Electronic Mail Policy for Non-Student Users
Initially approved: February 22, 2006
Revised: May 21, 2018
Policy Topic: Information Technology
Administering Office: Office of the CIO
I. POLICY STATEMENT
Western Carolina University (hereinafter “University”) electronic mail (hereinafter
“Email”) accounts are provided and supported by the State of North Carolina to further
the missions of the University.
The purpose of this Policy is to ensure the appropriate use of the University’s Email
System by its employees and guests. Use of the University’s Email system evidences
the user’s agreement to be bound by this Policy.
All individuals, including employees (faculty and staff) and contractors, or entities
assigned a non-student University Email account.
“Broadcast Email” shall mean an Email message sent to a large audience, either internal
to the University or external to the University, from one individual, unit, college
or other subdivision of the University.
“Email” shall mean electronic mail, either sent or received, which is a means of transmitting
and storing digital messages and files.
“Email System” shall mean any system used by the University as its primary means of
transmitting and storing Email.
“Forensic archive” shall mean a technical control applied to an Email account that
prevents the owner of the account from deleting Email either sent or received.
“Non-Student University Email Account” shall mean an Email account provided to an
individual or entity associated with the University pursuant to University policy,
procedure, and/or practice.
“Separation” shall mean the employee left employment with the University and is no
longer affiliated with an employment agreement.
“Student University Email Account” shall mean an Email account provided to an accepted
or enrolled University student by the University’s third party Email provider.
“User” shall mean all individuals, including employees (faculty and staff) and contractors,
or entities assigned a non-student University Email account.
IV. USER RESPONSIBILITIES
- General Responsibilities
All users are required to read their Email messages on a regular basis. Users have
the responsibility to use this resource in an efficient, effective, ethical, and lawful
manner. Users must comply with Policy 52 Responsible Use of Information Technology
- Email Security
The security of the University’s Email System is a shared responsibility, and users
must take precautions to prevent the unauthorized use of their Email accounts. Such
precautions should include regularly changing passwords and securing passwords in
a safe place, checking with the purported sender before opening a suspicious message
or attachment, and declining to share, transfer or otherwise permit third parties
to have access to WCUid credentials.
The University prohibits automatic forwarding of University Email to a non-University
account. The IT Division will not enable this feature for a user.
- Sensitive Data
In general, Email is not appropriate for transmitting sensitive or confidential information
unless an appropriate level of security matches its use for such purposes. Users must
abide by data handling procedures defined in University Policy 97 Data Security and
Stewardship when utilizing Email to transmit sensitive data.
- Records Retention
Matters communicated via Email may become a public record, may become evidence in
a judicial proceeding or may otherwise be shared with a broader audience than originally
intended. Email created or received for business purposes may not be deleted unless
permitted under the record retention schedule in use by the University.
Users are responsible for saving Email messages electronically or printing and retaining
a hard copy consistent with the records retention schedule. However, users shall
not bulk extract or archive their Email to another form of storage such as an “offline
Email messages that have reference or administrative value but are of a temporary,
ephemeral, or transient nature may be deleted when the user has determined that their
reference value has ended.
V. OFFICIAL UNIVERSITY EMAILS
- Email as Official Communication
The Email System is provided by the University as one of its primary means of official
communication. An Email message regarding University matters sent from an administrative
office, faculty, or staff member is considered to be an official notice. Supervisors
must ensure that their University staff and faculty have access to the necessary or
appropriate messages distributed via the University’s Email System.
- Broadcast Email
Those wishing to transmit Broadcast Email to alumni, students, faculty, and/or staff
must obtain approval from a member of Executive Council or the Chancellor, and comply
with the current procedures for sending Broadcast Email.
VI. PERSONAL USE
A University Email account may be used for incidental personal purposes provided such
use does not violate other University policies, interfere with University IT operations,
including Email services, generate a direct cost for the University or impact University
employment or other obligations to the University. Additionally, the personal use
cannot involve the following:
- Purposeful sending or soliciting of chain letters or sending unsolicited bulk mail
messages (e.g., “junk mail” or “spam”), or otherwise overloading the University’s
Email System or negatively interfering with system performance.
- Uses that result in commercial gain or personal profit for yourself or others, except
as allowed under University intellectual property policies and the external activities
for pay policy. However, in no case may the University’s Email System be used for
solicitation of any external activity for pay without the appropriate approval.
- Stating or implying University sponsorship or endorsement of the Email’s message.
VII. PRIVACY OF EMAIL
The University does not routinely monitor the content of electronic mail. However,
no user of University Email or the University Email System should have the expectation
that any Email content, whether personal or business-related, will be private. To
the extent permitted by law and policy, the University reserves the right to access
and disclose the contents of any users’ Email, including discarded messages, without
the consent or knowledge of the user.
VIII. UNIVERSITY RECORDS RETENTION, DISPOSITION OF EMAIL, AND FORENSIC ARCHIVES
Users must comply with the responsibilities outlined in Section IV(4) of this policy
and the records retention schedule currently in use by the University.
The University Office of Information Technology will apply the following disposition
practices to all Email accounts (except forensic archives):
- All Emails will be automatically purged ten (10) years after they are sent or received.
- Emails that need to be retained longer than ten (10) years should be printed or saved
as a pdf or other electronic document.
- Upon separation from the University, an employee’s Email content will be retained
for one (1) year and may be delivered to the employee’s last supervisor upon request
within that year.
- Employees returning to the University after separation generally will not retain previous
Email content. However, adjunct faculty and other time-limited positions that work
on a recurring basis may retain access to Email content if they return within twelve
Forensic archives of a user’s Email may be permitted upon approval of the University
Violations of this Policy may result in restriction of access to the University Email
system and/or other appropriate disciplinary action.
International Standards Organization (ISO/IEC 27002, 13.2 Information transfer)
University Policy 52 – Responsible Use of Information Technology Resources
Data Handling Procedures
Records Retention Schedule
University Policy 54 – Conflicts of Interest; External Activities for Pay; Conflicts
of Commitment for EHRA Employees
University Policy 87 – Secondary Employment Policy for SHRA Employees
University Policy 97 – Data Security and Stewardship