This Policy clarifies the applicability of law and of other University policies to electronic mail (e-mail), and also sets forth new policies uniquely applicable to e-mail.
The University recognizes that principles of academic freedom, freedom of speech, privacy, and confidentiality hold important implications for e-mail and e-mail services. This Policy addresses these principles within the context of and subject to the limitations imposed by the University's legal and policy obligations.
The purpose of this Policy is to ensure that
- E-mail will be used by the University community in an ethical and considerate manner in compliance with applicable law and policies, including policies established by the University and its operating units, and with respect for the public trust through which these facilities have been provided;
- E-mail users are informed about how concepts of privacy and security apply to e-mail, as well as the applicability of relevant policy and law; and
- Disruptions to University e-mail and other services and activities are minimized.
This Policy applies to
- All e-mail services provided, owned, or funded in part or in whole by the University;
- All users and holders of University e-mail systems or accounts, regardless of intended use; and
- All University e-mail Official Records and/or Public Records in the possession of or generated by University employees and other users of e-mail services provided by the University, regardless whether the records were generated on University or non-University computers.
This Policy applies equally to transmission and receipt data, including e-mail headers, summaries, and addresses associated with e-mail records, and any attached files or text.
This Policy does not apply to
- Internet services other than e-mail
- Voice mail
- Audio and video conferencing
- Facsimile messages
This Policy does not apply to printed copies of e-mail, but other law and policy may apply to such documents. Under Arizona records law and other state laws, information appearing in this format may need to be retained as Official Records or treated as State Publications under A.R.S. § 39-103. If the user prints out e-mail Official Records (including transmission and receipt data) and retains them in hard copy according to approved University records management policies and retention schedules, the electronic copy may be deleted immediately. (See Records Management & Archives Retention Schedule Policy for related definitions and state-mandated guidelines on the storage and disposal of e-mail records, or contact the University's Records Management and Archives Department for instructions.)
I. Specific Use Provisions
Provision of Service: E-mail services may be provided by University organizational units in support of the University's threefold mission of instruction, research, and public service.
University Property: E-mail services are extended for the sole use of University faculty, staff, students, and other appropriately authorized users to accomplish tasks related to and consistent with the University's mission. University e-mail systems and services are University facilities, resources, and property as those terms are used in University policies and applicable law. Any e-mail address or account assigned by the University to individuals, sub-units, or functions of the University is the property of the University.
Authorized Service Restrictions
- E-mail users are required to comply with state and federal laws, University policies, and normal standards of professional and personal courtesy and conduct. Access to University e-mail services is a privilege that may be wholly or partially restricted by the University without prior notice and without the consent of the e-mail user: (a) when required by and consistent with applicable law or policy; (b) when there is a reasonable suspicion that violations of policy or law have occurred or may occur; or (c) when required to meet time-dependent, critical operational needs. Such access restrictions are subject to the approval of the appropriate University supervisory or management authority (e.g., department heads, systems managers, etc.). The autonomous operational units of the University should establish or identify these authority levels.
- University operational units may define additional "Conditions of Appropriate Use" for local computing and network facilities to supplement this Policy with additional detail, guidelines, or restrictions. Such conditions must be consistent with and subordinate to this Policy, and are intended to deal primarily with situations of limited resource supply.
- When an individual's affiliation with the University ends, the University may attempt to redirect e-mail for a reasonable period of time as determined by the University for purposes consistent with this Policy and the University's mission. The University may elect to terminate the individual's e-mail account or continue the account, subject to approval by appropriate University supervisory and systems operational authority.
Authorized Access and Disclosure
- The University may permit the inspection, monitoring, or disclosure of e-mail when
- required by or consistent with applicable law or policy such as Arizona Public Records law (A.R.S. § 39-121, regarding inspection of public records); the Family Educational Rights and Privacy Act (regarding access to student records); or any appropriately issued subpoena or court order. The Electronic Communications Privacy Act of 1986 also permits messages stored on University systems to be accessed by authorized personnel in certain circumstances;
- there is a reasonable suspicion that violations of law or University policy have occurred or may occur; or
- there are time-dependent, critical operational needs of University business if the University determines that the information sought is not more readily available by other means.
- In such instances, the University will, as a courtesy, normally try to inform e-mail users prior to any inspection, monitoring, or disclosure of e-mail records, except when such notification would be detrimental to an investigation of possible violation of law or University policy. Users are required to comply with University requests for access to and copies of e-mail records when access or disclosure is required or allowed by applicable law or policy, regardless whether such records reside on a computer housed or owned by the University. Failure to comply with such requests can lead to disciplinary or other legal action pursuant to applicable law or policy, including but not limited to appropriate University personnel policies or Codes of Conduct.
Indemnification of the University: Users agree by virtue of access to the University's computing and e-mail systems, to indemnify, defend, and hold harmless the University for any suits, claims, losses, expenses, or damages, including but not limited to litigation costs and attorney's fees, arising from or related to the user's access to or use of University e-mail and computing systems, services, and facilities.
- Using e-mail for illegal activities is strictly prohibited. Illegal use may include, but is not limited to obscenity; child pornography; threats; harassment; theft; attempting unauthorized access to data or attempting to breach any security measures on any electronic communications system; attempting to intercept any electronic communication transmissions without proper authority; and violation of copyright, trademark, or defamation law.
- Failure to follow state law with regard to the disposition of e-mail records may lead to criminal charges. Theft or unauthorized destruction, mutilation, defacement, alteration, falsification, removal, or secretion of e-mail records may lead to class 4 or class 6 felony charges under A.R.S. § 38-421.
