Developing
a
Policy
for
Managing
NUMBER
85
By
Ann
Marie
Przybyla
2010
TheUniversityoftheStateofNewYork TheStateEducationDepartment NewYorkStateArchives GovernmentRecordsServices Albany,NewYork 12230 www.archives.nysed.gov
THEUNIVERSITYOFTHESTATEOFNEWYORK RegentsofTheUniversity
MERRYLH.TISCH,Chancellor,B.A.,M.A.,Ed.D. ... NewYork
MILTONL.COFIELD,ViceChancellor,B.S.,M.B.A.,Ph.D. ... Rochester
ROBERTM.BENNETT,ChancellorEmeritus,B.A.,M.S. ... Tonawanda
SAULB.COHEN,B.A.,M.A.,Ph.D. ... Larchmont
JAMESC.DAWSON,A.A.,B.A.,M.S.,Ph.D. ... Plattsburgh
ANTHONYS.BOTTAR,B.A.,J.D. ... Syracuse
GERALDINED.CHAPEY,B.A.,M.A.,Ed.D. ... BelleHarbor
HARRYPHILLIPS,3rd,B.A.,M.S.F.S. ... Hartsdale
JAMESR.TALLON,JR.,B.A.,M.A. ... Binghamton
ROGERTILLES,B.A.,J.D. ... GreatNeck
KARENBROOKSHOPKINS,B.A.,M.F.A. ... Brooklyn
CHARLESR.BENDIT,B.A. ... Manhattan
BETTYA.ROSA,B.A.,M.S.inEd.,M.S.inEd.,M.Ed.,Ed.D. ... Bronx
LESTERW.YOUNG,JR.,B.S.,M.S.,Ed.D. ... OaklandGardens
CHRISTINED.CEA,B.A.,M.A.,Ph.D. ... StatenIsland
WADES.NORWOOD,B.A. ... Rochester
CommissionerofEducation
PresidentofTheUniversityoftheStateofNewYork DAVIDM.STEINER
DeputyCommissionerforCulturalEducation JEFFREYW.CANNELL
AssistantCommissionerforNewYorkStateArchives CHRISTINEWARD
DirectorofOperations KATHLEEND.ROE
Director,GovernmentRecordsServices GEOFFREYA.HUTH
TheStateEducationDepartmentdoesnotdiscriminateonthebasisofage,color,religion,creed,disability,maritalstatus,veteranstatus,nationalorigin,race,gender, geneticpredispositionorcarrierstatus,orsexualorientationinitseducationalprograms,services,andactivities.Portionsofthispublicationcanbemadeavailablein avarietyofformats,includingBraille,largeprint,oraudiotape,uponrequest.InquiriesconcerningthispolicyofnondiscriminationshouldbedirectedtotheStateEd ucationDepartment'sOfficeforDiversity,Ethics,andAccess,Room530,EducationBuilding,Albany,NY12234.
ThispublicationisdistributedbytheNewYorkStateArchives.Ifyouhaveanyquestionsconcerningitscontents, pleasecall(518)4746926,[email protected]
Table
of
Contents
EXECUTIVESUMMARY . . . 1
1. INTRODUCTION 1.1 Purpose and intent . . . 3
1.2 Structure and contents . . . 4
1.3 Terms and concepts . . . 4
2. PRINCIPLESANDBESTPRACTICES 2.1 Understanding email use . . . 6
2.2 Manage centrally . . . 6
2.3 Manage electronically . . . 7
2.4 Ensurecooperation,coodination,andsupport ... 7
2.5 Address any backlog . . . 8
2.6 Work with service providers . . . 9
3. POLICYCOMPONENTS 3.1 Essentialelementsoftheemailmanagementsystem ... 10
3.2 Classifying email . . . 10
3.3 Access and retrieval . . . 11
3.4 Ediscovery . . . 12
3.5 Retention and disposition . . . 12
3.6 Storage . . . 14
3.7 Preservation . . . 14
3.8 Information security . . . 15
3.9 Apprpriate use . . . 15
3.10 Staff training . . . 16
3.11 Roles and responsibilities . . . 16
For more information and assisstance . . . 17
4. SAMPLEPOLICIES Policy 1: Village of Hidden Valley . . . 20
Policy 2: Town of Big Thunder . . . 27
Policy3: StateOfficeofAdministrativeSupportandAnalysis .... 41
APPENDIX:THELEGALFRAMEWORK Arts and Cultural Affairs Law . . . 59
Commissioner’s Regulations . . . 59
Cyber Security Policy P03002 . . . 60
Federal Rules of Civil Procedure . . . 60
Freedom of Information Law (FOIL) . . . 61
NewYorkStateArchives—DevelopingaPolicyforManagingEmail
Executive
Summary
Untilnow,mostorganizationshavefailedtoincludeemailinaformal
managementpolicyorprogram.Thisomissionisnolongeracceptable,
becauseemailcanbearecordandaninformationasset,emailcanbeusedas
evidenceinacourtoflaw,andfailuretocontrolemailcanbeverycostly.
Theseguidelinesareintendedasastartingpointforstateagenciesandlocal
governmentstouseforwritingpoliciesandproceduresthatwillguidea
programformanagingemail.Agenciesandgovernmentsshouldadaptthe
guidelinestomeettheirownneedsandcapabilities,andcontinuetoupdate
theirpoliciesonanasneededbasis.
Principles
and
Best
Practices
Somegeneralprinciplesandbestpracticesformanagingemailarelisted
belowandarediscussedmorefullyinSection2oftheseguidelines.
1. Understandemailuse,developstrategiesthatareselective,andfocus
resourceswheretheyaremostneeded.
2. Managecentrally,reducingrelianceontheenduser.
3. Manageelectronicallyasmuchaspossible,reducingrelianceonusers
andmanualmanagementstrategies.
4. Ensurecooperation,coordination,andsupport;thatis,ensurethe
cooperationofallusersoftheemailsystem,thecoordinationofseveral
keyindividualsthroughouttheorganization,andmanagementsupport.
5. Addressanybacklogbydevelopingastrategythatisbasedonsolid
reasoningandarationaldispositionstrategyandthatisdocumentedin
anemailmanagementpolicy.
Components
of
a
Policy
Anypolicythatgovernsanemailmanagementprogrammustaddress—but
notnecessarilybelimitedto—thefollowingpoints(seeSection3formore
detail):
1. Essentialelementsoftheemailmanagementsystem:Whatarethe
systemcapabilitiesandfunctions?Whatinformationandrecordsarein
thesystem?
2. Classifyingemail:Whichemailsarerecords?Whichemailsarenot
recordsforlegalpurposes?Whataretherequiredsecuritylevels,filing
rules,andindexingfields?
3. Accessandretrieval:Howdousersfindemails?Howcanusersenhance
access?Towhichemailsdousershaveaccess?Howwillaccessbe
providedtothepublic?Underwhatcircumstancesisaccessdeniedtothe public?
4. Ediscovery:Whatistheprocessofrespondingtoimpendinglitigation?
Whoinitiatestheresponse?Howandwhenistheprocessinitiated?
5. Storage:Whatistherangeofstorageoptionsused?Howlongwillemails
remainontheserver?When,ifever,areemailstransferredtoremovable
storagemedia?
6. Retentionanddisposition:Whataretheretentionperiodsfordifferent
typesofemailsinthegovernmentoragency?Howisretentionmanaged?
Whenandhowareobsoleteemailsdestroyed?
7. Preservation:Howarelongtermandpermanentemailspreserved?
Whatformatsandmediaareused?Howdoesthegovernmentoragency
trackandmanagemigration?Howdoesitensuremediaintegrity?How
andwhendoesastateagencytransferarchivalemailstotheState
Archives?
8. Informationsecurity:Whattechnicalandproceduralmeasuresarein
placetoensureinformationsecurity?
9. Appropriateuse:Howdoesthegovernmentoragencydefinetheappro
priateuseofemail?Howaretheseprinciplesdisseminated?Howis
appropriateusemonitored?Whatarethemeasuresforaddressing
misuse?
10. Stafftraining:Howisstafftrainedontheemailmanagementpolicy?
Whatsubjectareasareaddressed?
11. Rolesandresponsibilitiesmustbeclearlyassignedanddefinedforeach
oftheabovecomponents.
IncludedinSection4oftheguidelinesarethreesamplepoliciesthatreflect
theneedsandcapabilitiesofthreesizesofgovernmentoragency.Thesample
policiesillustratehowtousecurrentbestpractices(Section2)tointegrate
andaddresstheabovecomponents(Section3)inapoliciesandprocedures
document.
NewYorkStateArchives—DevelopingaPolicyforManagingEmail
1.
Introduction
1.1
Purpose
and
Intent
Fewgovernmentsoragencieshavefocusedonemailwhenitcomestopolicy
andprogramdevelopment.Emailsystemshavebeenimplementedatall
levelsofgovernmentthroughoutNewYorkStatetomeetimmediatebusiness
needs,butthesmoothoperationofthesesystemshasbeenviewedasa
functionofinformationtechnology(IT)ratherthanofrecordsmanagement,
administration,legalcompliance,orinternalcontrol.Emailisgeneratedby
andmaintainedinasoftwareenvironmentthatisnotintendedforlongterm
storage.Manyusershaveequatedemailwithatelephonecall:ephemeral,
private,andexemptfromoversight.Thetruthaboutemailismuchdifferent.
