Email disposal and retention guidelines

Save favourite 8 Feb February 2019

These are step-by-step guidelines with the purpose to facilitate managing your email as a Mid Sweden University employee.

Background

Most rules were applicable already before the new regulation; such as what public records are, if the records should be archived or discarded, how to handle records that are not public etc. What changed in May 2018 is that the General Data Protection Regulation (GDPR), unlike the previous law (“personuppgiftslagen”in Swedish), includes rules for email management. Simply put, this means all emails sent to or from name@miun.se contains personal data such as sender/receiver, and often names. In addition to following the laws and regulations concerning public records, state employees need to work in accordance with the rules regarding processing of personal data.

Email management

In order to figure out for how long you are allowed to keep an email, you must first decide whether the email constitutes public records or not. Start with the question “Is the email sent internally (within the organization) or externally?”

  1. Internally = emails sent within Mid Sweden University, both receiver and sender,
  2. Externally = emails with receiver and/or sender outside of the organization

From here on you follow the instructions under the applicable headline below. Under Examples, you can read a brief description of how a few different types of records should be managed.

1. Internally sent emails within Mid Sweden University, receiver and sender

1.1 Not public records- disposal

Examples of emails, not included in your role as an employee, which are not public records.

  • Purely private content
  • Concerning you as a union representative
  • Regarding other organizations at the university (art clubs, sport clubs etc.)

Examples of emails, included in your role as an employee, which are not public records.

  • Questions and answers sent internally, not regarding a specific matter (to and/or from another MIUN-employee)
  • Invitations to meetings

For emails under 1.1 (internal, not public records- disposal) GDPR regulates for how long an email may be kept. You must discard it when you no longer have use for the email and/or you can’t justify keeping it.

1.2 Public records – disposal/retention

1.2 Emails sent internally adding information to a matter (decision/enquiry) are public records.

Examples:

  • An answer containing an assessment of a specific issue, f e validation of qualifications
  • Adding facts to a specific matter
  • Grounds for examination
  •  (the list is not complete)

The basic principle for public records is that they are to be preserved. That means that in order to discard emails under 1.2, it must be allowed according to the rules for disposal and retention. They are presented in the retention plan, which is available (in Swedish) on the Staff portal page Arkiv och diarium under ”Bevarande och gallring”.

The retention plan contains information about what should be preserved or when information may be discarded, e g after 2 years, 10 years or, if the information is of temporary value, when it is estimated that it is no longer needed. It often also states where records should be archived or filed.

Disposal of records and documents that are only of temporary value means that the information; or in this case emails with attachments, are disposed of when they are no longer necessary in the daily work. Whether they are necessary or not is up to each employee to decide. Consider for how long you, or a colleague, if you should not be available, would need access to the information. A month? Until the end of term? Or not at all? You may then create folders based on that assumption which enables you to discard a whole folder at the time. For example, if the folder for September needs to be available for another month it can be discarded in November 1st, or if the folder for spring term 2019 needs to be available until end of term it can be discarded at the beginning of the autumn that same year.

According to the retention plan, information that is to be preserved should be archived and/or registered accordingly and then deleted from the email system, which is not an archive, - Please note that nothing will be archived directly from the system.

If you, need to keep a copy of it for other purposes, after the email is stored correctly or have been discarded, you have to discard it when you no longer need the information. Consider GDPR and save only what you actually need. If you only need the attachments for your work, save them in your folders and delete the actual email.

2. Externally – emails with receiver and/or sender outside of the organization

2.1 Not public records- disposal

External emails with only private content are not public records. Examples:

  • A friend asks you to go for lunch
  • Concerning you as a union representative
  • Regarding other organizations at the university (art clubs, sport clubs etc.)

For emails under 2.1 (external, not public records- disposal) GDPR regulates for how long an email may be kept. You must discard it when you no longer have use for the email and/or you can’t justify keeping it.  

2.2 Public records – disposal/retention

2.2.1 External emails adding information to a matter (decision/enquiry) are public records and should be preserved or discarded according to the retention plan. Examples:

  1. An answer containing an assessment of a specific issue, f e validation of qualifications
  2. Adding facts to a specific matter
  3. Grounds for registration of a student

The premiss for public records is that they are to be preserved. That means that in order to discard emails under 1.2, it has to be allowed according to the disposal and retention rules. These are presented in the retention plan, which is available in Swedish on the Staff portal on the page Arkiv och diarium under ”Bevarande och gallring”.

The retention plan contains information about what should be preserved or when information may be discarded, e.g. after 2 years, 10 years or, if the information is of temporary value, when it is estimated that it is no longer needed. It often also states where records should be archived or filed.

2.2.2 Examples of external emails of temporary value that can be discarded when they are no longer necessary:

  • Simple questions and answers (often replaces a phone call)
  • Emails you receive because you are on a send list for various types of information, collaboration groups within a sector etc.
  • Invitations to meetings
  • Practical questions and answers about lectures, registration, general student service etc.
  • … (the list is not complete)

Disposal of records and documents that are only of temporary value means that the information; or in this case emails with attachments, are disposed of when they are no longer necessary in the daily work. Whether they are necessary or not is up to each employee to decide. Consider for how long you or a colleague, if you shouldn’t be available, would need access to the information. A month? Until the end of term? Or not at all? You may then create folders based on that assumption which enables you to discard a whole folder at the time. For example, if the folder for September needs to be available for another month it can be discarded in November 1st, or if the folder for spring term 2019 needs to be available until the end of the term it can be discarded at the beginning of the autumn that same year.

According to the retention plan, information that is to be preserved should be archived and/or registered accordingly and then deleted from the email system, which is not an archive, - Please note that nothing will be archived directly from the system.

If you, need to keep a copy of it for other purposes, after the email is stored correctly or have been discarded, you have to discard it when you no longer need the information. Consider GDPR and save only what you actually need. If you only need the attachments for your work, save them in your folders and delete the actual email.

Examples

Records/email: Question from a teacher to administrative staff regarding students registered on a specific course:

External or eller internal?  Internal.
Public records based on content? No.
What do you do?  Delete the email (question and answer) when the question has been answered.

Records/email: A decision to grant funding in a research project, from the financier to Mid Sweden University

External or internal?  External.
Public records based on content? Yes.
May it be discarded? No, it is to be preserved and registered (diarieförd).
What do you do?  Send the invoice to the registrar’s office who will handle it further. Save the attachment if it is needed for other purposes, delete the email when it is no longer necessary.

Records/email: Invoice for a conference you attended

External or eller internal?  External.
Public records based on content? Yes.
May it be discarded? Yes, after 13 years. In the retention plan, you can note that it needs to be entered in the financial system.
What do you do?  Send the invoice to the financial department who will handle it further, delete the email.

26
7