Previous Story

Next Story

Storing and Preserving in Cyberspace

By Robert Lagas

In some ways, the use of email and the Internet has raised issues of security, privacy and confidentiality never before confronted by modern society. On the other hand, prehistoric man was out searching for food, storing food, protecting it from those who might try to steal it, and deciding who to share it with. Email messages may contain information that has confidentiality requirements or should have access restricted to those with a need to know. NIH email messages are normally transmitted over unsecured data lines, and all email messages are subject to Freedom of Information Act requests and official investigations. Since NIH email is a government resource, there should be no expectation of privacy like you have with a letter sent to your home through the USPS mail. A good rule to follow for email messages is: If you would be embarrassed to see it on the front page of the Washington Post, don't send it.

You are responsible for managing your email messages (the subject of a future article) just as you are responsible for managing other records in your office. If your email messages are considered "official records" or if they have information that should have restricted access, you need to consider several security issues.

• What messages should you keep, and how long should you keep them?

• If you delete a message, how long will there be a backup copy available?

• Are there backups of your message other than the network backup?

• How long would it take to retrieve a deleted message from a backup file?

• Should you encrypt your email messages?

• Are your messages on a network drive or your own hard drive?

• Who has access to your email messages?

• Can someone make changes to your files without your permission?

• Can a hacker access your email messages through your network?

Your records management officer or your Privacy Act officer can answer questions about privacy and record keeping requirements. Your LAN administrator, your email administrator or your information systems security officer can answer questions about accessibility and security. More information on IT policy and security can be found at the OIRM Web site, http://wwwoirm.nih.gov/...but don't tell anyone, it's supposed to be a secret.