Standard for Email Retention and Management

Introduction

The University of the Incarnate Word provides email services to faculty, staff, and students to execute the mission of the university. All email created, transmitted through, or stored on the university mail system is the property of the university. This standard exists to define guidelines to manage risk, meet compliance requirements and the business needs of the university regarding the email system.

This standard applies to university faculty, staff, administrators, students, volunteers, contracted employees and other university affiliates privileged to use university information resources. In addition to this policy, all users of information and computing resources at UIW are also responsible for adherence to any State or Federal regulations regarding computer use at the university.

General Retention Standards

Users are to be encouraged to delete unnecessary email from their accounts often to avoid archiving unnecessary emails.

The university Office365 ‘Archive’ folder is the only authorized mail archive mechanism. Local .pst archives or any other local mechanism may not be created for storing email.

Employee Email Retention

The following automated email retention policies and restrictions apply to all university staff, faculty, and administrator email accounts. Users must move any email that they wish to keep beyond the periods specified below to the Archive folder.

  • Inbox and subfolders are purged daily for emails older than 365 days.
  • Sent Items are purged daily for emails older than two (2) years.
  • Junk folder is purged daily for emails older than 30 days.
  • Trash folder is purged daily for emails older than 30 days.
  • Archive folder and subfolders are retained indefinitely
  • All other folders are purged for emails older than 60 days.

Student Email Retention

Student email will be retained for the duration of the student’s network account.

Regulation Reference

Any modification of this document requires review of the regulations and/or controls listed below:

  • 45 CFR Part 164 HIPAA Security and Privacy Rule
  • 45 CFR Part 160 HIPAA General Administrative Requirements
  • 45 CFR Part 162 HIPAA Administrative Requirements

First Approved: February 28, 2018, version 1.0