After Powell left office in 2005, and through 2011, the State Department’s guidance for private email use was “considerably more detailed and more sophisticated.”

In 2002, there was a new requirement for email users to “determine the significance and value of information created on e-mail systems [and] determine the need to preserve those messages that qualify as records.” Rules for nongovernment information systems for the State Department were established in May 2004, toward the end of Powell’s tenure.

Clinton’s email use should be evaluated in the context of the clearer guidance under her tenure, and the various memorandums “specifically discussing the obligation” for officials to use department systems in most circumstances, the report said. “Secretary Clinton’s cybersecurity practices accordingly must be evaluated in light of these more comprehensive directives,” the report said.