(Documents containing related legislation, policy, directive and standards - Government of Canada Sources, Other Sources)
|Mapping of Legislation and Policy to the Framework for the Management of Information
Life Cycle-Related Legislation and Policy
Legislation and Policies
|Access to Information Act & Regulations||X||X||X||X|
|Access to Information Policy||X||X||X||X|
|Auditor General Act||X|
|Canada Evidence Act||X||X||X|
|Canadian Charter of Rights and Freedoms||X|
|Canadian Security Intelligence Act||X||X||X|
|Common Services Policy||X||X|
|Crown Liability and Proceedings Act||X|
|Directive on Information Management Roles and Responsibilities||X||X||X||X|
|Electronic Authorization and Authentication Policy||X|
|Emergency Preparedness Act||X|
|Financial Administration Act||X||X||X|
|Government PKI Policy||X|
|Government Security Policy||X||X|
|Library and Archives Canada Act||X||X||X||X|
|Official Languages Act||X|
|Personal Information Protection and Electronic Documents Act||X||X||X||X|
|Policy on Information Management||X||X||X||X|
|Policy on Learning, Training and Developmment|
|Policy on Management of Information Technology||X||X|
|Policy on the Use of Electronic Networks||X||X|
|Privacy Act & Regulations||X||X||X||X|
|Privacy and Data Protection Policy||X||X||X|
|Privacy Impact Assessment Policy||X||X||X||X|
|Project Management Policy||X|
|Public Service Employment Act||X|
|Risk Management Policy||X|
|Security of Information Act||X|
You are about to read a document that contains Email Management Guidelines, and a number of related recommendations for the management of email in the Government of Canada. Each of the guidelines includes one or more recommendations that provide direction to achieve the desired outcome.
These Email Management Guidelines and related recommendations are not mandatory, but are presented as an authority or reference of excellence.
In accordance with the Policy on Information Management, federal government institutions (institutions) are obligated to collect, create, receive and capture all business related records including email messages (email) that contains corporate memory information or data used to make a decision or to initiate an action. The Policy on Information Management and the Directive on Information Management Roles and Responsibilities defines specific responsibilities for all government employees.
The deputy head is accountable to his or her minister and to the Treasury Board for effective and well-coordinated information management throughout his or her department. Every government employee, without exception, has a role to play in the management of email.
To work effectively, the Email Management Guidelines must pertain to human processes as much as to machine processes. In simple terms, machines are incapable of making all of the decisions involved in managing email.
Institution executives will find guidance to help them ensure their organization's programs and services integrate information management requirements into development, implementation, evaluation, and reporting activities.
Information technology specialists may expect this document to provide them with benchmarks and guidance related to the configuration and operation of computer or network hardware and software that support email.
Information management specialists will find guidance related to management of email from creation and receipt through classification, storage and retrieval, and eventual disposition.
Non-technical employees, contractors and other users of email will find non-technical elements of these guidelines and the related recommendations that must be taken into account every time they use their email.
Therefore, these Email Management Guidelines are addressed to a broad audience:
All of these individuals, with various levels of business knowledge, technical competence and organizational authority have different roles to play. Indeed some may have more than one role to play. For example, the executive and the IT professional each wear two hats: one is a business specialist, the other is a technology expert, - but, what they have in common with each other, and with everyone else in their organization, is that both are also email users.
It is widely recognized that it is impossible to manage email in a completely centralized fashion. In essence, the process of managing email begins with users, at their own desktops, making decisions, every day, about what email messages to delete, which ones to keep, and where to file them.
The guidelines and recommendations in this document will provide procedures to ensure that the right information is stored in the right place, at the right time, and for an appropriate length of time. Note that this document does not prescribe the retention period for email. Indeed retention schedules vary depending on the subject and or function of the email message, as determined by individual institutions, in accordance with applicable legislation and business requirements.
To ensure that users are properly informed on how to manage incoming and outgoing email, executives and managers will have additional explicit recommendations for the training of staff and for compliance.
The technical procedures described in this document apply to specialists in information technology (IT) and information management (IM) who will be involved in setting up the appropriate technological infrastructure.
In some cases, recommendations under these guidelines will apply to just one of the aforementioned groups. In other cases, the recommendations will apply to more than one group. Where more than one group is involved, they may have different roles in applying the guidelines and, if so, their respective roles will be specified.
Simply put, email is used extensively for management decision making, to assign tasks, to provide progress reports, to confirm transactions, and for many other purposes related to the business of government. Messages pertaining to the business of the government are records and, as such, must be preserved for a prescribed period of time or kept permanently, in accordance with policy and legislation. While some types of information must be preserved for a minimum period of time, other types are subject to maximum retention periods, after which they must be disposed of, by law.
