UAH Email Policy Policy Last Revised: 2/11/2010 1.0 Purpose The purpose of this policy is to ensure the proper use of official University electronic mail (email) systems by its students, faculty, staff and affiliates granted access to University email privileges. Email is a tool provided by the University to complement traditional methods of communications and to improve education and administrative efficiency. Users have the responsibility to use this resource in an efficient, effective, ethical and lawful manner, and with normal standards of professional and personal courtesy. Use of the University's email system evidences the user's agreement to be bound by this policy. Violations of this policy may result in restriction or termination of access to the University email systems without prior notice and without consent of the email user. Violations of this policy may also result in appropriate disciplinary action as well as referral, where appropriate, to federal and/or state law enforcement officials. 2.0 Account Eligibility and Creation Official email addresses will follow a standard naming convention: 'official user ID @ uah.edu' 2.1 Official User IDs Email accounts for faculty, staff and students are created based on the official user ID as reflected in Human Resources, Payroll and Registrar records. Email accounts for contractors or long-term visitors are based on the official name of the individual as reflected in the official request submitted by the campus sponsor, and will follow the same naming convention as the official user IDs for students, staff and faculty. Requests for official user IDs or affiliate accounts based on name preference, middle name, nicknames, etc., cannot be accommodated. User IDs will remain in the system and will not be reused at any time. 2.2 Email Aliases Requests for email aliases may be submitted for approval through the OIT User Services portal website. The alias should be in the form of 'firstname.lastname @ uah.edu'. Other forms of vanity email aliases may be considered, but only in exceptional circumstances. Email aliases will only take effect after the request has been reviewed and approved. 2.3 Affiliate Accounts Faculty members, staff members, or departments may request temporary email privileges for users outside of the University. Full time Faculty or Staff requesting these types of accounts will be required to submit user information, rationale for the account, a desired expiration date, and sponsor information. Sponsorship must be renewed annually to maintain the account. Those accounts that are not re-sponsored after one year will have email privileges terminated. 2.4 Entity Accounts Requests for shared entity accounts which pertain to, or are reasonably related to, and individual or group's activities associated with the University, may be accommodated. Such accounts would require designation of an account owner, who will administer the addition, deletion, or modification of names within the account, as well as manage the account in accordance with these guidelines. These accounts will be created with an expiration date of one year, at which time the owner can request a renewal, which may be granted following verification of ownership and the member list. Shorter expiration dates will be given where appropriate, such as to accommodate specific time-limited needs. Supported types of shared entity accounts are designated as: Entity Alias – This address will be able to receive mail from anywhere on the Internet, but will have no direct reply capability. The group/organization utilizing this type of generic account will have to utilize their own personal mail account to respond to the originators of any mail received. These accounts will only be granted for SGA or Faculty/Staff recognized activities or organizations with approval of the faculty advisor being required for an organization recognized by the SGA. Entity Email Account – This address will be able to receive mail from anywhere on the Internet, and will be able to respond directly to the sender. Initiation of such an account will need prior approval of a University official at the level of Dean (for College level activities), Dean of Students (for student activities) or a Vice-President. It does not assume access to predefined University mass mailing lists. Mail sent from the generic ID will not reflect the identity of the responder, but will instead carry the identity of the generic account. These accounts will only be granted to conduct official University business. 3.0 Account Termination Individuals may leave the University to take other employment, retire, transfer to another college, or simply go on to other activities. Email benefits are reduced depending on the following roles. Litigation involving a Faculty or Staff member, or Student would be an exception to terminations or length of time eligible for email privileges as designated by the Office of Counsel. The University reserves the right to terminate email privileges for any email user at any time. The normal expiration of accounts will be determined as follows: Faculty who leave before retirement – Faculty members who leave the University before retirement may keep their email account for one year from the end of the last term in which they taught. Staff who leave before retirement – Staff members who leave the University before retirement will have email privileges terminated effective on their last worked day as determined by HR, unless specific arrangements are requested and approved by HR. For security reasons, if there is no usage of the account for a period of one year, email privileges will be terminated. Retired Faculty – Faculty members who have retired from the University may retain their email privileges for life; however, for security reasons, if there is no usage for a period of one year, email privileges will be terminated. Retired Staff – Staff members who have retired from the University will have email privileges terminated effective on their last worked day as determined by HR, unless specific arrangements are requested and approved by HR. For security reasons, if there is no usage of the account for a period of one year, email privileges will be terminated. Adjunct Faculty – Adjunct Faculty members may maintain email privileges for one academic year from the last term in which they taught, unless informed otherwise by the Provost's office. Students who leave before graduation – Students who leave the University without completion of their degree or other program may keep their email account for one academic year from the last term in which they were registered. Prospective students who have been given email privileges – Students who have been admitted to the University, but fail to register for classes in the first term following the date of their admission, will have their email privileges terminated immediately after registration for that first term has closed. Alumni – Alumni may retain email privileges for life; however, for security reasons, if there is no usage for a period of one year, email privileges will be terminated. Alumni who do not have an active email account may register for email privileges by going to the Alumni Website and becoming a member of the Alumni Association. An employee who is fired or a student who is expelled – Employees or students who leave the University involuntarily will have email privileges terminated immediately upon receipt of notification by HR or the Dean of Students Office. Affiliates who have been granted email privileges – Contractors, long-term guests and tenants, with a University sponsor, who have been granted email privileges will have email privileges terminated effective on their last day of affiliation with the University or at the end of one year, unless their University sponsor renews the request. 4.0 Privacy of Email The University will make reasonable efforts to keep email messages sent through the University email systems and services secure. Under certain circumstances, it may be necessary for the OIT staff or other appropriate University officials to access email files to maintain the system, to investigate security or abuse incidents or to investigate violations of this or other University policies. Such access will be on an as needed basis, and will follow pertinent law, policies, and regulations. Any email accessed will only be disclosed to those individuals with a need to know, as determined in consultation with the Office of Counsel, or as required by law. Email is also subject to disclosure in response to court orders and lawfully issued subpoenas, and incident to the University's legal obligations to make certain information available to an opposing party during the legal process of discovery that precedes a trial. University employees must comply with University requests for copies of and/or access to email records in their possession that pertain to the administrative business of the University or the disclosure of which is required to comply with applicable laws or other legal obligations of the University. 5.0 Acceptable Use of Email The University provides email facilities for electronic communications that support the University's mission. All use of email will be consistent with other University policies, and local, state, and federal law, including the Family Educational Rights and Privacy Act of 1974 (FERPA). When using email as an official means of communication, faculty, staff, students and affiliates should apply the same professionalism, discretion, and standards that they would use in written business communication. Furthermore, faculty, staff, students or affiliates should not communicate anything via email they would not be prepared to say publicly. Students, faculty and staff may not disclose personal, sensitive, or confidential University information in email that they are privileged to access because of their position at the University. Use of distribution lists, 'reply all' and 'forward' features of email should be carefully considered and only used for legitimate purposes, particularly if attachments are involved. The Office of Information Technology reserves the right to meter the distribution of mass email to prevent performance issues that negatively impact the ability of the University to conduct official University business. In cases where email messages generate a high number of responses due to the subject matter, it may be appropriate to utilize discussion lists in lieu of email. Personnel are encouraged to contact OIT to discuss such issues so as to arrive at an option that best meet the needs of official University business. While reasonable personal use of email is acceptable, conducting business for profit using University resources, such as official email, outside the purview of existing University policies related to the professional service and allowable consultancy components of the Faculty Handbook, is prohibited. Personal use of email must not be excessive and must not distract from or delay performance of University responsibilities of the user. For additional information on business that would be considered related to the mission of the University, please refer