Saskatchewan E-mail Management Guidelines

Saskatchewan Archives Board Saskatchewan E-mail Management Guidelines NOTE: These E-Mail Management Guidelines are intended to guide the development of specific policies and procedures that recognize the particular circumstances of individual departments, crown corporations and agencies. These guidelines are subject to ongoing revision. Please direct any comments or suggestions to: Saskatchewan Archives Board (GRB) (306) 787-0734 recordhelp@archives.gov.sk.ca www.saskarchives.com Effective Date: March 21, 2006

Table of Contents E-Mail Guidelines Page: 1. Records Management and E-Mail 1 2. Distinguishing Between Government and Non- Government E-Mail Records 2 3. Filing E-mails 5 4. Disposing of E-mails 7 4.1 Government E-Mail Records 4.2 Non-Government E-Mail Records 5. Security of Systems and E-mail 9 6. Reliability and Authenticity of E-mail 11 7. Complying with FOIPP 12 8. Monitoring of E-Mail 13 9. Best Practices 13 10. Training 13 Appendices Appendix A Best Practices 1. Management 2. Addressing 3. Composition 4. Attachments and Large Files 5. Urgency 6. Confidentiality 7. Integrity and Authenticity Appendix B Example of Institutional Policy and Guidelines Appendix C Glossary of Terms Appendix D Frequently Asked Questions

Saskatchewan Archives Board 1 1. Records Management and E-Mail In today's information-driven environment, an efficient records management program is essential for all government offices. Recorded information provides the basis for all government activities, from employee information to medical statistics to policies and procedures. Records are your "institutional memory": they are necessary for decision making and policy development; for legislative compliance; for meeting fiscal and legal requirements; for program implementation; and for almost every aspect of day-to-day office work (for more information on records management, please consult Saskatchewan Records Management Policy and the Saskatchewan Records Management Guidelines). E-mails that are government records are subject to the same legislative compliance and fiscal, legal and administrative requirements as any other record. These guidelines are designed to: inform Saskatchewan government institutions of their responsibilities for the classification, retention and disposal of e-mail messages in order to meet legislative and other requirements; assist institutions in the development of effective e-mail usage and management policies and procedures. These guidelines provide advice on establishing policies and procedures for the following components of effective e-mail management: integration of e-mail management with other records and information management practices; security of the e-mail system and messages; ensuring the reliability and authenticity of e-mail records; compliance with freedom of information and protection of privacy requirements; practices for monitoring e-mail; usage practices; training.

Saskatchewan Archives Board 2 2. Distinguishing between Government and Non-Government E-mail Records It is the responsibility of users to determine if an e-mail is a government record or a nongovernment record. Sometimes it is straightforward, but often it s a judgment call that requires careful consideration. Correct classification of records is dependent upon such factors as users knowledge of: definitions of government and non-government records; the nature of the record in question; institutional structure and business practices. The main distinction that needs to be made up front is the one between Government and Non-government records: Government records include all recorded information that relates to the transaction of government business regardless of physical form including documents, maps, electronic records, e-mail, drawings, photographs, letters, vouchers, papers, etc. which are received, created, deposited or held by an office of a department, agency, board, commission, crown corporation or other institution of the Government of Saskatchewan. Non-Government records. This document does not relate to those e-mail records that do not fall within the definition of government records. Such records include transitory records, published records, non-work-related records and most copies of informational material that are widely distributed. For further information on and more detailed definitions of non-government records, please see Saskatchewan Records Management Guidelines: Section 3: Distinguishing between Government and Non-Government Records. Many e-mails produced or received by government employees do not need to be filed and can be disposed of at any time without permission from the Provincial Archivist, providing they are 1) transitory records, 2) publications or 3) non-work-related messages. E-mails that are non-government records are not needed to control, support, or document delivery of programs, to carry out operations, to make decisions, or to account for activities of government. They have no legal, fiscal, administrative or historical value. E-mails that serve the aforementioned business functions are records and should be filed according to ARMS 2006 or ORS.

Saskatchewan Archives Board 3 Examples of e-mails that are non-government records and can be deleted: E-mails of a transitory nature - mass distribution notices, messages, memos, etc. that do not directly affect your programs and services; notices of holidays; minor information items concerning routine administrative matters or other minor issues not pertaining to your program area; rough drafts or any copy of a record that does not represent significant steps in the preparation of a final document, and does not record decisions; duplicate copies of documents sent for short term-reference; advertising material; unsolicited mail; junk mail; etc. Electronic publications. Please note, however, all working documents and one copy of any publication produced by your institution must be retained as government records. Non-work-related messages, i.e. those that pertain to an employees private life. Examples include: Let s meet for lunch invitations, announcements of social events, birthday wishes sent to a family member, any announcements and notices not related to government business, etc. Examples of e-mails (and attachments) that are government records or non-government records: E-Mail Government Records Drafts of contracts, agreements and background material Policies and Procedures Work schedules and assignments Draft circulated for comments or approvals Final reports or recommendations Records showing that services have been provided or obligations have been met Financial Transactions Annotated copies of a document that record significant input to the development of the final version

Saskatchewan Archives Board 4 E-Mail Non-Government Records Electronic publications received, not created by a government department (they may or may not have ISBN identification) E-mails widely distributed concerning routine administrative matters not pertaining directly to your program area Rough drafts, or any copy of a record, that do not reflect significant steps in the preparation of a final document (and does not record decisions) Duplicate copies of documents distributed solely for convenience of reference (i.e. meeting agendas, reports, etc.) Mail received through a listserv Junk mail, unsolicited advertisements, etc. Non-work-related messages from/to your friends, family members, etc.

Saskatchewan Archives Board 5 3. Filing E-mails It is important to establish who is responsible for managing the e-mail record. This is especially true in work groups within an institution or in other instances where many people might receive the same e-mail message. Records should be managed as they relate to the activities of the whole institution as well as how they relate to the activities of the business unit with primary responsibility. Generally, it is the responsibility of the sender to 1) decide if an e-mail is a government or non-government record, and 2) ensure that e-mail government records are retained and filed. This will vary, however, depending upon institutional procedures and the nature of the record. For example, in the case of an e-mail message requiring a response from one or more recipients, the originator must ensure that the original text and all responses that form the complete record are retained. Including the file classification number in the subject line can assist recipients in determining whether or not a given e-mail is a government record, and also make filing of the e-mail (if required) quick and easy. This practice also promotes consistency in filing, ensuring that related records are kept together. Recipients of e-mail messages determined to be government records should also retain and file e-mail records sent from internal or external sources, if that information does not exist elsewhere in the institution, or if the message gives the recipient permission or direction for a business related action. E-mails that are determined to be government records must be filed according to the same standards as all other government records. Ideally, and in keeping with the Government s long-term vision for the management of all electronic records, e-mail records will be classified according to ARMS 2006 or to an approved ORS and stored using Electronic Records Management (ERM) software. While awaiting technical and operational standards for the purchase and use of ERM programs, institutions can file records using ARMS 2006 and ORS, and store them within shared directories on a file server or by printing and filing them. For more information on filing electronic records, please consult the Saskatchewan Records Management Guidelines, Section 5.2. Relying on backup systems to retain e-mail records is not an acceptable practice. Back-up tapes are designed to be used in special circumstances, such as accidental deletion or drive failures and should never be used as a substitute for classification and storage of e- mail.

Saskatchewan Archives Board 6 Quick Reference: What to file, what to delete E-mails that are non-government records (i.e. transitory records, non-work-related messages or publications) can be deleted. Any other information should be filed. A rule of thumb is that any record which documents government business, including the evolution of a government decision or action, is not a transitory record and must be retained and filed according to ARMS 2006 or to an approved ORS. Deciding whether or not a record should be filed and retained is often a judgment call. In order to make that decision, asking the following questions may help: Question If the answer is Does the e-mail document or provide evidence of a business activity, decision or transaction related to the functions and activities of your organization? NO - it is not a government record and it can be deleted YES - it must be filed and retained Does it contain information of a short-term value? Is it a duplicate circulated for reference purposes while the actual document has been filed? Is it a draft version that will have no value once a final version is produced? YES - it is a transitory record and it can be deleted NO - it is a government record and it must be filed and retained

Saskatchewan Archives Board 7 4. Disposing of E-mails 4.1. Government E-mail Records After it has been decided that an e-mail meets the criteria of being a government record, it must be classified according to ARMS 2006 or an approved ORS and kept for the period of time outlined in the record s assigned retention period. Once that retention period has been met, the record is eligible for disposal. In Saskatchewan, no government record can be disposed of without following the procedures established by the Saskatchewan Archives Board. The Saskatchewan Archives has developed Disposal and Transfer Guidelines for Administrative Records and a Records Disposition System for Operational Records for the disposal of government records in any format, including paper, electronic, microfilm, etc. This system: ensures that records have met their retention requirements; identifies records of historical value to be transferred to the Archives; documents the entire disposal request process; provides departments with a letter that verifies retention compliance and authorizes destruction of records. For more information on Disposal and Transfer Guidelines for Administrative Records and Records Disposition System for Operational Records, please consult Saskatchewan Records Management Guidelines, Sections 6.1 and 6.2. For information on disposing of additional records, see Saskatchewan Records Management Guidelines, Section 6.3. You can also contact at 787-0734 or recordhelp@archives.gov.sk.ca. 4.2. Non-Government E-mail Records Because it is easy to use e-mail for both formal and informal communication, a common problem is the high ratio of informal and transitory messages compared to those that are evidence of official government business. The number of messages that are non-

Saskatchewan Archives Board 8 government records tends to grow quickly and clutter the system. The on-going deletion of non-government records is essential for effective management of e-mail. Any e-mail messages that are not government records should be routinely deleted after it is determined that they are transitory records, publications or non-work-related records. This means regularly purging the Inbox folder, the Sent Items folder and the Deleted Items folder. Frequent purging and emptying of the folders is particularly important when you deal with transitory records of a confidential nature, or which contain private information protected by The Freedom of Information and Protection of Privacy Act (FOIPP). If you do not empty the Deleted Items folder regularly, transitory records remaining on the system, even though deleted from other folders, could be called as evidence in legal proceedings and are subject to the access provisions under FOIPP. E-mail programs should be set to automatically empty Deleted Items folders at regular intervals. For more information on complying with FOIPP, please consult section 7 of these guidelines.

Saskatchewan Archives Board 9 5. Security of Systems and E-Mail Information technology systems, including e-mail, must conform to the policies and standards of the Government of Saskatchewan. (Note: policies and standards will be articulated in the Information Protection Security Standards component of the Government of Saskatchewan Enterprise Architecture, currently being developed by the Information Technology Office). Most e-mail systems are designed for easy communication, while employing standard security measures such as access control, authentication of users, confidential mailboxes and activity reports. There are several security risks associated with using e-mail to conduct business. These risks include: downloading of viruses that infect computer systems; simple misdirection of e-mail to unintended recipients; non-delivery of e-mail; redirection of government e-mail to non-government mail systems (for example, home computers or other public access systems). Institutions should take all appropriate physical and technical security measures to protect the information transmitted over e-mail. Practices and guidelines should help users understand the nature of security related to e-mail. E-mail security and back-up measures that protect records from alteration, loss or inappropriate destruction may include the following: Virus Protection: Users should be aware of the virus protection that is provided automatically and of the risk posed by viruses, including trojans that can open their system s confidential files. The guidelines should also identify practices related to the types of attachments that should not be opened and the virus protection that is required for home computers that are used for government work. Back-up Procedures: E-mail system back-up measures are usually established for security and disaster recovery purposes only, and should never be used as a substitute for the classification and storage of email. These measures permit information to be restored should the system crash or if the e-mail system is damaged in some other way. Users should have some understanding of the nature and timing of back-up procedures. Password Protection: Passwords or other access controls protect e-mail systems and workstations from unauthorized users. Institutional guidelines should give users

Saskatchewan Archives Board 10 basic advice on choosing and updating passwords and how to protect their passwords. Message Protection and Authentication Controls: Employees should be made aware that e-mail communication can be forwarded, intercepted, reproduced and stored by others, thus there is no way to guarantee privacy. Message protection and authentication prevent others from changing an e-mail message once it has been received by at least one recipient. The controls require users to send a new message with new transmission and receipt data if they wish to change the content of a message. The use of these control measures should be explained to users as a vital support within the system for authentication and version control over e-mail. Security Labels: Protocols for the use of security labels such as confidential, should be explained to users. Such labels can be attached to e-mail by senders to alert recipients about special privacy or security handling requirements. The guidelines should describe the circumstances where these measures may be employed and the practices to be used in particular circumstances. System Audit Trails: System audit trails automatically record the circumstances surrounding log-in attempts, creation, transmission and receipt, filing and retrieval, updates, and deletion of messages in an e-mail system or on a network. Such practices should be used where business needs make them appropriate and users should be informed about them. Encryption: Users should be made aware of the encryption methods available to them, and the institutional practices for using encryption. If encryption methods are available, appropriate safeguards to recover encrypted messages must be in place.

