What is email by rrboy

VIEWS: 139 PAGES: 15

									                                                                                  Version 10




                                 Managing your e-mails

For whom is this guidance intended?

This guidance is intended for every member of University staff who creates or receives
e-mails as part of carrying out their contract of employment with the University.

What is the purpose of this guidance?

This document provides detailed, practical guidance on how to comply with the
requirements of data protection and freedom of information legislation and how to
ensure that when using e-mail. Annex A contains a checklist of requirements for
systems administrators. The guidance also includes implementation tips for some of
the more common e-mail clients used within the University. Staff in the College of
Science and Engineering should consult their Computing Support Officer for advice on
how to apply this guidance to their e-mail client.

The recommendations in this document are summarised in a separate short a dos and
don’ts checklist.

Why should I care about data protection, freedom of information and records
management when writing e-mails?

The Data Protection Act 1998 and the Freedom of Information (Scotland) Act 2002
apply to all the e-mails that you send and receive as part of your employment with the
University.

The Data Protection Act permits people to see information that the University holds
about them while the Freedom of Information (Scotland) Act gives people the right to
access any other recorded information that the University holds.

The Data Protection Act also requires us to comply with 8 data protection principles
that set out how we can use information about living, identifiable individuals. For a full
list of the data protection principles please see
http://www.recordsmanagement.ed.ac.uk/InfoStaff/DPstaff/dp_principles.htm. Those
most relevant to e-mails include: requirements to hold information about living
identifiable individuals for no longer than is necessary, to ensure that information is
accurate, and to adopt appropriate security measures for this information to protect it
from unauthorised access, amendment or deletion.

We have 40 calendar days to respond to a data protection request and 20 working
days for freedom of information request. These deadlines mean that the University
must know what information it holds, and must be able to retrieve that information even
if key staff are away. The Freedom of Information (Scotland) Act even includes a
statutory code of practice on records management which describes the systems we
should have in place for managing our information so that we can do this.

If the University does not comply with this legislation, it can be investigated by
regulatory authorities and in certain cases could be sued or held to be in contempt of
court.


                                                                                             1
                                                                                   Version 10




What is e-mail?

E-mail is short for electronic mail. It is a tool for written communication. It has largely
replaced the traditional paper memo or telephone call as the most used form of
communication within the University. E-mails are electronic University records and
need managing, just like the other records the University creates.

Why should I manage my e-mails?

Your work e-mails are an important part of the University’s records. Managing your e-
mails will help you:
 Ensure that you can find what you want when you need it
 Ensure that your colleagues can find important information even if you are not in the
   office
 Save server space and make better use of resources
 Assist with compliance with the Data Protection Act 1998 and the Freedom of
   Information (Scotland) Act 2002
 Ensure that your e-mails carry weight in court as e-mails may be requested as
   evidence as part of legal proceedings.

Who is responsible for managing my e-mails?

The University’s records management framework states that all University staff who
create, receive and use records (including e-mails) have records management
responsibilities. These can be summarised as a responsibility to create appropriate
records, to capture important e-mails in your section’s record keeping system and to
destroy those e-mails that are no longer needed. Heads of Colleges, Schools and
other units within the University have overall responsibility for the management of
records generated by their unit’s activities, that is, for ensuring that records controlled
within their unit are managed in a way which meets the aims of the University's records
management policies. This includes e-mails.

The University Secretary has a particular responsibility in ensuring that the University
corporately meets its legal responsibilities, and internal and external governance and
accountability requirements. Day-to-day responsibility for this is delegated to the
University Records Manager.

How do freedom of information and data protection affect my e-mails?

The Data Protection Act 1998 and the Freedom of Information (Scotland) Act 2002
apply to all e-mails that you receive and create as part of your employment with the
University.

The Data Protection Act permits people to see e-mails that the University holds about
them while the Freedom of Information (Scotland) Act will give people the right (from 1
January 2005) to access any other recorded information that the University holds,
including e-mails. The Data Protection Act also requires us to hold information about
living identifiable individuals for no longer than is necessary, to ensure that information



                                                                                              2
                                                                                   Version 10


is accurate, and to adopt appropriate security measures for this information to protect it
from unauthorised access, amendment or deletion.

