Number 557
Subject: Institutional Email Service
Effective Date: September 24,2008
[Proposed Changes: August 2011 defined by strikeouts and square brackets]
The intention[s] of this policy is [are] to [(1)]collect all official and business communications of the university in one email system of record for security, auditability, records management, document preservation, archiving and destruction, [and other purposes] as appropriate[; and (2) to restore to the University at the termination of employment, control of the Email Aliases and email accounts that had previously been assigned to employees].
One enterprise email service [system], managed by Information Technology (IT), will be used for all institutional email business. All institutional email communications must be sent to or from the enterprise service [system]. [Other personal email accounts should not be used by employees for institutional business.] Messages that constitute a record of the official business of the institution must be preserved on the enterprise email service [system] with the same care, and for the same duration, in compliance with regulations and policies that apply to similar hard copy communications. Email messages must not contain private sensitive information [(see the Information Security Policy #558)] held in trust by the University but must direct the recipient to some authenticated, secure source for appropriately controlled access to that information. Other confidential information must be encrypted in transit and in storage as a precaution against exposure.
Email service will be provided to all employees [during their term of employment] to be used in support of their job function. Additional use of the email service for personal purposes, consistent with the Appropriate Use Policy (#550), is permitted during the term of employment; however, personal messages should be grouped separately from business-related messages to facilitate any needed access to business-related messages. Users should recognize that, although the Information Privacy Policy (#556) applies, email privacy and security cannot be guaranteed by the technology and systems in use.
Supervisors are instructed to make arrangements to retrieve business-related messages and other relevant electronic data from an employee’s email account prior to the employee’s separation from the University, after which the email account will be deleted. Forwarding services or other notifications may be provided after deletion of the account.
[At the conclusion of a term of employment, the employee's enterprise email storage may be made accessible by IT to departmental personnel for business continuity purposes. USU Email aliases, previously assigned to the employee, will be retained by the university and deleted or reused at USU's discretion. Business related information contained in the email storage will be transferred or deleted at USU's discretion. Personal files and messages will be subject to deletion after providing the employee a 90 day interval to retrieve that information. An email autoreply may be implemented during that 90 day interval to advise correspondents of the impending change. For the university's protection, terminations for cause may result in more restrictions on the former employee's access during the 90 day interval.]
IT [and HR] will develop procedures consistent with this policy and with currently deployed email functionality to meet the communication needs of the institution.
Email Alias - the advertised email address for an employee's email account, typically in the form of Firstname.Lastname@usu.edu or similar.
Email Service - an email account with mailbox storage and an email alias, provided for USU employees.
Enterprise Email System - the central email facility maintained by IT. It provides timely processing of both inbound and outbound email messages, protection from most spam and malware-laden messages, disaster recovery backups and interfaces to multiple email clients.