- In addition to illegal activities, the following e-mail practices are expressly prohibited: entry, examination, use, transfer, and tampering with the accounts and files of others, unless appropriately authorized pursuant to this policy; altering e-mail system software or hardware configurations; or interfering with the work of others or with University or other computing facilities.
- If a user has been requested by another user via e-mail or in writing to refrain from sending e-mail messages, the recipient is prohibited from sending that user any further e-mail messages until such time as he/she has been notified by the system administrator that such correspondence is permissible. Failure to honor such a request shall be deemed a violation of this Policy.
- University e-mail services may not be used for commercial activities not approved by appropriate supervisory University personnel consistent with applicable policy; personal financial gain (except as permitted under applicable academic policies); personal use inconsistent with Section III of this policy; uses that violate other University policies or guidelines; or uses inconsistent with applicable state or federal law. Applicable University policies include, but are not limited to, policies and guidelines regarding personnel, intellectual property, or discrimination and harassment.
- E-mail users shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless expressly authorized to do so. Where appropriate, the following explicit disclaimer shall be included: "The opinions or statements expressed herein are my own and should not be taken as a position, opinion, or endorsement of the University of Arizona."
- University e-mail services shall not be used for purposes that could reasonably be expected to cause, directly or indirectly, strain on any computing facilities or interference with others' use of e-mail or e-mail systems. Such uses include, but are not limited to, the use of e-mail services to
- Send or forward chain letters.
- "Spam"; that is, to exploit listservs or similar systems for the widespread distribution of unsolicited mail.
- "Letter-bomb"; that is, to resend the same e-mail repeatedly to one or more recipients.
III. Personal Use
University e-mail services may be used for incidental personal purposes provided that such use does not
- Directly or indirectly interfere with the University operation of computing facilities or e-mail services.
- Interfere with the e-mail user's employment or other obligations to the University.
- Violate this Policy, or any other applicable policy or law, including but not limited to, use for personal gain, conflict of interest, harassment, defamation, copyright violation, or illegal activities.
E-mail messages arising from such personal use shall, however, be subject to access consistent with this policy or applicable law. Accordingly, such use does not carry with it a reasonable expectation of privacy.
- The confidentiality of e-mail cannot be assured, and any confidentiality may be compromised by access consistent with applicable law or policy, including this Policy, by unintended redistribution, or due to current technologies inadequate to protect against unauthorized access. Users, therefore, should exercise extreme caution in using e-mail to communicate confidential or sensitive matters, and should not assume that their e-mail is private or confidential.
- Users may not access, use, or disclose personal or confidential information without appropriate authorization, and must take necessary precautions to protect confidentiality of personal or confidential information, regardless whether the information is maintained on paper or is found in e-mail or other electronic records.
- The Office of the Registrar may elect to publish student e-mail addresses as directory information, consistent with the requirements of the Family Educational Rights and Privacy Act (FERPA). Individual students may, consistent with University policy and FERPA, request the University not to treat the address as directory information. Requests for identification or release of students e-mail addresses should be directed to the Office of the Registrar.
V. Security and Preservation
- E-mail users and operators must follow sound professional practices in providing for the security of e-mail records, data, applications programs, and systems programs under their jurisdiction.
- Users and operators must guard against storage media deterioration and e-mail record inaccessibility due to hardware or software obsolescence. To eliminate these situations, users must make provision for future accessibility by
- migrating all official e-mail records to the next generation of hardware or software; or
- migrating only current official e-mail records to new hardware or software, or converting official e-mail records not migrated to other media (e.g., optical disk, COM) for short-term storage or to "eye readable form" (i.e., paper or microfilm) for long term storage and preservation. (See Common Retention Schedule for state-mandated guidelines on the storage and disposal of e-mail records, or contact the University's Records Management and Archives Department for instructions.)
- Users are responsible for safeguarding their identification (NetID) code and password, and for using them only as authorized. Each user is responsible for all e-mail transactions made under the authorization of his or her NetID, and for all network e-mail activity originating from his or her data jack. Use of e-mail user identifications for commercial purposes is prohibited. Access to user identifications may not be loaned or sold.
- Each operational unit should establish:
- Standards for official e-mail records identification and file organization.
- Measures for protecting sensitive official e-mail stored electronically.
- Procedures for file backup.
Suspected or known violations of policy or law should be confidentially reported to the appropriate supervisory level for the operational unit in which the violation occurs. Violations will be processed by the appropriate University authorities and/or law enforcement agencies. Violations may result in revocation of e-mail service privileges; academic dishonesty or Code of Conduct proceedings; faculty, staff, or student disciplinary action up to and including dismissal; referral to law enforcement agencies; or other legal action.
VII. Online Policies
Users of this Policy are encouraged to refer to online versions of this and other University policies at University Policies website.
Appendix A: General Use Cautions
Appendix B: Model Informational Handout Regarding University E-Mail Policy
Family Educational Rights and Privacy Act
Arizona Revised Statutes § 39-103. Size of public records; exemptions
Arizona Revised Statutes § 39-121. Inspection of public records
- All policies applied generally at the University are expressly applicable to the electronic environment. Relevant institutional policies include, but are not limited to:
- Arizona Board of Regents Policy Manual
- University Handbook for Appointed Personnel
- Classified Staff Human Resources Policy Manual
- All Codes of Conduct and Academic Integrity
- Confidentiality of Student Records
- Nondiscrimination and Anti-Harassment policy
- Outside Professional Activity
- Conflicts of Interest and Commitment Policies
- Copyrights and Patents
- Use of University Name or Trademarks
- This is not a comprehensive list of applicable University policies. Any policy which applies to the use of University resources, including equipment and time, also applies to e-mail. In the event of a conflict between policies, the more restrictive use policy shall govern.