Policy Number: 220.127.116.11
Category: Information Technology
Effective: August 17, 2018
Revision History: Originally effective October 15, 2004
Next Review Date: August 16, 2021
Purpose & Scope:
- The purpose of this Policy is to establish the governing rules for the issuance, use, and security of the electronic mail services at West Virginia University, West Virginia University Institute of Technology, and Potomac State College of West Virginia University (collectively known as “University”).
- This Policy applies to all authorized Account Holders who have access to a University Email Account or those requesting authorization to use a University Email Account.
EMAIL USAGE AT THE UNIVERSITY:
- The University will provide a University Email Account to all students, faculty, staff, and other Account Holders to use as an official form of communication in support of its educational, administrative, research, and outreach activities.
- The contents of all University Email Accounts are the property of the University,
not the Account Holder; therefore, the University reserves the right to:
- Monitor University Email Accounts to ensure compliance with applicable laws and University policies;
- Access and review all electronic information transmitted over or stored in University Email Accounts; and,
- Release information from University Email Accounts to third-parties, when required.
- Although the University supports a climate of trust and respect, no Account Holder should expect complete confidentiality or privacy when using a University Email Account, even for de minimis (or incidental) personal use.
- The University highly discourages the use of University Email Accounts to communicate Sensitive University Data, as outlined in the Sensitive Data Protection Policy. Approved methods of sending Sensitive University Data electronically can be found in the Sensitive Data Protection Standard.
- A bulk mailing service, whether supported by Information Technology Services (“ITS”) or a third-party supplier, must be used when sending messages to more than 500 recipients.
- A Compromised University Email Account will be promptly remedied through appropriate actions outlined in the Information Security Event Response Policy. University Email Accounts that exhibit a repeated pattern of compromise will be suspended until the Account Holder has completed appropriate training.
- Faculty and staff may only use their University Email Account to conduct University business. Personal usage that is more than de minimis (or incidental) violates this Policy and may also violate the West Virginia Ethics Act.
- External Email Accounts cannot be used, in any way, to conduct University business activity.
EMAIL MISUSE AT THE UNIVERSITY:
- Any misuse of a University Email Account is a violation of this Policy. Misuse
includes, but is not limited to the following:
- Using a University Email Account for Illegal Activities;
- Using a University Email Account for activities that violate University policies, such as promoting personal commercial activities, conducting political lobbying, or sending commercial messages (e.g., advertising, sponsorship) that are not clearly related to or support the mission of the University;
- Accessing another person’s University Email Account without authorization;
- Using an External Email Account to automatically forward/redirect a University Email Account to a personal email account;
- Sending messages from a personal email account that appear to be from a University Email Account;
- Sending fraudulent communications or impersonation via a University Email Account; and,
- Engaging in activities that can cause direct or indirect strain on the University’s computing facilities or interfere with other Account Holders’ use of University email (e.g., sending chain letters, spam, letter bombs, or knowingly transmitting computer viruses).
- Any misuse of a University Email Account is a violation of this Policy. Misuse includes, but is not limited to the following:
EMAIL ACCOUNT HOLDER RESPONSIBILITIES:
- Access to a University Email Account is a privilege with certain accompanying
responsibilities. Account Holders who use a University Email Account must:
- Comply with state and federal laws, University policies, and normal standards of professional and personal courtesy and conduct;
- Check their University Email Account regularly to receive University communications;
- Exercise caution when responding to or forwarding email messages received to their University Email Account to avoid an inadvertent disclosure of Sensitive University Data;
- Forward all email related to University business and received to an External Email Account to the Account Holder’s University Email Account and notify the sender to use the University Email Account if future correspondence is anticipated. Marketing and other unsolicited messages may be deleted immediately without notifying the sender;
- Never misuse a University Email Account.
- Report any known or suspected violation of this Policy as outlined in the Information Security Event Response Policy.
- Access to a University Email Account is a privilege with certain accompanying responsibilities. Account Holders who use a University Email Account must:
- “Account Holder” means faculty, staff, students, and other Account Holders affiliated with the University who have been assigned a University Email Account.
- “Compromised University Email Account” means a University Email Account that has been maliciously broken into and could be used by an unauthorized individual for nefarious reasons.
- “External Email Account” Any email account not created and issued by West Virginia University Information Technology Services or WVU Health Sciences Center Information Technology Services.
- “Illegal Activities” means activities that break international, federal, state, or local laws such as obscenity; child pornography; threats; harassment; theft; attempting unauthorized access to data or attempting to breach any security measures on any electronic communications system; attempting to intercept any electronic communication transmission without proper authority; and violation of copyright, trademark, or defamation law.
- “Sensitive University Data” means data identified in the Sensitive Data Protection Policy that is subject to international, federal, or state restrictions governing its processing, storage, transmission or use (e.g., personally identifiable information, credit card information, protected health information). If disclosed, Sensitive University Data could cause significant harm to the University or its constituents.
- “University Email Accounts” means all electronic mail services provided, owned, or funded in part by the University and operated by West Virginia University Information Technology Services or WVU Health Sciences Center Information Technology Services. This term applies to processing, storage, transmission, and use of electronic mail data, including but not limited to email headers, summaries, and addresses associated with email records, attached files, or text. This term does not apply to voicemail, audio/video conferencing, or facsimile messages.
ENFORCEMENT & INTERPRETATION:
- Any faculty or staff who violates this Policy shall be subject to appropriate disciplinary action.
- Any student who violates this Policy shall be subject to appropriate disciplinary action in accordance with the Student Code of Conduct.
- Any other Account Holder who has a University Email Account and violates this Policy shall be subject to appropriate corrective action, including, but not limited to, termination of their relationship with the University.
- The University Chief Information Officer, supported by the Chief Information Security and Privacy Officer, will coordinate with appropriate University entities on the implementation and enforcement of this Policy.
- Responsibility for interpretation of this Policy rests with the Chief Information Officer.
- All other University policies are also applicable to the electronic environment.
Relevant institutional policies and procedures include, but are not limited
- Acceptable Use of Data and Technology Resources
- Information Security Event Response Policy
- Sensitive Data Protection Policy
- ITS LISTSERV Procedure
- Sensitive Data Protection Standard
Email Account Standard
- Faculty Handbook
- Code of Student Rights and Responsibilities (Code of Conduct)
- WVU Culture and Talent Policies
- WV Higher Education Policy Commission Rules and Policies
- All other University policies are also applicable to the electronic environment. Relevant institutional policies and procedures include, but are not limited to: