University at Buffalo Crest.

Policy Information

Date Established: -
Date Last Revised: 8/10/2011
Category: Information Technology
Responsible Office: Enterprise Infrastructure Services
Responsible Executive: Chief Information Officer

Policy Contents

Central Email Communications Management and Retention


This policy advises the UB community how long centrally email is retained, and provides guidance in managing information communicated by email. Unencrypted email is never a private means of transmitting information although people often treat it as such.

Policy Statement

UB does not retain email centrally except for disaster recovery purposes. Deleted messages are retained for 7 days. Originators and recipients of email are responsible for identifying and saving documents that must be retained in order to comply with federal, state, or local laws and to meet operational, legal, audit, research, or other requirements.


Email is one of UB's core internal and external communication methods. Email includes official University correspondence as well as non-official correspondence, attachments, and forms transmitted electronically. It is important for all users to note that copies of email messages, including personal as well as business communications, may be released to the public under the New York State Freedom of Information Law. [1]  In addition, all email messages including personal email may be subject to and released in response to various government and court-ordered legal actions. UB central email system administrators do not routinely monitor email, however, system administrators may access email:

  • For a legitimate business purpose (e.g., when an employee is terminated or absent for an extended period of time)
  • To diagnose and resolve technical problems
  • To investigate possible misuse of email when a reasonable suspicion of abuse exists or in conjunction with an approved investigation
  • To address an imminent health or safety issue

The information communicated over email systems is subject to the same laws, regulations, policies, and other requirements as information communicated in other forms and formats. That is, email messages created in the normal course of official business and retained as evidence of official policies, actions, decisions, or transactions are records subject to NY State records management requirements and specific program requirements. Information on distinguishing email records from non-record email, as well as filing and managing email records is provided in the publication: Managing E-mail Effectively: NY State Archives and Records Administration (SARA).

The SARA publication states:

"As soon as possible, users should file any correspondence that is directly related to the business functions of the government [state agency], including related attachments." [p. 14]

"There are two general options for filing and managing e-mail record: print messages and file them in manual filing systems, or transfer e-mail messages to an electronic filing system of some kind." [p. 13]


Policy Review and Update

The Chief Information Officer or his designee will periodically review and update this policy as needed. Questions concerning this policy should be directed to the Office of the Associate VP for Information Technology.

Contact Information

Contact An Expert
Contact Phone Email
Director of Enterprise Infrastructure Services 716-645-3031

Related Information

University Links

Related Links

[1] Under FOIL, records are available for inspection and copying unless specifically excepted by law. One such exception provides that the University may deny access to records specifically exempted from disclosure by state or federal law, such as FERPA. Personal email communications are protected only when their release would cause economic or personal hardship.

Interim Associate VP for Information Technology Approval

Signed by Interim Associate Vice President for Information Technology Thomas R. Furlani

Thomas R. Furlani, Interim Associate Vice President for Information Technology