Policy on the Use of E-mail

Introduction

There are responsibilities involved in using the University’s e-mail facilities. By activating your University IT account, you are agreeing to abide by Information Services’ Rules and Regulations, agreeing to fulfil the responsibilities imposed by these regulations and recognising that you are subject to UK and other relevant laws.

This document explains more fully how these considerations govern your use of e-mail.

General Considerations

1. E-mail is not a confidential means of communication. You should bear in mind that e-mail messages can be very easily read by those for whom they were not intended and you should recognise particularly that e-mails can be:

    • intercepted by third parties (legally or otherwise)
    • accessed by any individuals mentioned in the e-mails, under data protection legislation
    • wrongly addressed
    • forwarded accidentally
    • forwarded by initial recipients to third parties against your wishes
    • viewed accidentally on recipients’ computer screens

2. Sensitive personal data should not be communicated by e-mail unless the express permission of the subject has been obtained or unless adequate encryption facilities have been employed.

3. Make sure that you do not include any defamatory comments in any e-mail messages. E-mail is a form of publication and the laws relating to defamation apply. Remember that a comment made in jest can be misinterpreted by its recipient. In a case of harassment it is the effect of a communication which is considered and not the intention of the sender.

4. You must never use a false identity in e-mails which you send. Bear in mind that there is no guarantee that e-mail received was in fact sent by the purported sender. If, for any reason, you do send an e-mail on behalf of someone else you should make that clear at the beginning of the message.

5. The AU e-mail system must not be used to create or distribute unsolicited, offensive, or unwanted e-mail, including the dissemination of chain letters. The sending of unsolicited marketing messages is a criminal offence.

6. You must not send e-mail messages that show the University in an unprofessional light or that could expose the University to legal liability. E-mails sent by a member of the University have the same standing as a letter on headed notepaper even if you describe the contents as “private”. If you wish to send e-mail and not be bound by this undertaking you should use an external e-mail provider.

7. Be very careful when downloading material from the internet and opening e-mail attachments if there is any suspicion of it including a virus. If you have any suspicions, do not open an attachment and contact Information Services staff immediately. You may be subject to University penalties if you are found to have been negligent in this regard, and you should also be aware that services or access to the system may have to be withdrawn for a period of time in order to rectify any problems caused by the spread of a virus by your computer.

8. Familiarise yourself with advice on phishing provided by Information Services

9. You must not invade anyone’s privacy by any means using e-mail.

10. You should not rely on e-mail for record-keeping purposes. Where long term accessibility is an issue you should transfer e-mail records to a more lasting medium or format.

11. The laws applying to copyright are applicable to e-mail messages and attachments. You should familiarise yourself with the University’s policies in relation to copyright and be careful when copying material for inclusion in e-mail.

12. Be aware that documents attached to e-mails may contain information from which the history of a document’s creation may be deduced. This data may identify those involved in generating or altering that item.

AU Considerations relating to Staff and Student Use

13. The University uses e-mail as an official form of communication with staff and students. All users are expected, therefore, to regularly check their AU e-mail for such communications. For this reason, and in order to ensure compliance with current legislation, the University does not permit users to set up the forwarding of AU e-mail to outside ISPs as there is a risk of e-mail not being correctly handled at the other site, and AU are not able to check for correct delivery when a dispute arises.

14. Staff and students should be aware that the University’s email system is outsourced to Microsoft under terms negotiated by Jisc Collections and Janet Ltd. For further details see https://www.jisc.ac.uk/network/cloud

15. If you have had a staff e-mail account, it is your responsibility to ensure that, if you leave or retire from the University, you arrange to make available any e-mail records relating to your work in the University. You should also set up an automated response providing an alternative contact within the University for any e-mails that might arrive following your departure. Similarly, if you are a member of staff who has changed departments, then it is your responsibility to ensure that any communications relevant to your previous position are either passed on to colleagues, or deleted, as appropriate.

16. Staff e-mail addresses are to be used primarily for the conduct of University business. Use of your AU e-mail account for personal purposes is acceptable provided that it does not interfere with your work and is fully compliant with these guidelines and other relevant University regulations.

17. The University reserves the right to add appropriate disclaimers or relevant promotional material to e-mails that are sent out, as and when is deemed necessary by the University Executive.

18. Staff should not forward e-mails relating to University business to personal, non-AU e-mail accounts (such as gmail or hotmail) particularly where these communications include personal data relating to others.

19. Staff members should only use the bcc field of an e-mail in instances where a communication is being sent to a group of people who have no need to know other recipients’ identities (e.g. other members of a trades union). Such emails should also make it clear that the email is being sent to a group. Use of bcc in other circumstances might be interpreted as underhand, thus creating a lack of trust. If, you do receive an e-mail as a recipient in the bcc line, take care not to ‘Reply All’ as that might alert others to the fact that you have received the original communication.