We have 40 calendar days to respond to a data protection request and 20 working
days for freedom of information request. These deadlines mean that the University
must know what information it holds, and must be able to retrieve that information even
if key staff are away. The Freedom of Information (Scotland) Act even includes a
statutory code of practice on records management that describes the systems we
should have in place for managing our information, including e-mails, so that we can do
this.

Although both pieces of legislation include exemptions that will apply in certain
circumstances, it is advisable to work on the assumption that all the work e-mails you
create will be accessible to somebody.

What issues should I consider when composing an e-mail?

Use the plain text format for e-mails in preference to html. Some older e-mail systems
cannot read html messages at all, and some may display them as plain text, so any
formatting you have applied will be lost.

Think about what information you are communicating prior to composing an e-mail
message; perhaps a telephone call or visit in person would be more appropriate. If e-
mail is the best method, consider whether it is:
 for information only?
 a request for action?
 a request for information?
 a response to a request?

Whatever the purpose of the e-mail, indicate this by entering a short, clear and relevant
description in the subject field. The reader should be able to determine what your
message is about before opening it, as this will help them to prioritise their time. Avoid
using symbol characters in the subject field because those emails will not open in some
web access systems. If your system offers this options, use flags to show the
importance and sensitivity of the message (although these will probably only be
meaningful to people using the same e-mail system as you).

Entourage users’ tip:
In Entourage, select send mail set priority.
FirstClass users’ tip:
In FirstClass, select message-sensitivity to mark a message as private, and message-
priority to mark a message as urgent.
Microsoft Outlook users’ tip:
In Microsoft Outlook, flags can be accessed by selecting View-Options.

At the start of the e-mail, explain whether it is for information or action and ensure that
its purpose and content are clearly explained. This helps receivers identify, prioritise
and retrieve e-mails more effectively. Make it easy to respond to your message by
clearly identifying (eg by numbering) your questions/requests.




                                                                                              3
                                                                                    Version 10


Try to restrict an e-mail to one topic, and do not mix personal and University matters in
one e-mail. This will make your e-mail easier to manage, and will mean that you will
not have to spend time blanking out irrelevant or personal information if we receive a
request for that e-mail.

Only use the “cc” (carbon copy) function when it is necessary. If it is used, ensure that
the recipient of the “cc” is aware as to why the e-mail is being copied to them. As a
general rule, this function should only be used to send e-mails for information; the “to”
field should be used when you are expecting the recipient to act on your e-mail.

Avoid using the “bcc” (blind copy) function. The official record should include a
complete list of those to whom the e-mail was sent. If you use the “bcc” function the
record of the identity of the recipients of the blind copy may be lost, particularly if you
then save the e-mail as plain text to a shared drive or server area.

If you are sending your message to a long list of people, or to external individuals (ie
non-University of Edinburgh employees) that do not already know each other’s e-mail
addresses, consider using a distribution list so that the full e-mail addresses of all the
recipients are not included in the message.

Do not type in CAPITALS as this is considered to be SHOUTING.

Your e-mail message may be disclosed in response to an information request under
the Freedom of Information (Scotland) 2002, the Data Protection Act 1998 or as part of
a court case. In view of this, please take care what you write in it. Avoid using e-mail
to let off steam, including by copying the e-mail to a large number of people. Ensure
you read it before sending it, and check:
 Does it say what you want it to say?
 Is the tone of the e-mail as you intended?
 If it were a memo or formal letter, what would you write and how would you write it?

If you are not acting in your capacity as a member of University staff, please make this
clear.

What issues should I bear in mind when writing e-mail about an identifiable, living
individual?

