P21-01 Email Policy

Month/Year Posted: 
April, 2021
Policy Number: 
P21-01

Responsible Office: Information Technology Services

Applies to:  All persons and departments assigned an HSU email account

This document describes the email services provided by Humboldt State University (HSU), and outlines the campus’ responsible use policy for HSU faculty, staff, students, volunteers, emeriti, auxiliaries, and others who receive a university-provided email account.

Supersedes:  P16-01 Email Policy

Purpose of the Policy:

ICSUAM 8000 – System Wide Information Security Policy

HSU recognizes email systems as tools for conducting official university business. As such, HSU provides centrally managed enterprise email accounts for faculty, staff, matriculated students and others (as described in this document’s Eligibility section).

Policy Details

I.         EMAIL USAGE

A.        TYPES OF EMAIL USER ACCOUNTS

Individual Employee Accounts

Email accounts for faculty, staff, and others will be created based on user eligibility (see Eligibility section below). The email account generated will be considered the individual’s primary email account to be used for official university communication.

Student Accounts

Student email accounts will be created based on user eligibility (see Eligibility section below). The student email account will be used for official university communication.

Shared Accounts

Shared accounts can be created for a department or college to support business operations. Each department is responsible for managing the security and appropriate use of its shared accounts.

B.        EMAIL USAGE RESPONSIBILITIES

1.    Faculty and staff will use the campus-provided email system when they conduct HSU academic and administrative business.

2.    Campus email accounts can be used for incidental personal usage, but all contents of the email system are subject to public records disclosures and subpoena as dictated by local, state, and federal laws.

3.    Faculty, staff and other account holders should not send Level 1 confidential information on email. Confidential information includes, but is not limited to, an individual’s name in combination with Social Security Number, driver’s license/California identification card number, health insurance information, medical information, or financial account number such as credit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.  Level 2 FERPA information is allowed on core Google services, including campus Gmail accounts, due to the CSU Google Contract.  Data levels are defined in the Data Classification Standards.

4.    Email account holders are responsible for safeguarding access to their campus email when using any computing device.

5.    Access to faculty and staff email is provided through a standard set of campus-approved email clients and protocols to ensure consistent and secure service and technical support to email users. (See Faculty and Staff Email Clients and Protocols section below.)

6.    Campus email systems can be synced with mobile devices, as  supported by Google and with best effort support by ITS.

C.        SECURITY AND PRIVACY OF EMAIL

1.    Electronic communications such as email content and attachments are university records. As such they may be subject to disclosure in accordance with valid subpoenas, warrants, Public Records Access requests, and other state and federal laws.

2.    Email sent to or from campus email systems are property of the university and thus subject to university controls, including elimination, in order to protect network performance and ensure fair use of computing resources.

3.    Campus email is scanned and filtered for security threats such as malware, viruses and potentially dangerous files

4.    Sections 3 and 5 of the CSU Responsible Use Policy defines scenarios in which the campus may need to access data in individual accounts:

D.        PROHIBITED EMAIL ACCOUNT ACTIVITIES

HSU prohibits certain email activities, including the following:

1.    Email masquerading, which misrepresents an email user’s account name or host name on a sent email.

2.    Automatic forwarding of email from a @humboldt.edu address to a non-@humboldt.edu address by employees.   (Users can forward selected, individual emails from a @humboldt.edu address, however auto-forwarding all campus email to non-HSU email accounts prevents HSU from providing email records to legal entities when officially required to do so.)

3.    Sending blanket, all-campus email to employees or students (see Critical Immediate Send Messages, EM P06-02 which specifies who can grant exceptions and under what circumstances).  This prohibition is not meant in any way to abrogate the rights set out in Collective Bargaining Agreements for unions to utilize university email for union business.

4.    Harassment (offensive conduct of an unwelcome nature on the basis of any of the characteristics identified), illegal activities, or non-university related commercial business activities.