to the FAQ. 5.1 Examples of Inappropriate Use Any inappropriate email, examples of which are described below and elsewhere in this policy, is prohibited. Users receiving such email should immediately contact OIT. The creation and/or exchange/forwarding of messages which are harassing, obscene, discriminatory or threatening. The unauthorized exchange of proprietary information or any other privileged, confidential or sensitive information. The creation and exchange of advertisements, solicitations, chain letters and other unofficial, unsolicited email. The creation and exchange of information in violation of any state or federal laws, including copyright laws, or University policies. The knowing transmission of a message containing a computer virus. The misrepresentation of the identity of the sender of an email. The use or attempt to use the accounts of others without their permission. 6.0 User Responsibility An email message regarding University matters sent from an administrative office, faculty, or staff member is considered to be an official notice. Faculty, staff, students and affiliates are expected to read email on a regular basis and manage their accounts appropriately. Faculty, staff, or students who choose to use another email system are responsible for receiving University-wide broadcast messages and other business-related email by checking the University's official email system and website. An alternate method of checking University email is to utilize the 'forwarding' feature in Google Apps, which can be set to forward mail to an individual's personal email account. For further instructions, please refer to the instruction information offered on the OIT website. Sharing of passwords is strictly prohibited. Each individual is responsible for his/her account, including the safeguarding of access to the account. All email originating from an account is deemed to be authored by the account owner, and it is the responsibility of that owner to ensure compliance with these guidelines. 7.0 Email Retention To the extent tha they use email messages as a substitute for a paper document; individuals are responsible for preserving those email messages in accordance with any applicable University or departmental records retention policies pertaining to the paper document for which the email message is a substitute. Due to finite resources, the University has the right to restrict as necessary the amount of user space on email servers provided by it, to revise retention policies with advance notice, and to purge and remove email accounts in accordance with Section 3.0 Account Termination. 8.0 Email Backup Official email systems are backed up on a regular basis to allow recovery from a systemic loss impacting the entire email system. While in some cases it may be possible to recover from the accidental deletion of email by a user, this is generally not feasible. If an individual or department feels the need to additional backups of individual accounts, the individual/department shall be responsible for creating and maintaining such backups. Email stored on desktops, laptops, workstations or mobile devices are beyond the scope of OIT staff responsibilities, and therefore the individual user is responsible for backing up those messages and folders. 9.0 Email Servers and Supported Clients The Office of Information Technology maintains the University's official email system. Any entity desiring to operate an independent email server does so at the discretion of OIT. If such operation is approved, the server must be registered with OIT. The organization responsible must adhere to and be audited for compliance with security criteria established by OIT for University systems. The organization responsible will pay any annual fees that have been established. A current list of University-supported email clients shall be maintained on the Office of Information Technology website. If a problem is encountered with the use of an unsupported client, support personnel will work with the individual to access email via a supported client and will verify functionality within a supported environment. OIT is continually evaluating tools and technologies and reserves the right to modify the list of supported clients with appropriate notification. 10.0 SPAM, Phishing and Viruses Incoming and outgoing email is scanned for viruses and for messages deemed to be 'SPAM', or unsolicited advertisements for products or services sent to a large distribution. Suspected messages are blocked from the user's inbox. Due to the complex nature of email, it is impossible to guarantee protection against all SPAM and virus infected messages. It is therefore incumbent on each individual to use proper care and consideration to prevent the spread of viruses. In many cases viruses appear to be sent from a friend or coworker, therefore attachments should only be opened when the user is sure of the nature of the message. If any doubt exists, the user should contact the Helpdesk. DO NOT FORWARD THE MESSAGE TO ANYONE! The Office of Information Technology makes every attempt to block phishing schemes. Legitimate representatives of the University will NEVER require that you to send account access details, such as user IDs and passwords, to them via email. Any message requesting such information should be considered phishing, and should be reported to the Helpdesk. DO NOT RESPOND TO THESE MESSAGES! Responding to phishing allows intruders to hijack University accounts for hostile purposes. The University depends on each person to exercise good judgment with relation to phishing schemes.