Legislativechangesandhighprofilecourtcasesofthepastdecadehave
firmlyestablishedthatemailcanbeanofficialrecord,emailcanbeusedas
evidenceinacourtoflaw,andfailuretocontrolemailcanbeverycostly.In
NewYorkStateandelsewhere,stateagencies,professionalorganizations,
vendors,andpublicandprivatepartnershipsoffereducationalprograms
abouthowtomanageelectronicrecordsandemail.Organizationshave
accesstoagrowingrangeoftechnologicalsolutionsformanagingemail,as
softwaredevelopersandvendorshaveincreasedtheireffortstomeetacriti
calbusinessneed.Claimingignoranceasanexcusefornotimplementingan
emailmanagementprogramisnolongeranoption(andlegallyneverwas).
ThissetofguidelinesisnotanoverarchingNewYorkStatepolicyon
managingemail.Rather,theseguidelinesreflectcurrentprinciplesandbest
practicesformanagingemail,andareintendedasacommonstartingpoint
forstateagenciesandlocalgovernmentstouseforformulatingtheirown
internalpoliciesonemailmanagement.Agenciesandgovernmentsshould
adapttheguidelinestomeettheirownuniqueneedsandcapabilities.
Issuesregardingemailwillcontinuetochange,undoubtedlybecomingeven
morecomplexasourrelianceonmobiletechnologiescontinuestogrowand
westandevenmorefirmlyintheelectronicworld.Forthesereasons,the
StateArchiveswillreviewtheseguidelinesperiodicallyandupdatethemto
ensuretheyreflectcurrentlaws,practice,wisdom,andcapabilities.Similarly,
alllocalgovernmentsandstateagenciesmustperiodicallyreviewandup
dateasneededtheirownemailpoliciesandprocedures,regardingthemas
livingdocuments,asdynamicandpronetochangeastechnologyitself.
1.2
Structure
and
Contents
AsaproductoftheStateArchives,theseguidelinesasawholeaddresshow
recordsmanagementlawsandprinciplesapplytoemail.Theguidelinesalso
highlightemailbestpracticesthathaverecentlyemerged,manyspurredon
bylegalchangesandmadepossiblebyadvancesintechnology.
Theseguidelinesaredividedintothefollowingsections:
ExecutiveSummary:Statesthecentralprinciplesthatshouldguidepolicy
developmentformanagingemail.
1. Introduction:Providestheintentoftheseguidelines,abriefoutlineof
howtheguidelinesareorganized,anddefinitionsthatareessentialfor
examiningthechallengesofandstrategiesformanagingemail.
2. PrinciplesandBestPractices:Discussesbestpracticesthatareemerging
afteradecadeormoreofemailuseintheworkplace.
3. PolicyComponents:Describesthebasicelementstoincludeinanypolicy
formanagingemail.
4. SamplePolicies:Providesthreesamplesthatillustratethemanagement
strategies,needs,andcapabilitiesofgovernmentsandagencies,fromthe
smallestlocalgovernmenttoalargestateagency.
Appendix:Providesashortdiscussionofstateandfederallawsand
regulationsrelatingtorecordsmanagement,especiallythemanagementof
electronicrecords(includingemail).
Sections1through3andtheappendixareintendedtogivecontextand
meaningtothethreesamplepolicies,whilethethreesamplepoliciesin
Section4demonstratetherangeofstrategiesavailableformanagingemail.
Thesamplesarenotmeanttosuggest,however,thatonlythreestrategiesare
possible.Futurerevisionsoftheseguidelinesmayexpandtoincludeactual
policiesandproceduresfromsampleemailmanagementprogramsinNew
YorkState.
1.3
Terms
and
Concepts
Managingemailoverthelongtermischallengingbecauseofemail’sessen
tialcharacteristics.Anemailoriginatesinanelectronicformat,butitcanalso
existinaspecifictypeofcomputerfileorfileformat.Emailtendstoresideina
proprietaryfileformatinanemailsystem;althoughthereisinteroperability
betweenemailsoftwaresystems,emailexistsasafileformatthatisowned
andcontrolledbyasinglesoftwarecompanyandisnotnecessarily(oreasily)
exportabletoanotherenvironment.Forthesereasons,longtermorperma
nentemailsmustbecreatedinorconvertedtononproprietaryformatsfor
preservation(forexample,ExtensibleMarkupLanguage,orXML,whichis
explainedinSection3.7,“Preservation”).
MostemailsconformtoaninternationalstyleformatknownasRFC2822,
whichdefinesanemailasconsistingofaheader(routinginformation)anda
body(themessage),whichareseparatedbyablankline.Thebodyofthe
messagecanconcludewithasignatureblock.Savingemailsasplaintext
(ASCII,Unicode)doesnotnecessarilypreservethestyleformatandgeneral
appearanceofemail;additionalmeasuresmaybeneededtodisplayanemail
asitwasoriginallycreated.
Metadatareferstoanyinformationdescribingasetofdata.Metadatacanbe
viewedintheheaderofasingleemail,butforeveryemailthereisalsoa
moredetailedfileprofile,alsoknownasadocumentprofile,whichisahidden,
associatedpageofinformationaboutthatemail(see,forexample,the
“Properties”tabinaGroupWiseemail).Metadataprovidesthecontextforan
email(sender;recipients;datestransmitted,opened,deleted),identifiesthe
email’ssubjectcontentandsoftwareenvironment,andindicatesany
modificationsthatweremadeaftertheinitialtransmission.Forthesereasons,
thecontinuingassociationofmetadatawithitsemailmessageisessentialfor
ensuringthelongtermaccessibilityandlegaladmissibilityofamessage.
Anattachmentisanelectronicfilethatisassociated,sent,andreceivedalong
withanemailmessage.Attachmentsmaybetextdocuments,graphics,
spreadsheets,videoandaudiofiles,webpages,andcompressedorencoded
files.Thenumberofpossiblefileformatsattachedtoanemailisessentiallyas
unlimitedasthenumberofformatsthatcurrentlyexist.Again,forpreserva
tion,access,andlegalpurposesitisessentialthattheattachmentcontinuesto
beassociatedandretrievablewiththeoriginalemailmessage,aswellaswith
allmetadataforthemessageandtheattachment.
Discoveryreferstothecompulsorydisclosureofdocumentsthatmaybe
relevanttoalegalinquiry.Ediscoveryinvolvesrecordsinelectronicformat,
andemailsarediscoverablebecausetheycanbe—androutinelyare—the
focusofanediscoveryaction.Thecourtshaveincreasinglyemphasizedthe
importanceofhavingarecordsmanagementprogramthatisregulatedby
policy,andthatpolicymustextendtomanagingemail,forbothelectronic
discoveryandrecordadmissibilitypurposes.
2.
Principles
and
Best
Practices
2.1
Understand
Use
Whentryingtomanageemail,thereisusuallynoeasysolution.Managing
emailmeansdevelopingstrategiesthatareselective,focusingresources
wheretheyarecriticallyneededandwheretheywillhavethegreatest
impact.Policydecisionsonhowtomanageemailmustreflecthowagovern
mentoragencyusesemail.Forexample,dousersprimarilyuseemailto
communicateshort,transitorymessages,withsomeisolatedexceptions?Or
doesagovernmentoragency,oranindividualunitofthatgovernmentor
agency,relyonanemailsystemtosend,receive,andstorerecordsrelatingto
oneormorecorefunctions?Theextenttowhichanemailsystemisusedfor
transmittingandreceivingrecords,thedistributionofrecordsacrossa
governmentoragency,andthevalueandretentionrequirementsofthose
recordsmustguidepolicyandthemanagementstrategy.
2.2
Manage
Centrally
Emailpoliciesofthepastdecadehavetendedtomakeindividualusers
responsibleformanagingtheirownemails.Recentlitigationandstudies
havehighlightedtheshortcomingsofthisapproachinguaranteeing
organizationwidecompliancewithrecordsandotherrequirements.Inlarge
organizationsespecially,emailismanagedinconsistentlyiflefttoendusers,
becauseindividualsexercisevariouslevelsofdisciplineandusetheiremail
accountsdifferently.
Centralcontrolisnecessarytoeliminateunnecessaryduplicates,identifyand
linkthreadsinanextendedemailexchange,provideaccesstomorethanone
user,andguaranteelegalcompliance.Theseguidelinestendtoemphasize
(andencourage)strategiesthatallowsomedegreeofcentralizedcontrol,at
leastforemailsthatarepermanent,vital,orvulnerabletoediscovery.Email
managementmaybecentralizedagencywide,governmentwide,orby
individualprogramunits.
Optionsformanagingemailcentrallyinclude
• managingviaaLocalAreaNetwork(LAN),orashareddirectory.ALAN,
orshareddirectory,isanimperfecttoolformanagingemailscentrally,
becauseitultimatelyreliesoneachuserofanemailsystemtomove
individualemailsmanuallyoutofamailboxandintoasharedelectronic
filesystem.
• emailarchivingsoftware,whichcapturesandpreservesemailtrafficflow
ingintoandoutoftheemailserverandstoresitatacentrallocation.Email
archivingprovides“singleinstancestorage,”meaningthatonlyonecopy
ofanemailorattachmentisstoredinthearchivebutisassociatedwith
sendersandreceivers,therebyreducingthevolumeofemailontheonline
emailserverandmakingsearchandretrievalmoreefficient.Emailarchiv
ingdoesnot,however,integrateemailwithotherelectronicrecords(word
processedfiles,databases,webpages);emailsexistandaremanagedasa
standalonebodyofinformation.
