Email Retention Standard
Date of Current Revision or Creation: December 1, 2020
The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
Purpose
The purpose of this standard is to address the general responsibilities of email management and outlines the default retention schedules.
Definitions
A backup is a process of copying records to a second medium as a precaution in case the original medium fails.
Electronic mail (email) is any message, image, form, attachment, data, or other communication sent, received, or stored within an electronic mail system.
Freedom of Information Act (FOIA) is the U.S. Freedom of Information Act law ensuring public access to U.S. government records.
ITS is the acronym for the official name of the Information Technology Services.
Privacy Act of 1974, as amended is the code of fair information practices which governs the conditions of disclosure agencies follow regarding personal records.
Retention is defined as the period of time a file or data will be kept before it is destroyed. Records that serve no further purpose are destroyed to manage storage space and to abide by state records retention schedules.
University Records Manager is an individual appointed to be responsible for the oversight of the University's Records Management Program by ensuring compliance with legislation, including the Virginia Public Records Act, promoting the management of recorded information, and advising on the implementation of best practices for that program.
User includes anyone who accesses and uses the Old Dominion University information technology resources.
Standards Statement
All electronic mail (email) held at the University are legally discoverable and may be public records subject to a request under the Privacy Act of 1974 (as amended or the Freedom of Information Act [FOIA]), and may be cited as evidence in legal proceedings. All email data must reside on ODU's mail systems. Users should not create local archives in Personal Folders, .PST files, mobile devices or create other copies of their email outside of supported email client software.
Every user is responsible for the retention and deletion of all Old Dominion University business emails. Department heads and unit managers are responsible for providing records retention guidance to staff and faculty within their respective units. In general, users are advised to periodically check the contents of accounts and consider whether to retain or delete each entry; this is particularly important for emails that contain personal data and are therefore subject to the Privacy Act. Any copies made are subject to the Virginia Public Records Act.
The presumption is that unless there are good reasons to retain an email, it should be deleted.
Retention Tags
Retention Tags are pre-defined retention periods with may be assigned to folders or emails to aid users with personal email management and institutional compliance. Retention periods vary for each folder and should be used conscientiously. Users are prohibited from storing or establishing rules to store all messages to long-term storage folders unless they have the permission of the University Records Manager.
Records Retention Default retention periods for data stored within the email system are established on the following schedule:
- Calendars: Entries are retained for 2 years.
- Inbox: Messages are retained for 12 months from the date of the message
- Sent Mail: Messages are retained for 2 years from the date of the message
- Drafts: Messages are retained for one month from the date of the draft
- Junk Mail: Messages are retained for one month from the date of the message.
- Deleted Items: Messages are retained for 60 days.
- Retention Tags: Emails or folders tagged as permanent, 10 years, 5 years, 3 years, and 2 years.
A less aggressive retention period is utilized which applies to the President, past Presidents, Vice Presidents, Assistant Vice Presidents, Associate Vice-Presidents, past Vice Presidents, Assistants to the Presidents, Deans, Assistant Deans, Associate Deans, Assistants to the Deans, Provost, Vice Provost, past Provosts, and others whose jobs dictate that their data must be retained for longer periods of time. These exceptions may be subject to different retention schedules. The retention of data stored within the email system for these individuals is established as follows:
- Calendars: No automatic deletion.
- Inbox: No automatic deletion.
- Sent Mail: No automatic deletion.
- Drafts: Messages are retained for one month from the date of the draft
- Junk Mail: Messages are retained for one month from the date of the message.
- Deleted Items: Messages are retained for 60 days.
- Retention Tags: Emails or folders tagged as permanent, 10 years, 5 years, 3 years, and 2 years.
Recoverable Items
The email system will be enabled to allow users to recover deleted messages for up to 30 days.
Backups
These backups are for system restoration and disaster recovery purposes, and are not designed to facilitate retrieval of deleted messages. Backup copies are retained for seven (7) days.
Other Data Stored
Instant messaging correspondence, voice messages, fax transmissions, etc. may be saved with a logging function or copied into a file and saved. All data created, received, or stored within the email system is subject to this standard.
Procedures, Guidelines & Other Related Information
- Code of Virginia Public Records Act
- University Policy 3500 - Use of Computing Resources
- University Policy 3700 - Records Management Policy
- IT Standard 07.2.0 - Business Continuity and Disaster Recovery Plan
History
Date |
Responsible Party |
Action |
May 2010 |
ITAC/CIO |
Approved |
October 2011 |
ITAC/CIO |
Revised and approved |
October 2012 |
ITAC/CIO |
Reaffirmed |
December 2017 | ITAC/CIO | Revised and approved |
December 2020 | ITS Policy Office | Minor wording changes for clarity |