The purpose of this policy is to ensure the retention of University information necessary to fulfill academic, administrative and legal requirements.

The User Accounts and Acceptable Use Policy serves as the foundation for this policy.

The University of Louisville (University) issues students and employees (faculty, staff, administrators, and student employees) a University electronic mail (email) account. Additionally, sponsored, gratis, or service email accounts may be granted as needed for conducting University business. 

Email records must be retained in order to fulfill academic, administrative and legal requirements and per University, state and federal requirements.

The University does not automatically archive enterprise email. It is the responsibility of each email account user to understand and follow University, state, and federal requirements as it relates to the retention of electronic information.

• University e-mail may be a public record subject to disclosure under the Kentucky Open Records Act. To the extent allowed by existing email retention capability, email in the University email system may be subject to the record retention schedules established by Kentucky law, University records retention policy, or other applicable University policies. Federal laws may require retaining email in the University email system for a specific time as defined by individual laws (e.g., FERPA, HIPAA, etc.). The University reserves the right to retain emails in the University email system, as necessary.
• In certain circumstances, the University may issue a litigation hold requiring employees to retain electronic communication(s), including email, which is created, received, maintained, or stored on the University email system.
• ITS may retain mailbox data for a limited period of time after an individual leaves the University. It is the individual’s responsibility to transfer any personal information to other storage prior to their separation from the University. Individuals shall limit personal information in their mailbox to only that personal information necessary for their affiliation with the University. 
• University business information is the property of the University and must not be transferred, destroyed, or copied without legal authorization.

Policy Authority/Enforcement:   Enterprise Information Technology is responsible for the development, publication, modification and oversight of this policy and associated standards. ITS works in conjunction with University Leadership, Information Security Compliance, Audit Services and others for development, monitoring and enforcement of these policies and standards.
 
Policy Compliance:  Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.