Library and Archives Canada
Symbol of the Government of Canada

Institutional links

Government

Previous | Table of Contents | Next

Email Management Guidelines - Roadmap

2. Institutions must collect and capture all business-related email

In accordance with the Policy on Information Management, institutions are obligated to collect, create, receive and capture all business related records including email that contains corporate memory information or data used to make a decision or to initiate an action.

  • To support service delivery, informed policy and decision making, and business, legal, and accountability requirements
  • To ensure its relevance, reliability, and completeness
  • To optimize its sharing and re-use, in accordance with policy and legal obligations
  • To document decisions and decision-making processes to account for government operations, reconstruct the evolution of policies and programs, support the continuity of government and its decision-making, and allow for independent audit and review
  • To reduce the response burden by avoiding the unnecessary collection of information.

There are some fundamental questions relating to management of all of these records, and one is the matter of how many instances of a record should be allowed to exist. The more copies, and the more places they can be kept, the more challenging it is to manage them. In order to facilitate the next step in the Life Cycle (Organization), it is also important that metadata (information about the messages be preserved). Metadata may include the name of the sender and the names of intended recipients, date sent, date received, subject and many other details that can be used to file and retrieve the messages at a later date.

Expected Outcome

In any given federal government institution, the following benchmarks will have been achieved:

  • All users of email will create, send, receive, forward and store email messages in accordance with these Email Management Guidelines and all applicable recommendations.
  • Employees will know which messages to keep or dispose of, and will manage their own individual mailboxes and folders on a regular basis.
  • Only one instance of an email message will be kept, and it will be kept in an approved repository where it will have the status of "copy of record."
  • Attachments will be stored with the message, or, if not, will be reliably linked to the message.
  • Metadata related to email messages will be preserved.

2.1. Create, send and store email messages in an organized way

Any message that contains information used in (or considered in, or about) a transaction, decision or action taken in the course of business of a government institution, should be preserved.

The following diagram illustrates the recommended process for creating, sending and storing email messages in the Government of Canada.

Flowchart demonstrating the process for sorting emails that you have created, and the necessary steps to either dispose of them or preserve them as archival records.

Step 1: Start  -  you create an email message

Step 2:

  1. Decide if message is not departmental business. If message is not departmental business the process ends and the message can be deleted at will
  2. Decide that message is departmental business, if yes proceed to step 3.

Step 3: If it is departmental business, decide if it is a Transitory Record or a Business Record. Transitory Records should be retained until they are no longer useful and at that point the message can be deleted. End of process. Business Records should be classified. Option one: set maximum retention period, per legislation. Option two: set (minimum) retention period per schedule.

Step 4  -  After message has been retained as a business record for the appropriate period, there are three possibilities:

  1. be designated as an Archival Record and retained as a permanent record. Process ends.
  2. In some special cases, you or the organization may identify that this message will be (or may be) required as evidence in a legal proceeding. Or, if you or the organization have reason to believe that it may be required as evidence. In this situation, legal counsel should be informed of the message’s existence and they will initiate a retention hold order if appropriate.
  3. Be scheduled for disposal, or a hold order is applied to extend retention period. At the designated time the message should be deleted. Process ends.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Users
  • Network or System Administrators
  • Information Management Specialists

2.2. Receive and store email messages in an organized way

Any received message that contains information used in (or considered in, or about) and that results in a transaction, decision or action taken in the course of business of a government institution, should be preserved.

The following diagram illustrates the recommended process for receiving and storing email messages in institutions.

Flowchart demonstrating the process for sorting emails that you have received, and the necessary steps to either dispose of them or preserve them as archival records.

Step 1: You receive an email

Step 2:

  1. if message is not departmental business, delete at will. End of process.
  2. If message is departmental business but not your direct responsibility, forward to the appropriate party and confirm receipt. Your part of the process ends.
  3. If the message is departmental business, and you are responsible for any decision, response, or action then proceed to step 3.

Step 3:

  1. if the record is Transitory, keep it until it is no longer useful and then delete at will. End of process.
  2. If the record is a business record, it will be classified either for the maximum legislated retention period or as a record that can be retained for the minimum period and disposition according to a schedule.

Step 4: Once retention period is over, there are three possible outcomes.

  1. Message is considered an Archival Record, and it is retained permanently. End of process.
  2. In some special cases, you or the organization may identify that this message will be (or may be) required as evidence in a legal proceeding. Or, if you or the organization have reason to believe that it may be required as evidence. In this situation, legal counsel should be informed of the message’s existence and they will initiate a retention hold order if appropriate.
  3. Message can either be scheduled for disposal, or a hold order can be applied and an extension can be applied to the retention period. The process ends with the disposal of the record.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Users
  • Network or System Administrators
  • Information Management Specialists

2.3. Manage individual mailboxes and folders on a regular basis

To manage individual mailboxes (inboxes, sent items, deleted items), messages should be classified and moved to an appropriate repository on a regular basis. Transitory email messages may be moved to the delete folder.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Users

Rationale

Individual mailboxes become cluttered with email at a rapid rate. Sorting email is a tedious task but it is necessary - and putting it off does not make it any easier. It makes sense to sort email on a regular basis and to file and store it in an appropriate place. Sorting smaller quantities takes less time and seems like less of an intrusion on the "real job." The full benefit to the user is in being able to locate information more easily and more efficiently when it is needed.

For an institution, the cost of finding a single email, or group of email messages in a haystack of thousands or even millions of other messages can be extraordinarily expensive and disruptive. If a proper filing system is not used, it may be necessary to search backup tapes, user hard drives, various servers, and so on - at great cost. In short, there is no alternative. Email messages must be managed, classified and stored in an appropriate place and manner.

Sample Policy Statement

If this recommended action is applicable, consider using the following sample policy statement.

If not, indicate what alternative action, if any, to apply.

It is the policy of (name of institution) that email messages must be classified (filed) systematically and regularly, at intervals that are appropriate to the nature of (the institution's) business, and in a manner consistent with the classification system adopted by (the institution). Email messages must then be moved to a repository designated by the institution.

Personal or transient messages may be deleted at will. Messages, metadata and attachments that contain government records or information must be moved to an approved repository, and must be retained and preserved for an appropriate period. The information manager must provide guidance as to how to set up a repository, as to how long certain records must be kept, and how to dispose of them.

The messages, metadata and attachments will be stored in a format that is compatible with agency operations, and filed according to filing practices established by the agency and/or user.

2.4. Keep only one instance of an email message

Where possible, institutions should keep one instance (and only one instance, other than a backup copy for disaster recovery), along with metadata and attachments, as an official record in a repository which it operates or controls. For greater clarity, the email application itself is to be considered as a communications device and not as a storage utility. An email message should be moved to a separate record keeping repository as soon as operationally possible. Since any copy of an email message that is kept is discoverable in legal proceedings, no other copies of the email message should be kept in any other repository or by any individual in the organization. Deletion destroys the pointer to an email message, but does not destroy the message itself. The message will persist until it is actually overwritten.

For example, an email message should not be stored on a user's hard drive. However, a transitory copy of an email may be kept on a memory stick or hard drive of a laptop computer while required for a presentation - but should be securely deleted after the presentation.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Users
  • Network or System Administrators
  • Information Management Specialists

Rationale

A single instance of an email message is easier to manage than many copies. If an email message is scheduled for disposition on the basis of its content, or must be produced for legal reasons, it is easier to meet policy or legal obligations if only one instance of the message needs to be found and/or destroyed. If a record must be produced for legal, audit or ATIP proceedings, then it will be easier to locate if there is only one place to look.

Sample Policy Statement

If this recommended action is applicable, consider using the following sample policy statement.

If not, indicate what alternative action, if any, to apply.

It is the policy of (name of institution) to keep one instance of an email message (and only one instance, other than a backup copy for disaster recovery), along with metadata and attachments, as an official record. The single instance of a message is to be moved as soon as operationally possible to an appropriate repository operated or controlled by (name of institution). For greater clarity, the email application itself is to be considered as a communications device and is not to be considered as a storage repository. No other copies of the email message should be kept in any other repository or by any individual in the institution.

2.5. Manage and store attachments to email messages

For the purposes of these Email Management Guidelines, an email management system should keep a message and its attachment(s) together in the same repository and provide reliable evidence of their relationship.

Alternatively, an email management system may keep a message and its attachments in separate repositories, as long as reliable evidence of their relationship is provided.

Attachments may be in any electronic form capable of being attached to an email message, and may include audio, video, voice mail, maps, graphics, digital photos, spreadsheets, databases, presentations, text, etc., to name but a few.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Network or System Administrators
  • Information Management Specialists

Rationale

Email messages and their attachments provide context to each other. If an email message and its attachment lead to a decision or an action that result in harm, the determination of the court as to fault or liability might depend on that context. The message alone, or the attachment alone might lead the court to a different determination than if both could be seen together.

Therefore, when an email message and/or its attachment are considered to be a government record or information, it is important to keep the email message and the attachment, as well as the metadata that establishes the relationship between them, for the appropriate retention period.

Sample Policy Statement

If this recommended action is applicable, consider using the following sample policy statement.

