DRAFT

EASTERN WASHINGTON UNIVERSITY

ELECTRONIC MAIL POLICY

 

I. INTRODUCTION

This Policy clarifies the applicability of law and of other University policies to electronic mail. It also defines new policy and procedures where existing policies do not specifically address issues particular to the use of electronic mail.

The University recognizes that principles of academic freedom and shared governance, freedom of speech, and privacy of information hold important implications for electronic mail and electronic mail services. The University affords electronic mail privacy protections comparable to that which it traditionally affords paper mail and telephone communications. This Policy reflects these firmly-held principles within the context of the University's legal and other obligations.

 

The University encourages the use of electronic mail and respects the privacy of users. It does not routinely inspect, monitor, or disclose electronic mail without the holder's consent. Nonetheless, subject to the requirements for authorization, notification and other conditions specified in this Policy, the University may deny access to its electronic mail services and may inspect, monitor, or disclose electronic mail (i) when required by and consistent with law; (ii) when there is substantiated reason to believe that violations of law or of University policies have taken place; (iii) when there are compelling circumstances; or (iv) under time-dependent, critical operational circumstances .

 

Users should be aware of the following:

 

A. Both the nature of electronic mail and the public character of the University's business make electronic mail less private than users may anticipate. For example, electronic mail intended for one person sometimes may be widely distributed because of the ease with which recipients can forward it to others. A reply to an electronic mail message posted on an electronic bulletin board or "listserver" intended only for the originator of the message may be distributed to all subscribers to the listserver. Furthermore, even after a user deletes an electronic mail record from a computer or electronic mail account it may persist on backup facilities, and thus be subject to disclosure under the provisions of Section V of this Policy. The University cannot routinely protect users against such eventualities.

 

B. Electronic mail, whether or not created or stored on University equipment, may constitute a University subject to disclosure under the Washington Public Records Act or other laws, or as a result of litigation. However, the University does not automatically comply with all requests for disclosure, but evaluates all such requests against the precise provisions of the Act, other laws concerning disclosure and privacy, or other applicable law.

Users of University electronic mail services also should be aware that the Washington Public Records Act and other similar laws jeopardize the ability of the University to guarantee complete protection of personal electronic mail resident on University facilities.

The Washington Public Records Act does not, in general, apply to students except in their capacity, if any, as employees or agents of the University. This exemption does not, however, exclude student electronic mail from other aspects of this Policy.

 

C. The University, in general, cannot and does not wish to be the arbiter of the contents of electronic mail. Neither can the University, in general, protect users from receiving electronic mail they may find offensive. Members of the University community, however, are strongly encouraged to use the same personal and professional courtesies and considerations in electronic mail as they would in other forms of communication.

 

E. There is no guarantee, unless "authenticated" mail systems are in use, that electronic mail received was in fact sent by the purported sender, since it is relatively straightforward, although a violation of this Policy as well as the University Information Policy, for senders to disguise their identity. Furthermore, electronic mail that is forwarded may also be modified. Authentication technology is not widely and systematically in use at the University as of the date of this Policy. As with print documents, in case of doubt receivers of electronic mail messages should check with the purported sender to validate authorship or authenticity.

 

F. Encryption of electronic mail is another emerging technology that is not in widespread use as of the date of this Policy. This technology enables the encoding of electronic mail so that for all practical purposes it cannot be read by anyone who does not possess the right key. The answers to questions raised by the growing use of these technologies are not now sufficiently understood to warrant the formulation of University policy at this time. Users and operators of electronic mail facilities should be aware, however, that these technologies will become generally available and probably will be increasingly used by members of the community.

 

II. PURPOSE

The purpose of this Policy is to assure that:

 

A. The University community is informed about the applicability of policies and laws to electronic mail;

 

B. Electronic mail services are used in compliance with those policies and laws;

 

C. Users of electronic mail services are informed about how concepts of privacy and security apply to electronic mail; and

 

D. Disruptions to University electronic mail and other services and activities are minimized.

 

III. SCOPE

This Policy applies to:

 

A. All electronic mail systems and services provided or owned by the University; and

 

B. All users, holders, and uses of University electronic mail services; and

 

C. All University electronic mail records in the possession of University employees or other electronic mail users of electronic mail services provided by the University.

 

This Policy applies only to electronic mail in its electronic form. The Policy does not apply to printed copies of electronic mail. Other University records management policies, however, do not distinguish among the media in which records are generated or stored. Electronic mail messages, therefore, in either their electronic or printed forms, are subject to those other policies, including provisions of those policies regarding retention and disclosure.