As well giving people the right to see the information we hold about them, the Data
Protection Act also requires us to ensure that the information we hold about identifiable,
living individuals is relevant, accurate but not excessive. The following points will help
you to achieve this in your e-mails (all the examples are based on real situations):
      Do not include irrelevant information. For example, when giving an academic
        reference it is unlikely to be necessary to comment on a person’s health,
        financial position or personal circumstances unless they have a direct bearing on
        the person’s academic achievement.
      Clearly differentiate between matters of fact and opinion. For example, say, “In
        my opinion, this person has difficulty mixing with others”, rather than, “This
        person cannot mix with others”.
      Do not express opinions that you are not prepared to defend, or which you
        cannot substantiate. For example, do not say, “This person has no personality
        whatsoever”; this clearly cannot be substantiated.


                                                                                              4
                                                                                 Version 10


      Do not express opinions in areas where you are not qualified. For example, do
       not say, “This person has a personality disorder”, unless it is relevant and you
       are qualified medical practitioner in a position to make such a diagnosis, or you
       know that a qualified medical practitioner has diagnosed the condition. It might
       be acceptable in some circumstances to say, “I am concerned about the mental
       health of this person” but only if it is relevant to the matter under discussion.
      Always be sure of the facts. Do not say, “This person has no archival research
       experience” if you do not know the full details of their career. Instead say, “While
       this person was studying with me they did no archival research”, or, “To my
       knowledge, this person has no archival research experience”.
      Do not write in anger or in haste. This is a particular danger with e-mails
       because of the immediacy of e-mail as a means of communication. Do not say,
       “This clod should be horse-whipped”. Wait and write once you have calmed
       down.
      Always speak respectfully of the person, even when expressing negative
       information. For example, do not say, “This student is the weakest link.
       Goodbye”. Say, “This student’s performance falls significantly below the
       standards required for this course and we cannot allow them to continue their
       studies”.

What should I consider when sending an attachment(s)?

Try to avoid attaching documents to your e-mails. Consider whether it is necessary to
attach the information or could the information be included in the body of the e-mail?
This is particularly useful when sending smaller pieces of information.

If the attachment contains information that can be accessed via shared folders, a
shared drive or an internal or external University website, provide a link to the
document rather than attaching it to the e-mail.

Whether you provide a link or attach the original document, please bear in mind the
need to ensure that everyone can read it. The University standard format for sharing
information is PDF. However, this format cannot easily be altered, so if this
functionality is important, you may wish to consider using a rich text format. This format
is preferable to proprietary formats such as Microsoft Word as it is less likely to carry
viruses and worms and it can be read and modified in all supported computing
environments.
.

What if the e-mail I am sending is only applicable for a set period of time?

There may be a feature in your e-mail system to set expiry dates for each e-mail you
send or receive, although for e-mails that you send, this may not work if the recipient of
the e-mail uses a different e-mail system from you.

Expired e-mails will either be marked as such or will be deleted on expiry. For
example, if you send a time-related message, such as a meeting notification, you can
set an expiry date so that when people who are on leave at the time of the meeting
return, they know that the e-mail is no longer relevant to them. This helps recipients to
bypass and delete time expired e-mails. You can also use this feature to set expiry
details for e-mails in your in box.


                                                                                            5
                                                                                   Version 10




Entourage users’ tip:
This feature is not available in Entourage.
FirstClass users’ tip:
In FirstClass, this feature can be accessed from the Properties menu.
Microsoft Outlook users’ tip:
In Microsoft Outlook, this feature can be accessed by selecting View-Options and then
choosing the “expires after” dialogue box.

What should I do with e-mails that I have to action?

You can set up folders in your e-mail system, named for example ToDoToday or
Action2006/04/01 and transfer the relevant e-mail into this folder and action on that
day. This will help you to prioritise your work and manage your e-mails at the same
time. Some e-mail systems have a “flagging” feature to remind you of when and what
e-mail(s) require action. This will probably need to be activated for use.

Entourage users’ tip:
Select message, click the drop down beside the flag, choose flag for follow up, and
then setup dates.
FirstClass users’ tip:
In FirstClass, to flag a message for future action Setup an Advanced mail rule under
last modified date > select date > then choose turn unread flag on or send notification
message or auto-open message.
Microsoft Outlook users’ tip:
In Microsoft Outlook, this feature can be accessed by opening an e-mail and selecting
Actions, then selecting Follow Up.

What issues should I consider when replying to e-mail?

Include the original text in your reply to an e-mail as this ensures that you have a
complete record. For example, if you send an e-mail asking for authorisation to do
something, a reply that just says, “Yes” is not very meaningful – it is helpful to see the
original text to know what has been authorised. However, do not annotate the text of
the original e-mail with your response. While the meaning of this will be clear at the
time, later changes in the e-mail layout or the technical format in which the e-mail is
saved can cause the distinction between the text of the original message and the
annotations to be lost. Thus, later users may be unable to tell the difference between
the original e-mail and the annotation.

If you are involved in an e-mail discussion, try to prevent the discussion from drifting off
topic. If a new subject is being introduced, start a new e-mail. This will make your e-
mail easier to manage, and will mean that you will not have to spend time blanking out
irrelevant or personal information if we receive a request for that e-mail.

Using “reply all” will send your reply to everyone that received the original e-mail.
Before using this option, consider whether everyone included in the original e-mail
really needs to see your response.

What e-mails should I keep or delete?



                                                                                             6
                                                                                  Version 10


Whenever an e-mail is sent or received a decision should be made about whether the
e-mail needs to be kept as a record. Decide whether to leave the message in its
present folder, to delete it immediately or to move it elsewhere. Keeping it in your sent
items folder or in box means that it is inaccessible to others that might need it and can
make it difficult to retrieve information once the folder becomes too large.

Unless the e-mail has been received from a different part of the University or from an
external correspondent, it is the responsibility of the sender of an e-mail to decide
whether or not to save the e-mail. This is because each message has only one sender
but may have many recipients. When you send an e-mail, ensure that your e-mail
system automatically saves a copy of the message, perhaps in a sent messages folder.
It may be that in your system you have to switch this feature on. When dealing with
long e-mail strings, provided that the string has not been edited and all the previous e-
mails are part of the string, it is sufficient to keep the last e-mail in the string and to
destroy the others.

E-mails are used for a wide variety of purposes and so it is not possible to develop
blanket rules about what should be deleted or kept. However, the principles are the
same as for any record. If the e-mail is about an important issue, you should save it to
a shared drive or other similar facility so that your colleagues are able to access it
easily even if you are away from the office. Reasons for preserving e-mails in this way
include:
a. We need the information to carry out our business, such as day-to-day
     administrative records or material potentially relevant to present or future research
b. There is a legal requirement to keep the information
c. We need the information for financial purposes
d. We will need the information to explain why we arrived at a particular decision
e. We will need the information if our decision is challenged in court
f. We will need the information to be publicly accountable for our policies and
     decisions
g. We will need the information to help us deal with similar situations in the future,
     such as records that show what procedure was followed in a particular situation or
     copies of past references provided for students or staff
h. We will need the information to defend our rights and responsibilities, or the rights
     and responsibilities of others
i.    The information has value for historical research purposes

As well as the text of the e-mail, it is important to keep the associated metadata (data
about the data) about the e-mail, such as to, from, date, time, and subject. This is
necessary to understand the e-mail and can affect the credibility a court will give to e-
mail evidence (“the evidential weight”).

For how long should I keep my e-mails?

It is not possible to set a standard retention period for all e-mails because e-mail is
used to communicate about such a wide range of things, ranging from the instantly
disposable (eg discussion of people’s availability for a meeting) to the highly significant
(eg a decision to commit the University to a significant amount of expenditure). The
retention period of e-mail is determined by the importance of its contents. Therefore,
retention decisions have to be taken on a case-by-case basis at the time of receiving or
sending e-mail. If you make arrangements to save important e-mails and e-mails


                                                                                             7
                                                                                Version 10


relating to ongoing issues somewhere other than your in box and sent items folder, the
remaining e-mails can be destroyed after a very short period (such as three months).

Where should I keep important e-mails?

Most e-mails do not need to be kept beyond the timeframe of the task to which they
refer. A simple way to deal with this is to move them to a temporary folder named after
the task to which they refer. Once the task is complete, the whole folder can be
deleted.