If not, indicate what alternative action, if any, to apply.

Select one of the options below

(Option 1) It is the policy of (name of institution) that its email management system should keep a message and its attachment(s) together in the same repository and provide reliable evidence of their relationship.

(Option 2) It is the policy of (name of institution) that its email management system may keep a message and its attachments in separate repositories, but will provide reliable evidence of their relationship.

2.6. Treat email as property, under legal control of the GC

Employees and contractors using the email system of a federal government institution should be advised that the email they create, send or receive on the system does not belong to them, may be subject to monitoring by the institution and should not be considered private.

All messages, metadata and attachments created on, received by and/or residing on a federal government institution email system, backup tape, server or other storage medium under its control (including laptops, memory sticks, CDs and other mobile storage media) are considered the property of the institution, and should be treated as such.

Email created, sent or received by an employee using the email system of a federal government institution is considered to be under the control of the institution, and is a corporate property, regardless of where it is kept.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Users
  • Network or System Administrators
  • Information Management Specialists
  • Operational Managers
  • Executives

Rationale

All information or records contained in email messages, metadata or attachments belongs to the institution.

Some institutions permit limited personal use of the email system, as long as it does not interfere with government business, or constitute a conflict of interest.

However, this does not mean that personal messages on a government email system are private or that they "belong" to the employee who sent or received the message.

Sample Policy Statement

If this recommended action is applicable, consider using the following sample policy statement.

If not, indicate what alternative action, if any, to apply.

It is the policy of (name of institution) that all messages, metadata and attachments created on, received by and/or residing on (name of institution)'s email system, backup tape, server or other storage medium under its control (including laptops, memory sticks, CDs and other storage media that employees take home) are considered to be the property of (the institution), and must be treated as such.

Employees, contractors and users of the email system are hereby advised that email sent or received by an employee using the email system of (name of institution) is considered to be under the control of the institution, even if the employee has deleted it at work, but has kept a copy at home or in some other location.

Employees, contractors and other users of the email system of (name of institution) are hereby advised that any email message that they create, send or receive on the system does not belong to them, may be subject to monitoring by the institution, and is not to be considered private.

2.7. Use institution-wide distribution lists sparingly

Distribution lists for an entire institution, branches, districts, divisions, etc. should only be used by authorized individuals, for official purposes, sanctioned by senior management.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Users

Rationale

It is common practice to set up distribution lists or "groups." For example one might set up a distribution list for an entire institution, a branch, or division, or a district office. Such lists should be used for official purposes only, by authorized individuals, to distribute messages sanctioned by senior management.

Large distribution lists place a heavy load on the email system and should only be used when necessary, to communicate important matters that are of interest to a wide audience.

Sample Policy Statement

If this recommended action is applicable, consider using the following sample policy statement.

If not, indicate what alternative action, if any, to apply.

It is the policy of (name of institution) that institution-wide, branch-wide and division-wide mailing lists be used only by authorized individuals or groups for purposes approved by senior management.

The Internal Communications group of the Communications Branch, the executive office of each Branch, and the office of the director of each division are hereby authorized to use department-wide, institution-wide, branch-wide, division-wide and office or building-specific distribution lists for the following purposes:

  • Security Alerts (of a type and degree to be defined)
  • Events (blood drives, approved charity drives, social events) involving the department, branch, or division
  • Human resources information (appointment of new executives, labour relations) involving the department, branch, or division
  • Announcements of a general nature, (office renovation, repair or maintenance) involving the department, branch, or division
  • Other (to be defined)

Individuals at all levels in the institution are authorized to create and maintain distribution lists to assist them in doing the work of the institution. Distribution lists may be created for work groups, project teams, and special interest groups (such as IT security, risk management, business analysis, etc.).

2.8. Provide a signature block and contact information

In accordance with the Government of Canada's Common Look and Feel policy (www.tbs-sct.gc.ca/clf2-nsi2/index-eng.asp), all outgoing email messages sent by GC employees should include the sender's name, institution, and telephone and fax numbers with area code and extension numbers, postal and email addresses. Where an email address serves a program or service rather than individual, contact information should include the institutional name, postal and email address, telephone and fax numbers. All outgoing email messages by GC employees should demonstrate a consistent application of the "Canada" word mark and institutional signature.

Exemptions and exceptions are permitted where the sender has legitimate privacy concerns, or where there may be concerns about personal, physical or national security.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Users
  • Network or System Administrators
  • Information Management Specialists

Rationale

As a simple mark of professionalism and courtesy, an email message should end with the contact information of the sender.

If, for example, the recipient feels it would be better to call the sender on the telephone than to reply by email, it would be inconvenient if he or she had to do tedious research to find the telephone number.