 

This Policy applies equally to transactional information (such as electronic mail headers, summaries, addresses, and addressees) associated with electronic mail records as it does to the contents of those records.

 

 

IV. GENERAL PROVISIONS

As noted in the Introduction, the University recognizes that principles of academic freedom, freedom of speech, and privacy of information hold important implications for electronic mail and electronic mail services. This Policy reflects these firmly-held principles within the context of the University's legal and other obligations.

 

A. Purpose. In support of its threefold mission of instruction, research, and public service, the University encourages the use of University electronic mail services to share information, to improve communication, and to exchange ideas.

 

B. University Property. University electronic mail systems and services are University facilities as that term is used in other policies and guidelines. Any electronic mail address or account associated with the University, or any sub-unit of the University, assigned by the University to individuals, sub-units, or functions of the University, is the property Eastern Washington University Board of Trustees.

 

C. Service Restrictions. Those who use University electronic mail services are expected to do so responsibly, that is, to comply with state and federal laws, with this and other policies and procedures of the University, and with normal standards of professional and personal courtesy and conduct. Access to University electronic mail services, when provided, is a privilege that may be wholly or partially restricted by the University without prior notice and without the consent of the electronic mail user when required by and consistent with law, when there is substantiated reason to believe that violations of policy or law have taken place, or, in exceptional cases, when required to meet time-dependent, critical operational needs. Such restriction is subject to established campuswide procedures or, in the absence of such procedures, to the approval of the appropriate campus Vice Provost or University Vice President.

 

D. Consent and Compliance. An electronic mail holder's consent shall be sought by the University prior to any inspection, monitoring, or disclosure of University electronic mail records in the holder's possession, except as provided for in Section V. E. University employees are, however, expected to comply with University requests for copies of electronic mail records in their possession that pertain to the administrative business of the University, or whose disclosure is required to comply with applicable laws, regardless of whether such records reside on a computer housed or owned by the University. Failure to comply with such requests can lead to the conditions of Section V. E.

 

E. Restrictions on Access Without Consent. The University shall only permit the inspection, monitoring, or disclosure of electronic mail without the consent of the holder of such electronic mail (i) when required by and consistent with law; (ii) when there is substantiated reason to believe that violations of law or of University policies have taken place; (iii) when there are compelling circumstances; or (iv) under time-dependent, critical operational circumstances.

 

When the contents of electronic mail must be inspected, monitored, or disclosed without the holder's consent:

 

1. Authorization. Except in emergency circumstances, and pursuant to Paragraph V.E.2, such actions must be authorized in advance and in writing by the responsible campus Vice Provost or University Vice President. This authority may not be further re-delegated. Requests for such non-consensual access must be submitted in writing following procedures defined by the campus. University counsel's advice shall be sought prior to authorization because of changing interpretations by the courts of laws affecting the privacy of electronic mail, and because of potential conflicts among different applicable laws. Where the inspection, monitoring, or disclosure of electronic mail held by faculty is involved, the advice of the Campus Academic Senate shall be sought in writing in advance, following procedures to be established by each campus. All such advice shall be given in a timely manner. Authorization shall be limited to the least perusal of contents and the least action necessary to resolve the situation.

 

2. Emergency Circumstances. In emergency circumstances as defined, the least perusal of contents and the least action necessary to resolve the emergency may be taken immediately without authorization, but appropriate authorization must then be sought without delay following the procedures described in Section V. E. 1 above. If the action taken is not subsequently authorized, the responsible authority shall seek to have the situation restored as closely as possible to that which existed before action was taken.

 

3. Notification. In either case, the responsible authority or their designee shall, at the earliest possible opportunity consistent with law and other University policy, notify the affected individual of the action(s) taken and the reasons for the action(s) taken. The campus will publish an annual report summarizing, where consistent with law, instances of authorized or emergency non-consensual access pursuant to the provisions of this Section.

 

4. Compliance with Law. Actions taken under Paragraphs 1. and 2. shall be in full compliance with the law and other applicable University policy, including laws and policies. This has particular significance for electronic mail residing on computers not owned or housed by the University. Advice of counsel always must be sought prior to any action taken under such circumstances. It also has particular significance for electronic mail whose content is protected under the Federal Family Educational Rights and Privacy Act of 1974, which applies equally to electronic mail as it does to print records.

 

F. Recourse. Procedures for the review and appeal of actions taken under Sections V. C, D, and E and under Section VII shall be implemented by the campus to provide a mechanism for recourse to individuals who believe that actions taken by employees or agents of the University were in violation of this Policy.

 

G. Misuse. Both law and University policy prohibit, in general, the theft or other abuse of computing facilities. Such prohibitions apply to electronic mail services, and include (but are not limited to): unauthorized entry, use, transfer, and tampering with the accounts and files of others; interference with the work of others and with other computing facilities. Under certain circumstances, the law contains provisions for felony offenses. Users of electronic mail are encouraged to familiarize themselves with these laws and policies.

 

V. SPECIFIC PROVISIONS

A. Allowable Use

 

In general, use of University electronic mail services is governed by policies that apply to the use of all University facilities. In particular, use of University electronic mail services is encouraged and is allowable subject to the University Information Policy and specifically to the following conditions:

 

1. Purpose. Electronic mail services are to be provided by University organizational units in support of the teaching, research, and public service mission of the University, and the administrative functions that support this mission.

 

2. Users. Users of University electronic mail services are to be limited to University students, faculty, staff and approved guests for purposes that conform to the requirements of this Section.

 

3. Non-Competition. University Electronic mail services shall not be provided in competition with commercial services to individuals or organizations outside the University.

 

4. Restrictions. University Electronic mail services may not be used for: unlawful activities; commercial purposes not under the auspices of the University; personal financial gain (except as permitted under applicable academic policies); personal use inconsistent with Section VI. A. 8; or uses that violate other University policies or guidelines. The latter include, but are not limited to, policies and guidelines regarding intellectual property, or regarding sexual or other forms of harassment.

 

5. Representation. Electronic mail users shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless appropriately authorized (explicitly or implicitly) to do so. Where appropriate, an explicit disclaimer shall be included unless it is clear from the context that the author is not representing the University.

 

6. False Identity. University electronic mail users shall not employ a false identity. Electronic mail may not, however, be sent anonymously.

 

7. Interference. University electronic mail services shall not be used for purposes that could reasonably be expected to cause, directly or indirectly, excessive strain on any computing facilities, or unwarranted or unsolicited interference with others' use of electronic mail or electronic mail systems. [Such uses include, but are not limited to, the use of electronic mail services to: (i) send or forward electronic mail chain letters; (ii) "spam", that is, to exploit listservers or similar broadcast systems for purposes beyond their intended scope to amplify the widespread distribution of unsolicited electronic mail; and (iii) "letter-bomb", that is, to resend the same electronic mail repeatedly to one or more recipients to interfere with the recipient's use of electronic mail.}

 

8. Personal Use. University electronic mail services should not be used for personal purposes. Educational uses that may be considered incidental personal uses by students can be appropriately delineated by the Dean of Students as to what is in the best interest of the University.

 

B. Security and Confidentiality

 

1. Confidentiality. The confidentiality of electronic mail cannot be assured. Such confidentiality may be compromised by applicability of law or policy, including this Policy, by unintended redistribution, or because of inadequacy of current technologies to protect against unauthorized access. Users, therefore, should exercise extreme caution in using electronic mail to communicate confidential or sensitive matters.

 

2. Prohibited disclosure. Legal Requirements on Privacy of and Access to Information, prohibits University employees and others from "seeking out, using, or disclosing" without authorization "personal or confidential" information, and requires employees to take necessary precautions to protect the confidentiality of personal or confidential information encountered in the performance of their duties or otherwise. This prohibition applies to electronic mail records.

 

3. Inadvertent disclosure. Notwithstanding the previous paragraph, users should be aware that on occasion network and computer operations personnel and system administrators may, during the performance of their duties, inadvertently see the contents of electronic mail messages. Except as provided elsewhere in this Policy, they are not permitted to do so intentionally or disclose or otherwise use what they have seen. One exception, however, is that of systems personnel (such as "postmasters") who may need to inspect electronic mail when re-routing or disposing of otherwise undeliverable electronic mail. This exception is limited to the least invasive level of inspection required to perform such duties. Furthermore, this exception does not exempt postmasters from the prohibition against disclosure of personal and confidential information of the previous paragraph, except insofar as such disclosure equates with good faith attempts to route the otherwise undeliverable electronic mail to the intended recipient. Re-routed mail normally should be accompanied by notification to the recipient that the electronic mail has been inspected for such purposes.

 

4. Security. The University attempts to provide secure and reliable electronic mail services. Operators of University electronic mail services are expected to follow sound professional practices in providing for the security of electronic mail records, data, application programs, and system programs under their jurisdiction. Since such professional practices and protections are not foolproof, however, the security and confidentiality of electronic mail cannot be guaranteed. Furthermore, operators of electronic mail services have no control over the security of electronic mail that has been downloaded to a user's computer.

 

As a deterrent to potential intruders and to misuse of electronic mail, electronic mail users should employ whatever protections (such as passwords) are available to them.

