UAH E-mail Policy

Policy Last Revised: 2/11/2010

1.0 Purpose

The purpose of this policy is to ensure the proper use of official University electronic mail (e-mail) systems by its students, faculty, staff and affiliates granted access to University e-mail privileges. E-mail is a tool provided by the University to complement traditional methods of communications and to improve education and administrative efficiency. Users have the responsibility to use this resource in an efficient, effective, ethical and lawful manner, and with normal standards of professional and personal courtesy. Use of the University's e-mail system evidences the user's agreement to be bound by this policy. Violations of this policy may result in restriction or termination of access to the University e-mail systems without prior notice and without consent of the e-mail user. Violations of this policy may also result in appropriate disciplinary action as well as referral, where appropriate, to federal and/or state law enforcement officials.

2.0 Account Eligibility and Creation

Official e-mail addresses will follow a standard naming convention: 'official user ID @ uah.edu'

2.1 Official User IDs

E-mail accounts for faculty, staff and students are created based on the official user ID as reflected in Human Resources, Payroll and Registrar records. E-mail accounts for contractors or long-term visitors are based on the official name of the individual as reflected in the official request submitted by the campus sponsor, and will follow the same naming convention as the official user IDs for students, staff and faculty. Requests for official user IDs or affiliate accounts based on name preference, middle name, nicknames, etc., cannot be accommodated. User IDs will remain in the system and will not be reused at any time.

2.2 E-mail Aliases

Requests for e-mail aliases may be submitted for approval through the OIT User Services portal website. The alias should be in the form of 'firstname.lastname @ uah.edu'. Other forms of vanity e-mail aliases may be considered, but only in exceptional circumstances. E-mail aliases will only take effect after the request has been reviewed and approved.

2.3 Affiliate Accounts

Faculty members, staff members, or departments may request temporary e-mail privileges for users outside of the University. Full time Faculty or Staff requesting these types of accounts will be required to submit user information, rationale for the account, a desired expiration date, and sponsor information. Sponsorship must be renewed annually to maintain the account. Those accounts that are not re-sponsored after one year will have e-mail privileges terminated.

2.4 Entity Accounts

Requests for shared entity accounts which pertain to, or are reasonably related to, and individual or group's activities associated with the University, may be accommodated. Such accounts would require designation of an account owner, who will administer the addition, deletion, or modification of names within the account, as well as manage the account in accordance with these guidelines. These accounts will be created with an expiration date of one year, at which time the owner can request a renewal, which may be granted following verification of ownership and the member list. Shorter expiration dates will be given where appropriate, such as to accommodate specific time-limited needs. Supported types of shared entity accounts are designated as:

• Entity Alias – This address will be able to receive mail from anywhere on the Internet, but will have no direct reply capability. The group/organization utilizing this type of generic account will have to utilize their own personal mail account to respond to the originators of any mail received. These accounts will only be granted for SGA or Faculty/Staff recognized activities or organizations with approval of the faculty advisor being required for an organization recognized by the SGA.
• Entity E-mail Account – This address will be able to receive mail from anywhere on the Internet, and will be able to respond directly to the sender. Initiation of such an account will need prior approval of a University official at the level of Dean (for College level activities), Dean of Students (for student activities) or a Vice-President. It does not assume access to predefined University mass mailing lists. Mail sent from the generic ID will not reflect the identity of the responder, but will instead carry the identity of the generic account. These accounts will only be granted to conduct official University business.

3.0 Account Termination

Individuals may leave the University to take other employment, retire, transfer to another college, or simply go on to other activities. E-mail benefits are reduced depending on the following roles. Litigation involving a Faculty or Staff member, or Student would be an exception to terminations or length of time eligible for e-mail privileges as designated by the Office of Counsel. The University reserves the right to terminate e-mail privileges for any e-mail user at any time. The normal expiration of accounts will be determined as follows:

• Faculty who leave before retirement – Faculty members who leave the University before retirement may keep their e-mail account for one year from the end of the last term in which they taught.
• Staff who leave before retirement – Staff members who leave the University before retirement will have e-mail privileges terminated effective on their last worked day as determined by HR, unless specific arrangements are requested and approved by HR. For security reasons, if there is no usage of the account for a period of one year, e-mail privileges will be terminated.
• Retired Faculty – Faculty members who have retired from the University may retain their e-mail privileges for life; however, for security reasons, if there is no usage for a period of one year, e-mail privileges will be terminated.
• Retired Staff – Staff members who have retired from the University will have e-mail privileges terminated effective on their last worked day as determined by HR, unless specific arrangements are requested and approved by HR. For security reasons, if there is no usage of the account for a period of one year, e-mail privileges will be terminated.
• Adjunct Faculty – Adjunct Faculty members may maintain e-mail privileges for one academic year from the last term in which they taught, unless informed otherwise by the Provost's office.
• Students who leave before graduation – Students who leave the University without completion of their degree or other program may keep their e-mail account for one academic year from the last term in which they were registered.
• Prospective students who have been given e-mail privileges – Students who have been admitted to the University, but fail to register for classes in the first term following the date of their admission, will have their e-mail privileges terminated immediately after registration for that first term has closed.
• Alumni – Alumni may retain e-mail privileges for life; however, for security reasons, if there is no usage for a period of one year, e-mail privileges will be terminated. Alumni who do not have an active e-mail account may register for e-mail privileges by going to the Alumni Website and becoming a member of the Alumni Association.
• An employee who is fired or a student who is expelled – Employees or students who leave the University involuntarily will have e-mail privileges terminated immediately upon receipt of notification by HR or the Dean of Students Office.
• Affiliates who have been granted e-mail privileges – Contractors, long-term guests and tenants, with a University sponsor, who have been granted e-mail privileges will have e-mail privileges terminated effective on their last day of affiliation with the University or at the end of one year, unless their University sponsor renews the request.

4.0 Privacy of E-mail

The University will make reasonable efforts to keep e-mail messages sent through the University e-mail systems and services secure. Under certain circumstances, it may be necessary for the OIT staff or other appropriate University officials to access e-mail files to maintain the system, to investigate security or abuse incidents or to investigate violations of this or other University policies. Such access will be on an as needed basis, and will follow pertinent law, policies, and regulations. Any e-mail accessed will only be disclosed to those individuals with a need to know, as determined in consultation with the Office of Counsel, or as required by law.

E-mail is also subject to disclosure in response to court orders and lawfully issued subpoenas, and incident to the University's legal obligations to make certain information available to an opposing party during the legal process of discovery that precedes a trial. University employees must comply with University requests for copies of and/or access to e-mail records in their possession that pertain to the administrative business of the University or the disclosure of which is required to comply with applicable laws or other legal obligations of the University.

5.0 Acceptable Use of E-mail

The University provides e-mail facilities for electronic communications that support the University's mission. All use of e-mail will be consistent with other University policies, and local, state, and federal law, including the Family Educational Rights and Privacy Act of 1974 (FERPA). When using e-mail as an official means of communication, faculty, staff, students and affiliates should apply the same professionalism, discretion, and standards that they would use in written business communication. Furthermore, faculty, staff, students or affiliates should not communicate anything via e-mail they would not be prepared to say publicly. Students, faculty and staff may not disclose personal, sensitive, or confidential University information in e-mail that they are privileged to access because of their position at the University.

Use of distribution lists, 'reply all' and 'forward' features of e-mail should be carefully considered and only used for legitimate purposes, particularly if attachments are involved. The Office of Information Technology reserves the right to meter the distribution of mass e-mail to prevent performance issues that negatively impact the ability of the University to conduct official University business. In cases where e-mail messages generate a high number of responses due to the subject matter, it may be appropriate to utilize discussion lists in lieu of e-mail. Personnel are encouraged to contact OIT to discuss such issues so as to arrive at an option that best meet the needs of official University business.

While reasonable personal use of e-mail is acceptable, conducting business for profit using University resources, such as official e-mail, outside the purview of existing University policies related to the professional service and allowable consultancy components of the Faculty Handbook, is prohibited. Personal use of e-mail must not be excessive and must not distract from or delay performance of University responsibilities of the user. For additional information on business that would be considered related to the mission of the University, please refer to the FAQ.

5.1 Examples of Inappropriate Use

Any inappropriate e-mail, examples of which are described below and elsewhere in this policy, is prohibited. Users receiving such e-mail should immediately contact OIT.

