Management of Email


The ease of e-mail creation and distribution, together with the sheer volume of messages that staff are expected to deal with can inevitably lead to problems. Messages containing sensitive material may be sent to the wrong person, while confidential information is often to be found inadvertently buried in the middle of a long chain of forwarded messages. Both could result in breaches of the Data Protection Act and/or make prompt handling of subject access requests and Freedom of Information requests difficult. Below are some key points[1] to consider when using e-mail.

Before drafting a new e-mail, take a few moments to consider whether e-mail is the most appropriate means of communication in this case (e.g. might a brief phone call be preferable?). Remember that e-mails are potentially disclosable documents in the case of both subject access requests under the DPA and FOI requests.

Think carefully before selecting ‘Reply all’ or when sending messages to large groups of users.

Be very careful how you express yourself, especially if you feel heated about the subject – use objective, conversational English and avoid subjective comments or jokes which can easily be misconstrued. Remember the message will be read by another person (and potentially the person to whom it relates) who may not appreciate your ‘personality' or opinions.

Remember that sending email from your University account is similar to sending a letter on an Oxford University letterhead, so do not say anything that might discredit or bring embarrassment to the University.

E-mail is inherently insecure. Consider the security of email messages in a similar way to a message on a postcard i.e. anyone along the chain of distribution could get to see what you have said, and it might even end up in someone else's hands.

Consider the sensitivity of the message you intend to send. You can protect confidential information by putting it in an attachment and encrypting the attachment.

Make sure that the ‘subject' field of your message is meaningful, clear and unambiguous. When you use the `reply' option, ensure that the subject field (usually filled in for you under those circumstances) still accurately reflects the content of your message.

Try to restrict yourself to one topic per message, sending multiple messages if you have multiple topics, rather than using one message to cover a wide range of topics. This makes it easier to extract relevant information when requests under DPA and FOI are received.

Think carefully about whether you need to reproduce a message in full when responding to it. Where possible, be selective in the parts that you include in your response.

Be careful when forwarding on other people’s e-mail messages. Consider whether they would be expecting their e-mail(s) to be disseminated more widely, whether it is appropriate to do so and if in doubt, check with them first.

Do not resend attachments with a reply unless necessary.

Provide an out of office message when are away, with details as to whether urgent messages should be sent.

Any form of request for information held by the University, be it an FOI request or a subject access request under the Data Protection Act may well cover e-mails received/sent by staff across the whole of the University. It is for this reason that e-mails should be managed alongside all the other information to which they relate and, where necessary, retained as part of the University’s permanent record, rather than only stored locally on individual PCs or laptops.


[1] Adapted from the JISC Infokit on E-mail Management and the OUCS guide to ‘Netiquette