In a Nutshell

Emails must be appropriately protected.

Adequate security must be in place (e.g. password access, encryption).

Once an email has become a record it should not be altered.

In Depth

• Ensure the password security of your email system.
• In order to maintain their value as evidence, emails are not to be altered or manipulated during all phases of their transmission, usage, storage and migration.
• Transactions involving exchange of personal, private, or financial information are to be treated at a minimum as "confidential".
• All intellectual property rights (such as patents, copyrights etc.) pertaining to information contained within emails remain with the relevant public authority unless otherwise stated.
• Scanned images of signatures should not be included in emails that are public records as they may be misused and do not add to the authenticity of an email.

Questions

Click here to check your understanding.

Policy

Click here to link to the policy.

Management

What Policies are in place in your agency to protect the security of email accounts?

What Policies are in place in your agency to ensure emails that are public records are managed?

Record Staff

The management of emails should comply with policies protecting personal privacy, confidentiality, or commercially sensitive information from unauthorised access, disclosure, manipulation, concealment, deletion or removal.

Public authorities must ensure that their current systems, procedures and practices protect email system records from accidental or deliberate alteration or deletion during all phases of their capture, storage and migration.

Where encryption is used to protect emails during delivery, decryption keys and software are to be available, allowing appropriate access to emails by authorised users