Monitoring of and Access to E-mail

20. The AU email system is offered to all members of the University in support of their work, research, and study. While there is no proscription on using the system for personal purposes as long as these do not compromise University-based activities, you must be aware that there can be circumstances where emails addressed to you can either be monitored or accessed under the strict conditions outlined here.

Monitoring of Email. Monitoring means that all or part of an email is inspected either automatically or by nominated University officers without further seeking your permission.. University staff never routinely inspect the contents of any e-mail. However, in accordance with the Regulation of Investigatory Powers Act 2000, there are occasions where some or all of this information may be viewed:

(i) Where a virus or malevolent e-mail attack is threatening the functioning of the whole system or is likely to delete or corrupt user data. In this case e-mail headers and other patterns of data may be examined in order to identify and delete the offending material. This monitoring is largely automated and no University officer is involved in directly viewing the information.

(ii) Where the Pro Vice-Chancellor (Chief Operating Officer), or, in their absence, the Director of Information Services or the Director of Human Resources, believes there is a prima facie suspicion that the University’s Regulations or Policy on the Use of E-mail have been contravened.

(iii) At the request of the police, where it has been established that co-operating is in direct furtherance of a criminal investigation. This access is subject to the regulations contained in the section of the website covering “Police Enquiries”.

Also, access may be required to support use of Blackboard (and submission of assignments) under the Blackboard Acceptable Use Policy: https://www.aber.ac.uk/en/is/regulations/blackboard_acceptable_use/

Information obtained through any e-mail monitoring will not be used for any purpose other than that for which it is collected unless such monitoring reveals activity of a nature that no employer or organisation could reasonably ignore.

Access to Email. This means that one or more nominated University officer is given permission to read e-mails addressed to you. Such authority will only be given in exceptional circumstances, in particular if, due to your absence from the University, an inability to access emails addressed to you could compromise the business of the University for a clearly identifiable reason. This is most likely to arise if you are a member of staff and absent due to sickness for any length of time, or if you are on holiday or have left the University without having put adequate arrangements in place.

Under such circumstances, a Head of Department or section can request Information Services to make existing emails available to a nominated University officer.

The officer(s) nominated to handle such emails will be instructed to use careful judgement before reading the content of any particular email item, for example by using the subject headers so as to avoid accessing email text that is clearly nothing to do with the area of business being progressed.

In using the University’s computer facilities you, as a student or member of staff, implicitly accept the University’s regulations and those of Information Services. Consequently, you have agreed to a right to inspection by Information Services staff under the circumstances explained above.

Data Protection and E-mail

21. As a member of the University you are covered by the Data Protection Act (1998) (and, from May 2018, the General Data Protection Regulation), or covered by equivalent legislation in other jurisdictions where the University operates. These prescribe a number of further rights and responsibilities in using e-mail:

    • Personal data is subject to this legislation. Under its terms, personal data includes any information about a living identifiable individual, including their name, address, phone number, and e-mail address. If you include such information in an e-mail or an attachment to an e-mail, you are deemed to be "processing" personal data and must abide by the legislation. Personal information also includes any expression of opinion.
    • You should be cautious about putting personal information in an e-mail. In particular, you should not collect such information without the individual knowing you propose to do this; you may not disclose or amend such information except in accordance with the purpose for which the information was collected; and you should ensure the information is accurate and up to date. You should not use e-mails for any purpose that is not permitted under AU's notification under the Data Protection Act. The University is currently permitted to process data for the following purposes: staff, agent and contractor administration; advertising, marketing, public relations; accounts and records; education; research; staff and student support services; other commercial services; university magazine and journal publications; crime prevention and prosecution of offenders; alumni relations. For a more detailed description of the data categories please go to the following page and follow the Search instructions (the University’s Registration Number is Z6483435): https://ico.org.uk/about-the-ico/whatwe-do/register-of-data-controllers/
    • The University has, by law, to provide any personal information held about any data subject who requests it under data protection legislation. This includes information on individual computers in departments, and you have a responsibility to comply with any instruction to release such data made by the University Data Protection Manager. Emails which contain personal information and are held in live, archive or back-up systems or have been "deleted" from the live systems, but are still capable of recovery, may be accessible by data subjects.
    • The law also imposes rules on you in retaining personal data. Such data should be kept only for as long as it is needed for the purpose for which it was collected. Information Services retain deleted e-mails for thirty days to allow for accidental loss or any other later requirement by the user for it to be retrieved.
    • You should take care when sending e-mails containing personal information to countries outside the European Economic Area, especially if those countries do not have equivalent levels of protection for personal data.

Sanctions

22. The University has to act within the law, which means it has, in turn, to ensure that its students and its employees are doing so, by enforcing the Rules and Regulations as explained in this Policy. Therefore, any breach of these Rules will be treated by the University as a serious disciplinary matter.

 

 

Related Policies:

Aberystwyth University - Information Security Policy Statement

Information Security Policy: Responsibilities of Staff

Information Services Regulations, Policies and Guidelines