Policy Statement
University community. This policy governs the appropriate use and retention of e-mail for employees of the University of North Texas. There is no reasonable expectation of privacy. Employees consent to administration, monitoring, review, and disclosure of information by using these systems. The University of North Texas provides e-mail service to facilitate the research, teaching, learning, and service missions of the ms.
Application of Policy
This policy applies to all employees who use University-provided electronic mail via desktop software as well as e-mail sent via a website or through a mobile device.
DEFINITIONS:
E-mail Account
An “E-mail Account” is an electronic repository for an employee’s electronic mail, calendar items, tasks, personal contacts, etc.
E-mail System
An “E-mail System” is a combination of computer hardware and software with the purpose of routing e-mail from one address to another. An “E-mail System” may or may not have the function of providing users with e-mail accounts.
Protected Personal Information
“Protected Personal Information” is information protected by the Family Education Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), as well as other state and federal laws. Protected personal information may include but is not limited to personally identifiable information such as a name in combination with a social security number, educational records, or health care information. For more information see the UNT Information Resources Security Policy (3.6) and the UNT Information Security Handbook.
Nonpublic Financial Information
“Nonpublic Financial Information” includes any information (i) a student or other third party provides in order to obtain a financial service from the University, (ii) about a student or other third party resulting from any transaction with the University involving a financial service, or (iii) otherwise obtained about a student or other third party in connection with providing a financial service to that person. For more information, see the Safeguards Rule of the Gramm Leach Bliley Act. Domain Name. A “domain name” is an internet identifier for computer resources. For the purpose of this document, it refers to the portion of an e-mail address on the right side of the “@”. For example, in the case of john.doe@unt.edu, “unt.edu” is the domain name.
Procedures and Responsibilities
UNT System IT Shared Services (ITSS) is responsible for providing a centrally managed e-mail system to facilitate communication and collaboration between UNT entities, employees, students, campus communities, other educational institutions, officials of local, state, and federal government, and other partnered corporate entities.
Ownership
All e-mail systems that use UNT’s network infrastructure, computers, and/or software licenses, whether managed and maintained by ITSS, an academic or administrative department, or by a university employee are the property of UNT. All use of these resources constitutes an explicit binding agreement to abide by relevant federal and state laws and UNT polices.
Responsible Party: All university employees
E-Mail Records Retention and Disposition
Texas state law requires that all university e-mail should be retained for the retention periods stated in the institution’s Records Retention Schedule. Consult the University’s Records Retention Schedule for further guidance.
Responsible Party: All university employees
Personal Use
Personal use of e-mail is permitted as long as it is minimal and causes not additional expense to the university. Using university e-mail systems for personal business and/or financial gain is strictly prohibited.
Personal use of e-mail is a privilege and not a right. Abusing this privilege may result in its revocation and disciplinary and/or legal action.
Employees using university e-mail resources for personal use must insure that their statements are not interpreted as the opinion or policy of the university. When sending a personal e-mail that could be interpreted as an official university statement, the employee should use the following disclaimer at the end of the message:
“This e-mail message is a personal communication and does not represent the opinion or policy of the University of North Texas.”
Responsible Party: All university employees
Protected Personal and Nonpublic Financial Information
E-mail should not be used to communicate protected personal or nonpublic financial information. When required by unusual circumstance, an employee may only send such e-mail to appropriate university employees, using only a university e-mail address. Sending protected information to e-mail accounts that do not reside on university e-mail systems is strictly prohibited.
When sending e-mail with protected information, the following phrase must be used at the end of the message content:
“This message contains information which may be confidential – do not forward. Unless you are the addressee (or authorized by the addressee), you may not use, copy or disclose any information. If you have received this message in error, please contact the sender by phone or a new e-mail message and delete the errant message.”
Responsible Party: All university employees
Use of University-Provided E-mail Required for Employee Work Duties
Employees must use the University’s centrally-managed e-mail system for all e-mails sent and received in the course of their work duties. Use of personal e-mail accounts for University business (e.g. Gmail, Yahoo!) is strictly prohibited.
