Pol-Email Retention

policy ISO-019 v2.1 modified Tue Jun 17 2025 13:45:29 GMT-0400 (Eastern Daylight Time)

UofL Logo

University of Louisville

OFFICIAL
UNIVERSITY
ADMINISTRATIVE
POLICY

POLICY NAME

Email Retention

EFFECTIVE DATE

February 14, 2011

POLICY NUMBER

ISO-019 v2.1

POLICY APPLICABILITY

This policy applies to all University employees (faculty, staff, administrators, and student employees), students, temporaries and contractors, volunteers, visiting scholars, and other persons as deemed appropriate while conducting/performing work, teaching, research, or study activity using University resources. This policy applies to all facilities, property, data, and equipment owned, leased, and/or maintained by the University of Louisville or its affiliates.

REASON FOR POLICY

The purpose of this policy is to ensure the retention of University information necessary to fulfill academic, administrative and legal requirements.

The User Accounts and Acceptable Use Policy serves as the foundation for this policy.

POLICY STATEMENT

The University of Louisville (University) issues students and employees (faculty, staff, administrators, and student employees) a University electronic mail (email) account. Additionally, sponsored, gratis, or service email accounts may be granted as needed for conducting University business. 

Email records must be retained in order to fulfill academic, administrative and legal requirements and per University, state and federal requirements.

STANDARDS

The University does not automatically archive enterprise email. It is the responsibility of each email account user to understand and follow University, state, and federal requirements as it relates to the retention of electronic information.

  • University e-mail may be a public record subject to disclosure under the Kentucky Open Records Act. To the extent allowed by existing email retention capability, email in the University email system may be subject to the record retention schedules established by Kentucky law, University records retention policy, or other applicable University policies. Federal laws may require retaining email in the University email system for a specific time as defined by individual laws (e.g., FERPA, HIPAA, etc.). The University reserves the right to retain emails in the University email system, as necessary.
  • In certain circumstances, the University may issue a litigation hold requiring employees to retain electronic communication(s), including email, which is created, received, maintained, or stored on the University email system.
  • ITS may retain mailbox data for a limited period of time after an individual leaves the University. It is the individual’s responsibility to transfer any personal information to other storage prior to their separation from the University. Individuals shall limit personal information in their mailbox to only that personal information necessary for their affiliation with the University. 
  • University business information is the property of the University and must not be transferred, destroyed, or copied without legal authorization.
RESPONSIBILITIES

Policy Authority/Enforcement:   Enterprise Information Technology is responsible for the development, publication, modification and oversight of this policy and associated standards. ITS works in conjunction with University Leadership, Information Security Compliance, Audit Services and others for development, monitoring and enforcement of these policies and standards.
 
Policy Compliance:  Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.

ADMINISTRATIVE AUTHORITY

Executive Vice President and University Provost

RESPONSIBLE UNIVERSITY DEPARTMENT/DIVISION

Information Technology
Miller IT Center, Louisville, KY 40292
IT Helpdesk Phone: 502-852-7997
IT Helpdesk ServiceNow or Live Chat: http://louisville.edu/it/helpdesk

HISTORY

This policy is subject to change or termination by the University at any time. This policy SUPERSEDES all prior policies, procedures or advisories pertaining to the same subject.
 
This policy will be reviewed annually to determine if the policy addresses University risk exposure and is in compliance with the applicable security regulations and University direction.  In the event that significant regulatory changes occur, this policy will be reviewed and updated as needed per the Policy Management process.
 

Approved February 14, 2011 by the Strategic Technology Executive Committee
 
Revision Date(s):

1.0 / February 14, 2011 / Original Publication

1.1 / January 29, 2013 / Content Update

1.2 / September 30, 2014 / Content Review

2.0 / March 8, 2016 / Content update of Responsibilities to IT and update to new template

2.1 / June 17, 2025 / Content update per current retention requirements and ITS process


Reviewed Date(s): September 30, 2014; March 8, 2016; June 17, 2025

The University Policy and Procedure Library is updated regularly. In order to ensure a printed copy of this document is current, please access it online at http://louisville.edu/policies.