This response may be a little long winded, however as I have seen this question come up quite a few times, I thought I would provide some verbiage relating to e-mail policy requirements.  In order to be effective in managing e-mail in an organization I believe you have to educate employees through a variety of methods and a variety of communications channels.  You need a strongly worded policy and guidelines document(s).  

Here is a sample or framework of what verbiage an e-mail policy could include. There definitely should be more information like definitions, related legislation, contacts, roles and responsibilities etc.  This should be linked to more inclusive guidelines and or procedures.  I hope you find it interesting.  

Cheers.....John Gervais

Policy Preface

(Insert organization name) electronic mail (e-mail) is an effective communications tool for disseminating corporate information and knowledge.  E-mail is used to conduct official business within (insert organization), our business partners and with the public.  With the advent of electronic messaging, the traditional methodologies for capturing corporate information have expanded from information management specialists, to now include all employees.  Employees must recognize the need to manage e-mail messages effectively to ensure critical information is not lost or destroyed, as per legislative policies, acts and authorities.

Policy Statement

The purpose of this policy is to establish standards for using the electronic mail system to ensure that information of continuing value is captured and preserved in an approved records repository, as required by legislation.  This will ensure the integrity of the information and provide evidence of decision making, based on its administrative, archival, research, fiscal, legal and evidential value.  Information must be managed throughout its life cycle in a manner that supports the (insert organization name) business activities and its commitments to deliver information and services to citizens, through a variety of service delivery channels, while preserving the information's confidentiality, security and privacy requirements.  E-mail is an important communications vehicle for conducting official business operations.  All employees must adhere to the corporate E-mail Policy requirements, privacy, security, records management life cycle requirements and other records and information management policy and legislative requirements.

Policy Purpose

The purpose of this policy is to establish the guidelines with respect to access, use, organization and management of e-mail messages.  Its purpose is to clearly communicate these rules to employees, as well as agents and contractors, who create, receive, use and transmit information in the course of conducting (insert organization name) official business.

Policy Application

This policy applies to all (insert organization name) employees, as well as agents and contractors, who create, receive, use or transmit information in the course of conducting (insert organization name) official business.  It encompasses internal and external electronic mail, which is carried on (insert organization name) systems and networks.  It extends to external practices outside the workplace such as telework or remote access during or outside working hours, where the corporate e-mail system is used.

Policy Requirements

To ensure the use of (insert organization name) e-mail systems conform to legislative and policy requirements, users should ensure that e-mail messages are business related, brief and concise, and only retained in the system for as long as required to complete the action for which they were created.  Messages determined to be corporate information should be incorporated into the official corporate filing system, whether in paper or electronic form, and then deleted from the e-mail system.

Governance

Both the originator of the e-mail message and the recipient are to determine if the message is considered to be corporate or transitory information as it relates to their respective program areas.  Corporate information is to be retained in the official departmental filing system, whether in paper or electronic form, while transitory information should be deleted as soon as it has served the purpose for which it was created.  Corporate information, sent or received by e-mail, should be retained in accordance with approved corporate records disposition authorities and be accessible in accordance with the Access to Information Act and Privacy Act.

Accountability

Records and Information management supports the delivery of programs and services to _____.  (Insert organization name) management and employees share responsibilities for managing information throughout its life cycle in the routine performance of their duties.  Managers are to ensure their employees are aware of the E-mail Policy requirements, and that the system is used for business purposes only. Employees are accountable and responsible for the content of e-mail messages and/or attachments created and transmitted with the aid of computer software and hardware.  Recipients of e-mail messages are accountable and responsible for appropriate handling, i.e. filing or purging of e-mail messages received.

Security

E-mail security is a joint responsibility of technical staff and all e-mail users.  Users must take all reasonable precautions, including safeguarding and changing passwords, to prevent the use of the account by unauthorized individuals.  Sensitive information is not to be transmitted electronically unless cryptographic mechanisms/methods are used.  Additionally, such mechanisms/methods must have the prior approval of the ________security officer.  



Please Note:

"The opinions expressed in this post are personal and do not represent that of my employers."







List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance