The University works in a large, complex information technology environment requiring communication related to both confidential and public data. New technologies offer the University methods to make this communication easier between students, staff, departments, colleges, and the world.
However, with this open communication network, vulnerabilities to the privacy of electronic messages possibly containing confidential or proprietary material arise. University electronic mail users need to be aware of the vulnerabilities in electronic mail communication and of the legal responsibilities that accompany the use of this medium.
- Define who may use the electronic mail systems controlled and administered by Nicholls State University.
- Outline responsibilities related to electronic mail maintenance and use.
- Provide guidelines for the security and confidentiality of University electronic mail.
- Provide methods for monitoring, enforcing and dealing with exceptions to this policy.
- Electronic mail (e-mail) created, sent or maintained within, received, administered by or networked to the electronic mail systems of Nicholls State University.
- University electronic mail users.
The Division of Information Technology, including the Department of Academic Computing, shall define what categories of individuals (e.g., full time, part-time, staff, students, economic partners, other educational institutions, general public, etc.) may access University electronic mail systems.
- Determining what categories of individuals, within the guidelines, may access the mail system under the administrator’s control.
- Ensuring that a security plan for the electronic mail system, for which he/she is responsible, has been developed, has been implemented and is maintained. The security plan should include an analysis of whether message encryption is needed.
- Ensuring that a backup plan to allow for message/system recovery in the event of a disaster has been developed, tested and implemented.
- Periodically assessing the level of risk within the mail system.
- Ensuring that appropriate steps are taken to prevent a system break-in or intrusion through the electronic mail application.
- Providing information regarding electronic mail vulnerabilities to electronic mail users so that they may make informed decisions regarding how to use the system.
- Ensuring that all electronic mail ids for individuals with email accounts on University systems have been deleted when an authorized user has terminated employment, graduated or withdrawn from the University and when a “courtesy account” is inactive or no longer needed.
- Ensuring that electronic mail message retention standards, within the guidelines of these and other University policies, have been developed and are implemented for the administrator’s electronic mail system.
Campus Electronic Mail Policies will ensure that employees responsible for maintaining, repairing and developing electronic mail resources will exercise special care and access electronic mail messages only as required to perform their job function. These employees will not discuss or divulge the contents of individual electronic mail messages viewed during maintenance and trouble-shooting.
- Use electronic mail in a responsible manner consistent with other business communications (e.g., phone, correspondence).
- Safeguard the integrity, accuracy and confidentiality of University electronic mail.
- Only use mail ids assigned to them.
- Remove mail from their mailbox consistent with University, departmental or electronic mail administrator message retention policies and standards.
Unacceptable User Behavior
- Sending any unsolicited mail or materials that are of a fraudulent, pornographic, defamatory, harassing or threatening nature.
- Posting materials that violate existing laws or University codes of conduct, are inconsistent with the University mission, or are commercial advertisements or announcements on any electronic bulletin boards.
- Forwarding any other form of unnecessary mass mailing (such as chain letters) to University or external electronic mail users.
- Using electronic mail access to unlawfully solicit or exchange copies of copyrighted software.
Security and Confidentiality Standards
- The University considers an electronic mail message as a personal or business correspondence; therefore, it should be dealt with in the same manner.
- The University considers electronic mail messages the property of the sender and/or receiver. Although the messages are considered the property of the sender and/or receiver, these messages are stored on University computer systems, and the University is therefore responsible for the administration of electronic mail.
- The right to privacy is not inherent on an electronic mail system, especially one connected to the Internet.
- The University will not monitor the content of electronic documents or messages; however, the privacy of documents and messages stored in electronic media cannot be guaranteed. Electronic documents and messages may be readable to maintenance, security and troubleshooting staff while performing their job functions. Such access occurs only when a problem in the software or network arises. Additionally, electronic mail may pass out of one computer environment, across a network, and into another totally different computer environment even within the University system. This transport becomes increasingly complicated as mail travels between departments, universities, states or nations. The level of security over your message is affected each time the computer hardware, software and environment change. Untraceable leaks may occur.
- If there is a University investigation for alleged misconduct, the President or their designee may authorize that electronic mail or files be locked or copied to prevent destruction and loss of information. Additionally, the University may monitor the content of electronic documents and messages, or access electronic mail backups or archives as a result of legal discovery, writ, warrant, subpoena, or when there is a threat to the computer systems integrity or security.
- The confidentiality of the contents of electronic mail messages that include certain types of information (e.g., student related, medical, personal) may be protected by the Family Educational Rights and Privacy Act of 1974 (as amended) and/or the Electronic Communications Privacy Act of 1986.
- The authenticity of an electronic mail message cannot be assured due to the state of present electronic mail technology. This means that the authorship or source of an electronic mail message may not be as indicated in the message.
- University electronic mail users unread electronic mail messages will be retained for a 2-week period during the semester and during the period between semesters.
- Individuals are prohibited from using an electronic mail account assigned to another individual to either send or receive messages. If it is necessary to read another individual’s mail (e.g., while they are on vacation, on leave, etc.), message forwarding should be requested from the electronic mail administrator.
- University electronic mail users are encouraged to use these communications resources to share knowledge and information in furtherance of the University’s missions of instruction, research and public service. Occasional and incidental social communications using electronic mail are not prohibited; however, such messages should be limited and not interfere with an employee’s job function.
- Individuals with email ids on University computer systems are prohibited from sending messages which violate existing laws or University codes of conduct or policies; are inconsistent with the University mission; or are advertisements or announcements for a commercial business.
- Authorized users should not “rebroadcast” information about significant issues obtained from another individual in respect to that individuals reasonable expectation of confidentiality.
- Bulletin Boards used for soliciting or exchanging copies of copyrighted software are not permitted on University electronic mail systems.
- Authorized users are prohibited from sending, posting or publicly displaying or printing unsolicited mail or materials that is of a fraudulent, defamatory, harassing, abusive, obscene or threatening nature on any University system. The sending of such messages/materials will be handled according to current University codes of conduct, policies and procedures.
- The University accepts no responsibility for the content of electronic mail received. If a student receives electronic mail that they consider harassing, threatening or offensive, they should contact Academic Computing and University Police for assistance.
- Users should remember federal and state laws and University policies against racism, sexism and sexual harassment exist. Additionally, the University has special concern for incidents in which individuals are subject to harassment or threat because of membership in a particular racial, religious, gender or sexual orientation group.
Users breaching the confidentiality of electronic mail messages, disclosing confidential University data by using electronic mail, or otherwise violating this policy may be denied future access to the computer system and shall be subject to reprimand, suspension, dismissal or other disciplinary actions by the President or his/her designee consistent with University delegations of authority, codes of conduct and personnel policies.