Email Retention Policy
For Students, Faculty, Staff, Guests, Alumni
The purpose of this policy is to inform Users of the retention period for Fordham University’s Gmail™ messages.
This policy, and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrators, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.
- Archiving1 is enabled on Gmail. Emails created beyond the archival period will be automatically deleted. Therefore, Users must not rely on the archives for any purpose, including, but not limited to, the User’s need or desire to retain, access, or preserve email, related contents, or attachments.
- Users are responsible for identifying and saving documents that must be retained to comply with federal, state, or local laws, University Policies, or other legal obligations or requirements per the Records Retention and Disposal Policy.
- When the University is legally obligated to preserve emails, the University will suspend the automatic deletion of messages by the archive system until the legal obligation no longer applies.
- Users may save copies of emails and attachments before the retention period expires by transferring them to other secure electronic media per Data Classification Guidelines.
- Email usage must comply with the Acceptable Uses of IT Infrastructure and Resources Policy.
Related Policies and Procedures
- Acceptable Uses of IT Infrastructure and Resources Policy
- Data Classification Guidelines
- Records Retention and Disposal Policy
|Responsible Person||Office of Legal Counsel|
|Approved By||Office of Legal Counsel|
|Approval Date||January 15, 2016|
|2.0||10/03/2023||Updated scope, policy statement, links, and policy disclaimer|
Policy Disclaimer Statement
Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) will only be considered cooperatively between ISA and the requesting entity with sufficient notice to allow for conducting appropriate risk analysis, documentation, review, and notification to authorized University representatives where necessary. Failure to adhere to ISA written policies may be met with University sanctions up to and including dismissal.