Email messages must be appropriately protected.

Adequate security must be in place (e.g. password access, encryption).

Once an email has become a record it should not be altered.

• Ensure the password security of your email messaging system.
• In order to maintain their value as evidence, email messages are not to be altered or manipulated during all phases of their transmission, usage, storage and migration.
• Transactions involving exchange of personal, private, or financial information are to be treated at a minimum as "confidential".
• All intellectual property rights (such as patents, copyrights etc) pertaining to information contained within email messages remain with the relevant entity unless otherwise stated.
• Scanned images of signatures should not be used to validate emails in any circumstances. They can be cut and pasted to give the appearance that other documents were officially signed.

	They take up a lot of memory
	They can be cut and pasted into other unofficial documents
	They need to be updated with changes of staff
	All of the above

Griffith University Records Management Policy

Griffith University’s management of email complies with policies protecting personal privacy, confidentiality, or commercially sensitive information from unauthorised access, disclosure, manipulation, concealment, deletion or removal. Refer to the Policy Library for specific policies.

Public authorities must ensure that their current systems, procedures and practices protect email messaging system records from accidental or deliberate alteration or deletion during all phases of their capture, storage and migration.

Where encryption is used to protect email messages during delivery, decryption keys and software are to be available, allowing appropriate access to email messages by authorised users.