• ElectronicDocumentManagementSystem/EnterpriseContentManage
ment(EDMS/ECM),whichisacentralrepositoryforallelectronicrecords.
Dependingontheproduct,anEDMS/ECMcanhaveasophisticatedarray
ofmanagementfunctions,andcanevenmanageretentionanddisposition
througharecordsmanagementapplication(RMA).Emailmanagement
existsasaseparate,addonmoduleofanEDMS/ECM.
2.3
Manage
Electronically
Anothermanagementstrategyhasbeentorelyonthe“lowtech”methodof
printingoutimportantemailstointegratethemintoapaperrecordkeeping
system.Printingemailsisstillaviableoptionforasmallorganizationwith
limitedtechnologysupportandfinances,providedthatindividualsacross
theorganizationconsistentlyapplyrecordsretentionrequirementstothe
printedemails,captureallessentialmetadata,andfiletheemailswiththeir
respectiveattachments.Suchcontrolsaredifficult,ifnotimpossible,to
enforceinlargeorganizationswhereemailtrafficandvolumeisincreasing
exponentially.
Governmentsandagenciesaremorelikelytoensurecompliancewithpolicy
byretainingtheiremailelectronicallyandmanagingtheiremailrecordswith
agrowingarsenalofelectronictools(althoughitmaystillprovenecessaryto
printemailsoccasionally,tointegrateafewemailsintoanexistingpaperfile).
2.4
Ensure
Cooperation,
Coordination,
and
Support
Mostlocalgovernmentsandstateagenciesarerequiredbylawtoappointa
recordsmanagementofficer(RMO),whoisresponsibleforcoordinatingand
overseeingacomprehensiverecordsmanagementprogram.Itcanbedifficult
tocoordinateandgainsupportformanagingaresourcethataffectseveryone,
especiallyinanenvironmentwithamixtureoffull andparttimeofficials
andemployees,interns,volunteers,andcontractualpersonnelworkingat
variouslocations.Becauseoftheimpactandcostsofnotmanagingemail,
however,RMOsandothersingovernmentsandagenciesmustdevelop
strategiesandmechanismsforbuildingcooperation.
Themanagementofelectronicrecordsandemailcanenhancetherelevance
andvisibilityofacooperativebodythatalreadyexistsinalocalgovernment
orstateagency,oritcanbeacompellingreasonforinitiatingacooperative
bodythatincludeseveryonewithaninterestinandknowledgeabout
records.Possibleresponsibilitiesofsuchaboardorcommitteecouldbeto
• ensurecommunicationbetweenprogramareasthataredirectlyconcerned
withelectronicrecords(especiallyrecordsmanagementandinformation
technology)
• adviseonthedesiredcapabilitiesofasoftwaresolutiontomanageemail
andotherelectronicrecords
• reviewrequestsforproposals(RFPs)andresponsestotheRFPsforemail
managementsolutions
• coordinateanappropriateresponsetoalegalactionorotherinquiry
(FOIL,audit)
• identifysourcesofgrantfunding,andidentifyandprioritizeprojectsfor
grantapplications
• identifyandcoordinatetrainingopportunities
• periodicallyreviewpoliciesandproceduresformanagingelectronic
records
• adviseonappropriateresponses(includingdisciplinarymeasures)when
policiesandproceduresaren’tfollowed
AnRMOinalocalgovernmentcanform,refocus,orreenergizearecords
advisoryboardtoadviseonelectronicrecordsissues,orformatechnology
committeetofocusontheuniqueneedsofelectronicrecords.AnRMOina
stateagencycanformorgiveanewroletoacommitteethatconsistsof
liaisonsfromacrosstheagencywhoaredirectlyinvolvedwithmanaging
recordsintheirrespectiveprogramareasandwithcoordinatingthose
functionswiththeRMO.Therecordsmanager,recordsaccessofficer,
informationtechnologydirector,informationsecurityofficer,andlegal
counselshouldbeinvolvedinanysuchcommittee,workingwiththe
supportofandinputfrommanagement.
2.5
Address
Any
Backlog
Manylocalgovernmentsandstateagenciesaredealingwithabacklogof
unmanagedemailsstoredeitheronserversoronvariousstoragemedia
offline.Whetherornottomanageemailsretroactivelydependsonthelevel
ofriskinvolvedinnotmanagingthem.Iftherisklevelishigh,analysisofa
sampleoftapesorotherstoragemediainvolvedmightsuggestan
appropriatecourseofaction.Methodsofanalysismayinclude
• downloadingbackupsorcopiesofemailintoanexistingmanagement
system
• workingwithadatarecoveryvendortorestoretapesorothermediaone
byone
• surveyingpastemailuserstodeterminewhatislikelytobeonthemedia
Thegoalistoidentify,asmuchaspossible,thelatestretentionperiodof
recordsonthestoragemediaandtodestroythemediawhenthatretention
periodhaspassed.Baseallstrategiesonsolidreasoning,anddocumentthose
strategiesinanemailmanagementpolicy.
2.6
Work
with
Service
Providers
Avarietyofservicesareavailabletogovernmentsandagenciesthateither
don’thaveorcan’taffordtodiverttheirlimitedresourcestowardsmanaging
emailentirelyontheirown.Theseservicesinclude
1. CommercialInternetServiceProviders(ISPs),whoprovideemailservices
asacomponentofInternetservices(suchasVerizon,TimeWarner)
2. Widelyusedcommercialstandaloneemailsystems(suchasAOL)
3. Freeemailservices(suchasGmail,Hotmail,Yahoo)
4. Emailservicesofferedbylocalgovernmentsorstateagencies(BOCESfor
constituentschooldistricts,countiesformunicipalities,OfficeforTechnol
ogyforstateagenciesandothers)
Itisimportanttodefineinpolicytherangeofemailservicesreceivedfroman
outsideserviceprovider.Wheneverpossible,arrangeforservicesthatextend
beyondconnectivitytoincludeessentialmanagementfunctions.Inaddition,
beawareofpotentialproblemsinvolvingtheuseofthefirstthreeoptions
listedabove,suchaslimitationsonattachmentfilesizeandmailboxcapacity
andthedifficultyofimportingfilesfromthehostsystem.Asignedcontract
orserviceagreementwiththeoutsideprovidershouldreflectthesystem’s
capabilitytoaddressexistingpoliciesandprocedures.
Managingemailconsistentlyandcomprehensivelycanbeproblematicwhen
individualusersinthesamegovernmenthaveaccountswithseveraldiffer
entservicesorserviceproviders.Onesolutionistodownloadallgovernment
emailrecordstoacentralserver,whereemailrecordscanbestoredinhouse
andmanagedelectronicallythroughtheuseofspecializedsoftware.The
alternativeistoworkwiththeemailserviceprovidertoutilize“softwareasa
service”possibilitiestoensurethatallaspectsofemail,includingretention
anddisposition,aremanagedappropriatelywhilenotmakingfurther
demandsonaninhousetechnologyinfrastructure.
3.
Policy
Components
3.1
Essential
Elements
of
the
Management
System
3.2
Classifying
Anemailpolicydocumentstheemailmanagementsystemataparticular
pointintime.Thesystemcontainscertaintypesofinformationthatmayor
maynotberecords,asdefinedbylaw,sothepolicymustdescribehowthe
systemisusedandtheinformationandrecordsitcontains.Thiswill
determinethewaythesystemworks.
Anemailmustbemanagedaccordingtohowitisdefinedintermsofthe
informationitcontains.Tomeetbasicrecordsmanagementrequirements,
emailsmustbeevaluatedatthreelevels.
• Isanemailmessagearecord?Anemailisarecordifitiscreatedorreceived
aspartofabusinesstransactionofagovernmentoragency.Email
messagesthatarerecordsincludepoliciesanddirectives;correspondence
ormemorandarelatedtoofficialbusiness;workschedulesandassign
ments;agendasandminutesofmeetings;documentsthatinitiate,
authorize,orcompleteabusinesstransaction;andfinalreportsorrecom
mendations.Emailsthatarenotrecordsincludegenerallistservmessages,
spam,broadcastmessagesreceivedbystaff,andpersonalmessages.
• Ifanemailisarecord,towhichrecordsseriesdoesitbelong?Localgovernments
shouldconsultanappropriateStateArchives’recordsscheduletoanswer
thisquestion.Stateagenciescanconsultthestategeneralrecordsschedule
oranagencyspecificrecordsscheduletodeterminetherecordsseries.
• Whatistheretentionperiodforthatrecordsseries?Theanswertothisquestion
dictatesthebasicrecordsmanagementrequirements(forexample,the
access,storage,andpreservationneeds)ofthatemail.
Optionsforclassifyingemailsinclude
• manually:relyingentirelyonanindividualuser’sknowledgeofwork
processes
• semiautomated:usingsoftwarethatpromptsuserswithacheckboxto
classifyemailsbeforeclosingorsaving
• fullyautomated:usingsoftwarethatreads,categorizes,andfilesemail,
basedonbusinessrulesthatreflecthowanorganizationusesemail
NewYorkStateArchives—DevelopingaPolicyforManagingEmail
Eachoftheabovestrategieswillhavevaryingdegreesofcomplianceand
accuracyanddifferingimplementationcosts,dependingonthecontrolsin
placetosupporttheclassificationsystemandthesize,culturalenvironment,
andtechnicalcapabilitiesofanorganization.