It is currently estimated the average government employee receives and creates at least 50 emails each day (50 email/day for 200 working days is 10,000 email/year). For a government department of 5,000 employees this equates to more than 50,000,000 emails per year. The full public service has exceeded 350,000 employees for the past 5 years and this suggests all government employees could be processing up to 3,500,000,000 emails/year. This volume of email applies significant pressure on server storage capacities due to the data size of email and its attachments. Of even greater importance is the fact that email is now one of the primary decision making channels in government and, in the interests of accountability, these records must be carefully and efficiently managed, to ensure that they are appropriately classified (filed) and stored, and that they are retrievable when needed, for the duration of their retention period.
Library and Archives Canada
Every year in support of its policies, programs and services, the Government of Canada creates and manages records in a variety of recording media, increasingly in electronic form. Ranging from correspondence, policy statements, agreements, research reports, operational files, contracts, deeds, leases, surveys and service transactions to statistical data, photographs, architectural drawings, plans, maps and audio-visual and sound recordings. These records are critical:
Net lists, news groups, distribution lists and calendars are aspects of email management that are not considered in these guidelines. This is not to suggest that these issues are unimportant or that they should not be dealt with in future, but these topics are not within the scope of this version of the Email Management Guidelines - Roadmap.
This Email Management Guidelines Roadmap document sets out the guidelines, and provides a rationale and achievement benchmarks for each of them. Whereas all guidelines and related recommendations must be considered by an organization, some guidelines and recommendations may require interpretation in the light of the organization's mandate and business requirements.
Thus, each of the guidelines and each recommendation may require a policy decision and policy statement from the senior management of a institution. The purpose of the roadmap document is to simplify the drafting of such a policy document by providing sample text for policies pertaining to each of the guidelines and each recommended action. The introductory remarks to the institution's Email Management Policy should make it clear why the institution has developed an email management policy and what the benefits will be to the institution and individuals through adopting the policy. A sample introduction is provided below.
Introduction to email management policy
Sample Policy Statement
The (name of institution) has adopted the following policy for the management of email records and information.
The use of email in government and industry has grown to unforeseen proportions. By conservative estimates, the employees of the government of Canada process over three billion email messages per year, and that number has been steadily increasing. It is no surprise that email is now one of the most challenging aspects of information management in the Government of Canada. Email messages and their attachments often contain information pertinent to a decision or an action. In other instances, they may represent a form of notice or a record of an agreement or transaction. In such cases, the email messages are likely to be considered records of the Government of Canada, and as such, must be retained for an appropriate period of time - and, in some cases, permanently.
Records of decisions, actions, agreements and transactions are among the records that must be preserved, in a democratic society to ensure the accountability of government to its citizens. Since email is now used so widely, it has now become a common type of evidence requested in legal proceedings and audits. Therefore, it is essential that email messages be appropriately classified, filed and preserved, so that they can be found when needed, and so that their authenticity, integrity and reliability can be proven.
There are many risks associated with the improper use or management of email.
To address these challenges, the Government of Canada recommends Email Management Guidelines for management of email messages, metadata and attachments, which are consistent with current legislation, policies and other related standards and guidelines. Institutions are permitted to provide interpretation and guidance so that the guidelines and recommendations are applied in a manner that takes into account their respective mandate, missions, and circumstances.
The mandate of (name of institution) is (cite the mandate).
The mission of (name of institution) is (cite the mission).
Official records and information communicated through the email system of (name of institution) must be identified, managed, protected, and retained for as long as is needed for ongoing operations, audits, legal proceedings, research, or any other anticipated purpose.
This policy is intended to inform employees at all levels of the institution including executives, managers, information management specialists, information technology specialists (including network administrators), operation managers and users (including employees, contractors and other users) about their roles in using, managing, and retaining email.
In these Email Management Guidelines, recommendations are focused on the electronic information (e-information) life cycle phases. For reference, the Information Management Life Cycle has seven stages
The diagram below depicts the Information Management Life Cycle, showing the seven stages on the perimeter of the circle. Knowledge of one's own responsibilities (shown in the centre of the Life Cycle) is crucial.
For more information, consult the Library and Archives Canada Website at
ATIP legislation, ATIP Act and ATIP request
ATIP is the acronym for Access to Information and Privacy legislation and it is often used to refer to requests for information under the legislation. Access to Information is the principle whereby, with certain exceptions, Canadians can ask to see government records. One of the exceptions is information that would divulge private information about an individual (other than the individual making the request).
Authenticity refers to a record's reliability and identity over time. Authenticity guarantees that the record is not changed or manipulated after it has been created or received or migrated over the continuum of records creation, maintenance and preservation.
Copy of record
This is a term used to identify the version of a document or record that is purported to be the original or definitive, authentic and reliable copy of the document for legal purposes.
Corporate memory information
Aside from official records and the valuable recollections of business matters that people may have stored in their own minds, corporate memory is often found in electronic form in a variety of formats and media that capture day-to-day business activities and decision-making processes. This information is a valuable corporate resource that represents experience, knowledge and memories. Corporate memory information provides the basis for making sound decisions and provides evidence as to why decisions were made, including the circumstances, context and other information available at the time. Email has become a significant corporate memory resource, although its full potential has, as yet, rarely been exploited in an efficient and organized way.
