ITS Email Policy

Contents

Purpose

The purpose of this policy is to set forth guidelines relating to the use of Albany State University’s (ASU) electronic mail system (“e-mail”). It will also delineate the university’s right of access to e-mail and establish rules relating to the retention and destruction of email.

Scope

This policy applies to all Albany State University faculty, staff, students, alumni, and affiliates (vendors, contractors, consultants, etc.).

Policy

ASU electronic mail users must abide by the guidelines in this policy and protect e-mail documents according to the university, University System of Georgia Board of Regents (USGBOR) policies and standards as well as federal and Georgia State laws.

  1. Acceptable Use

    Use not consistent with this policy will be considered unauthorized use as referenced in the ASU and USGBOR Acceptable Use policies. ASU will provide the university e-mail system, and/or contracts for any Third-Party e-mail system (s), for learning activities and administrative functions supporting its business and academic missions. The e-mail system (s) primary use is for university business and academic purposes; however, modest personal use of the e-mail systems is allowed. E-mail made or received using the university e-mail system is presumed to be made and/or received in the course of university employment and is subject to federal, state and local laws and regulations (including the Georgia Open Records Act), and ASU policies, including laws, regulations and policies that are specific to computers and networks. Anyone performing official university business is required to utilize their e-mail system account(s) and not personal e-mail accounts.

  2. Access and Disclosure

    1. Access to ASU’s information technology resources, including the E-mail Systems, is a privilege. The University reserves the right to limit, restrict or remove access to its resources when policies or laws are violated and to use appropriate means to safeguard its resources, preserve network/system integrity, and ensure continued service delivery at all times.
    2. E-mail may constitute University “correspondence” or “computerized records” and therefore may be considered public records subject to disclosure under the Georgia Open Records Act or other laws, or as evidence in a legal action.
    3. ASU will not routinely inspect, monitor, or disclose e-mail. The university shall exercise the right with discretion, to access, retrieve, inspect and disclose the contents of e-mail for University-related purposes, which may include, but are not limited to:
      1. Maintaining system integrity
      2. Protecting health and safety
      3. Preventing interference with the academic mission
      4. Performing required internal investigations
      5. Complying with legal requests and demands

  3. Privacy and Confidentiality

    ASU will make reasonable efforts to maintain the integrity and effective operations of the university e-mail systems. Users should not regard e-mail as a secure medium for the communication of sensitive or confidential information. ASU cannot assure neither the privacy of an individual user’s usage of the e-mail systems nor the confidentiality of their messages.

    Users should exercise particular caution, so as not to send sensitive information as listed.

    1. Information about the medical or mental condition of employees or students
    2. Material about the evaluation, performance or discipline of ASU employees or students
    3. Evidence relating to the investigation, defense, or prosecution of any pending judicial action or administrative charge in which the university, its faculty, staff or students are parties;
    4. Information relating to the investigation, resolution or disposition of any complaint or charge involving faculty, staff or students, including, but not limited to, complaints and/or charges involving fair practices, grievances or alleged discrimination; and information relating to the request for or delivery of legal advice or employer/employee relations assistance) via unencrypted e-mail, and should limit any such communications (or further disclosure of any such communications) to those with a legitimate need to know.

  4. Prohibited Uses

    The E-mail Systems may not be used for unlawful activities or for commercial purposes that are not directly related to the university’s mission or otherwise authorized. Other prohibited uses of the E-mail Systems include, but are not limited to:

    1. Sending copies of documents or inclusion of the work of others into e-mail in violation of copyright laws
    2. Sending junk mail or spam messages.
    3. Using e-mail to harass, intimidate, defame or discriminate against others or to interfere with the ability of others to conduct university business.
    4. Soliciting e-mail from any other e-mail address, other than that of the poster’s account; creating or forwarding chain letters or solicitations for business schemes; using e-mail originating from within university networks for commercial purposes or personal gain.
    5. Sending the same or similar non-business-related messages to large numbers of e-mail recipients such as mass-e-mailing.
    6. Misrepresenting (including forgery) the identity of the sender or the source of an Electronic Communication.
    7. Acquiring or attempting to acquire passwords of others.
    8. Using or attempting to use the computer accounts of others.
    9. Altering the content of a message originating from another person or computer with intent to deceive.
    10. Deleting another person’s postings without authorization.
    11. Obtaining access to the files or e-mail of others without documented approval from the Office of the President or Legal Counsel
    12. Attempting unauthorized access to e-mail or attempting to breach any security measures on any e-mail system, or attempting to intercept any e-mail transmissions without proper authorization.
    13. Using e-mail for any purpose restricted or prohibited by law, USGBOR, or ASU policies.

  5. Intellectual Property

    A faculty or staff member does not lose any ownership interest he/she has in intellectual property pursuant to ASU and USGBOR policies on intellectual property, because the work is communicated through e-mail. If there is a dispute regarding ownership of the work, the University has the right, upon written notification to the faculty or staff member, to obtain access to the work (and to any e-mails in which the work is communicated) for the purpose of determining whether the University has an interest in it

  6. Retention and Disposal

    Employee e-mail is public record subject to disclosure under the Georgia Open Records Act. E-mail in the university e-mail system is subject to the record retention schedules established by ASU, USGBOR Records Retention polices and standards, compliance standards, and federal and state law. The university reserves the right to retain e-mails in the university e-mail System as required. Federal laws may require retaining e-mail in the university e-mail system for a specific time as defined by individual laws (e.g. FERPA, HIPAA, and PCIDSS).

    1. Upon an employee’s separation of employment, the employee’s e-mail account shall be terminated and the university has the right to access e-mail made or received by the employee using the university e-mail systems or which is otherwise made or received in the course of employment. An employee who separates from employment shall not remove, destroy, or copy any of the business-related e-mail entrusted to his/her care or created by him/her during employment, unless otherwise permitted in writing by ASU.
    2. In accordance with USGBOR Records and Retention policy, ASU Information Technology Services (ITS) must retain deans, executives, vice presidents and above employees email communication permanently. All other employees email will be archived for five years after employment has ended. If employees wish to retain e-mail in the university e-mail system beyond local server thresholds, they must transfer the information to disk. Such disks and the information they contain, constitute university property and may need to be retained based on applicable laws and policies.
    3. In certain circumstances, Albany State University may issue a litigation hold requiring employees to retain electronic communications that is created, received, maintained or stored on the university e-mail system

Accountability

Violation of this policy may subject the user to sanctions, including the loss of computer and/or network access privileges, disciplinary action, suspension, termination of employment, dismissal from ASU, and/or legal action.

Contacts

  • Albany State University Chief Information Officer
  • Albany State University Chief Information Security Officer

References

  • ASU ITS Security Website: https://webdev.asurams.edu/betaram/content/information-security
  • USGBOR Handbook: http://www.usg.edu/information_technology_handbook/section5
  • SANS Institute: http://www.sans.org

Version History

Date, version number and description of creation or change of the policy
Date Version Description
July 9, 2013 1.2 First release
August 11, 2015 1.3 Removed individual names under the contact section