An Outlook Data File (PST) is a unique Microsoft file format that is used to store items like Outlook email messages, Outlook calendar events and contacts. Outlook Data Files can be used to backup or export items from users email accounts. 

Why would someone create a PST?

PST files provide an efficient way to export data from Outlook while preserving emails in their original and native format. Printing an email is worthless in the 21st century. Even converting an email to a PDF can strip away critical metadata and attachments associated with the email. PSTs allow for the seamless transfer of emails from UW Office 365 Exchange Online mailbox ensuring the preservation of their native format.

This is useful for business continuity purposes to ensure records are maintained after an employee separates from the UW. Moreover, PSTs can also facilitate the transfer of large numbers of emails for public records requests, subpoenas, litigation, or investigations. They also support the retention of records for their required legal retention period.

What does a PST file look like and how does it behave?

When created correctly, a PST file will appear like another mailbox in your Outlook Application.

screenshot of Outlook application with a PST file titled Employee Outlook Data File loaded into the application

The emails in the PST file will look and function just like regular emails with all metadata, attachments, and Outlook-specific details intact.

However, the PST file itself is saved to and stored in a separate location outside of your UW Office 365 Exchange Online mailbox, e.g. a local device's hard drive.

Screenshot of shared directory with a file named Employee Outlook Data File being saved there

What are the risks, liabilities, and drawbacks associated with a PST?

  • It takes some technical expertise in order to create a PST file and to ensure the proper transfer of email-related data into the file format
  • It takes even more technical expertise in order to locate and access the PST file in order to read the emails
    • If you try to open a PST file like a 'normal' file by double-clicking, this error message will appear

screenshot displaying caution icon with text reading "Microsoft Outlook - Outlook data files must be opened from within Outlook."

  • Instead, you must follow a more complicated process to load the file and access its contents
  • A PST file is not searchable or accessible unless it is loaded into an Outlook account. Users will not be able to search for contents unless the PST file is loaded into Outlook. Users will not know anything more than what's provided in the PST file title.
    • As a result, it requires users to be aware that the PST file exists, and subsequently that they know generally what the contents are within the PST file, and users know how to load them in order to access their contents.
  • PST file formats are fragile and are easily corrupted, making the contents inaccessible. This is particularly frequent when the PST file is larger in size (10GB or more).
  • Only one user can access a PST file at one time. If one user has the file loaded into their Outlook account, no other users can access it simultaneously.
  • PSTs are taking Outlook data out of the UW Office 365 Exchange Online infrastructure. Microsoft and UW-IT work tirelessly to ensure Outlook data is accessible, readable, and backed up. UW Office 365 Exchange Online is HIPAA and FERPA compatible with security parameters to help ensure data is protected. Taking contents out of this infrastructure puts an increased burden of security and privacy on the user and increases the risk of a data breach.
    • That means saving the PST file to a secure and backed up location, where only users with appropriate permissions can access the contents.
  • Because PST files are saved outside a NetID's UW Office 365 Exchange Online mailbox, these records are therefore outside of the Office 365 data purview. This means that when the user leaves the UW, these emails will not be automatically purged as part of the UW-IT account deletion policies, meaning the burden of analyzing the contents of the PST, identifying the record retention policy that applies to the contents, determining if the file has fulfilled it's retention period, and manually purging the PST file will fall to individuals who are aware the file exists, and the aware of the records it contains.
    • This also means that others are responsible for producing those emails in response to a public record request, litigation, or investigation. If the contents of a PST are subject to a disclosure request, they must be searched and provided.

Are there any benefits to a PST?

The same reasons that make PST files potential liabilities also highlight their benefits.

  • When an employee leaves UW, their entire UW Office 365 account, included 365 Exchange data, is subject to an automated deletion policy with data being purged shortly after the separation date.
    • The use of a PST to transfer and save Outlook data, in its original format, to be preserved beyond the employee's tenure can allow for more proper record retention, aid in business continuity, and ensure responsiveness to ongoing litigation, public record requests, or investigations.

Best Practices for a PST

When Creating a PST

  • Only create when absolutely necessary
    • Legitimate reasons to create PSTs include transferring substantive records before leaving a department, transferring records to the Office of Public Records (OPR), the Attorney General's Office (AGO), Internal Audit, Civil Rights Investigation Office (CIRO), or others in response to a request.
  • Create a PST and save only the records absolutely necessary to retain for their intended purposes.
    • Users should be meticulously searching and culling emails so that only the records needing to be retained are kept. Transitory emails, unless responsive to a legal matter, should never be saved to a PST file.
  • Ensure the PST is saved in a central location with shared permissions/access.
    • Saving to a secure location that is frequently backed up to head-off issues with file stability problems.
  • Ensure colleagues/superiors are aware of the PST's existence, with knowledge of when it was created, why it was created, and what it contains. Saving details in the PST file name and saving other README files in the same location can provide this information and context as well.
  • Avoid saving these files with a password protection unless absolutely necessary for security purposes. The files themselves are not encrypted, so while it may add a slight hurdle for protection, it adds a very large barrier between users seeking to open it and their ability to access the material for legitimate reasons.
    • Instead, ensuring the PST is saved in a secure location in a space where only the users with need-to-know have access to the file helps protect its content from the rest of the UW.
  • Ensure the same users have instructions and technical knowledge in order to access the data.
  • Have a plan for deletion and be sure that information is shared with users with access.

When Accessing a PST

  • Only have the PST file loaded into your Outlook application when you need it. When you are not actively searching for emails or referencing the contents, be sure to Quit and Close the file.
    • Remember, only one person can access the file at one time, so if you have it open means no on else can open it.
  • Change your cache settings to be sure when doing a search within a PST file in your Outlook application, that any search is capturing all the responsive emails
    • Doing so will slow your Outlook performance, but will ensure you are finding the content you are searching for.

When Managing a PST

  • Avoid creating duplicate copies of the PST file. This format is fragile and prone to corruption issues. Creating a duplicate copy can cause disruption to the file. 
  • When the purpose of the PST has been fulfilled, analyze the appropriate record retention policies to determine if the PSt file has fulfilled the legally approved retention period. If so, delete it. 
    • Contact Records Management Services for assistance in applying retention requirements: recmgt@uw.edu