John L. BainesOIT Security and Compliance

E-mail Retention:Preserving Public Records

AgendaPublic Records E-mail BackgroundUnit Public Record Retention

Management PracticesNon-Records MaterialSave or Delete? - What Constitutes a

Public Record? E-mail Evidence in CourtsE-mail CustodianHelp for CustodianThe OIT Archival Repository of E-mail Personal E-mail AccountsHandling E-mail October 19, 20092

E-mail Retention Overview

Public Records (PR) E-mail BackgroundNorth Carolina Public Records Act, N.C.G.S.

132-1Public Records:

Are the property of the people of North CarolinaMust be presented upon their requestMay not be deleted or otherwise altered or

disposed of except in accordance with the University General Records Retention and Disposition Schedule and optional Unit Specific Addenda

It is everyone’s responsibility to keep all work-related electronic records (including e-mail)

9/30/2009E-mail Retention Primer3

Unit PR Retention Mgt. PracticesMuch broader than just e-mail

Includes electronic records stored on disk as well as e-mail.

Generally, university units are responsible for:Establishing appropriate record retention management practices Appointing a records manager who ensures that:

Unit public records are retained and disposed of in accordance with the University General Record Schedule and Unit Specific Addenda

Access to confidential university records and information is restricted

Records with historical value are delivered to the University Archivist

Accurate records of destruction or transfer activity are maintained

9/30/2009E-mail Retention Primer4

Non-Records MaterialPersonal records

Limited family or personal communications allowed so long as no interference with work

No privacy guaranteeDelete to protect privacy

at user discretionSpam - electronic junk

mailUnsolicited and unwanted Filter or delete immediately

Unsolicited e-mails Unwanted, but

somewhat business related Miscellaneous

newslettersNon-work related

announcementsLegitimate

advertisementsEtc.

Delete in a timely manner

9/30/2009E-mail Retention Primer5

Retention of Public Records (PR)Short-term records are temporary in nature.

Examples include communications received from professional list-servers and broad announcements received by all employees. Can be deleted when no longer useful.

Long-term records have significant value to the agency but do not need to be maintained permanently. They are the focus of this presentation.

Permanent records are records that have lasting historical value because they document or constitute evidence of state policies, decisions, procedures, and essential transactions. Physically transmitted to and held by the University archivist.

9/30/2009E-mail Retention Primer6

Save or Delete? FILE IT

Issues policy States decisions Outlines

procedures Gives guidanceShows action Processes

transaction Is unique If in doubt…

TOSS IT Reservations for travel Confirms

appointments Transmits other

documents without comment

Personal messages SpamUnsolicited messagesEtc.

9/30/2009E-mail Retention Primer7

E-mail Evidence in CourtsE-mail has become the primary business

communication medium for most organizations:Inside an organization or between organizations

E-mail establishes the time and date of a written communication between an originator and one or more recipients

Often documents are attached to e-mail which provides the document version that was transmitted at a specific date and time

E-mail informal writing styleMore informal than most other written communications Can lead to inadvertent or unguarded exposure of

information

9/30/2009E-mail Retention Primer8

E-mail CustodianCustodian must be able to present all work-related

e-mail of a non-transient nature:Those you create (to recipients inside or outside

university)Those you receive from external sources (outside the

university)Individual “custodian” is responsible for presenting

records in response to legitimate requests:Public records requests (e.g. press, media or individual

citizens) University litigation discovery requests

(preparatory to court cases)Subpoenas (e.g. court evidence)

9/30/2009E-mail Retention Primer9

Help for CustodianCustodian is responsible for e-mail

retention and presentation, BUT must not go it alone!

Coordinate all requests through Office of Legal Affairs (OLA)Establish legitimacy of requestLegal aspectsPrivacy aspects

Office of Information Technology (OIT) to assist in accessing e-mail archive

9/30/2009E-mail Retention Primer10

The OIT Archival Repository of E-mail Automatic for university (OIT-provided) e-mail

systems:GroupWisePotentially university GoogleApps

Characteristics:Copied as e-mails are:

Created internally within the universityReceived by the university from external originators

UnalterableSearchable by name, content, date, etc.

E-mails retained for maximum PR retention period

9/30/2009E-mail Retention Primer11

Personal E-mail Accounts

E.g. Yahoo, Road Runner, MSN, AOL, etc.Not supported by the University

E-mail to/from personal e-mail addresses is not automatically archived by the university

E-mail stored on personal e-mail accounts not available to the university for records requests

All university-business e-mail messages must be stored in the University archival repositoryE.g. Custodian forwards to the university e-

mail system

9/30/2009E-mail Retention Primer12

Handling E-mailEveryday business purposes

Save as you see fitRetrieve from disk copy or e-mail on-line foldersDelete as you see fit

E-mail archive – Authoritative source of PR e-mailOLA will establish legitimacy of requestOIT will provide access for individual custodians to their own

e-mails in the archive and facilitate the process

Normally, custodian will recover e-mails Unit will recover if custodian unavailable or un-cooperativeOLA will handle privacy aspects and present e-mails for

specific request

9/30/2009E-mail Retention Primer13

ReferencesDepartment of Cultural Resources, State Archives

(State Government Authority) http://www.records.ncdcr.gov/erecords/Email_Policy.pdf

University General Records Retention and Disposition Schedule http://www.lib.ncsu.edu/universityarchives/retentionschedules/

UNCGenSch14062007OCR.pdf

Two regulations in process of review and update:Public Records Regulation Proposed Revision to REG01.25.12 - University Record Retention & Disposition Regulation

E-mail Retention Regulation Proposed Revision to REG08.00.9 - University E-mail Retention

9/30/2009E-mail Retention Primer14

Questions?