Legislative History: Approved by the President: 2004/04/28; Reviewed by UEC;
Approval Authority: President
Electronic mail (e-mail) resources are provided to students, faculty, staff and other authorized individuals for their use in the support of the learning, teaching and research mission of the University and the administrative activities that underpin this mission. These guidelines and procedures regarding access, use and disclosure of electronic mail are meant to assist in ensuring that the University’s resources serve the intended purpose.
These guidelines and procedures supplement and clarify the principles set out in the Policy on Computing and Information Technology Facilities and apply to all e-mail resources provided by the University including centrally managed e-mail service as well as those provided by individual units (e.g. Faculties and Departments) of the University.
Roles and Responsibilities
Users: Those individuals using University e-mail resources have the responsibility for managing their use of e-mail in accordance with University policies and procedures.
Central Computing Support Group: Computing and Network Services (CNS) is responsible for the management of the University’s central information technology services including centrally managed e-mail and shall ensure that measures are in place to manage access and use of e-mail in accordance with these guidelines and procedures as well as other relevant University policies, guidelines and regulations.
Local Computing Support Unit: Individuals or groups that manage services which provide e-mail to a sub-set of the University Community as an alternative to University Centrally Managed E-mail shall ensure that measures are in place to manage access and use of e-mail in accordance with these guidelines and procedures as well as other relevant University policies, guidelines and regulations.
University E-mail Providers: Units within the University which provide a group of users with access to electronic mail resources shall register the service with the Client Services unit of the Central Computing Support Group in order to facilitate the on-going management, security and integrity of the University’s information systems.
University E-mail Resources: Any information technology systems attached to the University network infrastructure involved in the hosting of e-mail accounts.
University Centrally Managed E-mail: Those e-mail resources that are provided and managed by the University’s central computing support group (e.g. @yorku.ca e-mail).
Unsolicited Bulk E-mail: Distribution of message(s) containing the same or substantially similar content to multiple recipients which has not been authorized by the recipient or where the recipients do not have a related academic, employment or other administrative relationship with the sender.
- Access: Access to York University e-mail is provided to users for their use in pursuing the learning, teaching and research mission of the University and the administrative activities that support the mission. E-mail accounts are provided in accordance with relevant guidelines and procedures set out for account management.
- Appropriate Use: Users shall adhere to the Policy on Computing and Information Technology Facilities and the accompanying Guidelines for Users of Computing and Information Technology Facilities as well as other relevant University policies, guidelines and regulations. E-mail resources may be used for incidental personal purposes, provided that such use does not interfere with the operation of University facilities, burden the University with incremental costs or interfere with the user’s employment or other obligations to the University. The general principles of non-electronic correspondence hold for the use of electronic mail and include the following: Users shall observe copyright provisions; Users shall explicitly make note if a message is confidential and not to be forwarded; Messages that have been misaddressed and delivered to an unintended recipient shall be returned by the recipient and they shall delete any copy present in their files.
- Confidentiality: By its nature, E-mail is not a confidential medium; it is possible for messages to be intercepted, modified, copied or redirected without the knowledge of the sender or recipient by those with sufficient access to the email transport systems or networks. Those using e-mail to transmit confidential University information shall make use of encryption technology approved by Information Security.
- Inappropriate Use: Inappropriate use of e-mail resources include but are not limited to: unsolicited messages sent to multiple recipients for commercial purposes; constructing and transmitting an e-mail message so that it appears to be from someone else; other uses that are deemed inappropriate in the Guidelines for Users of Computing and Information Technology Facilities.
- Withdrawal of Privileges: The University may deny or withdraw access to its electronic mail services when required by law or there is substantial reason to believe that a violation of law or policy has taken place.
- University Access and Disclosure: E-mail shall be treated the same as non-electronic information or correspondence. Authorized University officials may access, monitor, copy or disclose e-mail when: there is substantial reason to believe that violation of University policy or law may have taken place; required by law; information is required to meet time-dependent, critical needs; or information is needed in order to carry on the normal operations of the University. In cases where e-mail to be accessed is encrypted, users shall provide the University with access to the decryption keys when requested to do so by appropriate University authorities. In all cases, access shall be carried out in accordance with the Procedures noted below.
- Routine Monitoring: The University may routinely use automated e-mail monitoring facilities for detecting viruses, spam or other malicious content that may affect the integrity or effective operation of the University’s e-mail related resources.
- Bulk E-mail: Individuals or groups within the University may distribute bulk e-mail to groups of users only where such distribution is authorized as set out in the Procedures noted below.
University Access and Disclosure –
The following process shall be followed to obtain advance approval from the appropriate University authority prior to accessing the e-mail communications of a user without the consent of the user(s):
- In cases where access is required by law or there is substantial reason to believe that violation of policy or law may have taken place the request for access must come from a Department Chair or Unit Director or more senior authority with appropriate approval from a Dean, University Librarian, Vice-President, University Counsel or President.
- In cases where access is necessary to obtain information necessary to maintain the normal operation of the University the request for access must come from a Unit Manager, Executive or Administrative Officer, Department Chair or more senior authority with appropriate approval from the Unit Director, Dean, University Librarian, Vice-President or more senior authority.
- Requests for access with approvals must be communicated to University Information Security or Chief Information Officer who will have responsibility for fulfillment of the request with assistance of required technical staff in writing (either paper or electronic form).
- A request for access must include: name and title of user whose communications are to be accessed; name and title of individual requesting access; reason for access; duration of access; relevant restrictions on communications required (e.g. between specific parties or for certain time periods); what will be done with the accessed messages.
- All those involved in gaining access to the communications must hold the process and resulting findings in strict confidence.
Distribution of Bulk E-mail to Groups –
In accordance with the Bulk E-mail guideline above:
- Other than messages sent as part of an approved University communications program, messages may be sent to the University Community or significant portions of it when it is necessary to communicate information related to an issue that puts the work or safety of those members of the University community at risk.
- A request to distribute a message to the University Community or significant portions of it must be directed to the Division of Communications. Approval for distribution must come from a Vice-President or the President.