Email Usage Policy

Policies of the University of North Texas

Electronic Mail Usage

Policy Statement

University community.  This policy governs the appropriate use and retention of e-mail for employees of the University of North Texas.  There is no reasonable expectation of privacy.  Employees consent to administration, monitoring, review, and disclosure of information by using these systems.  The University of North Texas provides e-mail service to facilitate the research, teaching, learning, and service missions of the ms.

Application of Policy

This policy applies to all employees who use University-provided electronic mail via desktop software as well as e-mail sent via a website or through a mobile device.

 

DEFINITIONS:

E-mail Account

An “E-mail Account” is an electronic repository for an employee’s electronic mail, calendar items, tasks, personal contacts, etc.


E-mail System

An “E-mail System” is a combination of computer hardware and software with the purpose of routing e-mail from one address to another.  An “E-mail System” may or may not have the function of providing users with e-mail accounts.


Protected Personal Information

“Protected Personal Information” is information protected by the Family Education Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), as well as other state and federal laws.  Protected personal information may include but is not limited to personally identifiable information such as a name in combination with a social security number, educational records, or health care information.  For more information see the UNT Information Resources Security Policy (3.6) and the UNT Information Security Handbook.


Nonpublic Financial Information

“Nonpublic Financial Information” includes any information (i) a student or other third party provides in order to obtain a financial service from the University, (ii) about a student or other third party resulting from any transaction with the University involving a financial service, or (iii) otherwise obtained about a student or other third party in connection with providing a financial service to that person.  For more information, see the Safeguards Rule of the Gramm Leach Bliley Act. Domain Name.  A “domain name” is an internet identifier for computer resources.  For the purpose of this document, it refers to the portion of an e-mail address on the right side of the “@”.  For example, in the case of john.doe@unt.edu, “unt.edu” is the domain name. 


Procedures and Responsibilities

UNT System IT Shared Services (ITSS) is responsible for providing a centrally managed e-mail system to facilitate communication and collaboration between UNT entities, employees, students, campus communities, other educational institutions, officials of local, state, and federal government, and other partnered corporate entities.


Ownership

All e-mail systems that use UNT’s network infrastructure, computers, and/or software licenses, whether managed and maintained by ITSS, an academic or administrative department, or by a university employee are the property of UNT.  All use of these resources constitutes an explicit binding agreement to abide by relevant federal and state laws and UNT polices. 

Responsible Party: All university employees


E-Mail Records Retention and Disposition

Texas state law requires that all university e-mail should be retained for the retention periods stated in the institution’s Records Retention Schedule.  Consult the University’s Records Retention Schedule for further guidance.

Responsible Party: All university employees


Personal Use

Personal use of e-mail is permitted as long as it is minimal and causes not additional expense to the university.  Using university e-mail systems for personal business and/or financial gain is strictly prohibited. 

Personal use of e-mail is a privilege and not a right.  Abusing this privilege may result in its revocation and disciplinary and/or legal action. 

Employees using university e-mail resources for personal use must insure that their statements are not interpreted as the opinion or policy of the university.  When sending a personal e-mail that could be interpreted as an official university statement, the employee should use the following disclaimer at the end of the message:

“This e-mail message is a personal communication and does not represent the opinion or policy of the University of North Texas.”

Responsible Party: All university employees


Protected Personal and Nonpublic Financial Information

E-mail should not be used to communicate protected personal or nonpublic financial information.  When required by unusual circumstance, an employee may only send such e-mail to appropriate university employees, using only a university e-mail address.  Sending protected information to e-mail accounts that do not reside on university e-mail systems is strictly prohibited.  

When sending e-mail with protected information, the following phrase must be used at the end of the message content:

“This message contains information which may be confidential – do not forward.  Unless you are the addressee (or authorized by the addressee), you may not use, copy or disclose any information.  If you have received this message in error, please contact the sender by phone or a new e-mail message and delete the errant message.”

Responsible Party: All university employees


Use of University-Provided E-mail Required for Employee Work Duties

Employees must use the University’s centrally-managed e-mail system for all e-mails sent and received in the course of their work duties.  Use of personal e-mail accounts for University business (e.g. Gmail, Yahoo!) is strictly prohibited.  

Responsible Party: All university employees


Use of Unapproved E-mail Software/Systems

Use of any e-mail software, client or system that has the effect of bypassing any safeguards implemented by ITSS is strictly prohibited.

Responsible Party: All university employees and network managers


Bulk E-mail

“Bulk e-mail” is an identical e-mail sent to a large number of recipients that include but are not limited to newsletters or commercial e-mail.  Unsolicited bulk e-mail is strictly prohibited.

Bulk e-mail should be judiciously used and only in the case of internal University communications, or for department, college, or University newsletters.  Improper use of bulk e-mail can affect the e-mail trust relationship that the University strives to maintain, increasing the probability that messages routed from our e-mail systems be flagged as SPAM and not accepted for delivery by its intended recipient.  Improperly sent internal bulk e-mail can have an effect on the University e-mail systems, negatively impacting University business, and thus must be sent through distribution methods managed by University Relations, Communications & Marketing (URCM).  All department, college, and University newsletters must be distributed with guidance of URCM.