5.  Using a HSU email account to violate the Academic Integrity and Honesty Policy

E.         ELIGIBILITY

The following users are provided HSU email accounts, as long as the accounts remain active (defined as accessing the account at least once a year and not allowing the password to expire):

1.    Faculty, staff, and volunteers with records created in PeopleSoft are eligible for individual employee accounts. 

2.    Matriculated students are eligible for student accounts.

3.    Self-support and auxiliary employees as identified by each auxiliary organization are eligible for individual employee accounts.

4.    Retired faculty and staff with an official emeritus designation may retain their individual employee accounts as long as their accounts remain active.

5.  Former employees can retain their email accounts for a transition period after leaving the campus defined by the Employee Account Lifecycle Procedure

5.    Guests and other individuals may receive email accounts for a limited time by request of campus-defined sponsors by requesting a contractor account.

6.    Former students can retain email accounts for a transition period after leaving the campus defined by the Student Account Lifecycle Procedure

7.    Individuals eligible for an account who have allowed their accounts to expire can request that a new account be created.  This will be done using the same HSU Username, but may have a different email address or alias(es).

 F.         EMAIL ACCOUNT NAMING CONVENTIONS

1.    Each faculty, staff, auxiliary, and volunteer email user is entitled to one mailbox based on their HSU Username (abc123) and a formal alias which is provided per the following naming convention: 

          i.        firstname.lastname@humboldt.edu

2.    When multiple identical firstname.lastname situations occur for email users, uniqueness will be achieved by applying sequential numbering to the email account name or inclusion of middle initials.

3.    Each student user is entitled to one mailbox which is provided per the following naming convention:

          i.        HSUUsername@humboldt.edu

4.    Student aliases and additional employee aliases are available through Account Settings on request.

 G.        TERMINATION OF EMAIL ACCOUNTS

Typical termination conditions are:

1.    Standard employee and student lifecycles:

Users who do not have an active affiliation in the campus Identity Management System as defined by the Student or Employee Lifecycle procedures account terminated.

For a limited period of time, faculty member accounts may be retained by the university and may be accessed by a separated, terminated, or retired faculty member to address grade appeals.

2.    Violation of Campus Computing Policies or Guidelines:

Violations as defined in the campus acceptable use policy or campus computer usage and safety guidelines will result in email account termination.

3.    Disciplinary Action:

The account will be handled based on direction from Student Conduct, Human Resources, Faculty Affairs or University Police. This will generally involve suspending, deleting or reassigning the account.

4.    Inactivity:

If an account is not accessed for a year, or if the password is allowed to expire, it will be considered inactive and may be suspended, archived, or deleted. 

 H.        FACULTY AND STAFF EMAIL MESSAGE RECOVERY

1.   Email Message Recovery

Email messages deleted by a user are automatically emptied from the user account’s trash bin on a periodic basis and may be manually emptied from the trash bin anytime by the user. After automatic removal, which Gmail currently does after 30 days, or manual removal from an account’s trash bin, a message should be assumed to be irretrievable.

2.     Email Message Archiving

Email message archiving is not provided because there is ample inbox and folder storage available.

J.         FACULTY AND STAFF EMAIL CLIENTS AND PROTOCOLS

The email system can be accessed using standard campus-approved email clients and protocols as defined by  Google

K.         USING CAMPUS EMAIL WITH MOBILE DEVICES

Personal mobile devices can be configured by users to synchronize with the HSU email system and instructions are available for the recommended mobile devices on Google’s support pages.

L.         EMAIL RETENTION

Email, by itself, is not specifically listed as a ‘record type’ within the CSU records retention and disposition schedule.  An email may become a record depending on its content. If an email is deemed a record then it is subject to the CSU retention and disposition schedule and should be moved to more permanent storage. Refer to the CSU Records Retention and Disposition Schedules.

II.         RESPONSE TO VIOLATIONS

The University reserves the right to temporarily or permanently suspend, block, or restrict access to information assets when it reasonably appears necessary to do so to protect the confidentiality, integrity, availability, or functionality of those assets.

Any disciplinary action resulting from violations of these guidelines or program supporting policies, standards or procedures shall be administered in a manner consistent with the terms of the applicable collective bargaining agreement and/or the applicable provisions of the California Education Code. 

                         

History

Issued: 04/19/2021
Revised:
Edited: 03/08/2018
Reviewed: