Policy on the Use of E-mail

Introduction

Electronic mail (e-mail) is now an important means of communication for most members of the University. Messages can be delivered almost anywhere in the world rapidly and it is simple to generate, reply to, or forward e-mail.

There are responsibilities involved in using e-mail. In signing Information Services’ Rules and Regulations you have agreed to fulfil these responsibilities and you are also covered by UK law.

This document explains more fully how these considerations govern your use of e-mail.

General Considerations

  1. E-mail is not a confidential means of communication. Use the “bulletin board” test: would you be content to post the contents of your e-mail as a bulletin for all to see? You should bear in mind that e-mail messages can be very easily read by those for whom they were not intended and you should recognise particularly that e-mails can be:

    • intercepted by third parties (legally or otherwise)
    • wrongly addressed
    • forwarded accidentally
    • forwarded by initial recipients to third parties against your wishes
    • viewed accidentally on recipients’ computer screens
  2. Sensitive personal data must not be communicated by e-mail unless the express permission of the subject has been obtained or unless adequate encryption facilities have been employed.
  3. Make sure that you do not include any defamatory comments in any e-mail messages. E-mail is a form of publication and the laws relating to defamation apply. Remember that a comment made in jest can be misinterpreted by its recipient. In a case of harassment it is the effect of a communication which is considered and not the intention of the sender.
  4. You must never use a false identity in e-mails which you send, and bear in mind that there is no guarantee that e-mail received was in fact sent by the purported sender. If, for any reason, you do send an e-mail on behalf of someone else you should make that clear at the beginning of the message.
  5. The AU e-mail system must not be used to create or distribute unsolicited, offensive, or unwanted e-mail, including the dissemination of chain letters. The sending of unsolicited marketing messages is now a criminal offence.
  6. You must not send e-mail messages that show the University in an unprofessional light or that could expose the University to legal liability. E-mails sent by a member of the University have the same standing as a letter on headed notepaper even if you describe the contents as “private”. If you wish to send e-mail and not be bound by this undertaking you should use an external e-mail provider.
  7. Be very careful when downloading material from the internet and opening external e-mails if there is any suspicion of it including a virus. If you have any suspicions, do not open an attachment and contact Information Services staff immediately.
  8. You must not invade anyone’s privacy by any means using e-mail.
  9. You should not rely on e-mail for record-keeping purposes. Where long term accessibility is an issue you should transfer e-mail records to a more lasting medium or other electronic environment.
  10. The laws applying to copyright are applicable to e-mail messages and attachments. You should familiarise yourself with the University’s policies in relation to copyright and be careful when copying material for inclusion in e-mail.
  11. Be aware that documents attached to e-mails may contain information from which the history of a document’s creation may be deduced. This data may identify those involved in generating or altering that item.

AU Considerations relating to Staff and Student Use

  1. The University uses e-mail as an official form of communication with staff and students. Students are expected, therefore, to regularly check their AU e-mail for such communications. For this reason the University does not permit students to set up the forwarding of AU e-mail to outside ISPs as there is a risk of e-mail not being correctly handled at the other site, and AU are not able to check for correct delivery were there a dispute.
  2. If you have had a staff e-mail account, it is your responsibility to ensure that, if you leave or retire from the University, you arrange to make available any e-mail records relating to your work in the University, and this should include, by arranging for forwarding, any e-mails that might arrive following your departure.
  3. Staff e-mail addresses are to be used primarily for the conduct of University business. The personal use of e-mail is acceptable provided that it does not interfere with the employee’s work and is fully compliant with these guidelines and other relevant university regulations.

Monitoring of and Access to E-mail

  1. The AU email system is offered to all members of the University in support of their work, research, and study. While there is no proscription on using the system for personal purposes as long as these do not compromise University-based activities, you must be aware that there can be circumstances where emails addressed to you can either be monitored or accessed under the strict conditions outlined here.

    Monitoring of Email. Monitoring means that all or part an email is inspected either automatically or by nominated University officers without further seeking your permission. On behalf of the University, Information Services retain records containing full details for all emails for a period of sixty days. University staff never routinely inspect the contents of any e-mail. However, in accordance with the Regulation of Investigatory Powers Act 2000, there are occasions where some or all of this information may be viewed:

    (i) Where a virus or malevolent e-mail attack is threatening the functioning of the whole system or is likely to delete or corrupt user data. In this case e-mail headers and other patterns of data may be examined in order to identify and delete the offending material. This monitoring is largely automated and no University officer is involved in directly viewing the information.

    (ii) Where the Registrar and Secretary, or, in his/her absence, the Director of Information Services or the Director of Human Resources, believes there is a prima facie suspicion that the University’s Regulations governing the use of e-mail have been contravened.

    (iii) At the request of the police, where it has been established that co-operating is in direct furtherance of a criminal investigation. This access is subject to the regulations contained in the section of the website covering “Police Enquiries”.

    Information obtained through any e-mail monitoring will not be used for any purpose other than that for which it is collected unless such monitoring reveals activity of a nature that no employer could reasonably ignore.

    Access to Email.This means that one or more nominated University officer is given permission to read emails addressed to you. Such authority will only be given in exceptional circumstances, in particular if due to your absence from the University an inability to access emails addressed to you could compromise the business of the University for a clearly identifiable reason. This is most likely to arise if you are absent due to sickness for any length of time, or if you are on holiday or have left the University without having put adequate arrangements in place.

    Under such circumstances, a Head of Department or section can request Information Services to make existing emails available to a nominated University officer and to arrange forwarding of new emails to that person.

    The officer(s) nominated to handle such emails will be instructed to use careful judgement before reading the content of any particular email item, for example by using the subject headers so as to avoid accessing email text that is clearly nothing to do with the area of business being progressed.
  2. In using the University’s computer facilities you implicitly accept the University’s regulations and those of Information Services. Consequently, you have agreed to a right to inspection by Information Services staff under the circumstances explained in paragraph 15.

Data Protection and E-mail

  1. As a member of the University you are covered by the Data Protection Act (1998). This prescribes a number of further rights and responsibilities in using e-mail
    • Personal data is subject to the Act. Under its terms, personal data includes any information about a living identifiable individual, including his/her name, address, phone number, and e-mail address. If you include such information in an e-mail or an attachment to an e-mail, you are deemed to be "processing" personal data and must abide by the Act. Personal information includes any expression of opinion.
    • You should be cautious about putting personal information in an e-mail. In particular, you should not collect such information without the individual knowing you propose to do this; you may not disclose or amend such information except in accordance with the purpose for which the information was collected; and you should ensure the information is accurate and up to date. You should not use e-mails for any purpose that is not permitted under AU's notification under the Act. The University is permitted to process data for the following purposes: staff, agent and contractor administration; advertising, marketing, public relations; accounts and records; education; research; staff and student support services; other commercial services; university magazine and journal publication; crime prevention and prosecution of offenders; alumni relations. For a more detailed description of the data categories please go to the following page and follow the Search instructions (the University’s Registration Number is Z6483435): http://www.ico.gov.uk/tools_and_resources/register_of_data_controllers.aspx
    • The University has by law to provide any personal information held about any data subject who requests it under the Act. This includes information on individual PCs in departments and you have a responsibility to comply with any instruction to release such data made by the University Data Protection Manager. E-mails which contain personal information and are held in live, archive or back-up systems or have been "deleted" from the live systems, but are still capable of recovery, may be accessible by data subjects.
    • The law also imposes rules on you in retaining personal data. Such data should be kept only for as long as it is needed for the purpose for which it was collected. Information Services retain deleted e-mails for three months to allow for accidental loss or any other later requirement by the user for it to be retrieved.
    • You should take care when sending e-mails containing personal information to countries outside the European Economic Area, especially if those countries do not have equivalent levels of protection for personal data.

Sanctions

  1. The University has to act within the law, which means it has, in turn, to ensure that its employees are doing so, by enforcing the Rules and Regulations as explained in this Policy. Therefore, any breach of these Rules will be treated by the University as a serious disciplinary matter.

 

Related Policies - AU Information Security Policy:
Aberystwyth University - Information Security Policy Statement
Information Security Policy: Responsibilities of Staff