If the content of the email referred to a service or program offered by the institution, the recipient might want to obtain more information from the institution's web site before responding with comments or questions.

Some kinds of information should not be sent by email, or if sent by email, should be encrypted. A reasonably secure alternative is to send the information by fax. Again, it is easier for the recipient if he or she has the fax number at his or her disposal.

As a general principle, if the position of the sender is designated as a bilingual position, the title and address of the sender should be provided in both official languages of Canada, English and French, giving precedence to the individual's first official language. If the position is not bilingual, then the address may appear in just one language which, irrespective of the individual's first official language, should be in the official language associated with the job.

Exceptions to these principles may be necessary. For legitimate personal or professional reasons, it may be preferable not to disclose the full name (or any part of the name) of the sender in a signature block.

Sample Policy Statement

If this recommended action is applicable, consider using the following sample policy statement.

If not, indicate what alternative action, if any, to apply.

It is the policy of (name of institution) that email messages sent by users, both internally and externally, should end with a signature block. Note that this is not an "electronic" signature and provides none of the security features associated with an electronic signature.

The signature block must include the sender's name, title, institution, and telephone and fax numbers with area code and extension numbers, postal and email addresses. Where an email address serves a program or service rather than individual, contact information must include the institutional name, postal and email address, telephone and fax numbers. All outgoing email messages by GC employees must demonstrate a consistent application of the "Canada" wordmark and institutional signature. No other image files or adornments are permitted.

As a general principle, the title and address of the sender should be bilingual, if the position is designated as a bilingual position, and give precedence to the individual's first official language. If the position is not bilingual, then the address may appear in just one language which, irrespective of the individual's first official language, should be in the official language associated with the job.

All signature blocks should be in the same font. A sample is available on the (name of institution) intranet site at (intranet address). Users may copy and paste the sample, according to instructions provided on the site, and then substitute their name, title, office address, and telephone or fax numbers, in place of those shown in the example.

Exemptions and exceptions to this policy are permitted, where the sender has legitimate privacy concerns, or where there may be concerns about personal, physical or national security. In such cases, the user is advised to contact (security officer) to ensure that all appropriate precautions are taken.

2.9. Use a notice of confidentiality / disclaimer, if appropriate

Institutions should consider whether it is appropriate to their individual circumstances to insert a notice of confidentiality or disclaimer below the signature block. In considering such an insertion, a risk analysis should be conducted to determine whether it might be possible to limit liability. An example is provided below.

Notice Regarding Confidentiality

This email, including any and all attachments, is intended only for the party to whom it is addressed and may contain information that is confidential or privileged. (Name of institution) accepts no responsibility for any loss or damage suffered by any person resulting from any unauthorized use of or reliance upon this email. If you are not the intended recipient, you are hereby notified that any dissemination, copying or other use of this email is prohibited. Please notify us of the error in communication by return email and destroy all copies of this email. Thank you.

The decision as to whether or not to include such a disclaimer (and the exact wording of the disclaimer) is a matter for Executives in the institution in consultation with legal counsel.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Users
  • Network or System Administrators
  • Operational Managers
  • Executives

Rationale

Humans make mistakes. It is possible to innocently select the wrong email address from a list and to send a message to someone other than the intended recipient. To mitigate some of the liability risk that may occur in such instances, some institutions may choose to add a notice of confidentiality and disclaimer that prompts the receiver, if not the intended recipient, to dispose of the message. Such a precaution will not likely be effective in reducing liability in every situation. Executives of the institution should consult Legal counsel to help weigh the risk and determine the best course of action and, if necessary write the precise wording of the disclaimer.

Disclaimers may be applied automatically and universally in the institution, or may be restricted to certain user groups. Disclaimers may also be inserted manually by the user, under well-defined circumstances - provided the user knows the rules and is consistent in applying them.

Sample Policy Statement

If this recommended action is applicable, consider using the following sample policy statement.

If not, indicate what alternative action, if any, to apply.

It is the policy of (name of institution) to insert a notice of confidentiality or disclaimer below the signature block of email messages. The disclaimer is intended to reduce liability risks resulting from email messages sent to an individual or organization other than the intended recipient. The disclaimer must (appear automatically / be manually inserted by the user). Use of the disclaimer must be (universal within the organization / restricted to certain groups - provide list).

The notice must appear in the following format (describe or provide format), and have the following wording: (provide exact text of disclaimer).

