How long should government entities in Texas keep email? It’s one of our most frequently asked questions, and like all our favorite questions here at TSLAC, the answer is, “it depends.” Though TSLAC has traditionally recommended the “sort and file” method, these days many agencies are hoping to simplify their operations by establishing an auto-deletion policy for email. Can such a method work? Yes! But, there are important factors to consider before going down this path.

Determine a Reasonable Auto-Deletion Time Period

As mentioned above, there is no standard retention period for email. Instead, just like with paper records or digital files on a computer, the retention period for each email will be based on the contents of that particular email. We often say that the TSLAC retention schedules are “media neutral,” which means that they are based on content, not format. This is based on the statutory definition of a “local government record” (Local Government Code §201.003(8)) and “state record” (Government Code §441.180(11)). For example, if the normal practice in your office is to ask for time off by sending your boss an email, those emails would likely be considered leave records (GR1050-54b for local governments, 3.4.007 for state agencies) with a retention period of “FE+3” (fiscal year end + 3 years).

Realistically, though, most employees only create emails that fall into a handful of categories, so it may be possible to set an entity-wide email auto-deletion policy that will cover the maximum retention period of most emails sent and received by your employees. To do that, you’d need to first consider all the potential record series that could apply to your employees’ emails. Once you’ve made a list of potential record series that could apply, choose the longest retention period from that list. That way your blanket auto-deletion policy will meet the minimum retention periods of most of your employees’ emails.

One option is the “capstone” approach, which is what the National Archives and Records Administration (NARA) recommends for federal government entities. With this approach, the auto-deletion time frame is adjusted based on an employee’s role or position. For example, a government entity could establish a longer auto-deletion time frame for executives, managers, or certain departments like legal. This tailored strategy can help target specific groups of people who may need or benefit from a longer email retention period, while allowing the majority of employee emails to be disposed of on a shorter time frame.

For more tips on classifying email see: FAQ: How Long Do I Keep Email?, FAQ: Is Email Always Correspondence?, and our webinar series on email management.

Account for Outliers

Inevitably, some emails will need to be retained longer than the auto-deletion policy allows. To account for those cases, you’ll need to educate your employees on how to identify emails that need to be retained longer than your auto-deletion policy and establish a retention strategy for how you’d like those emails to be saved.

For example, let’s say you’ve analyzed the types of emails typically sent by your employees and set your government entity’s email client to delete any email older than a certain number of years. If one of your employees negotiates a contract with a vendor over email, that employee would need to be aware that any emails capturing contract negotiations likely fall under Contracts, Leases, and Agreements (GR1000-25) for local governments or Contract Administration Files (5.1.001a/b) for state agencies and universities. Either way, the retention period applies to correspondence and similar records relating to contract negotiation and the retention period is based on the length of the contract. Since the contract may be in place for a varied or undetermined amount of time, that employee would need to identify those emails and save them according to your government entity’s policy. For example, they might be saved on a shared drive or in the cloud in a folder with the contract itself.

Evaluate Your Government Entity’s Risk Tolerance

Keep in mind that any auto-deletion policy has an element of risk. Because emails will not be evaluated one by one, there is a risk that emails may be mis-classified and under-retained. It’s up to your government entity to determine your risk tolerance and what steps you will take to mitigate the risk of under-retention. Before implementing an auto-deletion policy, consult with key stakeholders such as your Records Management Officer, IT staff, legal staff, and upper management.

Record Disposition

Disposition logs, or other methods of recording disposition, are required for state agencies and strongly recommended for local governments. With an email auto-deletion policy, a traditional disposition log where employees individually request destruction for groups of records may not be feasible. Instead, consider alternative ways to record the disposition of auto-deleted emails. For example, your email client may be able to produce a report of disposed records on a periodic basis.

For state agencies, keep in mind that disposition must be recorded in keeping with 13 TAC §6.8(b)(3). If you’re unsure whether your plan for recording disposition is appropriate, consult your legal counsel.

Establish Policies and Educate Employees

Having a policy in place is crucial to ensuring that the auto-deletion procedures are done in a regular and consistent manner. A good policy will also outline how to handle various contingencies such as records that need to be retained longer than the auto-deletion period and how to account for destruction holds.

With an auto-deletion policy in place, your employees will need to be able to recognize emails in their own inbox that need to be retained longer than the auto-deletion period and save them appropriately as they come up. We recommend that government entities spend time educating their employees about the types of records they make and how long they’re required to keep them. See our training page for educational resources you can share with your staff.

Conclusion

Email auto-deletion policies are possible to achieve with appropriate guardrails in place. By identifying the record series and minimum retention periods that apply to your employees’ emails, you may be able to assign an appropriate auto-deletion time frame for email accounts as a whole. Be sure to keep track of outlier records and establish robust policies to ensure proper retention and disposition that meets your entity’s risk tolerances. If you are thinking of establishing an email auto-deletion policy, feel free to reach out to your analyst to talk it through.