Many victim service programs use email daily in their work, either communicating with survivors directly or coordinating services with other community programs. Email, however, isn’t the safest way to communicate. Emails can be forwarded accidentally or intercepted by someone for whom the email was not intended. The following are some best practices for victim service agencies to ensure that their email communication is as private and secure as possible.

When Emailing With Survivors

  • If a survivor initially contacts you through email, your response should include asking the survivor if emailing is a safe method of communicating. For some survivors, it may be the only method available to get help, but for others a phone call might be safer. If you are providing support via email, check in periodically to see if email is still a safe and preferred method of communicating.
  • Don’t ban emailing with survivors as a general practice. Although email has risks, refusing to email with survivors isn’t the solution. Allow the survivor to determine the means and mode of communication that can best accommodate her/his ability, access, needs, and preferences.
  • When responding to emails from survivors, delete the previous conversation thread.  That way if the email accidentally gets forwarded, intercepted, or the account is accessed by the abuser, the entire history of the conversation isn’t revealed.
  • Discuss email safety and privacy with survivors, encouraging them to delete their sent messages from both their sent and deleted folders if they are concerned that their account could be accessed by someone else.
  • Refrain from keeping victims’ email addresses in your computer or address book. 
  • If you must print out an email exchange, shred the email conversation as soon as you no longer need it.
  • To prevent sending emails to the wrong person, double check the address.  Most email programs will “autofill” the rest of the address for you after you type the first few letters of the name.  
  • Staff should regularly delete emails from survivors so as to not keep identifying information for longer than needed. This includes purging the “sent” and “deleted” folders as well.

When Emailing About Survivors

  • Internal communication about survivors should be restricted. Do not include survivors’ names or other identifying information in emails.
  • When communicating about survivors outside of your agency, you must have a written, informed, and time-limited release from the survivor before you can share any information. Refer to the NNEDV confidentiality toolkit for more information about releases and confidentiality obligations. 

Agency Best Practices & Policies

Agencies should have a data retention policy ensuring that information that isn’t needed is regularly deleted. This policy should include emails received from survivors. Visit NNEDV’s Technology & Confidentiality Resources Toolkit for best practices on record retention and deletion. Don’t forget that emails are often backed up or archived, and email conversations between you and survivors will be saved.

When communicating with others about survivors, make sure you know about your organizations’ confidentiality obligations and requirements for privilege (if your state has advocate-client privilege). Email is a form of written record; guard it responsibly.

Download this page in a handout version (in PDF).