University at Buffalo - Management and Retention of Email CommunicationsPolicies and Procedures: DRAFT

Management and Retention of Central Email Communications Policy

(Updated 4.10.2006)

Introduction

Email is one of UB's core internal and external communication methods. Email includes official University correspondence as well as non-official correspondence, attachments, and forms transmitted electronically. It is important for all users to note that copies of email messages, including personal as well as business communications, may be released to the public under the New York State Freedom of Information Law. ¹ In addition, all email messages including personal email may be subject to and released in response to various government and court-ordered legal actions. UB central email system administrators do not routinely monitor email, however, email may be accessed by system administrators:

For a legitimate business purpose (e.g., when an employee is terminated or absent for an extended period of time)
To diagnose and resolve technical problems
To investigate possible misuse of email when a reasonable suspicion of abuse exists or in conjunction with an approved investigation
To address an imminent health or safety issue.

The information communicated over email systems is subject to the same laws, regulations, policies, and other requirements as information communicated in other forms and formats. That is, email messages created in the normal course of official business and retained as evidence of official policies, actions, decisions, or transactions are records subject to NY State records management requirements and specific program requirements.

Information on distinguishing email records from non-record email, as well as filing and managing email records is provided in the publication: Managing E-mail Effectively: NY State Archives and Records Administration (SARA).

The SARA publication states:

"As soon as possible, users should file any correspondence that is directly related to the business functions of the government [state agency], including related attachments." [p. 14]

"There are two general options for filing and managing e-mail record: print messages and file them in manual filing systems, or transfer e-mail messages to an electronic filing system of some kind." [p. 13]

This policy advises the UB community of their responsibilities and provides guidance in managing information communicated by email. Unencrypted email is never a private means of transmitting information although people often treat it as such.

Policy

UB does not retain email centrally except for disaster recovery purposes. Deleted messages are retained for 30 days. Originators and recipients of email are responsible for identifying and saving documents that must be retained in order to comply with federal, state, or local laws and to meet operational, legal, audit, research, or other requirements.

Policy Review and Update

The Associate VP for Information Technology or his designee will periodically review and update this policy as needed. Questions concerning this policy should be directed to the Office of the Associate VP for Information Technology.

¹ Under FOIL, records are available for inspection and copying unless specifically excepted by law. One such exception provides that the University may deny access to records specifically exempted from disclosure by state or federal law, such as FERPA. Personal email communications are protected only when their release would cause economic or personal hardship.

Related Links

»	FERPA
»	New York State Freedom of Information Law (FOIL)
»	NY State Personal Privacy Protection Law
»	Electronic Communications Privacy Act (ECPA)
»	New York State Use of Email: Technology Policy 96-14
»	Managing e-mail effectively: NY State Archives and Records Administration
»	Managing Government Records: NY State Archives and Records Administration
»	UB Office of Judicial Affairs & Student Advocay FOIL
»	UB Computer and Network Use Policy
»	UB Fair Data Search Policy and Procedures