3.3
Access
and
Retrieval
Enhancing
access
and
retrieval
Filinghastypicallybeenviewedasawaytoenhanceaccess,andfilefolders
traditionallyarearrangedbyworkfunction,subject,ordate,oracombina
tionoftheseintendedtoaidretrieval.However,inanelectronicenvironment,
asearchenginecanreduceoreliminatetheneedforafilingstructuretofind
records(althoughelectronicfilingsystemscanstillbeusefulforother
reasons,suchasmanagingretention,asdiscussedbelow).
Tomakesearchingmoreefficient,individualusersmustalwaysassignasub
jectlinetooutgoingemails,andcanevenassignoneortwoindexterms(a
casenumber,forexample)tothesubjectlineormetadataofeachemailrecord
theysendandtothemetadataofeachemailrecordtheyreceive.This
requiresacontrolledvocabulary,namingconventions,trainingforindividual
users,anddiscipline.Itmaybepossibletoadoptthisasastrategyonlyto
manageimportantorvitalemailrecordsorthoserecordsthatmaybe
relevanttolegalproceedings.
Restricting
access
Conversely,thereshouldbemechanismsinplacetorestrictaccesstocertain
emailsorevenpartsofemails.Accesstoemailsrelatingtolawenforcement
investigations,courtactions,andpersonnelandhealthmattersmaybere
stricted,sometimesbylaw,toafewdesignatedindividualsinagovernment
oragency.Ifemailsareroutedtoacentralfilingsystem,it’simportantto
implementsystemsecuritymeasuresthatrestrictaccesstocertaindirectories,
filefolders,andindividualfilesbyjobfunctionortitle.Emailusersshould
havereadonlyaccesstostoredemailstoensurethelegaladmissibilityand
integrityoftherecords.
Becauseofthenatureofemailconversations,asingleemailcanbeginwith
onesubjectandendwithanother,andonepartofanemailmayberestricted
whileanotherpartisnot.Governmentsandagenciesshouldthereforebe
preparedtoproduceredactedversionsofemails,toprovideaccesstothe
unrestrictedinformationinanemail(inresponsetoaFOILrequest,for
example).Nomatterwhatkindofmethodofredactionisused,itmustbe
subjecttoaverificationandqualitycontrolprocess,toensurethatthe
redactedtextistrulyirretrievablebyunauthorizedusers.
3.4
Ediscovery
Agovernmentoragencymaydecidetodevelopaseparate,highlydetailed
setofediscoverypoliciesandproceduresbecauseofthecomplexlegalissues
involvedinanediscoveryaction.Thisisimportant,sincethefailureto
respondappropriatelycanresultinlegalsanctions,lossofreputation,and
othersignificantcosts.
Anediscoverypolicymuststipulatethatifsomeoneinagovernmentor
agencyknowsofanimpendinglegalaction,thatindividualmustnotifylegal
counselimmediately.Becauserecordsareincreasinglyelectronic,legal
counselmust,inturn,contacttherecordsmanagementofficerandthelead
informationtechnologyprofessional(eitheraconsultantonretainer,program
areadirector,orchiefinformationofficer)fortworeasons:tounderstandthe
informationtechnologyenvironment,andtoknowthecontentandformatof
potentiallyrelevantelectronicrecords.
Themoreinformationavailabletolegalcounselbeforehand,thebetter.
Ideally,legalcounselshouldknow,orhavetheresourcesavailabletodiscern
quickly,howanagencyorgovernmentusesemailandthetypesofrecords
likelytoresideintheemailsystem.
3.5
Retention
and
Disposition
Simplifying
retention
Purgingallemailsafteradefinedtimeperiodisnotanacceptableretention
anddispositionstrategy.Eachemailrecordbelongstoarecordsseriesthatis
included(orneedstobeincluded)inanofficialretentionschedule.Intoday’s
businessenvironment,itishighlyunlikely,ifnotimpossible,thatagovern
mentoragencywouldtransmitonlyemailsthatarenonrecordsorthathave
aretentionperiodof“0afternolongerneeded.”
Itispossible,however,tosimplifyretentionandmanageemailsasgroupsof
messagesbelongingtoaclusterofrecordsserieswithsimilarretention
periods.First,theRMOandothergovernmentofficialsmustknowthereten
tionrequirementsofemailstransmittedwithintheirgovernmentoragency.
Stateagenciesmustdeterminewhetheremailsarepartofrecordsseriesthat
havebeenorneedtobescheduled.Retentionstrategiescanthenbeapplied
selectively,accordingtotheretentionperiodsofemailstransmittedand
receivedbyindividualusers,programunits,oracombinationofthese.
Someemailmanagementstrategiesinclude
• identifyingthoseunitsthattransactbusinessalmostentirelybyemail(for
example,acontractingunitthatcollectsresponsestoRFPsstrictlyviaemail),
andthenfocusinganautomatedsolutiononthoseunitsandtheirrecords
• focusingontheemailsofindividualsinupperlevelsofmanagementor
occupiedwithcertainjobfunctions(legal,health,humanresources,con
struction,landuse),ontheassumptionthattheirrecordsarelongterm
• identifyingandremovingpermanentemailsfromindividualaccountsand
managingthemseparately,whileretainingnonpermanentemailsforthe
longestretentionperiodshortofpermanent.Forexample,localgovern
mentscanassesswhethertheiremailsareequivalenttocorrespondence.If
so,theymayapplythethreeretentionperiodsforcorrespondenceinthe
localgovernmentschedules(permanent,sixyears,0afternolonger
needed),separatingoutthepermanentemailsanddestroyingthenonper
manentemailsaftersixyears.Iflocalgovernmentsadoptthisstrategy,
theymaystillneedtoidentifyasmallnumberofemailsthatdonotqualify
ascorrespondenceandsavethoseemailsforthefulllengthoftheir
respectiveretentionperiods.
Backups
ItisimportanttofollowaStateArchives’retentionschedule(eitherthe
generalscheduleforstateagenciesorarelevantlocalgovernmentrecords
schedule)foremailsystembackups.Thesecanbesubjecttoediscovery,even
iftheoriginalemailshavebeendestroyedandespeciallyifthecourtdeems
theoriginalsweredestroyedinappropriately.Conversely,thedestructionof
backupsassumesthatoriginalemailsweremanagedappropriatelyand
destroyedaccordingtoStateArchivesretentionschedules.
Attachments
Anemailmayhaveadifferentretentionperiodthanitsattachment.Ifan
emailisusedessentiallyasacoverletterwithaminimalretentionperiod,the
emailanditsmetadataarestillimportantfordocumentingthatsomething
wassentandreceived,whichmayproverelevanttolegalandotherinquiries.
Forthisreason,aswellasforthesakeofsimplicity,retaintheemailandthe
attachmentforthelongeroftheirtworetentionperiods.
Copy
control
Controllingcopiesisaretentionissue,becauseretentionrequirementsvary
accordingtowhetherornotarecordistheofficialcopy.Theconceptof
“officialcopy”isproblematicwhendealingwithemailbecauseofthevolume
ofemails,thedifficultyofcontrollingallcopies,andtheoccasionalneedto
proveanemailwasreceivedaswellassent.Aswithotherretentionissues,
it’sbesttosimplifycopycontrolasmuchaspossible.
Therecipient’scopyofanemailreceivedfromsomeoneoutsideofthe
governmentoragencyisusuallytheofficialcopyofthegovernmentor
agencythatreceivesit.Theofficialcopyofanemailsentinternally,however,
maybethesender’sorrecipient’scopy,maybeboththesender’sand
recipient’scopy,ormaydependonwhetherornottheemailispartofa
largerseriesofrecords.Ininstanceswhereseveralindividualsparticipatein
anextendedemailconversation,therecordcopywouldbetheconcluding
messagethatincludesalloftherelatedthreadsoftheemailexchange,butit
maybeimpossibletoensurethatthewhole,allimportantthreadissaved
intact.Governmentsandagenciesmaythereforedecidetosaveallcopiesof
emailsrelatingtocertaincriticalissuesorreceivedbyindividualswhoare
likelytobeinvolvedinthosecriticalissues.Again,thiswillinvolveanalyzing
anddevisingastrategybasedonemailuseandthefunctionofaprogram
unitordepartment.
3.6
Storage
Whilethecostofelectronicstorageissteadilydeclining,theuseofelectronic
technologiesandthesheervolumeofemailsareincreasing.Inasmallorgani
zationwhereemailisusedstrictlyforcommunication,managingstorage
mayinvolvenomorethandeletingemailsfromtheemailserverafterthe
appropriateretentionperiodforeachspecificmessagehaspassed.Inmore
complexsituations,however,emailsmaypassfromactivespaceonanemail
servertocentralstorage,thentolongtermstorage,andeventuallyto
externalstoragemedia.Anemailpolicymustdocumenthowthelocal
governmentorstateagencyutilizesstorage,toensurethatupgradesand
migrationaddressalllongtermemails,regardlessofwheretheyreside.
3.7
Preservation
NewYorkStatelawandregulationsrequirethatgovernmentsandagencies
ensurethatrecordsareaccessibleforthefulldurationoftheirretentionperi
ods.Forelectronicrecords,includingemail,preservationofevenshortterm
recordscanbeproblematicbecauseofthepaceoftechnologicalobsolescence
andmediadegradation.Preservationstrategiesforemailinclude
• usingstandardfileformatstosavemessages,attachments,andthelinks
betweenmessagesandattachments.ExtensibleMarkupLanguage(XML)
isquicklybecomingthestandardformanaginglongtermemailandits
associatedmetadataandattachments.XMLisanopenformatandmarkup
languagethatwasdevelopedtostoreandtransportdatabetweenoperat
ingsystems.XMLusestagstoindicatethestructureofdatainanemail,
butitrequiresanothersoftwareprogramtoprocesstheXMLtagsand
displaythedataasanemailmessagewithanattachment.
• adoptingopensourceproductsandformatsasmuchaspossibleto
facilitatemigrationorconversiontoanewemailsystem
• assessingtheneedtomigrateemailstoanewsystem,andmigratingmini
mallytobalanceconcernsfordataloss,costs,andlongtermpreservation.
Themoremessagesrequiringconversion,thehigherthecosts.It’sbestto
migrateaminimalvolumeofemails,whichispossibleonlybyapplying
effective,appropriateretentionpracticesanddestroyingobsoleteemails.
3.8
Information
Security
Thesecurityofanemailsystemisasharedresponsibility.Informationtech
nologypersonnel,eitherinhouseoroutsourced,areusuallyresponsiblefor
implementingtechnicalsecuritymeasures,includingfirewalls,spamfilters,
antivirussoftware,levelsofaccesstoapplicationsandfiles,andpasswords.
Technologyis,inturn,supportedbyclearlystatedsecuritypoliciesand
procedures,anongoingtrainingprogramforallemailusers,andasystemof
auditsandcorrection.
Inaddition,stateagenciesarerequiredtohaveaninformationsecurityofficer
(ISO),accordingtotheCyberSecurityPolicy(P03002)issuedbytheNewYork
StateOfficeofCyberSecurityandCriticalInfrastructureCoordination
(CSCIC).TheISOisresponsibleforbuildingan“informationsecurity
infrastructure,”thatis,implementingandoverseeinganagencysecurity
programthatisguidedbypolicy.TheISOalsomonitorscompliancewiththe
securitypolicyandenforcescorrectiveaction.
TheothertenetsofCSCIC’spolicyoninformationsecurityapplytoallstate
entitiesandtoinformationassetsthataresharedbetweenstateandlocal
governments.Thepolicyis,however,asamplethatlocalgovernmentscan
applytotheirentireinformationtechnologyenvironment.Thesecurity
policyisavailableonCSCIC’swebsite,andlocalgovernmentsandstate
agenciesshouldcontactCSCICforspecificquestionsconcerningInternet
andemailsecurity.
3.9
Appropriate
Use
Theappropriateoracceptableuseofemailisasecurityissue.Withoutause
policy,agovernmentoragencycanbeheldliablefordamagesifanindivid
ualonstaffsendsorreceivesinappropriatemessages.Attheveryleast,the
inappropriateuseofemailinternallycancausedisagreementsbetweenstaff
andadeclineinproductivity,andiftransmittedexternallycanbedamaging
toanagency’sorgovernment’sreputation.Downloadingoropening
inappropriatefilescancrippleanentireelectronicsystem.Anappropriateuse
policyplacestheburdenofresponsibilityontheindividualuserratherthan
ontheagencyorgovernment.
Theprinciplesofappropriateuseareasfollows:
• Confineuseofgovernmentownedcomputersandaccountsto
governmentbusiness.
• Respectothers’privacy,gender,sexualorientation,race,creed,ethnic
background,orotheridentifyingcharacteristics.
• Protectdatafromunauthorizeduseordisclosureasrequiredbystateand
federallawsandregulations.
• Respectthevalueandintegrityofcomputingsystems.
• Safeguardindividualusers’accountsandpasswords.
Elementsofanorganization’semailpolicyshouldbeintegratedintoexisting
webmailandnetworkaccesspoliciestostrengthenandgivevisibilitytothe
emailpolicy.Theappropriateusepolicyshoulddescribethedisciplinary
measuresthatwouldresultfrominappropriateuseoftheemailsystem.
3.10
Staff
Training
Trainingisanessentialelementinprovingthelegaladmissibilityofemail
records.Thecourtshaveconcludedrepeatedlythatapoorlyimplemented
policyisworsethannopolicyatall,andthatanaggressive,ongoingtraining
programdemonstratesanorganization’scommitmenttoitsownemail
policy.
Trainingfallsintotwobroadcategoriesthatarenotmutuallyexclusive.To
useemaileffectively,allusersmustundergotrainingonthetechnical
capabilitiesoftheemailprogramandontheirroleinmaintainingsystem
security.Trainingshouldalsoaddressalloftherecordsissuesinvolvedwith
managingemail,especiallythefunctionsforwhichusershavedirectrespon
sibility.Insmallorganizations,therecordsmanagementofficercanprovide
orarrangefortraining.
Inlargegovernmentsandagencies,responsibilityfortrainingmaybe
dividedamongseveralstaffandprogramareas:ITstaffprovidetechnical
training(capabilitiesofandhowtousethesystem),theinformationsecurity
officercoordinatesandprovidestrainingonsystemsecurity(includinguseof
passwordsandappropriateuse),andtherecordsmanagementofficer
addressesrecordsmanagementissues(especiallyrecordsretentionand
disposition).Alllocalgovernmentsandstateagenciescandrawonthe
servicesoftheStateArchivestoassistwiththeireducationalefforts.
Asafollowuptotraining,thereshouldbeasystemofmonitoringuseto
ensurecompliancewithemailmanagementpolicyandprocedures.Govern
mentsandagencieshavetherighttomonitoruse,accessindividualaccounts,
andtakecorrectiveactionasneeded.
3.11
Roles
and
Responsibilities
Foranemailpolicytobeeffective,itmustclearlyassignresponsibilityforall
oftheaboveaspectsofmanagingemail.Thekeyplayersinmanagingemail
inalocalgovernmentandstateagencyincludetheRMO,recordsaccess
officer,informationtechnologyprofessionals,legalcounsel,managers,and
theemailusersthemselves.Asnoted,stateentitiesarealsorequiredtohave
aninformationsecurityofficer(ISO)andchiefinformationofficer(CIO),who
areresponsibleforaspectsofemailmanagementinadditiontotheirother responsibilities.
Asapplicable,emailpolicymayarticulatetherespectiverolesand
responsibilitiesofotherlevelsofgovernment,businesses,consultants,and
stateagencies.Forexample,theemailpolicyofastateagencymaystipulate
thattheagencywilltransferallarchivalemailrecordstotheStateArchives
forpermanentpreservationinaccordancewithapprovedrecordsretention
anddispositionschedules.
Inlargegovernmentsandagencies,keyindividualsorprogramunitsmay
assumeresponsibilityfordevelopingseparatepolicystatementsthattogether
formacomprehensiveemailpolicyforthegovernmentoragency.For
example,theadministrativeunitmaydevelopthesectionofthepolicyon
acceptableuse,theinformationsecurityofficermayaddressthepolicyon
passwordsandagainstsharingemailaccounts,legalcounselmaywrite
detailedpoliciesandproceduresforediscovery,andtherecordsmanager
mayaddressrecordkeepingrequirementsorintegrateemailsintoanexisting
recordsmanagementpolicyframework.Itisultimatelytheresponsibilityof
managementorthegoverningboardtosupportandpromulgateemail
policiesandproceduresthroughouttheorganization.
For
More
Information
and
Assistance
TheStateArchivesprovidesdirectadvicetostateagenciesandlocalgovern
mentsonallaspectsofmanagingemail,includingsettingretentionperiods
anddevelopingmanagementpoliciesforemail.TheArchiveshasregional
advisoryofficersandAlbanybasedstaffwhoperformsitevisits,provide
technicaladviceandassistance,andpresentworkshopsonawidevarietyof
recordsmanagementissues.Localgovernmentsareeligibletoapplyfor
fundingthroughtheLocalGovernmentRecordsManagementImprovement
Fund(LGRMIF)toimplementvariousrecordsmanagementprojects,includ
ingprojectstoinventoryandmanagetheiremail.Forfurtherinformation,
contactyourregionalofficeorthefollowing:
GovernmentRecordsServices NewYorkStateArchives StateEducationDepartment 9A47CulturalEducationCenter Albany,NewYork12230
(518)4746926
4.
Sample
Policies
4.1
About
the
Sample
Policies
Thissectionconsistsofthreesamplepoliciesthatrepresenttherangeof
governmententitiesinNewYorkStateandthedifferencesthatmayexist
betweenpoliciesofdifferenttypesandsizesoforganizations.Thesequence
ofthepoliciesrepresentsaprogression,fromasmallorganizationtoalarge
organization,fromamostlymanualsystemtoasystemthatisalmostfully
automated,andfromasimplepolicytoapolicythatisnecessarilymore
complex.
Policy
1:
Village
of
Hidden
Valley
Thissamplepolicyiswrittenforasmalllocalgovernmentwithlimitedtech
nicalcapabilitiesandinhouseinformationtechnologysupport.Thevillage’s
emailmanagementsystemconsistsofanemailserverthatinteractswitha
freestandingemailarchivingappliance.Villagestaffareresponsiblefor
identifyingandmovingallpermanentemailrecordsfromtheemailserverto
asharedfiledirectory,wheretheyaremanagedwithotherpermanent
electronicrecords.Thearchivingappliancestoresallemailsforsixyears.