Corporate memory records
Corporate memory records can be described as official records relating to the functions and activities that a government institution is responsible for, based on mandate, legislative requirements, and the programs and services it delivers. Corporate memory records may be created or used for a variety of purposes:
Corporate memory records are subject to retention and disposition schedules approved by the institution and Library and Archives Canada and must be managed in official records systems. Corporate memory records may not be destroyed without a Library and Archives Canada Disposition Authority.
Discovery is a step in legal proceedings where each party is required to produce any evidence under its control that is relevant to the case. This includes all evidence that a party may use to defend its own position, as well as any information that may be used against the opposing party, or that may be used by the opposing party to support its own position. As a general principle, an email message is "discoverable" and can be requested by the courts for as long as it continues to exist (see Latent copy).
An individual email user's mailbox and associated rights to use that mailbox
The character string used to allow computer systems to route an email message to the intended recipient, usually consisting of a username, the @ symbol, and a domain name (for instance, firstname.lastname@example.org).
Email administrator (also system administrator or network administrator)
The person responsible for maintaining an email system, including all mailboxes on that system
Email management guidelines
Email management guidelines are rules, practices and measurable requirements established as a model for the management of email messages, metadata and attachments.
A document or record that is created, transmitted, received or forwarded on an electronic mail system
A computer system involving specialized hardware and software, and used, in essence, as a communications device that enables users to create, transmit, receive, file, and respond to messages electronically.
An email system is not a records management system and is not an acceptable place to classify (file) or store email messages (see - Records management system).
Many email systems also provide a calendar function where users can set up meetings, book meeting facilities and equipment, and send, accept or decline invitations. Email systems typically allow users to set up task lists and prioritize tasks and many systems are integrated with wireless messaging systems and/or voice mail. Email systems continue to evolve at a rapid rate.
Essential records are those records essential to continuing or re-establishing critical institutional functions; examples include records that:
Indexing is the process whereby key words, phrases and terms are used to help identify an email message and /or its attachment(s) in order to help find and retrieve the record electronically at some later date.
Information Management System
Public Works and Government Services Canada (PWGSC) describes its Records, Document and Information Management System (RDIMS) as "a suite of software applications designed to provide federal government departments and agencies with an economical software solution for records and document management."
Integrity refers to the reliability and trustworthiness of records as copies, duplicates or comparable representations of the electronic records. Integrity also refers to the reliability and trustworthiness of the records management system, in which the electronic documents were recorded or stored, to produce reliable and trustworthy copies and duplicates of electronically stored records.
When an email message is deleted, it is not destroyed. It will remain on a hard drive, backup tape or server until it is overwritten by another file. In fact, when a message is "deleted" it is only the electronic pointer to the message that is destroyed. Depending on the capacity of the electronic storage medium, a message may continue to exist as a latent copy for many years before it is eventually overwritten. Even then, it may be possible to recover all or part of the message with specialized technology.
A networked computer that provides email services to other computers in the network
The area in a computer system where the incoming and outgoing email for an individual user is stored
An automated list of email addresses used to distribute email messages to a number of people at the same time
Information describing a set of data (such as the subject, date and recipients of an email message)
For the purpose of these Email Management Guidelines, a non-record is an email which contains information that does not pertain to the business of a government institution, or an information format (such as an outside publication, blank form, or instruction manual) that is not an official record and therefore does not require retention The following types of email messages and attachments are examples of non-records.
Materials published by other institutions or enterprises that are available to the public and which are not part of a case record or purchasing proposal
A record produced or received in the formal conduct of official business (performing a transaction, providing a service, making a decision or taking action in accordance with one's responsibilities and authority under the mandate of a government institution).
The part of an email system where a user's sent mail is stored. The Outbox is usually only the holding area where the message is held before it is sent (which in most cases, happens almost instantly). After the transmission, a copy of the message is either stored in a Sent Mail folder, or is gone from the sender's mailbox entirely (depends on business rules, frequently customizable by the user).
A character string usually selected by a user, known to the computer system, and used in conjunction with an associated username to identify and authenticate the user and allow access to the system
For the purpose of these guidelines, a record contains information about a transaction, decision or action taken in the course of business of a government institution, including information that is influential (or merely considered) in the process.
Records Management System
A records management system is a long-term repository and related processes for storing, preserving, accessing (and, finally, disposing of) records of ongoing business value to institutions. Such a system typically involves processes and technologies for storing documents and records in paper or in electronic format.
The amount of time a record must be kept to meet administrative, fiscal, legal or historical requirements
A document or tool that identifies the retention periods for all of the records held by an organization. Different types of records often have different retention periods.
Threading is the process whereby an information management system tracks relationships between messages in a series along with related metadata and attachments
Transitory information / transitory record
Transitory information is found in (transitory) records that are required only for a limited time to ensure the completion of a routine action or for the preparation of a subsequent record. Transitory records do not include information that has historical or archival value or that is required by institutions or ministers to control, support or document the delivery of programs, to carry out operations, to make decisions, or to account for activities of government.
Typical examples of transitory information in email include: