Electronic Mail Policy

RELATED COLLEGE POLICIES

Acceptable Use of Information Technology Resources Policy, Password Policy, Remote Access Policy, Privacy Policy

POLICY CATEGORY Information Technology Services		APPROVAL AUTHORITY President’s Leadership Team
POLICY OWNER Vice President, Information Technology Services and Chief Data Officer		POLICY STAKEHOLDER Data and Technology Council
CONFIDENTIAL LEVEL Public, Internal, Confidential: Public
APPROVAL DATE 9/2019	EFFECTIVE DATE 9/2019		REVIEW FREQUENCY Annual

PURPOSE/SCOPE

The purpose of this policy is to define the acceptable use of Bristol Community College (“Bristol” or “college”) electronic mail (“email”). Email is a tool provided by Bristol that functions as a primary means of communication and improves educational and administrative efficiency. College employees and students (“users”) have the responsibility to use this resource in an efficient, ethical, and lawful manner. Use of college email accounts evidences the user's agreement to this policy. This policy must be read in conjunction with the Acceptable Use of Information Technology Resources Policy.

This policy applies to any person authorized to use email services or systems the college owns or manages. The following persons (“users”) are authorized to use Bristol information technology resources: (1) current faculty; (2) current staff; (3) current students; (4) authorized contractors or vendors; and (5) authorized visitors.

POLICY STATEMENT

Bristol Community College has established email as a means of sending official information to the college community. To support this objective, the college provides an email account to all active employees and students at Bristol and it is expected that this account is used for all college-related communications.

Users shall have no expectation of privacy over any communication, transmission or work performed using or stored on Bristol owned information technology resources. Bristol owns all college email accounts, messages, attachments, and addresses it provides to users. The college may wholly or partially restrict access to email without prior notice and without the consent of the user when there is reason to believe that violations of law or Bristol policy have occurred, or in other urgent or compelling circumstances. All email users are bound by the Bristol Community College Acceptable Use of Information Technology Resources Policy.

It is strongly encouraged that employees not store college-related business records on personal devices or accounts. Where a personal device or account is used to conduct college business, all records and communications created, including email, shall constitute public records under the Public Records Law and shall be retained in accordance with the Commonwealth of Massachusetts Record Retention Schedule. Further, an employee shall have no expectation of privacy over college records created and/or stored on a personal device or account.

Uses of Email

Users are expected to read Bristol email on a regular basis and manage their accounts appropriately. An email message regarding college matters is considered an official notice.
The college requires that all users conduct college business and academic-related communications using an official college-issued email account.
All incoming email is scanned for malware and attempts are made to block suspected messages from user email accounts. It is impossible to guarantee protection against all malware and users should take proper care and consideration to prevent its spread.
College email services may be used for incidental personal purposes if such use does not burden Bristol with noticeable incremental cost(s) or interfere with the user’s employment or other obligations to the college.
Forwarding email by college employees that contains personally identifiable information as defined within the Acceptable Use of Information Technology Resources Policy, whether automatically or manually, is prohibited.
Auto-forwarding of email by all users is only permissible if the destination email server is an internally-administered college email system or has been previously authorized.
Unacceptable use of college email shall include, but is not limited to, the following:

any illegal or unethical act, including violation of any criminal or civil laws or regulations, whether state or federal;
any conduct that violates the college’s Policy on Affirmative Action, Equal Opportunity and Diversity;
any conduct that violates the college’s Code of Student Conduct;
any conduct that unreasonably interferes with the normal operation of the College;
any commercial or profit-making purpose;
sending threatening or harassing messages, whether sexual or otherwise;
accessing or sharing sexually explicit or obscene materials;
infringing on any copyright or intellectual property rights;
any use that causes interference with or disruption of network users and resources, including propagation of computer viruses or other harmful programs;
intercepting communications intended for other persons;
misrepresenting the college or a person’s role at the college;
distributing chain letters; or
defaming any person.