Severalvillageofficialsusepersonalemailaccountsontheirhomecomputers
forvillagerelatedactivities,andthepolicyincludesproceduresthataddress
emailsonhomecomputers.(TheStateArchivesdiscouragestheuseof
personalemailaccountstoconductpublicbusiness.Insmallergovernments,
however,thissituationmaybenecessary,especiallyifboardmembersand
otherofficialsdonothaveanofficeinagovernmentfacility.)
Policy
2:
Town
of
Big
Thunder
Thissamplepolicyiswrittenforamediumsizedtown.Itassumesthatthe
townownsanemailmanagementsystemwithfairlyrobustcapabilitiesand
hasaninhouseITdirector.Thesystemrequirestownemailuserstoclassify
incomingandoutgoingmessagesmanually,butthenthesystemfilesthe
emailsaccordingtohowtheywereclassified.Thesystemperformssome
retentionanddispositionfunctions,butdoesnotdestroyemailrecordsonce
theyhavepassedtheirretentionperiods.TheITdirectorimplements
destructionoutsideofthesystem.Inaddition,asmallnumberoftownoffi
cialsuseemailaccountsontheirhomecomputersfortownrelatedactivities.
Inthiscase,todiscouragetheuseofpersonalaccounts,thetownprovides
emailaccountsonthehomecomputersofasmallnumberoftownofficials.
Policy
3:
State
Office
of
Administrative
Support
and
Analysis
Thissamplepolicypertainstoastateagency.Thisagencyhasaninhouse
informationtechnologystaff,manydifferentprogramareas,andalarge,
geographicallydispersedstaff.Thepolicythatgovernstheagency’semail
managementsystemisnecessarilymorecomplexthanthepolicyforasmall
ormediumorganization,andresponsibilityformaintainingthesystemand
implementingpolicyisdividedamongalargernumberofstaff.Theagency
hasexplicitlyprohibitedtheuseofnonagencyemailaccountsand
computersfortransmittingorreceivingworkrelatedemails,althoughthere
areprovisions,documentedinpolicy,foraccommodatingstaffwhotravelor
telecommute.
4.2
How
to
Use
the
Sample
Policies
PleasenotethattherearenoactualmunicipalitiesinNewYorkStatecalled
HiddenValleyorBigThunder,noristhereaStateOfficeofAdministrative
SupportandAnalysis.Thesamplepoliciesforthesefictionalentitiesare
dividedintosectionsthatreflectvariousaspectsofmanagingemail(as
outlinedinSection3oftheseguidelines).Eachsectionbeginswithapolicy
statement,whichisthenfollowedbyalistofproceduresrequiredtocarry
outthatpolicy.
TheStateArchivesisnotpromotingorrecommendinganyofthe electronicmanagementsystemsthatarefeaturedinthethreesample policies.Ourgoalistopresentsituationsthatarerealisticand,therefore,
samplepoliciesthatareusefultoourcustomers.
Donotfeelcompelledtoadoptthepoliciesandproceduresforoneofthe
scenariosdescribedabove.Instead,usethesamplestoguideyourdecisions
aboutthekindofinformationthatmaybeimportantforyoutoincludein
yourownemailpolicy. Governmentsandagenciesshouldadoptasolution
thathasasitsendresulttheeffectivemanagementofallaspectsofemail
(retentionanddisposition,inadditiontoaccess).Developapolicyand
proceduresmanualthatbestsuitsyourparticularneeds,eitherexpanding,
simplifying,orcombiningelementsofthesamplesprovidedinthissection.
Finally,thesesamplesarenotintendedtobemutuallyexclusive.Insome
cases,asmalllocalgovernmentmayhaveasophisticatedsystemand
thereforeneedamoredetailedpolicysimilartothethirdsample,orastate
agencymaychoosetoadoptsimplifiedstrategiesoutlinedinthefirsttwo
samplepolicies.
Sample
Policy
1
Village
of
Hidden
Valley:
Policies
and
Procedures
EffectiveOctober2008
1.
General
Policies
Thevillagelegallyownsallemailsthatemployeesandofficialscreateandreceive whenconductingvillagebusiness,regardlessofwhereemployeesandofficialscreate andreceivetheemails.Employeesandofficialshavenopromiseofpersonalprivacy whenusingemailonbehalfofthevillage.
1.1
Ownership
of
• Allemailusersofvillageemailaccountswillacknowledgethatthey
understandthevillage’spolicyonemailownershipeachtimetheyloginto
thevillage’ssystem.
• Emailuserswhoworkathome(thevillagejustice,historian,andboard
members)shouldhaveseparateemailaccountsforvillagerelatedemails
or,atminimum,shouldmaintainvillageemailsseparatelyfrompersonal
emails.
1.2
Training
• Thevillageclerkwillensuretrainingontheemailsystemforallnew
villageofficialsandemployees,andwillalsoprovideongoingtraining,
especiallyafterupgradesortransitionstonewemailprograms.
• Newemployeeswillnothaveaccesstoanduseofavillageemailaccount
untiltheyaretrainedonthevillage’semailpoliciesandprocedures.
1.3
Policy
review
and
updating
Therecordsadvisoryboard(whichincludesthevillageclerk,legalcounsel,
historian,andtreasurer)willreviewthisemailpolicyperiodically,especially
iftheemailpolicyormanagementsystemdescribedhereinchanges.
2.
Managing
Thevillagemanagesmostemailasgeneralcorrespondenceandfollowstheretention periodsforgeneralcorrespondenceintheRecordsRetentionandDisposition Schedule MU1.Thevillagemanagesandpreservesemailswitharetentionperiodof longerthansixyearsinacentralfiledirectoryonthevillage’smainserver,anden suresemailwitharetentionperiodofsixyearsorlessisdestroyedaftersixyears.
NewYorkStateArchives—DevelopingaPolicyforManagingEmail
2.1
Classifying
• Emailusersareresponsibleforclassifyingemails,onreceiptorbefore
transmission,aseithernotrecordsoraspermanentrecords.Nonrecords
andpermanentrecordsaredefinedasfollows:
– Emailsthatarenotrecordsincludelistservmessagesdistributedto
manyrecipients,spam,broadcastmessagesreceivedbyofficialsand
employees,andpersonalmessages.Ausermaydestroynonrecords
immediately.
– Permanentemailsdocumentsignificantpolicy,decisionmaking,events,
orlegalissues,orpertaintolegalprecedents.
• Usersmustremovepermanentemailsfromtheirindividualemail
accountsandstoretheminthesharedfiledirectoryonthevillage’smain
server.
• Thevillage’semailarchivingappliancewillcaptureallemails,including
permanentemails,andwillpreventmodificationordeletionofarchived
email.
2.2
Managing
retention
and
disposition
• Permanentemailswillbemanagedandpreservedinthesharedfile
directory,alongwiththevillage’sotherelectronicrecords(seebelowunder
“Preservation”).
• Thevillageclerkwillensurethatemailsgeneratedduringacertainyear
arepurgedfromtheemailarchivingapplianceaftersixyears.
• Emailuserswhoworkathomeshouldcreatetwosubfoldersforperma
nentandnonpermanent(sixyear)emails,anddeleteallnonrecords.
Theyshouldthenperiodicallyforwardthetwosubfolderstothevillage
clerk,whowillfilethepermanentemailsinthesharedfiledirectory.Itis
notnecessaryfortheclerktomanagethenonpermanentemails,because
thesystemwillautomaticallycollecttheemailsfromtheclerk’saccount
andmanagetheemailsassixyearrecords.
• Inrareinstances,emailusersmayreceiveorsendanemailorattachment
thateitherdoesnotqualifyascorrespondenceorthattheywishtosavefor
longerthansixyearsbutnotpermanently.Insuchcases,theymust
forwardtheemailtothevillageclerk,whowillapplytheappropriate
retentionperiodandfiletheemailintheshareddirectory.(Usersof
personalaccountsshouldalsofollowthisprocedure.)
• Theemailserverdeletesallmessagesfromindividualaccountsinthe
villageemailserverafterninetydays.(Usersofpersonalaccountsare
stronglyencouragedtopurgetheseaccountsofvillagerelatedemail
accordingtothesameschedule,afterforwardingcopiesofrecordemailsto
thevillageclerkasdescribedabove.)
3.
Access
to
• Emailusersmaystorenonpermanentrecordsthattheyneedfordailyuse
ontheirowncomputerharddrives.Thevillageclerkwillpromptemail
userstoreviewfilesontheirpersonaldrivesannually,andtodeletethose
savedemailsthathavepassedtheirlegalretentionperiods.
• Destructionofemailsonthearchivingappliancemaybehaltedunder
certaincircumstances(seeSection4,“EDiscovery”).
2.3
Backups
• Thevillageclerkwillensurethatbackupsofemailsontheemailserver
andthearchivingappliancearedestroyedaccordingtotheretention
periodstipulatedforbackupsintheRecordsRetentionandDisposition
ScheduleMU1.
2.4
Preservation
• Emailswithretentionperiodsgreaterthansixyearswillbepreservedwith
otherelectronicfilesinthevillage’ssharedfiledirectory.
• EmailswillbestoredinRichTextformat(.rtf)ontheemailarchiving
applianceandintheshareddirectory.
• Emailsstoredinthearchivingappliancearecompressed,butthevendorof
theappliancehasassuredthevillagethattheemailscanbedecompressed
ifneededwithoutdataloss(asdocumentedinthevillage’scontractwith
thevendor).
