Managing emails

All University staff who create, receive or use emails as part of their work have responsibility for managing those emails, under records management rules supported by their business area. This includes the responsibility for keeping the content of emails appropriate, capturing emails within the business area’s records systems, and destroying emails which are no longer required.

It is normally the responsibility of the sender of an email to decide whether the email meets the requirements to be captured within the designated records systems, as each message has only one sender but could have multiple recipients. If an email has been received from a different area of the University or from an external party, the recipient may decide that it can be captured within the designated records systems.

The emails of all members of University staff are important parts of the University’s records. Managing emails in a consistent manner will help members of staff:

• ensure that they can find the email they want when they need it;
• ensure that their colleagues are able to find information which is required when staff are out of office;
• save storage space and make more effective use of resources;
• comply with data protection and freedom of information legislation.

Data protection legislation and the Freedom of Information (Scotland) Act 2002 apply to all the emails that you send and receive as part of your work. 

Data protection legislation permits people to request information that the University holds about them, while freedom of information gives people the right to ask for copies of any other recorded information that the University holds, including within emails. Both pieces of legislation have tight deadlines which mean that the University must be able to retrieve information even if key staff are away. 

Data protection legislation also requires us to hold information about living identifiable individuals for no longer than is necessary.

If the University does not comply with this legislation, it can be investigated by regulatory authorities and in certain cases could be fined, sued or held to be in contempt of court.

Staff can follow a number of steps to ensure that they manage their emails consistently and effectively:

• Remember that all emails relating to University work are University records.
• Before writing an email, consider if a telephone call, Teams call or in-person meeting would be more appropriate for the information in question.
• Create clear and professional communications; almost all emails relating to work could be released in response to a freedom of information request.
• Restrict emails to a single topic; this will make it easier to classify the emails within the records system.
• Do not mix personal and work content in an email.
• Rather than attaching files to emails, use shared drives or SharePoint sites to share files with others; this will help prevent duplication of records (OneDrive can also be used to share drafts which have not yet been added to records systems).
• Use plain text.
• When replying to an email, keep the original text as part of your response to maintain a complete record of the correspondence.
• Do not annotate or change the text of the original email when replying to it; this may become indecipherable in the long term.
• Use encryption for high and medium risk information, as defined in the University guidance on encrypting devices and documents to protect University information: Guidance on encrypting devices and documents to protect University information
• Use the email subject title to flag messages containing sensitive information.
• When sending an email, ensure that the Outlook settings do not prevent sent items being saved.
• Use mailing lists to avoid long ‘to’ lists or to avoid disseminating the email addresses of external contacts: Guidance on setting up and using mailing lists. For external contacts, if you can’t use a distribution list, then use the “bcc” (blind copy) function.
• Do not use the “bcc” function on internal staff emails. The official record should include a complete list of those to whom the email was sent.
• Make use of expiry date and properties options if these are available in your system.

• Store emails in the University’s email system, shared drives or SharePoint sites, rather than on a computer hard drive or device. OneDrive should not be used to store emails, as it is essentially a personal area for the individual member of staff.
• Whenever an email is sent or received, decide whether to leave the message in its present folder, to delete it immediately or to move it elsewhere.
• Delete emails from the inbox as soon as they are no longer required.
• Many emails are of short-term importance and do not need to be kept beyond the timeframe of the task to which they refer. Move them to a temporary folder named after the task to which they refer. Once that task is complete, delete the whole folder. 
• Save important emails so that they are accessible to other people (e.g. on a shared drive, shared email account or SharePoint site) as soon as they are sent or received. Reveal any “hidden” header information before saving the email and ensure that you save the full header information whenever possible.
• Emails can be saved by opening the email, selecting ‘File’ and ‘Save as’ and moving to the desired area of a shared drive. To move to a SharePoint site, the email will need to be saved from Outlook to another area first, e.g. OneDrive, and then uploaded from file in the intended document library. On the new version of Outlook (2024), ‘Save as’ can be found by right clicking on the email in the mailbox, and following the steps above.
• When saving emails to shared drives or SharePoint sites, save attachments as separate documents from emails. See the file naming conventions for recommendations as to how to title emails and attachments if you are saving them to a shared drive or SharePoint site: File naming conventions
• When dealing with long email strings, provided that the string has not been edited and all the previous emails are part of the string, keep the final email in the string and destroy the preceding emails.
• Provided your important emails have already been filed elsewhere, regularly delete all your sent items over a certain age (e.g. three months).
• Ensure that your deleted items are actually deleted and are not building up in the “Deleted Items” folder.
• Set up a separate folder for personal emails so they can easily be ruled out of relevance to freedom of information requests.
• Do not use an email auto-archive facility as your emails will not be accessible to others.

• Do not use a non-University email account for University business.
• Auto-forwarding of emails to non-University email accounts is disabled to protect information security. Staff can apply for an exemption if this is required: Guidance on external email forwarding
• Do not give your password to anyone else, and follow the University’s guidance on strong passwords: Tips and techniques for choosing and managing passwords
• Set an out of office message giving alternative contact details when you are away from work.
• Do not include important personal information in an out of office message, such as the fact that you will be away from home or that your office will be empty. An example text is: “I will next see emails on insert date. Please contact insert name & email address if you require a response before that date.”
• If you work in a high-profile role, or one that regularly generates enquiries, you may wish to set up a generic email contact address, accessible to more than one member of staff.
• If you are leaving the University, ensure that you have saved important emails to a shared drive, SharePoint site, or another place where they will remain accessible to other members of staff after you have gone: Key information for staff leaving the University, including email management
• When leaving the University, set an out of office message that gives details of a new contact point.

• Set up new systems to ensure that all new emails are saved, moved or deleted as they arrive or are created. 
• Identify items in the backlog that can be immediately deleted.  The most efficient ways of doing this include:

1. Sorting by date and deleting all those over a certain age;
2. Sorting by addressee/sender and deleting all those sent to or received from certain individuals;
3. Sorting by subject and deleting those relating to completed business;
4. Sorting by size and deleting large emails that are no longer required.

• Set up a folder(s) to hold the remaining parts of the backlog. Keep them for five years. If, during that time, you access an email, save, move or delete it as appropriate. At the end of the five years, delete all the backlog emails that you have not accessed.

Email is used for a wide variety of purposes, so it is not possible to develop blanket rules about what should be deleted or kept.  An email is important if the University:

• needs the information to carry out its business, such as day-to-day administrative records or material potentially relevant to present or future research;
• is required keep the information for legal purposes;
• needs the information for financial purposes;
• will need the information to explain a particular decision was reached;
• will need the information if our decision is challenged in court;
• will need the information to be publicly accountable for its policies and decisions;
• will need the information to help us deal with similar situations in the future, such as records that show what procedure was followed in a particular situation or copies of past references provided for students or staff;
• will need the information to defend its rights and responsibilities, or the rights and responsibilities of others;
• wishes to preserve the record for its historical and cultural research value.