Retention of College Email

Beginning in July 2015, Bristol began automatic archiving of all employee email either sent or received by college owned email systems. At that time, all existing messages in employee email accounts were archived. Bristol will retain all email messages for a period not to exceed seven (7) years and messages beyond that age will be permanently deleted on a daily rolling basis.
Email, whether created or stored on Bristol owned equipment, may constitute a public record under Massachusetts' Public Records Act or Retention Laws or be subjected to mandatory disclosure under other laws, including laws compelling disclosure during the course of litigation. Users of Bristol email services should be aware that Massachusetts' Public Records Act and similar laws prevent the college from guaranteeing complete protection of personal email stored on Bristol email systems.

Expiration of Accounts

The policy governing email access privileges are set forth below; however, the college reserves the right to revoke email privileges at any time.

Departing and retiring employees – employees who leave the college will have email privileges removed on their last day of work. If such separation is for cause, email privileges may be immediately revoked without notice.
Students – students who leave the college or complete their course of study will have access to their email for a period of three semesters, including the summer session, from the last semester of registration.
Students dismissed from the college – students dismissed permanently from the college will have email privileges terminated immediately as directed by college officials.

ENFORCEMENT

Any user found to have violated this policy, intentionally or unintentionally, may be subject to disciplinary action, up to and including loss of access rights, termination of employment, expulsion from the college, or discontinuation of the business relationship.

ROLES AND RESPONSIBILITIES

This section provides details on the college personnel who will take part in the development, approval process, and to whom the policy applies.

ROLE	RESPONSIBILITY
Information Technology Services	Ensure awareness and compliance with this policy. Ensure that this policy and all component policies and procedures are maintained and implemented. Review this policy periodically and update as needed in response to environmental and/or operational changes.
All Users	Understand and adhere to this policy. Use College resources in only those methods, which have been identified as acceptable by this policy. Immediately report unauthorized or suspicious activities or violations of this policy to their manager and the IT Manager.

REFERENCES

This section provides a crosswalk for this policy to the applicable best practice security frameworks, both within Massachusetts and at the national level.

Framework CIS Critical Security Controls v6.1	Regulations and Requirements PCI DSS - MA 201 - HIPAA	Supporting Standards and Procedures
CSC 10 – Data Recovery Capability CSC 13 – Data Loss Prevention CSC 14 – Controlled Access Based on Need To Know CSC 16 – Account Monitoring and Control	PCI DSS Requirement 12 - Maintain a policy that addresses information security for personnel.  MA 201 CMR 17.03 Section 2 The Health Insurance Portability and Accountability Act of 1996 (HIPAA)	COBIT 5 DSS05, APO11.02 COBIT 4.1 PO.2 - IT Standards and Quality Practices NIST Core Framework - PR.IP-4, PR.AC-5, PR.DS-2, PR.DS-5, PR.PT-2, PR.AC-4, PR.DS-1, PR.PT-3

REVISION HISTORY

This section contains information on the approval and revision history for this policy.

Version Number	Issued Date	Approval	Description of Changes
1.0	3/2016	Massachusetts CIO Council	Development and adoption of collaborative and standardized IT policies
1.0	7/2016	Massachusetts Community College Counsel’s Office	Recommendation on contents provided by college counsel
1.0	12/2016	Standardized Control Framework	Mapping of Controls from COBIT to CIS Critical Security Controls v6.1
1.0	9/2019	President’s Leadership Team	Policy adoption

POLICY CONTACT

Name:Jo-Ann Pelletier

Title:Vice President, Information Technology Services and Chief Data Officer

Email:jo-ann.pelletier@bristolcc.edu

Phone:774.357.2412

Contact Details

Information Technology Services

777 Elsbree Street
Fall River, MA 02720

Phone: 774.357.3333

Email: its@bristolcc.edu

Location: A209

Find a Course

Select your desired term, location and subject to begin your search.

UPCOMING EVENTS

Non-Discrimination Policy
Bristol Community College is committed to a policy of affirmative action and non-discrimination. Contact diversitytitleix@bristolcc.edu.

Title IX Coordinator
Gia Sanchez
777 Elsbree Street, D206
Fall River, MA 02720
phone: 774-357-2264 email: diversitytitleix@bristolcc.edu

Find us on:

Call us on: 774.357.2811774.357.2811