EMAIL USAGE
Effective: August 15, 2024
Purpose: The purpose of this policy is to ensure the proper use of Emporia State University’s email systems used by faculty, staff, student workers, and volunteers, and the email accounts used for undergraduate and graduate students, retired faculty, and alumni using the University’s domain name. Email is a tool provided by the University as an official form of communication and to supplement traditional forms of communication and improve education and administrative efficacy. It is the responsibility of the users to use this resource in an efficient, effective, ethical, and lawful manner.
Scope: This policy applies to faculty, staff, students, official University affiliates, and any other individual who uses University email resources.
Responsible Office: Information Technology
Policy Statement: All users are responsible for taking the steps necessary to protect University information.
The Chief Information Officer (CIO), or designee, is responsible for monitoring and reporting compliance with this policy and for reviewing this policy on an annual basis.
Ownership of Email Data
The University owns the email accounts maintained in the “@emporia.edu” and “@g.emporia.edu” domain names respectively (collectively referred to as “University Email Accounts). Subject to underlying copyright and other intellectual property rights under applicable laws and University policies, the University also owns data transmitted or stored using the University Email Accounts.
Privacy and Right of University Access
While the University will make every attempt to keep email messages secure, privacy is not guaranteed, and users should have no general expectation of privacy in email messages sent through a University Email Account. It may be necessary for the IT staff or other appropriate University officials to access University Email Accounts under certain circumstances for authorized or other official purposes. Such circumstances resulting in access without expressed consent of the individual user must be authorized, in advance, by the University’s General Counsel. In the instance where the University Email Account holder will not or cannot access the University Email Account for any reason, such as death, disability, illness or separation from the University for a period of time or permanently, University IT staff may have to access the account to continue University business. Such access will be on a case-by-case basis and any email accessed will only be disclosed to those individuals with a need to know or as required by law.
Appropriate Use
When using a University Email Account as an official means of communication, students, faculty, and staff should apply the same professionalism, discretion, and standards that they would use in written business communication. Users of email shall not disclose information about students or employees in violation of University policies or laws that protect the confidentiality of such information.
Unauthorized transmission of private personally identifiable information about University faculty, staff, students, alumni or other University members via email is not permitted. This may include but is not limited to Social Security numbers, bank account information, tax forms, student data, or other sensitive information. When encryption is not available, unencrypted student grades may be transmitted only between students and their faculty.
Students who are employed by the University should not store information relating to their employment on their University Email Account.
Approval for access to Global Distributions Lists must be obtained from the Executive Director of Marketing or a designee represented in the Global Distribution List guidelines.
Inappropriate Use (as described within this policy) by students or employees may result in disciplinary action up to and including suspension or termination.
Inappropriate Use
All University Email Accounts are subject to the acceptable use policies of the software providers of those email accounts. In addition, any inappropriate email usage, examples of which are described below and elsewhere in this policy, is prohibited. Users receiving such email should immediately contact the University’s IT Help Desk.
Inappropriate email usage includes the exchange of email content that:
- Generates or facilitates unsolicited bulk commercial email;
- Infringes on another person’s copyright, trade, or service mark, patent, or other property right or is indeed to assist others in defeating those protections;
- Violates, or encourages the violation of, the legal rights of others or federal and state laws;
- Is for any unlawful, infringing, malicious, or fraudulent purpose;
- Intentionally distributes malware, corrupted files, hoaxes, scams, or other items of a destructive or deceptive nature;
- Alters, disables, or interferes with the use of the email services, or the equipment used to provide the email services, by customers, authorized resellers, or other authorized users;
- Tests or reverse-engineers the email services in order to find limitations, vulnerabilities or evade filtering capabilities;
- Constitutes, fosters, or promotes pornography;
- Is excessively violent, incites violence, threatens violence, or contains harassing content;
- Creates a risk to a person’s safety or health, creates a risk to public safety or health, compromises national security, or interferes with an investigation by law enforcement;
- Improperly exposes trade secrets or other confidential or proprietary information of another person; or
- Misrepresents the identity of the sender of an email.
Other improper uses of the email system include:
- The use of, or attempted use of, the accounts of others without their permission, unless otherwise authorized;
- Collecting or using email addresses, screen names information or other identifiers without the consent of the person identified (including, without limitation, phishing, Internet scamming, password robbery, spidering, and harvesting);
- Use of the service to distribute software that covertly gathers information about a user or covertly transmits information about the user; or
- Any conduct that is likely to result in retaliation against the University’s network or website, or the University’s employees, officers, or other agents, including engaging in behavior that results in any server being the target of a denial of service attack (DoS).
These guidelines provide examples of permitted or prohibited use of email. This list is not intended to be exhaustive but rather to provide illustrative examples.
The Information Security Officer (ISO) is responsible for reporting email abuse to the CIO, initiating Incident Response protocols, and referring internal violation of email abuse to Human Resources (for employee violations) or Enrollment Management and Student Success (for student violations).
Violations of the policy may result in account restrictions and/or other appropriate disciplinary action.
The President or designee must approve any exceptions to this policy.
Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in another University or Board of Regents policy or by statute or regulation.
Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Information Technology.
[Information Technology procedures - coming soon]
Related Policy Information: [coming soon]