Skip to main content

University Policy 93

Electronic Mail Policy for Non-Student Accounts

Initially approved:  February 22, 2006
Revised:  May 21, 2018 
Revised: May 9, 2023

Policy Topic:  Information Technology
Administering Office:  Office of the CIO

      I.        POLICY STATEMENT

Western Carolina University (hereinafter “University”) electronic mail (hereinafter “Email”) accounts are provided and supported by the State of North Carolina to further the missions of the University.

The purpose of this Policy is to ensure the appropriate use of the University’s Email System by its employees and guests. Use of the University’s Email system evidences the user’s agreement to be bound by this Policy.

    II.        SCOPE

All individuals, including employees (faculty and staff) and contractors, or entities assigned a non-student University Email account.

   III.        DEFINITIONS

“Broadcast Email” shall mean an Email message sent to a large audience, either internal to the University or external to the University, from one individual, unit, college or other subdivision of the University.

“Email” shall mean electronic mail, either sent or received, which is a means of transmitting and storing digital messages and files.

“Email System” shall mean any system used by the University as its primary means of transmitting and storing Email.

“Forensic archive” shall mean a technical control applied to an Email account that prevents the owner of the account from deleting Email either sent or received.

“Non-Student University Email Account” shall mean an Email account provided to an individual or entity associated with the University pursuant to University policy, procedure, and/or practice.

“Separation” shall mean the employee left employment with the University and is no longer affiliated with an employment agreement.

“Student University Email Account” shall mean an Email account provided to an accepted or enrolled University student by the University’s third party Email provider.

“User” shall mean all individuals, including employees (faculty and staff) and contractors, or entities assigned a non-student University Email account.

  IV.        USER RESPONSIBILITIES

  1. General Responsibilities

     

    All users are required to read their Email messages on a regular basis.  Users have the responsibility to use this resource in an efficient, effective, ethical, and lawful manner.  Users must comply with Policy 52 Responsible Use of Information Technology Resources.

  2.  

    Email Security

     

    The security of the University’s Email System is a shared responsibility, and users must take precautions to prevent the unauthorized use of their Email accounts.  Such precautions should include regularly changing passwords and securing passwords in a safe place, checking with the purported sender before opening a suspicious message or attachment, and declining to share, transfer or otherwise permit third parties to have access to WCUid credentials. 

    The University prohibits automatic forwarding of University Email to a non-University account. The IT Division will not enable this feature for a user.

  3.  

    Sensitive Data

     

    In general, Email is not appropriate for transmitting sensitive or confidential information unless an appropriate level of security matches its use for such purposes. Users must abide by data handling procedures defined in University Policy 97 Information Security and Privacy Governance when utilizing Email to transmit sensitive data.  Additional systems operated by the University will scan Email for specific Sensitive Data, including Social Security Number(s) and Credit Card Number(s), and potentially block the Email. 

  4.  

    Records Retention

     

    Matters communicated via Email may become a public record, may become evidence in a judicial proceeding or may otherwise be shared with a broader audience than originally intended.  Email created or received for business purposes may not be deleted unless permitted under the record retention schedule in use by the University. 

    Users are responsible for saving Email messages electronically or printing and retaining a hard copy consistent with the records retention schedule.  However, users shall not bulk extract or archive their Email to another form of storage such as an “offline archive.” 

    Email messages that have reference or administrative value but are of a temporary, ephemeral, or transient nature may be deleted when the user has determined that their reference value has ended.

    V.        OFFICIAL UNIVERSITY EMAILS

  1. Email as Official Communication

     

    The Email System is provided by the University as one of its primary means of official communication. An Email message regarding University matters sent from an administrative office, faculty, or staff member is considered to be an official notice. Supervisors must ensure that their University staff and faculty have access to the necessary or appropriate messages distributed via the University’s Email System.

  2.  

    Broadcast Email

     

    Those wishing to transmit Broadcast Email to alumni, students, faculty, and/or staff must obtain approval from a member of Executive Council or the Chancellor,and comply with the current procedures for sending Broadcast Email.

  VI.        PERSONAL USE

A University Email account may be used for incidental personal purposes provided such use does not violate other University policies, interfere with University IT operations, including Email services, generate a direct cost for the University or impact University employment or other obligations to the University. Additionally, the personal use cannot involve the following:

  • Purposeful sending or soliciting of chain letters or sending unsolicited bulk mail messages (e.g., “junk mail” or “spam”), or otherwise overloading the University’s Email System or negatively interfering with system performance.
  • Uses that result in commercial gain or personal profit for yourself or others, except as allowed under University intellectual property policies and the external activities for pay policy. However, in no case may the University’s Email System be used for solicitation of any external activity for pay without the appropriate approval.
  • Stating or implying University sponsorship or endorsement of the Email’s message.

 VII.        PRIVACY OF EMAIL

University staff do not routinely monitor the content of electronic mail. However, no user of University Email or the University Email System should have the expectation that any Email content, whether personal or business-related, will be private.  To the extent permitted by law and policy, the University reserves the right to access and disclose the contents of any users’ Email, including discarded messages, without the consent or knowledge of the user. Automated security systems operated by the University will scan Email for potentially malicious or harmful content such as suspicious links or attachments.

VIII.        UNIVERSITY RECORDS RETENTION, DISPOSITION OF EMAIL, AND FORENSIC ARCHIVES

Users must comply with the responsibilities outlined in Section IV(4) of this policy and the records retention schedule currently in use by the University. 

The University Office of Information Technology will apply the following disposition practices to all Email accounts (except forensic archives):

  • All Emails will be automatically purged ten (10) years after they are sent or received.
  • Emails that need to be retained longer than ten (10) years should be printed or saved as a pdf or other electronic document.
  • Upon separation from the University, an employee’s Email content will be retained for one (1) year and may be delivered to the employee’s last supervisor upon request within that year.
  • Employees returning to the University after separation generally will not retain previous Email content.  However, adjunct faculty and other time-limited positions that work on a recurring basis may retain access to Email content if they return within twelve (12) months.

Forensic archives of a user’s Email may be permitted upon approval of the University Legal Counsel

  IX.        VIOLATIONS

Violations of this Policy may result in restriction of access to the University Email system and/or other appropriate disciplinary action.

    X.        REFERENCES

International Standards Organization (ISO/IEC 27002, 13.2 Information transfer)

University Policy 52 – Responsible Use of Information Technology Resources

Data Handling Procedures

Records Retention Schedule

University Policy 54 – Conflicts of Interest; External Activities for Pay; Conflicts of Commitment for EHRA Employees

University Policy 87 – Secondary Employment Policy for SHRA Employees

University Policy 97 – Data Security and Stewardship

Office of Web Services