Notice Regarding Confidentiality

This email, including any and all attachments, (this "Email") is intended only for the party to whom it is addressed and may contain information that is confidential or privileged. (Name of institution) accepts no responsibility for any loss or damage suffered by any person resulting from any unauthorized use of or reliance upon this Email. If you are not the intended recipient, you are hereby notified that any dissemination, copying or other use of this Email is prohibited. Please notify us of the error in communication by return email and destroy all copies of this Email. Thank you.

2.10. Use a notice of personal opinion, if appropriate

Institutions should consider whether it is appropriate to their individual circumstances to require users to insert a notice of personal opinion, under certain conditions. An example is provided below.

Notice of personal opinion

This email, including any and all attachments, reflects the personal opinion of the sender and is not the official opinion or position of (name of institution). (Name of institution) accepts no responsibility for any loss or damage suffered by any person resulting from any unauthorized use of or reliance upon this email. If you are not the intended recipient, you are hereby notified that any dissemination, copying or other use of this email is prohibited. Please notify us of the error in communication by return email and destroy all copies of this email. Thank you.

The decision as to whether or not to include such a disclaimer (and the exact wording of the disclaimer) is a matter for Executives in the institution in consultation with legal counsel.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Users
  • Network or System Administrators
  • Executives

Rationale

In any institution, one may expect to find differences of opinion. Indeed, some employees may hold opinions that are quite opposite to the official position of the institution. For some institutions it may be in the public interest to prohibit employees from using the institution's email or any other public forum to express divergent personal views. If so, then employees should be so informed and made aware of the potential consequences of contravening the policy.

It is not always necessary for institutions to bind their employees to silence. However, there is a risk that the public may become confused when the official position of an institution is challenged or countered by an employee who is using the institution's email to express divergent personal opinions. The risk is increased when the employee is a senior manager of the institution or a well-known expert in a field in which the institution is actively involved.

To mitigate the risk of confusing the public, while respecting the right of employees to hold different views, some institutions may require a dissenting employee to insert a "Notice of Personal Opinion" to messages which are at variance from the institution's official position. Such a notice may help to limit the organization's liability in the event that damages result from reliance on the employee's view rather than the official view.

Such a precaution will not likely be effective in reducing liability in every situation. Executives of the institution should consult legal counsel to help weigh the risk and determine the best course of action and, if necessary write the precise wording of the notice.

Sample Policy Statement

If this recommended action is applicable, consider using the following sample policy statement.

If not, indicate what alternative action, if any, to apply.

It is the policy of (name of institution) to respect the right of employees to hold views that differ from the official position of the institution. However, there is a risk that the public may become confused when the official position of an institution is challenged or countered by an employee who is using the institution's email to express divergent personal opinions. The risk is increased when the employee is a senior manager of the institution or a well-known expert in a field in which the institution is actively involved.

Therefore (name of institution) requires a dissenting employee to insert a "Notice of Personal Opinion" to messages which are at variance from the institution's official position. Such a notice is intended to limit the organization's liability in the event that damages result from reliance on the employee's view rather than the official view. The notice must appear under the signature block.

The notice must appear in the following format (describe or provide format), and have the following wording: (provide exact text of disclaimer).

Notice of personal opinion

This email, including any and all attachments, (this "Email") reflects the personal opinion of the sender and is not the official opinion or position of (name of institution). (Name of institution) accepts no responsibility for any loss or damage suffered by any person resulting from any unauthorized use of or reliance upon this Email. If you are not the intended recipient, you are hereby notified that any dissemination, copying or other use of this Email is prohibited. Please notify us of the error in communication by return email and destroy all copies of this Email. Thank you.

2.11. Avoid using the "Reply to All" feature

Users, who receive a message addressed to several individuals, or as part of a distribution list, should avoid using the "Reply to All" feature, unless the reply is likely to be of significant interest to the majority of the people who received the original message.

A risk of using the "Reply to All" feature is that if action is to be taken by one of the recipients, the broad distribution may make it difficult to discern who was to be responsible for the action.

Party or Parties Responsible for Implementing and/or Applying the Recommendation:

  • Users

Rationale

Using "Reply to All" unnecessarily adds clutter to the mailboxes of parties who have no interest in the reply, as well as adding clutter to the email system as a whole.

"Reply to All" can also lead to embarrassment to the sender or to another member of the distribution list if, for example, information that should only appropriately be shared between two individuals is instead sent to everyone on the list.

Sample Policy Statement

If this recommended action is applicable, consider using the following sample policy statement.

If not, indicate what alternative action, if any, to apply.

It is the policy of (name of institution) that users who receive a message addressed to several individuals, or as part of a distribution list, are advised not to use the "Reply to All" feature, unless the reply is likely to be of significant interest to the majority of the people who received the original message.

Previous | Table of Contents | Next