Electronic Mail Policy
RELATED COLLEGE POLICIES
Acceptable Use of Information Technology Resources Policy, Password Policy, Remote Access Policy, Privacy Policy
|
POLICY CATEGORY Information Technology Services |
APPROVAL AUTHORITY President’s Leadership Team |
||
|
POLICY OWNER Vice President, Information Technology Services and Chief Data Officer |
POLICY STAKEHOLDER Data and Technology Council |
||
|
CONFIDENTIAL LEVEL Public, Internal, Confidential: Public |
|||
|
APPROVAL DATE 9/2019 |
EFFECTIVE DATE 9/2019 |
REVIEW FREQUENCY Annual |
|
PURPOSE/SCOPE
The purpose of this policy is to define the acceptable use of Bristol Community College (“Bristol” or “college”) electronic mail (“email”). Email is a tool provided by Bristol that functions as a primary means of communication and improves educational and administrative efficiency. College employees and students (“users”) have the responsibility to use this resource in an efficient, ethical, and lawful manner. Use of college email accounts evidences the user's agreement to this policy. This policy must be read in conjunction with the Acceptable Use of Information Technology Resources Policy.
This policy applies to any person authorized to use email services or systems the college owns or manages. The following persons (“users”) are authorized to use Bristol information technology resources: (1) current faculty; (2) current staff; (3) current students; (4) authorized contractors or vendors; and (5) authorized visitors.
POLICY STATEMENT
Bristol Community College has established email as a means of sending official information to the college community. To support this objective, the college provides an email account to all active employees and students at Bristol and it is expected that this account is used for all college-related communications.
Users shall have no expectation of privacy over any communication, transmission or work performed using or stored on Bristol owned information technology resources. Bristol owns all college email accounts, messages, attachments, and addresses it provides to users. The college may wholly or partially restrict access to email without prior notice and without the consent of the user when there is reason to believe that violations of law or Bristol policy have occurred, or in other urgent or compelling circumstances. All email users are bound by the Bristol Community College Acceptable Use of Information Technology Resources Policy.
It is strongly encouraged that employees not store college-related business records on personal devices or accounts. Where a personal device or account is used to conduct college business, all records and communications created, including email, shall constitute public records under the Public Records Law and shall be retained in accordance with the Commonwealth of Massachusetts Record Retention Schedule. Further, an employee shall have no expectation of privacy over college records created and/or stored on a personal device or account.
Uses of Email
- Users are expected to read Bristol email on a regular basis and manage their accounts appropriately. An email message regarding college matters is considered an official notice.
- The college requires that all users conduct college business and academic-related communications using an official college-issued email account.
- All incoming email is scanned for malware and attempts are made to block suspected messages from user email accounts. It is impossible to guarantee protection against all malware and users should take proper care and consideration to prevent its spread.
- College email services may be used for incidental personal purposes if such use does not burden Bristol with noticeable incremental cost(s) or interfere with the user’s employment or other obligations to the college.
- Forwarding email by college employees that contains personally identifiable information as defined within the Acceptable Use of Information Technology Resources Policy, whether automatically or manually, is prohibited.
- Auto-forwarding of email by all users is only permissible if the destination email server is an internally-administered college email system or has been previously authorized.
- Unacceptable use of college email shall include, but is not limited to, the following:
- any illegal or unethical act, including violation of any criminal or civil laws or regulations, whether state or federal;
- any conduct that violates the college’s Policy on Affirmative Action, Equal Opportunity and Diversity;
- any conduct that violates the college’s Code of Student Conduct;
- any conduct that unreasonably interferes with the normal operation of the College;
- any commercial or profit-making purpose;
- sending threatening or harassing messages, whether sexual or otherwise;
- accessing or sharing sexually explicit or obscene materials;
- infringing on any copyright or intellectual property rights;
- any use that causes interference with or disruption of network users and resources, including propagation of computer viruses or other harmful programs;
- intercepting communications intended for other persons;
- misrepresenting the college or a person’s role at the college;
- distributing chain letters; or
- defaming any person.
Retention of College Email
- Beginning in July 2015, Bristol began automatic archiving of all employee email either sent or received by college owned email systems. At that time, all existing messages in employee email accounts were archived. Bristol will retain all email messages for a period not to exceed seven (7) years and messages beyond that age will be permanently deleted on a daily rolling basis.
- Email, whether created or stored on Bristol owned equipment, may constitute a public record under Massachusetts' Public Records Act or Retention Laws or be subjected to mandatory disclosure under other laws, including laws compelling disclosure during the course of litigation. Users of Bristol email services should be aware that Massachusetts' Public Records Act and similar laws prevent the college from guaranteeing complete protection of personal email stored on Bristol email systems.
Expiration of Accounts
The policy governing email access privileges are set forth below; however, the college reserves the right to revoke email privileges at any time.
- Departing and retiring employees – employees who leave the college will have email privileges removed on their last day of work. If such separation is for cause, email privileges may be immediately revoked without notice.
- Students – students who leave the college or complete their course of study will have access to their email for a period of three semesters, including the summer session, from the last semester of registration.
- Students dismissed from the college – students dismissed permanently from the college will have email privileges terminated immediately as directed by college officials.
ROLES AND RESPONSIBILITIES
This section provides details on the college personnel who will take part in the development, approval process, and to whom the policy applies.
|
ROLE |
RESPONSIBILITY |
|
Information Technology Services |
|
|
All Users |
|
REFERENCES
This section provides a crosswalk for this policy to the applicable best practice security frameworks, both within Massachusetts and at the national level.
|
Framework CIS Critical Security Controls v6.1 |
Regulations and Requirements PCI DSS - MA 201 - HIPAA |
Supporting Standards and Procedures |
|
|
|
REVISION HISTORY
This section contains information on the approval and revision history for this policy.
|
Version Number |
Issued Date |
Approval |
Description of Changes |
|
1.0 |
3/2016 |
Massachusetts CIO Council |
Development and adoption of collaborative and standardized IT policies |
|
1.0 |
7/2016 |
Massachusetts Community College Counsel’s Office |
Recommendation on contents provided by college counsel |
|
1.0 |
12/2016 |
Standardized Control Framework |
Mapping of Controls from COBIT to CIS Critical Security Controls v6.1 |
|
1.0 |
9/2019 |
President’s Leadership Team |
Policy adoption |
Name:Jo-Ann Pelletier
Title:Vice President, Information Technology Services and Chief Data Officer
Phone:774.357.2412