Saskatchewan Archives Board 11 6. Reliability and Authenticity of E-Mail Reliability, authenticity and integrity are the characteristics that define evidentiary value from a legal and records management perspective. For example, e-mail could conceivably be used as evidence in court, for claims, or in others types of legal proceedings. Therefore it is essential to demonstrate the reliability, authenticity and integrity of the record. Reliability. A reliable record is one in which the content can be trusted as a full and accurate representation of the transaction, activity or fact to which it attests, and can be depended upon in the course of subsequent transactions. Authenticity. An authentic record is one that can be proven to be genuine and to have been created or sent by the person who claims to have created and sent it. Integrity. The integrity of a record refers to it being complete and unaltered. To ensure the reliability, authenticity and integrity of messages created or received through e-mail systems, institutional procedures should ensure that: e-mail messages remain intact in terms of their structure (layout or format and links to attachments and related documents), content (the information contained in the message), and transmission and receipt data (information pertaining to the sender and recipients as well as any header information and transmittal data such as time and date); a received e-mail cannot be altered and, if it is forwarded or replied to, the original message cannot be changed; an audit trail is recorded; if electronic signatures are used, they are provided via approved methods; also that they can be verified and are retained as part of the message, as prescribed in The Electronic Information and Documents Act, 2000; rules concerning the authenticity and integrity of electronic records and electronic records systems are followed, as set out in The Saskatchewan Evidence Act and The Electronic Information and Documents Act. Government-wide standards relating to sections 5 and 6 are currently being developed by the Information Technology Office (ITO). Departmental Records Managers and IT personnel should consult with ITO when developing institutional policies and practices. Institutional practices should be explicit in providing users with guidance on maintaining the content, structure and context of electronic messages.

Saskatchewan Archives Board 12 7. Complying with FOIPP Any records in the e-mail system are in the custody or under the control of the institution and, thus, may be included in a request for information under The Freedom of Information and Protection of Privacy Act (Ch. F-22.01, SS 1990-91). Employees may be asked to search their e-mail to locate information pertinent to an access request. Institutions should ensure that their records management policies and procedures cover all existing copies of records. The same rules apply to e-mail as to other types of information subject to an access request. No information that may be relevant to a FOIPP request may be destroyed after the request has been received, or until the request has been completed and all applicable review periods have expired. This remains the case even where approved records retention and disposition schedules are in place. As mentioned in sections 2 and 3, back-up systems (such as tapes) are usually established for security and disaster recovery purposes only, and should never be used as a substitute for the classification and storage of email. It is unclear whether copies of e-mails residing within backup systems are subject to the requirements of FOIPP legislation. Institutional guidelines should provide for regular and timely deletion of data on backup systems. For more information on classification and retention of system backup files, please see Primary 6200, secondary -60 of the ARMS 2006 manual.

Saskatchewan Archives Board 13 8. Monitoring of E-Mail E-mail systems are routinely monitored for capacity and storage to maintain the efficiency of the system. Employees should also be aware that computer usage can be traced by site logs and other tracked information. The Saskatchewan Government reserves the right to access the contents of all files stored on its systems and all messages transmitted through its information technology infrastructure. This policy is articulated in Public Service Commission Policy PS1103 Acceptable Use of Information Technology, and applies to all employees appointed under The Public Service Act, 1998, and to those working under contract to the government who use the Government s information technology resources. 9. Best Practices Institutions should establish common usage practices that support the effective and efficient use of e-mail. Usage practices address issues like management, addressing, composition, urgency of the message, confidentiality, integrity and authenticity. Guidelines for developing best usage practices can be found in Appendix A Best Practices. 10. Training Orientation and training should be provided to users on the general use of e-mail and policies specific to e-mail. Users should have access to training, as needed, to ensure they understand the characteristics of e-mail, the features provided in their work setting and their responsibilities related to the management of e-mail. The following types of training will be needed by users: training on the basic, intermediate and advanced functions of the institution s e-mail system; training on use of ARMS 2006 and ORS for filing administrative and operational records; training on identifying non-government records; training on how to manage e-mail records in a manner that is consistent with the management of all other government records, including other electronic records (e.g. in electronic records and document management systems, in shared drives, or in print); training on the institution's practices (i.e. usage and security).

Saskatchewan Archives Board 14 Best Practices APPENDIX A Each government employee is responsible for the e-mail they create and receive. When using e-mail to create government records there are a number of usage practices that allow the full advantages of the e-mail system to be utilized while ensuring that the appropriate information is being captured and personal privacy and business confidentiality concerns are being addressed. 1. Management 2. Addressing 3. Composition 4. Attachments and Large Files 5. Urgency 6. Confidentiality 7. Integrity and Authenticity 1. Management Implement practices to reduce the clutter or volume of e-mail traffic on a system. Some usage practices for employees in this regard are: o using reply to all only when appropriate (i.e. when all recipients of the original message need to see the reply); o if possible, posting attachments in one location (e.g. an Intranet, shared drive or public e-mail folder where everyone has access to the drive) and inserting a hyperlink into the e-mail that opens the shared record. Give guidance on how to handle junk mail (also known as spam), chain letters, e-mail scams and unsolicited attachments. For example, many organizations warn staff not to respond to junk mail as this can verify the e-mail address to the sender, making it more valuable and resulting in more junk mail.

Saskatchewan Archives Board 15 2. Addressing Ensure that when dealing with sensitive information, the e-mail is sent to the correct recipient(s). This is particularly important if the e-mail is being sent to a long distribution list. Some common practices related to this issue include: o ensuring the e-mail addresses of recipients are correct; o verifying that a distribution list is up-to-date and that the recipients for a particular message are authorized to receive the message before sending it to the entire list; o not forwarding another author s e-mail message to a discussion group, Listserv, newsgroup or posting it on an electronic bulletin board without the author s permission. 3. Composition Compose a clear, concise and accurate subject line. Including the file classification number in the subject line can assist recipients in determining whether or not a given e-mail is a government record, and also make filing of the e-mail (if required) quick and easy. This practice also promotes consistency in filing, ensuring that related records are kept together. If an e-mail is sent to a number of persons, state the intended audience (for example, if a message is sent to the project leader but all members of the team are cc d, stating the intended audience will avoid confusion). Remember that an e-mail address is far less informative than a traditional letterhead; all e-mail should contain a signature block; this block should contain: *for internal mail: -name of sender -title -organization -phone number *for external mail: -name of sender -title -organization -address -phone number -e-mail address -fax number

Saskatchewan Archives Board 16 When action is requested state this at the top of the message; For example: Action: Reply by 3:00 pm, 30 March 2006. Avoid jargon and acronyms; this is especially important when the audience is outside of your workgroup and may not be familiar with terms commonly used by the group. Link messages together where practical; using the reply feature allows the sender to link the content of the original message and each subsequent message together (much like clipping a series of paper correspondence about particular subject together, this keeps the history of the message intact for quick and easy reference). Messages that are government records should be composed with the same care that would be used for conventional paper memos or letters; this includes the use of proper grammar, correct spelling and punctuation. 4. Attachments and Large Files Keep e-mails brief and simple in style; email systems do not have sophisticated word processing features and it is better to avoid using different fonts and special effects; for more lengthy documents or where special effects or more elaborate formatting is needed the document should be drafted in a word processing document and sent as an attachment. Discretion should be used when sending excessively lengthy documents; as most people prefer to read from the printed page the covering message for long attachments, particularly when sent to a number of recipients should note how long the attachment is and indicate where a printed copy may be seen to avoid having the document printed repeatedly. Attachments, especially those containing graphics that occupy large amounts of space, can significantly slow down the entire e-mail system. As a general rule avoid sending a file that is over 1mb in size unless you know the recipient has a fast connection or it is important that the information be received quickly and e- mail is the only way to send it within the necessary time frame. Very large files should be compressed before sending or, if feasible, an alternative method of delivery (e.g. an intranet site or a CD rom) should be considered.

Saskatchewan Archives Board 17 5. Urgency Consider the urgency of the message; if there is extreme urgency to get a message to someone it is best not to rely on e-mail; various factors can interfere with the transmission or receipt of an e-mail; as well, while some people may read their e-mail throughout the day others may only check once or twice in the day or the person may be unexpectedly away from the office. Where an instant response is required a face to face conversation or a telephone call is preferable to e-mail. 6. Confidentiality Avoid the use of e-mail where strict confidentially is required (e.g. for the transmission of personal information about identifiable individuals or for the transmission of confidential business information). Privacy of information transmitted via e-mail cannot be guaranteed and is susceptible to accidental release or access by unauthorized individuals. Sensitive information should be sent using either a secure method of electronic transmission such as encryption, or an alternate method of delivery such as registered mail or courier services. 7. Integrity and Authenticity Do not share your password. If you grant someone proxy to your e-mail (for example a manager may grant proxy to a secretary) ensure that messages sent by the proxy contain a line indicating that the message is from someone other than the name indicated on the from field. Do not leave your computer operating and unattended especially in areas accessible to the public. Consider using an authorized time activated screen saver that requires a password to re-gain access. Make sure that any problems with the e-mail system are reported to and dealt with by the system administrator.

Saskatchewan Archives Board 18 Appendix B Example of Institutional Policy and Guidelines This appendix contains policy and procedures for a fictional government institution called Department of Government Services. Each institution s internal policies and procedures will vary depending on its business practices. Internal policies can be brief, like the following example, relying heavily on information provided in Saskatchewan Records Management Policy and the accompanying guidelines. Alternatively, institutions with well-developed records management programs may wish to reference existing internal policies and procedures documents. Either approach is acceptable providing the requirements articulated in Saskatchewan Records Management Policy are met.