If you think an email is sufficiently valuable as to be kept as a permanent record a
number of options are available; these are listed below. For business continuity
purposes, and also to enable the University to meet its freedom of information and data
protection obligations, important e-mails should be stored where they will be accessible
to other staff in your area as well as to yourself. In most circumstances, option 6 is the
University’s recommended approach. However, if you need to prove that the e-mail is
not a forgery you should only save the e-mail to a shared drive or server if you are
confident that the “hidden” header information (eg routing information) will also be
preserved. If you cannot do this and there is a reasonable possibility that the
authenticity of the e-mail will be questioned, a copy should be saved to the shared drive
or server in plain text for reference convenience, and another copy should be retained
in a folder in your e-mail account. The folder in your e-mail account should have the
same title as the folder on the shared drive or server, and it should be deleted at the
same time as the shared drive or server folder.

1. Keep in your in box and sent items folder

   Advantages:   Requires no effort
   Disadvantages: Is accessible only to you, which will cause difficulties for data
                 protection and freedom of information compliance
                 Uses server space
                 Unless you delete e-mails from your personal account, it will
                 eventually become difficult for you to find the information you want

2. Use a folders structure to organise the e-mails within in your personal e-mail
   account

   Advantages:   Slightly more structured approach than option 1, making it easier to
                 retrieve all the relevant e-mails on a particular topic
   Disadvantages: Is accessible only to you, which will cause difficulties for data
                 protection and freedom of information compliance
                 Uses server space
                 Unless you delete e-mails from your personal account, it will
                 eventually become difficult for you to find the information you want
                 Searching time is slower than option 1

3. Save to a shared folder in your e-mail system

Advantages:        E-mails are accessible to work colleagues. This may help them to
                   carry out their work and will assist with data protection and freedom
                   of information compliance.


                                                                                         8
                                                                                 Version 10


                    A structured approach, making it easy to retrieve all the relevant e-
                    mails on a particular topic
Disadvantages:      E-mails are stored separately from other electronic records, so you
                    have to look in more than one place to retrieve all the relevant
                    information

Option 6 is recommended in preference to this option.

4. Save to your hard drive

   Advantages:   Does not use server space
   Disadvantages: Is accessible only to you, which will cause difficulties for data
                 protection and freedom of information compliance
                 Is not backed up so if your hard drive crashes you will lose the
                 information
                 Will need to copy and securely delete the information if you change
                 PC
                 May lose “hidden” header information needed to demonstrate
                 whether or not the e-mail is a forgery

It is strongly recommended that you avoid this option.

5. Print out
   Print out and file in the appropriate paper file

   Advantages:     All records held together in one place
   Disadvantages: Storing printed records takes up space
                  Costs associated with printing, including time
                 If the record is required in court, a paper print out may carry less
                   evidential weight than an electronic version. (If the legal
                   admissibility of your records is an important issue for your section
                   see the records management guidance on legal admissibility at
                   http://www.recordsmanagement.ed.ac.uk/InfoStaff/RMstaff/Legal_
                   Admiss/legal_admiss.htm.)

6. Keep electronically on shared server in relevant folder
   Ideally, e-mails should be stored out with the e-mail system as a plain text
   document in appropriately named folders on shared drives or servers. Reveal any
   “hidden” header information before saving the e-mail and ensure that you save the
   full header information whenever possible.

Entourage users’ tip:
To save e-mail from Entourage as plain text, select e-mail, choose File/Save As, then
select plain text from the drop down box.
FirstClass users’ tip:
To save e-mail from FirstClass as plain text, select File-Save As. Select the format
option, “all files” and end the file title with the suffix, “.txt”.
Microsoft Outlook users’ tip:
To save an e-mail from Microsoft Outlook to a shared drive, open or highlight the e-mail
concerned and select File, then Save As.



