The University of Arizona logo

Appendix B: Model Informational Handout Regarding University E-Mail Policy

Date: Today’s Date

TO: All Staff

FR: Your Name

RE: What You Need to Know about the University's E-Mail Policy

The "University of Arizona Electronic Mail Policy." clarifies the applicability of law and of other University policies to electronic mail (e-mail). A committee composed of members of the Faculty Senate and different college and administrative units prepared the policy. The following is a simplified and abbreviated version of the overall policy which identifies the basic information of which e-mail users should be aware. The full text of the policy is available at the University Policies website.

What You Need to Do (Storage of E-mail Documents)

Remember that in accordance with Arizona law, University business documents created or received on e-mail must be saved for the same length of time as their hard-copy equivalents. There are two ways to comply with this:

  • Create a folder in your e-mail account in which you save these messages. Back up your files appropriately; do not delete these messages. Save the e-mail message to your PC's hard disk as a file; or
  • Print out a paper copy and save it in an appropriate file. In this case you do not need to save an electronic copy.

What You Need to Know (Overview of University of Arizona e-mail policies)

The following are points from the University's Electronic Mail Policy. Each point is referenced for your convenience (by italics) to its corresponding section in the policy document.

Provision of Service.

  • E-mail services may be provided by University organizational units in support of the University's threefold mission of instruction, research, and public service.

University Property

  • E-mail services are extended for the sole use of University faculty, staff, students, and other appropriately authorized users to accomplish tasks related to and consistent with the University's mission.
  • University e-mail systems and services are University facilities, property, and resources as those terms are used in University policies and applicable law.
  • Any e-mail address or account assigned by the University to individuals, subunits, or functions of the University, is the property of the University.

Authorized Service Restrictions

  • E-mail users are required to comply with state and federal law, University policies, and normal standards of professional and personal courtesy and conduct.
  • Access to University e-mail services is a privilege that may be wholly or partially restricted by the University without prior notice and without the consent of the e-mail user (a) when required by and consistent with applicable law or policy; (b) when there is a reasonable suspicion that violations of policy or law have occurred or may occur; or (c) when required to meet time-dependent, critical operational needs. Such access restrictions are subject to the approval of the appropriate University supervisory or management authority (e.g., department heads, systems managers, etc.). The autonomous operational units of the University should establish or identify these authority levels.

Authorized Access and Disclosure

  • The University may permit the inspection, monitoring, or disclosure of e-mail in certain circumstances.
  • Users are required to comply with University requests for access to and copies of University e-mail records when access or disclosure is required or allowed by applicable law or policy, regardless of whether such records reside on a computer housed or owned by the University. Failure to comply with such requests can lead to disciplinary or other legal action pursuant to applicable law or policy, including but not limited to appropriate University personnel policies or codes of conduct.

Misuse

  • Using e-mail for illegal activities in strictly prohibited.
  • Failure to follow state law with regard to the disposition of e-mail records can lead to criminal charges.
  • University e-mail services may not be used for commercial activities not approved by the appropriate supervisory University personnel consistent with applicable policy.
  • Applicable University policies include, but are not limited to, those policies and guidelines regarding personnel, intellectual property, or sexual or other forms of harassment.
  • E-mail users shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless expressly authorized to do so.

Personal Use

  • University e-mail services may be used for incidental personal purposes provided that such use does not (a) directly or indirectly interfere with the University operation of computing facilities or e-mail services; (b) interfere with the e-mail users' employment or other obligations to the University; (c) violate this Policy or any other applicable policy or law, including but not limited to use for personal gain, conflict of interest or commitment, harassment, defamation, copyright violation, or illegal activities.

Confidentiality

  • The confidentiality of e-mail cannot be assured, and such confidentiality may be compromised by access consistent with applicable law or policy, including this Policy, by unintended redistribution, or due to current technologies inadequate to protect against unauthorized access. Users, therefore, should exercise extreme caution in using e-mail to communicate confidential or sensitive matters, and should not assume that their e-mail is private or confidential.
  • Users may not access, use, or disclose personal or confidential information without appropriate authorization, and must take necessary precautions to protect confidentiality of personal or confidential information encountered in the performance of their duties or otherwise.

Security and Preservation

  • E-mail to users and operators must follow sound professional practices in providing for the security of e-mail records, data, applications programs, and systems programs under their jurisdiction.
  • Users and operators must guard against storage media deterioration and rapid technological changes which render e-mail records inaccessible due to hardware or software obsolescence.
  • Users are responsible for safeguarding their identification (Net ID) codes and passwords, and for using them only as authorized.

Violations

  • Suspected or known violations of policy or law should be confidentially reported to the appropriate supervisory level for the operational unit in which the violation occurs.

General Use Cautions

  • The ability of a recipient to forward a message or accidentally respond to a listserv rather than an individual, may broadcast an e-mail message widely.
  • Remember that there is no way to guarantee that the purported sender of an e-mail message was in fact the real sender of the message. It is relatively easy to disguise an electronic identity.
  • Printed e-mail Official Records should follow the hard-copy record retention and disposition schedules.
  • Public Records are much more broadly defined than Official Records and may be considered to include, in certain circumstances, any information including all e-mail produced or received on University-provided systems. Public Records, including e-mail, may be subject to disclosure under state public records law or other applicable law, including by subpoena.
  • Do comply with all state and federal laws.
  • Do follow the normal standards of professional courtesy and conduct.
  • Do follow the Official Records Retention and Disposition policies and schedules.
  • Do respect copyright, proprietary rights, privacy laws.

YOU MAY NOT:

  • Access, read, use, transfer, or tamper with accounts or files that you are not authorized to use.
  • Alter system software or hardware configurations without authorization.
  • Libel or otherwise defame others via e-mail.
  • Participate in illegal activities such as making threats, harassment, theft, breaching security measures, or violating other applicable law or policy.
  • Engage in commercial activities not approved by the appropriate authority.
  • Engage in activities for personal financial gain except as permitted under applicable academic policies.
  • Violate University policies and guidelines.
  • Send or forward chain letters, letter-bombs, or spam.