Saskatchewan Archives Board 19 Department of Government Services Policy and Procedures for Managing Electronic Mail Messages (E-Mail) All employees of the Department of Government Services are provided with electronic e- mail systems to enhance their ability to carry out business functions. E-mail messages that are government records are subject to The Archives Act, 2004 and The Freedom of Information and Protection of Privacy Act (FOIPP). It is the responsibility of every employee to use the e-mail system effectively and responsibly, and to manage the records in a conscientious manner. The policy and guidelines articulated in this document are intended to assist employees in the proper use of e-mail. Please note: In this document, standard procedures that must be followed use the terms will or must ; recommended practices use the term should. Policy It is the responsibility of program managers to understand the provisions of Saskatchewan Records Management Policy. A copy of this document, as well as copies of its companion documents Saskatchewan Records Management Guidelines and Saskatchewan E-Mail Management Guidelines, can be obtained from the Administrative Services Branch Program Managers must ensure that employees in their section have adequate training to manage their e-mail in compliance with the Department of Government Services Policy and Procedures. Each E-mail user is responsible for identifying, preserving and protecting e-mail messages that are government records. Users must determine which e-mail messages are government records and retain these records according to the procedures articulated in this document. Personal use of e-mail is restricted to the users own time. Procedures Filing e-mail: The e-mail system is not a storage system for e-mail messages nor is it a records management system. Similarly, users must not rely on network backup systems for e-mail storage. Backup systems are for system wide recovery, not individual user retrieval. In order to adequately address issues relating to the authenticity, integrity and reliability of e-mail messages, the department is investigating the possible acquisition of Electronic

Saskatchewan Archives Board 20 Records Management software. In the interim, the IT Support Unit, Program Managers and designated records managers are establishing directories on shared drives that will parallel our paper records management classification structure. Following the establishment of the shared directories, normal practice for filing e-mail records within the department, pending the acquisition of ERM software, will be to integrate them into the folders established on shared drives. Folders, corresponding to the Administrative Records Management System 2006 (ARMS 2006) and Operational Records System (ORS) 982, will be established in the F drive for each branch. Until such folders are established, e-mail determined to be government records must be printed and filed in the appropriate paper file. It is the responsibility of each user to accurately file their e-mail records (attachments are considered part of the e-mail record). It is unnecessary to keep more than one format of your e-mail record. Once the record has been moved to the shared drive (or printed and filed) it should be deleted from the e-mail system. Filing should occur on a daily basis and inboxes, sent folders and deleted items folders cleared on a regular basis. All users should select the Empty the deleted items folder upon exiting option under tools/options to ensure that all transitory and personal messages do not remain on the system. Non-government records (i.e. transitory, non-work-related and publications) should be deleted once they are no longer of use to you. Remember, however, that transitory records must not be deleted where the Department has received a formal request under FOIPP relating to such records. The FOI coordinator will keep staff advised of FOIPP requests that may relate to records in their section. Each branch must establish responsibility for managing records on shared directories in accordance with approved records management policies and records retention and disposition schedules. Only authorized staff will have authority to migrate or delete records stored in the shared directories.

Saskatchewan Archives Board 21 System Protection and Security of Messages Virus Protection To minimize the risk of a virus, the IT Support Unit has blocked access to attachments with executable extensions such as.exe,.vbs or.bat. If you need to open such an attachment please contact the IT Support Unit. Employees must not download programs such as games and screen savers. These can introduce viruses and pose a security risk to the local area network. Back-up Procedures The IT Support Unit performs back-up procedures every night. The tapes are overwritten on a regular basis. E-mail messages that are deleted without being transferred to the shared drives are irretrievable through the backup/restore process. Password Protection Do not share your password with others. Change your password regularly (every 4 months) when prompted by the system. Always log off of the Citrix server when you are away from your desk. Message Protection and Authentication controls Only designated employees have permission to access the department s e-mail outside of their business unit. Consult your supervisor if you require this permission. Do not forward government e-mail to a personal account such as hotmail.com. The department e-mail system does not provide security features to protect e-mail messages during transmission. Personal information about an identifiable person or information that is otherwise sensitive or confidential should not be sent via e-mail. If it is essential to send personal information though e-mail, you must: ensure that the personal information is contained in an attachment; password protect the attachment; notify the recipient of the password using a different method of communication (e.g. telephone); request receipt confirmation for the receipt of the message.

Saskatchewan Archives Board 22 Monitoring e-mail As stated in PS1103, e-mail is not to be considered private; nevertheless, the department will limit access to individual e-mail according to the following: 1. with your permission, to rectify a problem 2. with your supervisor s permission if you are away from the office or otherwise unavailable and where the e-mail is otherwise inaccessible and is required immediately (if the procedures articulated in this document in relation to filing e-mails are followed, the need to access your e-mail in your absence should seldom arise) 3. during an investigation of suspected misuse Additional Information Copies of the following related documents can be obtained from the Administrative Services Branch: The Archives Act, 2004 The Freedom of Information and Protection of Privacy Act Administrative Records Management System 2006 (ARMS 2006) Operational Records System (ORS) 982 Public Service Commission s Information Technology Acceptable Use Policy (PS1103) Saskatchewan Records Management Policy Saskatchewan Records Management Guidelines Saskatchewan E-Mail Management Guidelines Any question or concerns you have relating to this document should be discussed with your supervisor.

Saskatchewan Archives Board 23 Glossary of Terms Appendix C Additional record refers to any other copy of a record (other than the official record) required for administrative purposes. Additional records cannot be disposed of without an approved policy. Administrative Records Management System 2006 (ARMS 2006) is a combined classification system and records retention schedule for administrative records. ARMS 2006 is intended for use by all Saskatchewan government departments, crown corporations, boards, agencies and commissions. ARMS 2006 see Administrative Records Management System 2006. Attachments are items appended to and transmitted with an e-mail message. Such items include word processing documents, spreadsheets, databases, sound files, image files, etc. Electronic mail (e-mail) messages are communications created, sent or received on an electronic mail system and include any attachments and all associated transmission data. E-mail messages include those sent or received internally or externally. Electronic mail (e-mail) system is a computer application used to create and receive e-mail messages and attachments. Government records include all recorded information that relates to the transaction of government business regardless of physical form including documents, maps, electronic records, e- mail, drawings, photographs, letters, vouchers, papers, etc. which are received, created, deposited or held by an office of a department, agency, board, commission, crown corporation or other institution of the Government of Saskatchewan. They do not include transitory records, published records, personal records, and most copies of informational material that are widely distributed. Junk e-mail (spam) includes jokes, unsolicited advertising, etc Non-government records are records that do not document government business or activities, such as transitory records, publications and non-work-related records. Non-work-related records are records of government employees concerning their private life. These records do not pertain to any aspect of government business. Typical examples of non-work-related records are employees personal e-mails and letters; records of other organizations with which an employee is involved, but not as part of the government business (i.e. associations, community organizations, etc.); e-mail related to non-work activities such as lunch or break arrangements, social functions, etc.

Saskatchewan Archives Board 24 Official record refers to the official copy of a record that is retained, within your institution, for legal, fiscal, operational, or historical purposes. It exists to fulfill long-term financial, legal and audit requirements. It can be the original and only copy of the record or a replacement copy that is designated as official. Legal concerns for storage media, as defined by The Electronic Documents Act and The Saskatchewan Evidence Act, must be satisfied before a record is designated as official. ORS (Operational Records System) is a combined classification system and records retention schedule for operational records (program specific records). The use of relevant operational retention schedules is mandatory for the disposal of operational records. Publications in general include books, magazines, pamphlets, printed annual reports, etc.; i.e. any published material with the exception of master copies of institutional publications. In the context of e-mail, messages and digests received from listservs and newsgroups are also publications, and may be disposed of without a schedule or disposal request. It is important to note however that while published documents are not considered government records according to the Archives Act, The Legislative Assembly and Executive Council Act specifies that Saskatchewan government institutions must deposit six copies with the Legislative Library before discarding their own publications. Records schedules are an effective tool for records management which provides a classification system, a concise and convenient description of each record and its required retention period. Records Schedules are the authority by which government organizations may dispose of records no longer required. All records schedules must be approved according to the procedures set out in The Archives Act, 2004. Saskatchewan Administrative Records System (SARS; also known as Schedule 326 and 329) is a former government-wide standard for administrative records. SARS is no longer applicable and is superseded by ARMS 2006. SARS see Saskatchewan Administrative Records System. Transitory records are records of temporary usefulness that are needed only for a limited period of time, to complete a routine task, or to prepare an ongoing document. They are not required to meet statutory obligations or to sustain administrative or operational functions. Once they have served their purpose, they should be destroyed. Transmission data is information pertaining to the sender and recipients as well as any header information and transmittal data such as time and date.

Saskatchewan Archives Board 25 Frequently Asked Questions Appendix D 1. Why do these guidelines address only e-mail, and not other types of electronic messages (i.e. blackberries, cell phone messages with text messaging, etc.)? Currently e-mail is the most widely used and accepted method of electronic messaging within government. Retention of e-mail however, has been problematic because many users do not consider e-mail messages as records and therefore do not classify and retain them as records. It is not possible to anticipate and consider all new and emerging technologies; nevertheless, the definition of a government record remains the same regardless of the technology used to create or transmit the record. Therefore, if blackberry or cell phone text messages, etc. meet the definition of a government record they are subject to the same retention and disposal requirements as all other government documents. 2. Are attachments to an e-mail record considered part of the e-mail record? Yes. Although most attachments will be saved elsewhere within an institution s filing system, it is essential that e-mail messages remain intact in terms of their structure (layout or format and links to attachments and related documents) in order to ensure their reliability, authenticity and integrity. For more information, see section 4 of the E-mail Guidelines. 3. Are the folders in my e-mail program (e.g. Microsoft Outlook, Eudora, etc.) considered to be an ERM system? No. ERM programs are additional software applications that provide users with access to shared drives on a file server. They also possess features that help ensure authenticity, security, etc., and provide version control, consistency in file naming and classification, records disposition, etc. The folders in your e-mail program, such as Inbox, Drafts, Deleted Items, Sent Items or any other folder you might create, provide few, if any, of the records management components described above. You may wish to create folders within your e-mail program which are based on ARMS 2006 and ORS, but this is at best a place to store records temporarily, or a place to keep non-government records such as convenience copies. Ideally, official copies of government records should be stored for their assigned retention periods in a central repository. 4. How much will it cost to implement the recommendations in these guidelines? The cost will vary depending on the records management policies already in place, including ARMS 2006 and ORS implementation, and the options chosen by the

Saskatchewan Archives Board 26 department. The costs associated with the purchase of hardware, electronic records management software, and training will also vary depending on the corporate culture and implementation options chosen. 5. Why is technical information relating to viruses, backup tapes, passwords, etc. included in this document? The e-mail policy is intended to give general information regarding security issues, and is not intended to replace existing or future IT policies regarding viruses, backups, passwords, etc. The Information Technology Office (ITO) is currently developing government-wide Information Protection Security Standards which will address security issues. For additional information please contact ITO. 6. In our department IT staff regularly cleans up our sent folders, inboxes, deleted items folders, etc. How do we ensure that e-mails that are government records are maintained for the legislated time period? It is the responsibility of individual users to ensure that their e-mail records are saved in the manner required by their institution. Following internal policies and procedures, users must identify those e-mail messages that are government records and ensure that they are either printed and filed or classified and stored according to the shared electronic directory system, electronic records management system, electronic document management system, etc., used by the department. 7. How can we be sure that records stored on an electronic medium will be accessible and readable for the full retention period? The longer the retention period, the greater the need for data migration policies and procedures. Electronic records stored on hard drives, cd s, tapes, etc., need to be accessible for their entire retention period in a form which maintains the integrity of the record. Many software companies design new versions of their products to be able to open, read and/or upgrade files created on earlier versions. However, some government records have long retention periods, e.g. 10 or more years; software products may go through numerous upgrades in that period of time, and departments must be sure to maintain awareness of the software product s capability to access files created on earlier versions. If the current version of a software product is unable to access the version of the document that was placed into long-term storage, or if a given software product s capability in this regard is unknown, records should be transferred to another medium for long-term storage, e.g. print and file, microfilm, etc.

Saskatchewan Archives Board 27 8. Are third parties having access to a government e-mail system required to follow these guidelines? For the purposes of these guidelines, an authorized user is in keeping with the definition outlined in the Government of Saskatchewan s Human Resources policy regarding The Acceptable Use of Information Technology (PS1103). It applies to employees appointed under The Public Service Act, 1998 who use any information technology resources which: are owned by the Government of Saskatchewan; are licensed or leased by the Government of Saskatchewan; connect directly to Government data or telephone networks; connect directly to a computer device owned or operated by the government; otherwise use or affect the Government of Saskatchewan s information technology infrastructure. PS1103 also states: This policy also applies to those working under contract to the government who use the Government s information technology resources. 9. Who is responsible for classifying e-mail and implementing records retention schedules? Records management practices will vary from department to department. However, generally speaking, individual users are responsible for classifying and retaining e- mails. The development and implementation of records retention schedules is usually coordinated by records management staff. This, however, is determined by the individual department and may vary from department to department. 10. What about the information stored on back-up tapes? Back up tapes should never be used for long-term storage of records. Back up tapes are intended to ensure system security and reliability and should be used accordingly. If your department is currently storing information on back-up tapes, this information should be inventoried, classified and transferred to an appropriate storage medium.