Deleted emails

FT front page, 17.6.15

FT front page, 17.6.15

The Cabinet Office has a policy of deleting all emails after 3 months, which recently featured in a front page Financial Times story on June 17 2015. Under the policy, all Cabinet Office emails are automatically deleted after 3 months – anything needed for permanent preservation must be printed out and stored before this happens. The FT reported on the frustration of some former officials and advisers over their disappearing emails. The Telegraph has reported that some other departments also automatically delete emails after a set time.

It was suggested that the policy was an attempt to circumvent the FOI Act. The government maintains that it was merely good record management.

It was probably both.

The Campaign spoke at many FOI conferences and training events in the 2 years leading up to FOI implementation in January 2005. Authorities were repeatedly urged to adopt proper record management practices to prepare for FOI and, as part of this, to determine how long to keep particular types of records, and delete them after that time. Senior speakers from The National Archives highlighted two main benefits (a) it would be easier to locate records sought under FOI or needed by authorities themselves and (b) if authorities routinely got rid of anything they didn’t need they would not have to disclose old, inconvenient material.

Those who promoted this message were undoubtedly trying to improve record management standards. But they sold the policy partly on the basis that it would help authorities avoid embarrassment when awkward FOI requests came in.

Cabinet Office staff newsletter 'The Weekly', 13 September 2004

Cabinet Office staff newsletter ‘The Weekly’, 13 September 2004

This is reflected in a comment in the Cabinet Office’s staff newsletter in September 2004:

“With the imminent arrival of FOI, now might be a good time to consider that clear-out of old e-mails and electronic documents that you’ve been putting off because there’s always something more urgent to do.

Under FOI, any document (whether paper or electronic) held in the department is potentially disclosable. Do you really need to keep that two- year-old e-mail, just in case?”

So it’s likely that one objective of the Cabinet Office’s email deletion policy was to reduce the chances of unhelpful material having to be disclosed under FOI. Its timing strongly suggests the link. It was brought into force on 20 December 2004 – a few working days before the FOI Act took effect on 1 January 2005.

Cabinet Office guidance states that emails which should be saved include those which contribute to the development of policy or legislation; provide the background to decisions or advice to ministers; describe departmental performance against objectives; form part of an audit trail e.g. in relation to contracts; and describe action the department has taken to comply with legal obligations.

But if the default position is that emails are automatically deleted if the owner takes no positive steps to preserve them, some of this information is bound to disappear without trace.

The Cabinet Office policy has certainly helped prevent the release of inconvenient information. For example, in July 2011 an FOI request was made for emails sent and received by Andy Coulson, Mr Cameron’s former communications director, who was later jailed over phone hacking. Downing Street replied:

“The Cabinet Office’s publicly-stated record management policy, which was introduced in 2004, is that the IT system automatically deletes e-mails after three months. This policy was introduced on the basis that the e-mail system should not be used for storing public records – for which established systems are in place – or ephemeral information. Mr Coulson resigned in January 2011. No e-mails therefore will remain in the live e-mail account nor will they be held in either a trash can or recycle bin folder.

Although the information may exist on the computer server we estimate that the cost of establishing this would exceed the appropriate limit of £600 set out in the Freedom of Information Act.”

Commissioner v the Tribunal
The Cabinet Office reply refers to emails held on backup servers. But the Information Commissioner’s view is that electronic information which has been deliberately deleted by a public authority is not ‘held’ by it for FOI purposes even if it can be recovered:

“as a general rule, the Commissioner considers that information contained on a backup is not held. This is because, generally, the public authority will have no intention of accessing the information on the backup…the Commissioner’s focus is on the intention of the public authority rather than whether the records can actually be recovered.”

This is a surprising position, because if the information can be found within the cost limit it would be more logical to consider that it is held.

That is in fact the Tribunal’s position. In case EA/2005/0001, Harper v IC & Royal Mail it held that:

“Simple restoration from a trash can or recycle bin folder, or from a back-up tape, should normally be attempted, as the Tribunal considers that such information continues to be held”.

In case EA/2011/0152, Keiller v IC & University of East Anglia it ruled that information about the so-called ‘Climategate’ affair which had been deleted from the UEA’s files but was still available on backup tapes was –

“as a matter of common sense…still ‘held’ by UEA. We consider the counter-arguments to be over-technical”

And in EA/2011/0190, Clyne v IC & London Borough of Lambeth the Tribunal ordered the authority to restore a deleted email account from backups and search it. The former staff member’s account had been deleted a year after he left in accordance with an established policy – but had still been ‘live’ at the time of the request.

So deleting emails may not be enough to avoid FOI disclosure.

Research Assessment Exercise
Occasionally the purpose of a record destruction policy is acknowledged to be the avoidance of FOI. In 2007, academics assessing the quality of university research on behalf of the UK’s higher education funding bodies were told to adopt a strict record destruction policy. They were warned that the notes made as part of the 2008 Research Assessment Exercise (RAE) could be accessible under the Data Protection Act or the Freedom of Information Act. A leaked memo obtained by Times Higher Education from the head of the team managing the project said:

“We strongly wish to avoid dealing with such requests and the associated burden they would place on panel members and secretariat. It is for this reason that we ask you to exercise caution in creating personal notes, destroy them at the latest 20 days after creation and do not disseminate them (or any other potentially sensitive information…) by e-mail.” [1]

The academics were also advised not to download submissions onto their own computers but read them online from a shared website – and afterwards to delete any copy cached in their computer’s memory. They were also told to use the telephone, not email, to communicate with each other.

Bizarrely, the memo ended by stressing that the higher education funding bodies were required to have ‘transparent processes’ for dealing with complaints about the exercise. No mention was made of how this could be done if the relevant records had been destroyed.

[1] Email to chairs and members of RAE2008 sub-panels and main panels, 27.11.2007

Social tagging: > > >

Comments are closed.