I would be grateful if you could provide a copy of your agency/department’s current policy/guidance to staff relating to the deletion of emails.
I am also seeking the following information, if it is not contained within
the above documents:
1. An answer as to whether your organisation has a general policy on automatically deleting emails after a certain period of time. If so, what type of emails are deleted (e.g. calendar invites/sent items/inbox items/all items) and after what period of time?
2. I note that National Archives guidance states that organisations should “define clearly which emails need to be kept for business or historical value”. Please provide your organisation’s definition.
3. Details of your organisation’s policy on routinely deleting dormant accounts/those of former staff (i.e. what type of emails are deleted and after what period of time?)
I am making this request to all central departments and a number of additional agencies. If you handle FOI requests for more than one organisation I would be grateful if you could process this individually for each of those organisations.
Our guidance to staff regarding email retention ‘what to keep’ is held on our internal intranet. Please find attached PDF guidance. This guidance should address question 2, and I have expanded on questions 1 and 3 below.
Staff are expected to store any emails which need to be kept for long term business use or for accountability purposes in the relevant part of our information storage system (Objective). Automatic deletion of emails for remaining content is not addressed in this guidance, but as part of our Information Management Processes “All ‘sent’ emails over 12 months old, and all calendar items over 24 months old, will be automatically deleted from the system: this is to ensure overall data volume is kept manageable.”
We do not have a specific policy regarding the deletion of email accounts. There is however procedures that our Knowledge and Information Management (KIM), IT Operations and Line Managers of Leavers have to follow when our staff leave.
1. For members of staff who leave the organisation:
a. The account is made ineligible for logon – this disables the account, resets the password to a random value and renames the account description to “Name – Deprovisioned – DATE”
b. Removes the account from all security and distribution groups
c. Moves the account to a holding area within Active Directory
d. Hides the mailbox on Exchange from the Global Address List to prevent access and supresses non-delivery reports
e. Removes permissions for the deprovisioned user from their Home Directory
f. Permanently deletes the account and Exchange Mailbox after 365 days
g. Sends a report to the IT Service Desk and KIM team
2. For extended absence:
a. The account is made ineligible for logon as above
b. The account is only removed from security groups
c. Hides the mailbox on Exchange from the Global Address List to prevent access and supresses non-delivery reports
d. Does not delete the account
e. Sends a report to the IT Service Desk and KIM team
Line Managers of departing staff are required to ensure departing staff file their emails before departure:
1. Leavers must file any corporate documents currently held in their Outlook mailbox, ‘My Documents’ area or ‘Home’ area of Objective to an appropriate place in the Objective file plan.
In addition to the information provided I want to highlight our Information Management Pages on our external website:
These are our guidance and standards for Information Management Professionals across government.