Email deletion

We have recently observed a significant increase in parental subject access requests, often accompanied by a notably hostile tone. These requests can create a substantial workload, particularly when the school has an extensive and diverse historical email archive. The challenge arises as soon as you ask the IT department to conduct a document search; before you know it, you may end up with 6,000 pages that need to be redacted!

As a result, we want to reiterate our recent article on email deletion. This issue often gets shelved as “too difficult,” but it is crucial that we address it. We understand that some of you may use your email as a filing system, but this is a risky practice. Not only might you struggle to locate important files when you need them, but a hacker could also access sensitive information!

We have two practical suggestions to improve this situation.

• First, please establish a policy to store any emails you wish to keep in an appropriate file. Once you’ve done that, delete them from your inbox, along with any related sent mail. Additionally, set a deletion date to review the files you’ve retained.
• Second, ask your IT support team to automatically delete all emails after a set period, such as three months. This change encourages a new mindset: if you don’t file an email, it will be deleted anyway. Beyond saving space and enhancing your filing system, this practice reduces the risk of “data bombs”—emails from former employees that could fall into the wrong hands.

When it comes to subject access requests, this approach will simplify your work considerably. Requests for data often extend back many years. If you’ve kept emails, you may have to sift through a vast amount of old correspondence. However, if emails have been legally deleted according to your policy, you won’t need to worry.