November 4, 2005: State Department policy decrees day-to-day operations are to be done on government servers.

US State Department headquarters in Washington, DC.

State Department headquarters in Washington, DC. (Credit: AgnosticPreachersKid)

The State Department decrees that “sensitive but unclassified” information should not be transmitted through personal email accounts. It also states, “It is the Department’s general policy that normal day-to-day operations be conducted on an authorized [government server], which has the proper level of security control to provide nonrepudiation, authentication, and encryption, to ensure confidentiality, integrity, and availability of the resident information.” (US Department of State, 1/12/2016) (The Washington Post, 3/10/2015)

The department’s regulations also require that “Departing officials must ensure that all record material that they possess is incorporated in the Department’s official files and that all file searches for which they have been tasked have been completed, such as those required to respond to FOIA [Freedom of Information Act], Congressional, or litigation-related document requests. Fines, imprisonment, or both may be imposed for the willful and unlawful removal or destruction of records as stated in the US Criminal Code (e.g., 18 U.S.C., section 2071).” (US Department of State, 8/17/2007)