• The creation and/or exchange/forwarding of messages which are harassing, obscene, discriminatory or threatening.
• The unauthorized exchange of proprietary information or any other privileged, confidential or sensitive information.
• The creation and exchange of advertisements, solicitations, chain letters and other unofficial, unsolicited e-mail.
• The creation and exchange of information in violation of any state or federal laws, including copyright laws, or University policies.
• The knowing transmission of a message containing a computer virus.
• The misrepresentation of the identity of the sender of an e-mail. The use or attempt to use the accounts of others without their permission.

6.0 User Responsibility

An e-mail message regarding University matters sent from an administrative office, faculty, or staff member is considered to be an official notice. Faculty, staff, students and affiliates are expected to read e-mail on a regular basis and manage their accounts appropriately. Faculty, staff, or students who choose to use another e-mail system are responsible for receiving University-wide broadcast messages and other business-related e-mail by checking the University's official e-mail system and website. An alternate method of checking University e-mail is to utilize the 'forwarding' feature in Google Apps, which can be set to forward mail to an individual's personal e-mail account. For further instructions, please refer to the instruction information offered on the OIT website. 

Sharing of passwords is strictly prohibited. Each individual is responsible for his/her account, including the safeguarding of access to the account. All e-mail originating from an account is deemed to be authored by the account owner, and it is the responsibility of that owner to ensure compliance with these guidelines.

7.0 E-mail Retention

To the extent tha they use e-mail messages as a substitute for a paper document; individuals are responsible for preserving those e-mail messages in accordance with any applicable University or departmental records retention policies pertaining to the paper document for which the e-mail message is a substitute.

Due to finite resources, the University has the right to restrict as necessary the amount of user space on e-mail servers provided by it, to revise retention policies with advance notice, and to purge and remove e-mail accounts in accordance with Section 3.0 Account Termination.

8.0 E-mail Backup

Official e-mail systems are backed up on a regular basis to allow recovery from a systemic loss impacting the entire e-mail system. While in some cases it may be possible to recover from the accidental deletion of e-mail by a user, this is generally not feasible. If an individual or department feels the need to additional backups of individual accounts, the individual/department shall be responsible for creating and maintaining such backups. E-mail stored on desktops, laptops, workstations or mobile devices are beyond the scope of OIT staff responsibilities, and therefore the individual user is responsible for backing up those messages and folders.

9.0 E-mail Servers and Supported Clients

The Office of Information Technology maintains the University's official e-mail system. Any entity desiring to operate an independent e-mail server does so at the discretion of OIT. If such operation is approved, the server must be registered with OIT. The organization responsible must adhere to and be audited for compliance with security criteria established by OIT for University systems. The organization responsible will pay any annual fees that have been established.

A current list of University-supported e-mail clients shall be maintained on the Office of Information Technology website. If a problem is encountered with the use of an unsupported client, support personnel will work with the individual to access e-mail via a supported client and will verify functionality within a supported environment. OIT is continually evaluating tools and technologies and reserves the right to modify the list of supported clients with appropriate notification.

10.0 SPAM, Phishing and Viruses

Incoming and outgoing e-mail is scanned for viruses and for messages deemed to be 'SPAM', or unsolicited advertisements for products or services sent to a large distribution. Suspected messages are blocked from the user's inbox. Due to the complex nature of e-mail, it is impossible to guarantee protection against all SPAM and virus infected messages. It is therefore incumbent on each individual to use proper care and consideration to prevent the spread of viruses. In many cases viruses appear to be sent from a friend or coworker, therefore attachments should only be opened when the user is sure of the nature of the message. If any doubt exists, the user should contact the Helpdesk. DO NOT FORWARD THE MESSAGE TO ANYONE!

The Office of Information Technology makes every attempt to block phishing schemes. Legitimate representatives of the University will NEVER require that you to send account access details, such as user IDs and passwords, to them via e-mail. Any message requesting such information should be considered phishing, and should be reported to the Helpdesk. DO NOT RESPOND TO THESE MESSAGES! Responding to phishing allows intruders to hijack University accounts for hostile purposes. The University depends on each person to exercise good judgment with relation to phishing schemes.