Principles for Email Management

By Carl Weise posted 04-29-2010 20:01


I thought it would be valuable to review a number of principles for email management.  Not all of these principles will be applicable to all organizations or in all environments.

First, email is a business tool.  Ten years ago, organizations prohibited users from interacting with clients, partners, customers, or even coworkers because email was perceived to be a timewaster.  Today, email is a mission critical application in almost every organization regardless of size, jurisdiction, structure, or mission.  Research has shown that more than 90% of organizations use email for business.  This means that it has to be managed effectively as with any other business tool. 

Email should be used appropriately.  Most organizations understand appropriate usage from the content perspective: don’t use email to send racist, sexist, or otherwise derogatory remarks.  Do not send personal or sensitive information in open messages, particularly to users outside the organization’s firewall.  Do not send chain letters or suspicious attachments.  But organizations often do not spend as much time on the context of email.  In other words, use email when it is the right tool; use other tools, the phone, or even face-to-face communications when they are the more applicable tool.  Do not send a 20 MB attachment to all 10,000 users in the organization.

Email belongs to the organization and not the individual.  This is almost always true in the U.S., but may not be true in many other jurisdictions.  This has a number of connotations, including expectations of privacy, what happens to email when a user leaves or changes positions, and personal usage of email.

In many government jurisdictions in the US, there is a presumption that any message sent or received on government time by government employees using government resources is automatically a public record and subject to freedom of information/FOIA/open records/sunshine act requests, wherein public records are available upon request.  Many of the statutes reflect this, but many do not, as specifically as they could; moreover, in a number of recent court cases the courts have found that there is a last requirement that the message relate in some way to the work of the organization.  A lot of litigation remains underway in this area of the law.

Email has value – but not all email has the same value.  Keeping all messages forever is not a good practice; deleting all messages every 7 or 15 or 30 days is almost always a bad practice, as well.  Email has to be managed according to its content, not its medium, and according to the value of that content to the organization.  A message that requests volunteers for a company potluck is presumed to be of less value than a message stipulating agreement to a contract – particularly once the potluck has taken place.

Email should be stored appropriately.  For organizations that are subject to regulation by the US Securities and Exchange Commission (SEC) or their counterparts in other parts of the world, storing email on magnetic hard drives may not meet regulatory requirements for write-once, read-many (WORM) storage.  At the same time, certain messages may be required to be stored for longer periods of time, and the organization will need to determine the appropriate storage format and media to ensure access over time.

Email is not a records series, any more than “white A4” or “yellow legal” or “Microsoft Word” documents are.  That means, again, that email messages have to be evaluated, stored, and managed based on their content.  An effective records management program evaluates information based on its administrative, legal, fiscal, and historical value to the organization, and email messages are no different.  There is never a reason to list “email” on a records retention schedule; moreover, while some email is just “correspondence” and can be managed under that umbrella, messages that set out terms or provide confirmation, where the message is the only copy of the information retained, must be managed according to the content.

Two more principles - users have to be trained on expectations for managing email appropriately.  Most organizations provide training in any number of areas, from how to fill out a time sheet or status report to how to use various software applications.  Poorly trained users are not as effective, make more mistakes, and increase the risk to the organization in a variety of ways.

Email is no different.  Where policies are developed and implemented, technology selected and deployed, and processes outlined, users must be trained on them.  Different users might be treated differently according to role or regulatory requirements; for example, the IT staff or the marketing staff might be allowed to send larger attachments than other users because their attachments tend to be larger.  But all users still have to be aware of the expectations for managing email effectively and their particular expectations.

And policies have to be followed – and enforced – and followed and enforced equally.  There is an old saying in records management that the only thing worse than not having a program or a policy is having one and not following it or following it inconsistently.  If there are mailbox quotas, they have to be enforced equally.  If users have to manage their own inboxes, all users need to do so.  Email is an enterprise wide system and must be managed throughout the organization.

What are your experiences in managing emails in your organization?

What tips can you provide for properly managing emails?

#emailmanagement #recordmanagement #ElectronicRecordsManagement