 

5. Back-up copies. Users of electronic mail services should be aware that even though the sender and recipient have discarded their copies of an electronic mail record, there may be back-up copies that can be retrieved. Systems may be "backed-up" on a routine or occasional basis to protect system reliability and integrity, and to prevent potential loss of data. The back-up process results in the copying of data onto storage media that may be retained for periods of time and in locations unknown to the originator or recipient of electronic mail. The practice and frequency of back-ups and the retention of back-up copies of electronic mail vary from system to system. Electronic mail users are encouraged to request information on the back-up practices followed by the operators of University electronic mail services, and such operators are required to provide such information upon request.

 

C. Archiving and Retention

 

University records management policies do not distinguish among media with regard to the definition of University records. As such, electronic mail records are subject to these policies. In particular, such records are subject to disposition schedules as defined by the State of Washington.

The University does not maintain central or distributed electronic mail archives of all electronic mail sent or received. Electronic mail is normally backed up, only to assure system integrity and reliability, not to provide for future retrieval, although back-ups may at times serve the latter purpose incidentally. Operators of University electronic mail services are not required by this Policy to retrieve electronic mail from such back-up facilities upon the holder's request, although on occasion they may do so as a courtesy (see file retention policy).

Electronic mail users should be aware that generally it is not possible to assure the longevity of electronic mail records for record-keeping purposes, in part because of the difficulty of guaranteeing that electronic mail can continue to be read in the face of changing formats and technologies and in part because of the changing nature of electronic mail systems. This becomes increasingly difficult as electronic mail encompasses more digital forms, such as embracing compound documents composed of digital voice, music, image, and video in addition to text. Furthermore, in the absence of the use of authentication systems, it is difficult to guarantee that electronic mail documents have not been altered, intentionally or inadvertently.

Electronic mail users and those in possession of University records in the form of electronic mail are cautioned, therefore, to be prudent in their reliance on electronic mail for purposes of maintaining a lasting record. Sound business practice suggests that consideration be given to transferring (if possible) electronic mail to a more lasting medium/format, such as acid-free paper or microfilm, where long-term accessibility is an issue.

 

VI. MAILING LISTS, ADDRESS BOOKS, AND DIRECTORIES

Mailing lists provide a means of creating and maintaining a list of electronic mail (electronic mail) addresses for communicating with a defined list of addressees. Unfortunately, the widespread use of mailing lists has resulted in many people receiving a burdensome number of unwanted electronic mail messages. To help mitigate this problem, the University may need to begin to regulate the administration of mailing lists.

Any person on the Internet who learns the name of a mailing list will be able to send electronic mail to it. It should be noted that, depending on the program used to set up the mailing list, the individually subscribed addresses may be viewable by other Internet users.

Mailing lists which use University computing or network resources to send electronic mail are governed by the following:

 

A. To protect Internet users from receiving unsolicited electronic mail, the list owner must secure consent from any persons or groups to include their addresses in a mailing list.

 

B. The list owner must remove (make unavailable) addressees from the mailing list when they request to be removed.

 

C. The list owner is responsible for keeping the addresses in the mailing list current.

 

D. The list owner is responsible for informing users and potential users of the purpose of the mailing list and of rules governing use of the mailing list, and may remove from the mailing list addresses of users who do not comply.

 

E. The mailing list may not be used to advertise or solicit commercial activities or services.

 

F. The mailing list can only be used for activities which comply with the campus Information Policy, any other University regulations and policies, and all existing laws, including not only those that are specific to computers and networks, but also those that may apply generally to personal conduct.

 

G. Misuse of a mailing list may result in the suspension or termination of the mailing list, of computing privileges, and/or of network access privileges.

Mass mailings are not compliant with the University Information Policy. Departments may generate targeted mailings of officially-required notification information in order to conduct departmental business. Such mass mailings may use either mailing lists or other means of collecting addresses to reach the target audience. In order to ensure that the electronic mail is sent to addresses in such a way that it doesn't overload the network or the mail systems, such targeted mailings need to be coordinated with campus system authorities. Other methods of communication in lieu of a large targeted mailing, such as Web posting or Netcasting of the information should be considered. For information or to request assistance with a mass mailing you may contact University Computing and Telecommunications.

 

VII. POLICY VIOLATIONS

Violations of University policies governing the use of University electronic mail services may result in restriction of access to University information technology resources. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements, up to and including dismissal.

 

VIII. RESPONSIBILITY FOR POLICY

The Vice Provost for Information Resources is responsible for development, maintenance, and publication of this Policy, through the proper University governance and policy formulation mechanisms.

 

EWU Homepage EWU Map What's Hot EWU Search