• Thevillageclerk,withassistancefromthevillage’scomputersupport vendor,willmonitornewversionsofemailsoftwareandthearchiving
appliancetodeterminewhetherupgradesarenecessary.
• Backupsoftheemailsystemandarchivearetobeusedfordisaster
recoverypurposesonly,notforretention.
• Thevillageclerk,withassistancefromthevillage’scomputersupport vendor,willensuretheongoingintegrityofmediausedtostoreemails,as
stipulatedintheRegulationsoftheCommissionerofEducation(Part185,
8NYCRR),iftheemailsaremovedofflinetoremovablestoragemedia.
Emailsmustbeaccessibleforthedurationoftheirretentionperiods.Emailsarepub licrecordsthatareopenandaccessibletothepublicunderthesameconditionsas allothervillagerecords.
• Emailusershaveaccesstotheemailsintheirindividualaccountsinthe
villagesystemforninetydays.Iftheyneedaccesstosomeemailsforlonger
thanninetydays,theymustsavethoseemailsontheirpersonalharddrives.
• Permanentemailsarefiledinthedirectoryfirstbyvillagedepartmentand
thereafterbysubjectordocumenttype.Usershavereadonlyaccessto
NewYorkStateArchives—DevelopingaPolicyforManagingEmail
emailsintheshareddirectory,withsomeimportantexceptions.Accessto
certainemailsrelatingtoongoinglawenforcementinvestigations,court
actions,andpersonnelmattersmayberestrictedbylawtospecific
individualsinvillagegovernment.Thevillageclerkwillmaintainalistof
typesofemailswhereaccessisseverelyrestricted.
• Thevillageclerk,asrecordsaccessofficer,willrespondtoallFOIL
requestsinvolvingemailand,ifnecessary,willconferwithlegalcounsel
aboutanappropriateresponse(especiallyifarequestisdenied).
4.
Ediscovery
Villagestaffandofficialsmustbeawarethatallemailmessages,includingpersonal communications,maybesubjecttodiscoveryproceedingsinlegalactions,andall mustrespondappropriatelytoanimpending
legalactioninvolvingemail.
• Legalcounselwillworkwiththevillageclerktoestablishproceduresfor
preservingevidencerelatingtoimminentorongoinglegalactions.
• If avillagestaffmemberorofficialbecomesawareofpotentiallitigation,
itishisorherresponsibilitytonotifylegalcounselimmediately.Counsel
willdeterminewhataction,ifany,needstobetaken.
• Legalcounselwillworkwiththepresidingjudgeandopposingcounselto
narrowtheparametersofarecordssearchasmuchaspossible.
• Thevillageclerk,workingwiththevillage’scomputersupportvendor,
willensurethatrecordsofpotentialrelevanceinthearchiveremain
accessibleforthefullextentoftheproceeding,whichmayrequiremoving
relevantemailrecordstoremovablestoragemedia.
• Allmeasurestakeninresponsetoanediscoveryactionwillapplyto
villagerelatedemailsthatareretainedbyemailusersworkingonhome
computers.
5.
Appropriate
Use
Appropriateusewillbehandledasasecurityissue.Violationofthevillage’s appropriateusepolicycanthreatenthevillage’scomputersystem,makethevillage vulnerabletolegalaction,andcauseirreparabledamagetothevillage’sreputation.
5.1.
Responsibility
for
appropriate
use
and
system
security
• Allemailusersareexpectedtoknowthedifferencebetweenappropriate
andinappropriateuseofemail.Thisappropriateusepolicyappliesto
anyonewhoisrepresentingthevillage,evenifthatpersonisusinga
personalaccountonahomecomputer.
6.
Technical
Security
• Alluserswillbepromptedtoacknowledgetheirpersonalresponsibility
forusingemailappropriatelyeverytimetheylogintotheirvillageemail
accounts.
5.2
Inappropriate
uses
of
Emailisprovidedasatooltoassistvillageemployeesandofficialsintheir
daytodaywork,facilitatingcommunicationwitheachother,our
constituency,andotherstakeholders.Thevillageemailsystemisintendedfor
officialcommunicationsonly,anditiseveryone’sresponsibilitytolimit
personaluseofthesystem.
ItisnotacceptabletousetheVillageofHiddenValley’semailfor
• anyillegalpurpose
• transmittingthreatening,obscene,orharassingmaterialsormessages
• distributingconfidentialvillagedataandinformation
• interferingwithordisruptingnetworkusers,services,orequipment
• privatepurposes,suchasmarketingorbusinesstransactions
• installingcopyrightedsoftwareorcomputerfilesillegally
• promotingreligiousandpoliticalcauses
• unauthorizednotforprofitbusinessactivities
• privateadvertisingofproductsorservices
• Modifying,obtaining,orseekinginformationaboutfilesordatabelonging
tootherusers,withoutexplicitpermissiontodoso
5.3
Enforcing
appropriate
use
• Thevillagehastherighttoaddressinstancesofemailmisusethrough
disciplinaryactionortermination,ifnecessary.Messagesrelatingtoorin
supportofillegalactivitiesmustbereportedtotheappropriateauthorities.
• Thevillageclerkhasaccessrightstoallemailonthearchivingapplianceto
monitorandensuresystemsecurity.
• Thevillageboardwillreviewallegedviolationsoftheemailappropriate
usepolicyonacasebycasebasis.
Thevillage’scomputersupportvendorhasprimaryresponsibilityforoverseeingthe technicalsecurityofthevillage’semailmanagementsystem.
• Thevillage’scomputersupportvendorisresponsibleforprovidingand
maintaininguptodateantivirussoftware,firewalls,andspamfiltersto
NewYork State Archives —Developing a Policy for Managing Email
7.
Staff
Departure
8.
Training
protecttheoverallsystemfrommaliciousemailmessagesandotherforms
ofsabotage.
• Intheeventthatemailusersreceiveunsolicitedemail(spam)oremail
withunexpectedandsuspectattachments,theymustdeletetheseemails
andreportthemtothevillageclerk,whowillconferwiththevillage’s
computervendortoassessthesecurityrisk.
• Usersshouldexercisesimilarcarewhenlinkingtoexternalwebsitesfrom
unsolicitedmessages.
• Emailusersmustemploypasswordstoaccesstheiremailinthevillage
emailsystemandmustchangetheirpasswordsperiodically.
• Asageneralrule,emailusersmustnotsharetheirpasswordswithother
villageofficialsoremployees.Incasesofplannedoremergencyabsences,
otherpersonnelmaybeallowedtoaccesstheabsentperson’semail,with
priorapprovalfromthevillageclerk.
• Ifastaffmemberorofficialseparatesfromthevillage,thevillageclerk
willplaceaholdontheemailaccountofthatindividualuntiltheaccount
andcomputercanbereviewedforrecordcontent.
• Anyvillageemailsmaintainedonahomecomputerbyaformeremployee
mustbetransferredtothevillageclerkforreviewanddisposition.
Allvillageemployeesandofficialswillbetrainedinestablishedemailuseandman agementpolicies.
Trainingwillbeprovidedtoallvillageemailuserswithinthefirsttendays
ofemploymentorappointment,andtoallemployeeswhenthepolicyis
revisedorthevillagechangesitscurrentemailmanagementsystem.
Thevillageclerkwillprovideorarrangefortrainingthatwilladdressthe
followingtopics:
• identifyingrecords,permanentrecords,andgeneralrecordsmanagement
practices
• responsibilitiesofemployeesinrecordsandemailmanagement
• coststothevillageandtheindividualofnotmanagingemail
• useofthevillageemailapplicationanditsrelationshiptononsystem
villageemail
• appropriateuseofvillageemailaccounts
• respondingtolegalactionsandFOILrequests
Trainingmaterialscanalsobeobtainedbycontactingthevillageclerk.
Other
Responsibilities
Thepersonorpersonsresponsibleforcertainfunctionsassociatedwithmanaging emailareindicatedthroughoutthisemailpolicyinboldface.Otherresponsible parties(andtheirrespectiveresponsibilities)arelistedbelow.
1.
Village
mayor
and
village
board
• ensureanadequatebudgetallowanceformaintainingtheemail
managementsystem
• promote,support,andenforcethisemailpolicy
• reviewallegedviolationsoftheemailappropriateusepolicyonacaseby
casebasisandadoptdisciplinarymeasuresasneeded
2.
Village
counsel
• reviewsandapprovescontractswithvendorstoensuretheyareconsistent
withvillagelawandwiththevillage’sinternalprocurementpractices
3.
Village
bookkeeper
• maintainsaninventoryofallcomputerhardwareandsoftwareaspartof
thevillage’sfixedassetsinventory
4.
