presentation.

2.5. Manage and store attachments to email messages

For the purposes of these Email Management Guidelines, an email management system should keep a message and its attachment(s) together in the same repository and provide reliable evidence of their relationship. Alternatively, an email management system may keep a message and its attachments in separate repositories, and provide reliable evidence of their relationship.

Attachments may be in any electronic form capable of being attached to an email message, and may include audio, video, voice mail, maps, graphics, digital photos, spreadsheets, databases, presentations, text, etc., to name but a few.

2.6. Treat email as property, under legal control of the GC

Employees and contractors using the email system of a federal government institution should be advised that the email they create, send or receive on the system does not belong to them, may be subject to monitoring by the institution and should not be considered private.

All messages, metadata and attachments created on, received by and/or residing on a federal government institution email system, backup tape, server or other storage medium under its control (including laptops, memory sticks, CDs and other mobile storage media) are considered the property of the institution, and should be treated as such.

Email created, sent or received by an employee using the email system of a federal government institution is considered to be under the control of the institution, and is a corporate property, regardless of where it is kept.

2.7. Use institution-wide distribution lists sparingly

Distribution lists for an entire institution, branches, districts, divisions, etc. should only be used by authorized individuals, for official purposes, sanctioned by senior management.

2.8. Provide a signature block and contact information

In accordance with the Government of Canada's Common Look and Feel policy (www.tbs-sct.gc.ca/clf2-nsi2/index-eng.asp),, all outgoing email messages sent by GC employees should include the sender's name, institution, and telephone and fax numbers with area code and extension numbers, postal and email addresses. Where an email address serves a program or service rather than individual, contact information should include the institutional name, postal and email address, telephone and fax numbers. All outgoing email messages by GC employees should demonstrate a consistent application of the "Canada" word mark and institutional signature.

Exemptions and exceptions are permitted where the sender has legitimate privacy concerns, or where there may be concerns about personal, physical or national security.

2.9. Use a notice of confidentiality / disclaimer, if appropriate

Institutions should consider whether it is appropriate to their individual circumstances to insert a notice of confidentiality or disclaimer below the signature block. In considering such an insertion, a risk analysis should be conducted to determine whether it might be possible to limit liability. An example is provided below.

The decision as to whether or not to include such a disclaimer (and the exact wording of the disclaimer) is a matter for Executives in the institution in consultation with legal counsel.

2.10. Use a notice of personal opinion, if appropriate

Institutions should consider whether it is appropriate to their individual circumstances to require users to insert a notice of personal opinion, under certain conditions. An example is provided below.

The decision as to whether or not to include such a disclaimer (and the exact wording of the disclaimer) is a matter for Executives in the institution in consultation with legal counsel.

2.11. Avoid using the "Reply to All" feature

Users, who receive a message addressed to several individuals, or as part of a distribution list, should avoid using the "Reply to All" feature, unless the reply is likely to be of significant interest to the majority of the people who received the original message.

A risk of using the "Reply to All" feature is that if action is to be taken by one of the recipients, the broad distribution may make it difficult to discern who was to be responsible for the action.

Previous | Table of Contents | Next