Questions
- For how long is the College required to retain old emails?
- What is the current legal position concerning email disclaimers and how are they used?
- What is the legal position concerning defamatory statements posted on an institutions computer networks?
1. For how long is the College required to retain old emails?
Firstly it is necessary to try and distinguish between emails which contain information which are business records and emails which are just miscellaneous data or information generated on a day to day basis. You must treat these two types of information differently.
The miscellaneous data or information is normally transient in nature and should not be retained longer than it performs a function. So it should be deleted once it has served its purpose. This applies equally to electronically generated information and paper based information.
The formal record information has to be handled in a more official way according to the institutions policies and procedures.
At present there is no legislation in the UK which requires the retention of emails per se. However, there are periods of time set down in law for the retention of certain information whether this is held in emails or elsewhere. For example, financial returns, health and safety information or indeed regulatory information require to be retained for a fixed period of time. These are fairly straightforward with financial penalties imposed for breach. A college would be required to assess whether it retains information of this type in emails, ensure it is retained for the required period of time and have a policy in place to ensure that retention is in the appropriate place on the system. A college would also need to consider retaining the content of some emails for longer than others. For example negotiating a contract, which includes email communications, would perhaps require the information contained therein is stored until completion of the contract.
The JISC Study of the Records Lifecycle has a retention schedule with suggested retention periods for specific types of information and also provides the legal reason (when there is one), for the period of retention. The JISC infoNet records management pages at - http://www.jiscinfonet.ac.uk/records-management has links to this and other information on the retention of emails as well as on general records management.
2. What is the current legal position concerning email disclaimers and how are they used?
Email disclaimers are designed as an attempt to limit the sender's liability for the content of a message. However, their ability to prevent liability for negligent behaviour is very limited. If someone is discriminated against or the email content is racist then a disclaimer will not make the offence disappear. At best it may be possible to show that you have attempted to limit the damage by indicating that the content is confidential and if received in error that it should be clear to the recipient that the material is confidential and should be treated as such. The following article provides some explanation on this subject - http://www.venables.co.uk/n0209emaildisclaim.htm.
You may also be interested to read the detailed treatment of the ‘Legal Position of Email Disclaimers' available at - http://www.weblaw.co.uk/artemail.php.
In addition the information available on the Manchester Metropolitan University website concerning their use of an email disclaimer is available at: http://www.isu.mmu.ac.uk/general/email-disclaimers-faq.shtml.
"To this end, Directorate has approved a policy requiring that all external e-mails sent by staff of the University carry a disclaimer explaining the legal aspects of the message.
The legal value of such disclaimers is yet to be tested in court, but the best opinion available is that they can only strengthen the University's position in the event of any dispute."
Templates
Some of the clearest information on disclaimers is available on the 'Business Link' website which is primarily funded by the UK Department of Trade and Industry - http://www.businesslink.gov.uk. Search for "Business email disclaimer - sample template" on the home page http://www.businesslink.gov.uk/. At that location there is a 'Business email disclaimer - sample template' which can be downloaded and could be adapted to suit.
You should also check the information on the OUT-LAW website at - http://www.out-law.com/page-5536 entitled "Email notices and email footers".
Specifically it clarifies that there is no legal authority on the effectiveness of these notices in email messages but that is not to say that they should not be used, provided care is taken in drafting them. The disclaimer and the confidentiality notice are intended to serve different purposes, and ideally should be separated.
Business emails are required to include certain mandatory information.
" ...
Mandatory information
If your business is a private or public limited company or a Limited Liability Partnership, the Companies Act 1985 requires all of your business emails (and your letterhead and order forms) to include the following details in legible characters:
- your company registration number;
- your place of registration (e.g. Scotland or England & Wales ); and
- your registered office address
..."
This information should also appear on your company's website (and for an overview of other information that is required on a website, see our guide to the UK’s E-commerce Regulations). Failure to comply with these requirements puts a company at risk of a fine.
The duty has existed for business letters for many years. But some people were unsure whether this duty extended to email communication. Any doubt was removed by an amendment to the Companies Act 1985 that took effect on 1st January 2007. Not all emails will be relevant to your business but most companies will find it easier to add the information to all outgoing emails, including those messages that forward or reply to a third party's email.
For avoidance of doubt, these details are not required of sole traders or standard partnerships.
3. What is the legal position concerning defamatory statements posted on an institutions computer networks?
The general rule of UK defamation law is that the publisher of defamation faces liability. This applies to FE and HE institutions in the same way as to any other publisher.
Under general principles of law, institutions may be liable for defamation if they know, or have reason to know that the information distributed on their websites/networks is defamatory. There is an obligation on the institution to take offending material down once notified that it is defamatory.
JISC Legal has published an Overview paper on Internet Service Provider Liability and it is available on the JISC Legal website at - http://www.jisclegal.ac.uk/ispliability/ispliability.htm.
Liability may arise if, for example, the institution exercises some discretion over how long material is stored or has the power to remove material (as with newsgroups or websites). In defamation law, institutions, who host email discussion groups, may be considered “secondary publishers”. Although this term does not appear in the legislation, it is commonly used to describe those involved in disseminating a defamatory statement, other than the author, editor and commercial publisher.
Innocent Dissemination
The defence of ‘innocent dissemination’ of a defamation is available to secondary publishers and intermediaries where:
- they are not the “author, editor, or publisher” of the defamation.
- they did not know and had no reason to believe that the statement in question was defamatory
- they took reasonable care in relation to the publication of the statement in question.
Further, under Section 1(3)(e), of the Defamation Act 1996 an intermediary is not considered to be the “author, editor, or publisher” of a defamatory statement:
“…if [the intermediary] is only involved…as the operator of or provider of access to a communication system by means of which the statement is transmitted, or made available, by a person over whom he has no effective control.”
The key thing here is that an institution (or any other intermediary with no knowledge of the defamatory material complained of) will lose the protection of section 1 if it is given notice of the defamatory material and does not delete that material. As a result, any FE or HE institution should treat a notice of complaint seriously and investigate it immediately.
Since July 2002, the requirements of the Electronic Commerce (EC Directive) Regulations 2002, which give effect to the European Electronic Commerce Directive (known as the E-Commerce Directive) must be considered. The Regulations limit the liability of service providers who unwittingly transmit or store unlawful content provided by others in certain circumstances.
Further detailed information on the E-Commerce Directive is available in the document “FE/HE Institutions and Liability for Third Party Provided Content” by Gavin Sutter on the JISC Legal website at - http://www.jisclegal.ac.uk/publications/thirdpartycontent.htm.
Updated 9 February 2009
As part of our research we would like to hear from you. If you are unable to find a response to your question in this section please contact us at: info@jisclegal.ac.uk. In addition, if you would like to provide feedback then please email us at: feedback@jisclegal.ac.uk.
We look forward to hearing from you.
Further FAQs
Internet and E-mail Policies
If you are looking for an Internet and E-mail Policy then the guides on the OUT-LAW website are a useful starting point - A user login is required.
http://www.out-law.com/default.aspx?page=458
(29/06/05)
ISPs and the regulatory framework
The most common questions asked by Internet Service Providers about the regulatory framework that came into force in 2003. Information produced originally by Oftel, but found via the Ofcom (Office of Communications) website
http://www.ofcom.org.uk/static/archive/oftel/publications/eu_directives/2003/ispfaq0303.htm
(22/12/04)