Computer
support
vendor
• implementsuserprofilestoallowvillagestaffandofficialstoaccessthe
emailandotherrecordsmanagementapplications
NewYorkStateArchives—DevelopingaPolicyforManagingEmail
Sample
Policy
2
Town
of
Big
Thunder:
Policies
and
Procedures
EffectiveOctober2008
Management
System
Capabilities
Belowarethecapabilitiesofthemanagementsystemmaintainedintown
hall.Thetownalsoprovidesemailaccountsonthehomecomputersofa
smallnumberoftownofficialswhooccasionallyworkathome.Theseac
countsexistseparatelyfromtheinternalmanagementsystemanddonot
havethefollowingcapabilities.
a. Capturesthetext,attachments,andtransmissiondataofanemail
message.
b. Promptsindividualusersviaadialogcheckbox(withthreechoices,as
describedunder“ClassifyingEmails”)toclassifyincomingandoutgoing
emailmessagesbeforeclosingorsendingthemessages,andthusmanages
emailsbasedonhowusersclassifythem.
c. Includesanarchivingmoduleforpermanentandsixyearrecordswithan
interfacethatmirrorsthemainemailinterface,toreducetheneedfor
furthertraining.
d. Storespermanentandsixyearemailsandtheirattachmentsintheemail
archiveimmediatelyuponreceipt,replacingtheactualfileonan
individualdesktopwithastubfilethatlinkstothefileintheemail
archive;deletesthearchivepointersandshorttermmessagesfromthe
emailsystemaftersixtydays,unlesstheyareflaggedforlongerretention.
e. Savesonlyoneinstanceofemailsastheyaremovedtothecentralemail
repositoryanddestroysthecopies.
f. Preventsmodificationordeletionofarchivedemailtoensurethetown’s
emailrecordsarelegallyadmissibleincourt.Ifauserforwardsorreplies
toanarchivedemail,theusercreatesanewemailrecord.
g. Archivesindividualemailsinadirectorystructurethatisarranged
accordingtodifferentdepartments.Accesstoindividualemailswithina
departmentoracrossthearchivesisprimarilyviaasearchengine.
h. Permitslitigationholdsthatsuspenddestructionofthoserecords
(includingbackups)thatmayberelevanttoanimpendinglawsuit.
1.
General
Policies
Thetownlegallyownsallemailsthatemployeesandofficialscreateandreceivein theprocessofconductingbusinessonbehalfofthetownanditsconstituents.Em ployeesandofficialshavenopromiseofpersonalprivacy.
1.1
Ownership
of
Allusersoftownemailwillbepromptedtoacknowledgethattheyunder
standthisconceptofownershipeachtimetheylogintothesystem.
Townofficialsandemployeeswhodonothaveofficesinatownfacilityor
whomustworkafterhoursmaysometimesconducttownbusinessonhome
computers.Theseindividualsmustrecognizethatalltownrelatedemailsare
publicrecordsthatarecoveredbytheRecordsRetentionandDisposition
ScheduleMU1andbythistownemailpolicy,andaresubjecttodisclosure
underFOIL,acourtaction,oranaudit.
Townofficialsandemployeeswhoworkathomeshouldhaveaseparate
townemailaccountontheirowncomputer.Theyshouldperiodically
forwardtownrelatedemailstothetownclerkinfoldersthatreflectthe
classificationsystemdescribedbelow(see“ClassifyingEmails”).
1.2
Roles
and
Responsibilities
Themanagementofemailistheresponsibilityoftownofficialsatalllevelsandin cludeseveryonewhousesemailtoconducttownbusiness.
Belowaretheindividualswhohavespecificresponsibilitiesformanagingthe
town’semail.Theseresponsibilitiesareindicatedthroughoutthispolicy
undereachmainsubjectheadingandarealsolistedattheendunder“Sum
maryofResponsibilities.”
a. Townclerk,whoisbylawthetown’srecordsmanagementofficer(RMO),
andwhoalsofunctionsastherecordsaccessofficer
b. Townattorney,whoseservicesareretainedbythetownundercontract
c. Townsupervisorandtownboard[ortowncouncil]
d. Townbookkeeper[ordeputytownsupervisororotherappropriate
official]
e. TownITdirector[orcomputersupportvendor]
f. Recordsadvisoryboard,whosemembersarecurrentlythetownclerk(as
RMO),townhistorian,legalcounsel,andbookkeeper
g. Emailusers,whocanbeanyoneusingemail(includingatownaccounton
ahomecomputer)toconductbusinessasatownstaffmember,elected
official,orpaidserviceprovider.Thetowncurrentlyhasapproximately
fiftyemailusers.
NewYorkStateArchives—DevelopingaPolicyforManagingEmail
1.3
Training
Noemployeewillhaveuseofatownemailaccountwithoutappropriateinitialand ongoingtraining.
Newemployeeswillnothaveaccesstoanduseofatownemailaccountuntil
theyaretrainedonthetown’spoliciesandproceduresformanagingemail.
Ongoingtrainingwillbeofferedafterupgrades,transitionstonewemail
programs,andonanasneededbasis(attherequestofanemployeeorif
correctionisrequired).SeeSection10foradescriptionoftheextentofour
trainingprogram.
1.4
Policy
review
and
updating
Toensurethatthispolicyiscurrentandrelevant,itwillbereviewedaccordingtoa setscheduleandupdatedasneeded.
Therecordsadvisoryboardwillreviewthispolicyannuallyandmodifyitas
neededtoensurethatitisuptodate.
ThenextreviewandrevisionofthispolicywillbeinOctober2009.
2.
Maintaining
the
Management
System
Thetechnicalmaintenanceofthesystemwillbeacoordinatedeffortinvolvingsev eralkeyplayerswithdefinedrolesandresponsibilities.
2.1
Town
supervisor
and
town
board
a. ensuresanadequatebudgetformaintainingtheemailmanagement
system
b. promotes,supports,andenforcesthisandotherrecordsmanagement
policies
2.2
Town
clerk
(as
RMO)
a. ensuresthatappropriatestateretentionrequirementsareappliedtoall
systemdocumentationandassociatedrecords(uselogs,groupaddress
books,masterpasswordregister)
b. ensuresthatthecurrentsystemandallfutureenhancementsmeetfederal
andstaterecordsrequirements
2.3
Town
IT
director
a. maintainsthetechnicalcapabilitiesoftheemailmanagementsystem
throughscheduledupgradesandmigration
b. implementsuserprofilestoallowtownofficialsandemployeestoaccess
theemailandotherrecordsmanagementapplications
3.
Classifying
Emails
2.4
Legal
counsel
reviewsandapprovescontractswithvendorstoensuretheyareconsistent
withtownlawandwiththetown’sinternalprocurementpractices.
2.5
Town
bookkeeper
maintainsaninventoryofallcomputerhardwareandsoftwareaspartofthe
town’sfixedassetsinventory.
Allemailwillbemanagedascorrespondenceaccordingtoapredetermined classificationsystem.Usersmustclassifyemailimmediatelyonreceiptorbefore transmission,andthesystemwillautomaticallymanagetheemailbasedonhowthe emailisclassified.
3.1
Classification
system
Nonrecords
Emailusersareresponsibleforevaluatingeachemailtheyreceiveto
determineifitisorisnotarecord.Nonrecordemailsarethosethatdonot
relatetothebusinessorinterestsofthistown.Nonrecordsincludelistserv
messagesdistributedtomanyrecipients,spam,broadcastmessagesreceived
bytownofficialsandemployees,andpersonalmessages.Ausermaydestroy
nonrecordemailsonreceipt.
Inaddition,thetownmaintainsaspamfilterprogramthatidentifiesand
deletesallemailthatispresumablyofanonbusinessnature,basedona
combinationofthesendernameandaddress,keywordsinthesubjectline,
andthenameoftheattachment.Employeesandofficialshavetheopportu
nitytoreviewfilteredemailstodeterminewhetheranyneedtoberestored,
alongwithanyattachments,totheirmailboxes.
Emailrecords
Foremailrecords,thetownmaintainsanemailmanagementsystemthat
requiresuserstoclassifyemailstheysendandreceivethroughuseofadialog
checkbox(withthreechoices)thatappearswhenuserstrytosendorclosean
email. Thethreecategoriesthatappearinthedialogcheckboxare
a. Permanent:Emailsthatdocumentsignificantpolicies,decisionmaking,or
events,ordealingwithlegalprecedentsorsignificantlegalissues.The
systemwillroutepermanentemailstotheemailarchiveandflagthemfor
permanentretention.
b. General:Emailsthatcontainlegal,fiscal,oradministrativeinformation
relatingtotownbusiness;forexample,thosethatinitiate,authorize,or
completeatownbusinesstransaction,andthosethatmaybesubjecttoa
NewYorkStateArchives—DevelopingaPolicyforManagingEmail
fiscalaudit.Thesystemwilltransfergeneralbusinessemailstotheemail
archiveandflagthemwitharetentionperiodofsixyears.
c. Shortterm:Alloftheemailslistedbelowwillbedeletedfromthesystem
aftersixtydaysunlesstheyaredeletedindividuallybeforethattime.
1. Emailshavingnoinformational,administrative,orfiscalvalue,suchas
transmittals,coverletters,invitations,andappointments
2. Emailrecordsthatareduplicatesofofficialrecordcopies.Forexample,
ifarecipientprintsandfilesanemailinapaperrecordssystemor
storesacopyofthatemailonasharednetworkdrive,thatrecipient
mayapplyashorterretentionperiodtotheemailcopy.
3. Emailsthatarenotrecords
4. Individualemailsthattogetherconstituteacontinuousthread.Theper
sonwhoinitiatedthethreadshouldclassifythelastemail,containing
allexchangesonthetopic,aseitherpermanentorgeneral(sixyear)and
theindividualmessagesasappropriatefordestructionaftersixtydays.
Thecategoriesabovegenerallyparallelthecategoriesforcorrespondencein
dicatedunderitem10intheStateArchives’RecordsRetentionandDisposition
ScheduleMU1.Thelegalretentionforemailswithshorttermfiscal,legal,or
administrativevaluehasbeenextendedfrom“0afternolongerneeded”to
sixtydays,fortheconvenienceofemailusers.
Emailuserswhouseatownaccountonahomecomputershould
