Email retention policy

Purpose

The objective of the email retention policy (ERP) is to help employees and members determine what information sent or received by email, should be retained and for how long. Emails will be automatically deleted in line with the council’s retention schedule. However there are some emails that should be retained and stored in the relevant case management system or the relevant business folder for your service these emails include:

The information covered in this policy includes, but is not limited to, information that is either stored or shared via electronic mail or instant messaging technologies. All employees and members should familiarise themselves with this policy and acknowledge the reasons why the policy is important, such as:

This policy is designed to provide direction, support, and help council employees and members carry out their day-to-day business for the council in a secure manner. By complying with this policy, the risks facing the council are minimised. This document supports the council’s cyber security policy and the employee code of conduct.

Introduction

The council manages thousands of emails on a day-to-day basis such as council reference information, contracts, personnel issues, communication with residents and service users, as well as meeting requests, off-topic messages, and council news, making for a sizeable amount of data. Managing the volume of messages and to separate what is required and what is no longer required, is determined within this policy. This document sets out the policy that staff and members must follow to ensure data is not kept longer than needed and ensuring the council meets its legal obligations and endeavours to safeguard business critical information.

Emails held by the council are legally discoverable following a request under the General Data Protection Regulation (GDPR), the Freedom of Information Act (FOI), Subject Access Request and may be required as evidence in legal proceedings.

The Data Protection Act 2018 and Freedom of Information Act 2000 have highlighted that it is important to adopt a more formal policy for email retention, that ensures the council is compliant with legal and regulatory requirements, lowers our infrastructure costs, and improves our operational efficiency and effectiveness.

Email retention

You should not use Outlook or any other email client managing LBE messages for storing business critical information. Information that must be kept in line with the council’s retention schedule should be stored in the relevant business folders on your shared drive for your service or the relevant case management system:

Devices used to store emails must meet the Digital Services requirements associated with the device type. These devices must not be shared in a manner that allows unauthorised access to the council’s emails.

Mailbox owners are responsible for managing their own mailbox and the data held within it.

Current employees’ emails will be automatically archived after 2 years and then deleted after 7 years from date received unless required for business-critical needs or an ongoing investigation.

Former employees no longer working for the council will have all email communication deleted after 2 years.

Former directors and executive directors email to be archived for 7 years.

Employees on long term sick leave or maternity leave, must ensure that out of office is applied, and incoming emails are redirected to a shared mailbox or another appropriate mailbox. Please speak to Digital Services Service Desk to help you set redirects up.

Current members emails will be automatically archived after 2 years and then deleted after 7 years.

Members that have left the council will have their emails deleted after 2 years from the last date of their service.

Spam and junk mail

Spam can be defined as unsolicited email to individual email accounts. Junk mail is usually a result of spamming. Enfield Council Digital Service blocks all junk emails. Any email reaching the email gateway is detected in Mimecast which uses multi-layered detection engines to protect the council from receiving email spam containing malware, viruses and zero-day attacks and such emails are rejected. If any emails do not get detected and reach users accounts, please do not forward them on. These should be deleted from their junk folders and deleted items.

Sending and receiving emails

When sending emails only include users that are required and where the content is appropriate for the recipients. Emails must not be sent to recipients where the content is not appropriate or where there is no beneficial need or business requirement.

When forwarding emails, you must ensure that the recipients are correct, and the content is appropriate for the recipients including any historical content contained within the email and any email chains related or added on as attachments. See Appendix 1 for email usage at work and Appendix 2 for email etiquette.

If you believe you received an email in error, you must contact only the sender immediately via a separate email to confirm. Under no circumstances should this email be shown or forwarded to any recipients until confirmation has been provided from the original sender. In the event of confirmation of the email being sent in error the recipient must delete the email immediately from all devices and the Data Protection Officer (DPO) must be notified and incident raised.

If you believe you have sent an email to an incorrect recipient then you must, if possible, recall the email, then contact the appropriate recipient(s) via phone or a separate email informing them of the error and requesting that it be deleted immediately from their inbox and deleted items, with a written confirmation stating this has been done. You must also contact DPO inform them of the error and raise an incident.

Managing mailbox size

It is important that you manage your mailbox size, if you reach your mailbox quota, you will be unable to send message until you reduce the size of your mailbox.

How to reduce inbox and outbox sizes

Identifying emails worth preserving

Questions you need to ask yourself with the emails in your mailbox:

If you can answer ‘Yes’ to most of these questions for an email, you should refer to the corporate records management policy for guidance on how long to retain it for. Note that there is no single retention rule for ‘email’, instead the retention is based on the activity or subject matter of each email. See the councils Record Retention Schedule (PDF, 350.36 KB).

Emails can be retained for reference purposes for as long as they are current and useful, but these should be kept outside Outlook.

How to review an inbox or outbox

Whilst the above questions are useful to identify and challenge email retention on an individual message basis, most inboxes and outboxes have hundreds or thousands of emails in them that can take too much time to review individually without some more basic whittling down of numbers first. What you need then is a series of filters that can quickly identify emails into groups that you can make retention decisions on masse, without looking at each one individually.

Outlook offers many ways to sort your email and you can use these views to group them and make retention decisions. Here are a few suggestions:

Consider using Conversation Clean Up to delete redundant messages.

Do not forget that you will need to do this for each folder within your Inbox or Outbox.

Signature files

Signature files, should be kept to a minimum, and in line with the councils email signatures guidance avoid having large and obtrusive images as this takes up unnecessary space on the councils network.

Policy compliance

The Council requires that all employees comply with the directives presented within this policy.

All LBE council staff and members are responsible for reading, understanding, and complying with this policy. Failure to comply with this Policy may result in disciplinary action against the employee. Any questions concerning this policy should be referred to the Information Governance team which is responsible for implementing, enforcing, and updating this policy.

Non-compliance is defined as any one or more of the following:

Penalties

Penalties may include termination of employment or contractual arrangements, civil or criminal prosecution.

Review

This policy will be reviewed every 12 months or as necessary to reflect best practice, or amendments made to legislation.

Appendix 1

Email usage at work

In general, work-related and professional email uses the same range of standards as other forms of communication with regard to:

However, there are features of an email which need particular attention:

Appendix 2

Email etiquette

When composing an email message, using ALL CAPITAL LETTERS is the equivalent of shouting. Sending such messages is called ‘flaming’ and is considered unprofessional. If needed, sometimes it is good to step back take a moment to reflect before writing or responding to an email.

Using correct punctuation is important, making messages easier to read and understand. Using short sentences may also aid understanding. Email etiquette is important because it makes email communication more effective and professional.

Here are some simple rules to follow for email etiquette:

Strong subject line

Always use a strong subject line when sending emails. Receivers are more likely to open a message if the subject line contains a brief but descriptive opening.

If the message requires action, or it’s a reminder include this in the subject line, to grab the receivers’ attention.

Keep email short and to the point

Avoid writing long messages, keep your message short, concise and to the point. Long emails can be frustrating to the receiver, avoid unnecessary information.

Always try to respond within 24 hours of receiving the email and if you are dealing with queries, you should response with your SLA normally 3 to 5 working days.

Do not always ‘Reply-All’

Not everyone in the email needs a response all the time. This just causes unnecessary notifications and can be frustrating for those who do not need to respond.

Mindful punctuation

Try not to overuse punctuation in your emails. Make it look professional by keeping it simple and confirming to the 'Plain English' guidance.

Too many exclamation marks seem too eager and over-excited, and too many ellipses make you seem unsure of your response.

Type the body first before including recipients

Sometimes you can accidentally press send before you are ready to do so. This can be awkward and seem very unprofessional.

To avoid this, type the message body first, check it, and then include the recipients. You can also use the delay function – this will give you a chance to edit before it goes out.

Easy to Read

People need to read and respond to emails quickly.

Use an 11-point or 12-point size and an easy-to-read font like Calibri or Arial. Use bold, italics, and underline sparingly, only to highlight key information.

Proofread!

Always proofread your emails. You can either read out loud or use the ‘Read Aloud’ function to help check the email flows correctly.

Sometimes spelling mistakes can go unnoticed when using a spellchecker, and your receiver may notice them.

Email signature

A great rule for email etiquette for council staff is to include a signature at the end of every message. This shows the reader of the message more information about you. Include your full name, contact information, job title, service/department you work in and the organisation you work for.

Out of office

When you are out of the office, even if it is half a day, ensure you put your out of office on with the relevant information that the sender would need to know (dates you will be unavailable and who to contact in case of an emergency).

Cultural differences

Be mindful of those you are sending emails to. For example, if the recipient isn’t fluent in your language, use words they may understand, and cut out anything confusing.

Respond to all emails

It is hard to answer every message that lands in your mailbox.

However, it's polite to respond, even if it’s a short dismissal of an irrelevant message. If this happens, simply refer the sender to the correct person.

Humour

Leave out any humour in your emails. This is because things can get lost in translation, and your jokes may be misunderstood.

Professional greetings

Think about your audience and whom you are emailing. Be mindful of your opening line, do not keep it too casual or over the top.

Keep the greeting simple and include their name where applicable.

Confidentiality

Do not include any personal or confidential information in a message or any unnecessary information.

An email should not contain any financial or personal information, that you do not want to share with unknown parties. Although emailing services can be secure, once you have sent a message, it can be used and seen by anyone who has access to it.

If you have to send personal or confidential information, please ensure you use the secure email method, if you are unsure, please contact the service desk.

Suspicious email

Emails that appear suspicious, may be ‘phishing’ or malware attempts. Such emails must be reported immediately to the relevant security officer in accordance with the council’s security incident policy.

Use of correct email field – To, Cc or Bcc

The proper use of the To and CC address fields is required to ensure emails go:

If you want to send an email to a recipient without revealing their address to other recipients, make sure you use Blind Carbon Copy (Bcc) field, not Carbon Copy (Cc) field. When you use the Cc field, every recipient of the message will be able to see the addresses the email was sent to.

Not using Bcc for emails going externally can lead to data breaches.

If you find you are using the Bcc facility regularly, it might be time to think about using another tool such as a council-approved mailing list system.

Recalling an email sent in error!

Recalling an email only works for internal emails. If you try to recover an external email it will send an email to the recipients telling them, you are trying to recover the email. This often has the unfortunate consequence of making people look deeper into an email. Where an email has been sent to the incorrect recipient, please try to contact them via phone or via a separate email as soon as possible and ask that they delete the email from their inbox and deleted items, confirming this in writing. Ensure the incident is reported to DPO and an incident is raised via service desk.

Email sent to wrong recipient

This is easily done to pick or autotype the wrong recipient(s). In some cases, there could be 2 people with the same name. The ‘Auto Complete List’ functionality can be disabled so the ‘To’ field does not automatically offer a list of suggested recipients.


Policy details

Author – Information Governance
Owner – Information and Data Governance Board
Version – 1.2
Reviewer – Information and Data Governance Board
Classification – Official
Issue status – Final
Date of first issue – January 2023
Date of latest re-issue – 30.05.2024
Date approved by IGB – 19.05.2024
Date of next review – 30.04.2025

Council news directly to you

The latest news in your inbox every week. Council news, community updates, local events and more.

Sign up Sign up