Responsible Party: All university employees


Custom Domain-Name E-mail Addresses

While it is highly unusual, there are special cases when colleges, departments, and/or individuals want a custom domain-name in their e-mail address.  For example, instead of having an e-mail address of john.doe@unt.edu, the desired address is john.doe@specialproject.org.  These requests must adhere to the following guidelines and procedures:

  • Requests for University-funded colleges, departments, or individuals are not permitted if the intent and/or effect would be to disassociate itself from the University. 
  • Requests must be for organizations, projects, etc, that are in effect being hosted by, but are not part of the University. 
  • The request must have approval of the appropriate provost, vice president, president, or chancellor.
  • University employees that have e-mail addresses with a custom domain-name must only use it for the purpose of inbound e-mail only.  All outbound e-mail must use the individual employee’s official University e-mail address.
  • E-mail Account Access Requests

Requests made for privileged access to employee e-mail accounts, or for information contained therein, may be requested in the following scenarios and must adhere to the guidelines listed below prior to granting access privileges:

  • Business Continuity - When an employee’s absence and/or lack of e-mail access could potentially result in a loss of business/income to the university, the employee’s supervisor or designee may receive access to the employee’s e-mail account.
  • Administrative Review - When an employee has violated a university, state, or federal policy, and/or has committed a crime, the employee’s supervisor, designee, ITSS, and/or the Office of General Counsel may receive access to the employee’s e-mail account.

Request process:

  • Requests must be approved by the requestor’s supervisor (including higher-ranking supervisors) or designee. 
  • Requests must include a reasonable and defined duration for the request.  In cases where the employee no longer works for the university, an indefinite request may be submitted.
  • Requestor must submit a request form to the Information Security Office of ITSS for review.
  • In cases of business continuity requests, the e-mail account owner must be notified.

Responsible Party: All university employees


E-mail Impersonation Requests

Most e-mail systems have the ability to allow one user to send e-mail as another, with no external indications that the e-mail did not originate for the documented sender.  This permission is carefully regulated and monitored.

Impersonation Requests:

  • The account owner must submit an impersonation request form to the Information Security Office of ITSS for review.  The request must contain a statement certifying that the owner understands all risks that arise from permitting another employee to use the account.
  • Requests for generic accounts (example: Official Notice) must be approved by the appropriate department head.
  • E-mail sent from generic accounts should have a signature identifying the person responsible for the message content.
  • Impersonation requests will be reviewed on a periodic basis by ITSS.

Improper Use of Impersonation Permission

Using impersonation permissions with the intent of misrepresenting the account owner is a violation of UNT’s Computer Use Policy and is subject to disciplinary action.

Responsible Party: All university employees


E-mail Account Custody

In general, an e-mail account is provided to an employee by a college/departmental network manager representative for the purpose of performing university business.  The content of this e-mail account is the property of the college/department in which the employee is employed.

When an employee is no longer employed by the university, the e-mail account ownership is transferred to the college/department that employed the employee and its contents may be reviewed, printed, saved, etc., by the college/department or authorized university official.

When an employee transfers their employment to another university college/department and wishes to continue using the existing e-mail account, they retain ownership of the e-mail account and its address.  The former employing college/department maintains content ownership up to the point in which employment is transferred.  The employee must make available any e-mail account content at the request of the former employing department.  E-mail may only be disposed if deemed eligible by the university’s retention schedule.  The transferring employee must notify any former contacts of the change in employment and must forward all e-mail correspondence to a designee of the former employing college/department.

Responsible Party: All university employees


Retirees

The university provides e-mail accounts to retirees in an e-mail system separate from the official university e-mail system.  Upon retiring from the university, the official university e-mail account should be reviewed for content that may need to be retained to meet the university’s retention schedule and/or for business continuity, and then deleted.  

Retirees may request a new retiree e-mail account, which must be hosted on a different e-mail system from the official University e-mail system, by following the Retiree E-mail Request Procedures.

In special situations, a dean or vice president of a college or department may request that the official e-mail account be retained for continued use by the retiree.  Account support will be provided by the college/department.  These special situations will be reviewed periodically by ITSS.

Responsible Party: All retiring university employees


Personnel Practices

The Messaging Services Group of ITSS maintains a website that details procedure and best practices for using the University’s e-mail systems.  The use of University e-mail systems implies that the user has knowledge of and agrees to comply with the policy and procedures contained and referenced on the website. 

Responsible Party: All university employees


Authority

The Messaging Services Group of ITSS is the administrative owner of the official University e-mail systems.  They have the authority to intervene in cases that include but are not limited to e-mail abuse and security breaches, as these situations might impact University business or compromise the protected information of the University’s employees and/or students. 

While the Messaging Services Group is not the owner of all University e-mail systems, it has the authority to work with the owning department and/or the ITSS Data-communications Department to mitigate, or minimize the impact that may result from any e-mail system abuse. 

Responsible party: Messaging Services Group


Unauthorized Use

Unauthorized use of these systems as defined by this policy is prohibited.  Violations can result in severe penalties and possible criminal prosecution. 

Responsible party: All university employees


 

References and Cross-references

  • UNT Records Management and Retention Policy
  • UNT Information Security Policy
  • UNT Computer Use Policy
  • Tex. St. Library and Archives Comm’n 13 Tex. Admin. Code §6.1-6.10

Protected Health Information Privacy Policy

  • Gramm-Leach-Bliley Act

Forms and Tools

  • E-mail Account Access Request
  • E-mail Account Impersonation Request
  • Retiree E-mail Account Request Procedures