                                                                                            9
                                                                                   Version 10


   Advantages:    Electronic records on a particular topic all kept together, regardless
                  of original format
                  Accessible to everyone that needs to see them
                  Easy to search content of a range of records in different formats to
                  find relevant information
   Disadvantages: Will lose some functionality available in the original e-mail system,
                   including some e-mail properties information
                   May be difficult to retain in original format over time, so may need
                   to save as plain text rather than as an e-mail document if long-
                   term readability is an issue
                  If saving as plain text, may lose “hidden” header information
                  needed to demonstrate whether or not the e-mail is a forgery, so if
                  the record is likely to be needed in a court of law you should save a
                  copy to the shared drive as plain text for reference convenience,
                  but keep the original in your e-mail account.

There may be a feature in your e-mail system to Auto-archive e-mails. Although this
feature can help in the short term, as the system moves your e-mails from one place to
another within the system, it may not be an effective way of managing your e-mails in
the long term as the e-mails are unstructured, they are inaccessible to others and they
may become unreadable when the technology changes. It is strongly recommended
that you avoid this option.

How should I title e-mail when I am saving it?

If you are saving your e-mails within a mailbox, you should retain the original title as
renaming it will change the e-mail’s subject line and could affect the integrity or legal
admissibility of the record. However, if you are saving the message to a shared drive
or server, you should take the opportunity to ensure that the title accurately reflects the
content of the e-mail and will be meaningful to everyone that needs to access the
record for as long as it is needed. For example, a title such as, “Yesterday’s meeting”
will quickly become meaningless and should be replaced with a new title.

How should I save an e-mail that has an attachment?

If you need to keep an e-mail with an attachment, you should consider whether you
need to keep the e-mail, the attachment or both. It is likely that you will need to keep
both, as the e-mail message will provide the context within which the attachment was
used. When you save them to a folder outside your e-mail system, the attachment and
e-mail should be saved separately as this will make it easier to preserve the
authenticity of the message and attachment. Use the title and properties boxes
indicate the relationship between the two. If you are a Windows user, see
http://www.recordsmanagement.ed.ac.uk/InfoStaff/RMstaff/RMprojects/AAPS/FileName
Rules/FileNameRules.htm for guidance on how to do this. Users of other operating
systems might choose to adopt approaches such as naming the e-mail,
“PlanningRound20041027” and the attachment, “PlanningRound20041027Attachment”.

How should I save an encrypted e-mail?

If you know that an e-mail has been encrypted, decrypt it before saving it as a record.
If this is not done, it is likely that you will experience difficulty in reading it later.


                                                                                             10
                                                                                 Version 10




How should I go about clearing out unwanted e-mails?

Delete ephemeral or out-of-date e-mails as soon as they are no longer required. Do
not allow a backlog to accumulate as this becomes difficult to manage. The most
efficient ways of doing this include:
     sorting by date and deleting all those over a certain age
     sorting by addressee/sender and deleting all those sent to or received from
        certain individuals
     sorting by subject and deleting those relating to completed business
     sorting by size and deleting large e-mails that are no longer required.
Opening and deleting e-mails on a case-by-case basis should be avoided as it is time
consuming and unlikely to be cost effective.

Some e-mail systems save deleted items in a folder rather than actually deleting them.
It is important to ensure that e-mails you meant to delete are actually deleted.

FirstClass users’ tip:
In FirstClass, deleted e-mails are erased as part of a 12 am server audit.
Entourage users’ tip:
In Entourage, what happens to deleted e-mails is account dependent. With an
Exchange account, there is constant synchronization with the server, so when a
message is deleted it is gone. With an Imap account (like staffmail) it is possible to set
Entourage to purge deleted items when you close the folder or exit the application.
Microsoft Outlook users’ tip:
In Microsoft Outlook, deleted items are transferred to a deleted items folder. Unless
you have chosen the correct options, this folder is never emptied. To set the folder to
empty take the following steps:
a. On the Tools menu, click Options, and then click the Other tab.
b. Select the “Empty the deleted items folder upon exiting” check box.

What should I do about my e-mails when I am away from the office?

The deadline for responding to freedom of information and data protection requests is
calculated from the date that the University received a request for information, and not
from the date that you read it. Thus, if you are on leave for three weeks and someone
sends an e-mail asking for information on the first day of your leave, 15 of the 20 day
response target will have passed by the time you read the e-mail.

If you are out of the office and unable to check your e-mail for more than a week, you
should either set an out office message that provides an alternative contact point for
the time you are away or arrange for someone else to check your e-mails. The former
is the University’s preferred option. Remember to suspend your membership of e-mail
discussion lists when setting an out of office message, or you may post your out of
office message to the entire list.

When writing an out of office message, try not to include important personal
information, such as the fact that you will be away from home or that your office will be
empty. It would be sufficient to say something like, “I will be unable to access e-mails
sent to this account until insert date. Please contact insert name if you require a
response before that date or shortly thereafter.”


                                                                                        11
                                                                                    Version 10




If you work in a high-profile role, or one that regularly generates enquiries that could be
viewed as freedom of information requests, your preferred option may be to make
arrangements for your e-mails to be checked in your absence by using the autoforward
facility or by giving another person access to your e-mail. In the longer term, you may
wish to avoid this need by setting up a generic e-mail address, accessible to more than
one member of staff, that can be used as the main contact point for enquiries, suc h as
recordsmanagement@ed.ac.uk, or headofcollege@ed.ac.uk.

If you choose to arrange for someone else to check your e-mails, never give another
person your password. Instead, make use of facilities such as autoforward or options
for giving people access to your e-mail account through their own account. Under the
University’s Computing Regulations, the latter option requires the consent of your head
of school or equivalent.

As well as helping to meet the University’s legislative obligations, making appropriate
arrangements will help ensure that we are responsive to the needs of our suppliers,
customers, students and other stakeholders.

What should I do if a member of my staff is unexpectedly away from the office, for
example, on long-term sick leave?

As soon as it becomes apparent that the member of staff will be away for a long period
of time, or once the person has been absent for a week with no prospect of return, you
should ask your IT support service to set an out of office message providing alternative
contact details. Take care not to include private information (eg the fact that they are
on sick leave) about the member of staff in the message. For example, you could say,
“[Insert name] will be unable to check their e-mails for some time. In the meantime,
please contact [insert new contact details].” Setting an out of office message in this
way will involve changing the person’s password, so they will need to obtain a new one
from their IT support service on their return or to enable them to access their e-mails
remotely.

In MIS-supported areas you should do the following:
   1. The appropriate line manager should contact MIS (misusers@ed.ac.uk) and ask
      them to set an out of office message. They should provide MIS with the text for
      this message.
   2. When the member of staff intends to return to work or wishes to access their e-
      mails remotely, the member of staff should contact their line manager. The line
      manager should contact MIS and ask for the new password to be provided. The
      member of staff can then change the password to one that will be private to
      them.

What security issues should I consider?

All e-mails may be monitored by the University to ensure correct usage. E-mails are
not private or confidential and can be illegally intercepted. It is the responsibility of all
members of staff to consider the appropriateness of using e-mail to discuss sensitive
subjects. Highly sensitive information should not be sent by ordinary e-mail.
Remember that whilst an e-mail may be sent to an individual’s account (s)he might not
be the only person who sees it.


                                                                                            12
                                                                                   Version 10




E-mail messages containing information that is not intended for general distribution
should be clearly marked either in the title or in the beginning of the message.

FirstClass users’ tip:
In FirstClass, select message-sensitivity to mark a message as private. However, you
should repeat sensitivity information in the title or at the beginning of the message as
this sensitivity marking may not be immediately apparent to the recipient of the e-mail.
Microsoft Outlook users’ tip:
In Microsoft Outlook, it is possible to use the properties dialogue box (select File-
Properties) to indicate the sensitivity of a message. However, you should repeat
sensitivity information in the title or at the beginning of the message as this sensitivity
marking may not be immediately apparent to the recipient of the e-mail.

What should happen to the e-mail accounts of staff that have left the University?

Before the staff member leaves the University, their manager should confirm that they
have saved important e-mails to a shared drive or another place where they will remain
accessible to everyone still employed by the University that needs them. On their last
day, the member of staff should either set an out of office message that gives details of
a new contact point or arrange to forward all their e-mails to another member of staff.
Within a few weeks of the member of staff’s departure, their e-mail account and all the
e-mails it contains should be deleted from the system.

I sometimes use my University e-mail account to send or receive personal e-mails.
What issues should I consider?

All e-mails relating to the conduct of the University’s academic or administrative
business would be regarded as work e-mails and are not personal. However, any e-
mail not related to the business of the University would be considered personal.

The University’s computing regulations allow small-scale personal use of University e-
mail facilities (as a privilege and not a right). The regulations also state that in some
circumstances the University may need to access data or computer files. This might
include personal e-mails that you have sent or received. For further information see
the University’s computing regulations at:
http://www.aaps.ed.ac.uk/regulations/index.htm (follow the link to “Computing
Regulations”). To limit the circumstances in which it becomes necessary for University
staff to examine your personal e-mails, you are advised to set up a folder called,
“Personal” within your e-mail account. All sent and received personal e-mails should
either be deleted or stored in this folder. Even if you store your personal e-mails in a
folder called, “Personal”, please ensure that you delete them as soon as possible so
that they are not occupying University server space unnecessarily.

Please ensure that you only deal with genuinely personal material in this way; if there is
reason to believe that work-related information has been marked as “personal” to
evade data protection or freedom of information requirements, we may have to access
all your personal e-mails to identify that those that are really work related.

I sometimes send and receive work e-mails from a personal e-mail account. What
issues should I consider?


                                                                                          13
                                                                                  Version 10




It is strongly recommended that you avoid using a non-University e-mail account for
University business. Most University e-mail accounts are accessible via the Internet so
it should be rare that you need to use any other account. Your IT support service can
advise on how to access your University e-mail account remotely if necessary.

If you do have to use a personal e-mail account for University business, the e-mails you
create and receive should be sent or copied to your University e-mail account so that
they can be added to the relevant University record. In all cases, delete copies of work
e-mails from any privately-owned PC and personal e-mail account, otherwise you will
be required to produce them in the event that their subject matter is relevant to a
freedom of information or data protection request.

What should I do about spam mail?

Spam mail is unsolicited junk e-mails, usually sent for marketing or fraudulent
purposes. If you receive a spam e-mail, or one you suspect is spam, do not open the
e-mail or any of its attachments. Spam mail and its attachments are often a source of
viruses, and they are always a waste of your time. Some systems offer a “preview
pane” facility that enables you to see the content of an e-mail without actually clicking
on it to open it. To avoid opening spam via this facility, turn off the preview pane in any
folder that may receive mail.

Entourage users’ tip:
In Entourage, to turn off the preview pane, select View/Preview Pane and select none.
FirstClass users’ tip:
In FirstClass, to turn off the preview pane, select Preview-File-Preferences-Viewing-
Client interface. Then select explore view-log out/log in.
Microsoft Outlook users’ tip:
In Microsoft Outlook, to turn off the preview pane, open the relevant folder and select,
View-Preview pane.

The University provides a mail filtering service using SpamAssassin. Further
information about this service is available at
http://www.ucs.ed.ac.uk/email/SpamAssassin/index.html. Set up a junk mail folder in
your e-mail account and make use of the SpamAssassin service to filter suspected
spam into it. Your IT support service can provide further advice on how to do this.
Provided that you are confident of the accuracy of your spam filter settings, you can
delete the items from your this folder on a regular basis without reviewing them.

What help is available?

The University Records Management Section provides advice, guidance and training
on data protection, records management and freedom of information issues. See our
website at www.recordsmanagement.ed.ac.uk or e-mail us at
recordsmanagement@ed.ac.uk.


Susan Graham
December 2005



                                                                                         14
                                                                           Version 10


                                                                           Annex A

          Systems Administration Requirements for Managing E-mails

1   All sent e-mails should be saved to a “sent items” mailbox
2   The original e-mail should be included in the reply to an e-mail
3   Provided that records management procedures and systems are in place to identify
    and store important e-mails, e-mails in in-boxes and sent items boxes should be
    automatically deleted when they are six months old, if not earlier.
4   Examine how the policy management features of the email software may be used
    to implement other aspects of this guidance


Susan Graham
January 2005




                                                                                  15

								
To top