Responsible Party: All university employees
Use of Unapproved E-mail Software/Systems
Use of any e-mail software, client or system that has the effect of bypassing any safeguards implemented by ITSS is strictly prohibited.
Responsible Party: All university employees and network managers
Bulk E-mail
“Bulk e-mail” is an identical e-mail sent to a large number of recipients that include but are not limited to newsletters or commercial e-mail. Unsolicited bulk e-mail is strictly prohibited.
Bulk e-mail should be judiciously used and only in the case of internal University communications, or for department, college, or University newsletters. Improper use of bulk e-mail can affect the e-mail trust relationship that the University strives to maintain, increasing the probability that messages routed from our e-mail systems be flagged as SPAM and not accepted for delivery by its intended recipient. Improperly sent internal bulk e-mail can have an effect on the University e-mail systems, negatively impacting University business, and thus must be sent through distribution methods managed by University Relations, Communications & Marketing (URCM). All department, college, and University newsletters must be distributed with guidance of URCM.
Responsible Party: All university employees
Custom Domain-Name E-mail Addresses
While it is highly unusual, there are special cases when colleges, departments, and/or individuals want a custom domain-name in their e-mail address. For example, instead of having an e-mail address of john.doe@unt.edu, the desired address is john.doe@specialproject.org. These requests must adhere to the following guidelines and procedures:
Requests made for privileged access to employee e-mail accounts, or for information contained therein, may be requested in the following scenarios and must adhere to the guidelines listed below prior to granting access privileges:
Request process:
Responsible Party: All university employees
E-mail Impersonation Requests
Most e-mail systems have the ability to allow one user to send e-mail as another, with no external indications that the e-mail did not originate for the documented sender. This permission is carefully regulated and monitored.
Impersonation Requests:
Improper Use of Impersonation Permission
Using impersonation permissions with the intent of misrepresenting the account owner is a violation of UNT’s Computer Use Policy and is subject to disciplinary action.
Responsible Party: All university employees
E-mail Account Custody
In general, an e-mail account is provided to an employee by a college/departmental network manager representative for the purpose of performing university business. The content of this e-mail account is the property of the college/department in which the employee is employed.
When an employee is no longer employed by the university, the e-mail account ownership is transferred to the college/department that employed the employee and its contents may be reviewed, printed, saved, etc., by the college/department or authorized university official.
When an employee transfers their employment to another university college/department and wishes to continue using the existing e-mail account, they retain ownership of the e-mail account and its address. The former employing college/department maintains content ownership up to the point in which employment is transferred. The employee must make available any e-mail account content at the request of the former employing department. E-mail may only be disposed if deemed eligible by the university’s retention schedule. The transferring employee must notify any former contacts of the change in employment and must forward all e-mail correspondence to a designee of the former employing college/department.
Responsible Party: All university employees
Retirees
The university provides e-mail accounts to retirees in an e-mail system separate from the official university e-mail system. Upon retiring from the university, the official university e-mail account should be reviewed for content that may need to be retained to meet the university’s retention schedule and/or for business continuity, and then deleted.
Retirees may request a new retiree e-mail account, which must be hosted on a different e-mail system from the official University e-mail system, by following the Retiree E-mail Request Procedures.
In special situations, a dean or vice president of a college or department may request that the official e-mail account be retained for continued use by the retiree. Account support will be provided by the college/department. These special situations will be reviewed periodically by ITSS.
Responsible Party: All retiring university employees
Personnel Practices
The Messaging Services Group of ITSS maintains a website that details procedure and best practices for using the University’s e-mail systems. The use of University e-mail systems implies that the user has knowledge of and agrees to comply with the policy and procedures contained and referenced on the website.
Responsible Party: All university employees
Authority
The Messaging Services Group of ITSS is the administrative owner of the official University e-mail systems. They have the authority to intervene in cases that include but are not limited to e-mail abuse and security breaches, as these situations might impact University business or compromise the protected information of the University’s employees and/or students.
While the Messaging Services Group is not the owner of all University e-mail systems, it has the authority to work with the owning department and/or the ITSS Data-communications Department to mitigate, or minimize the impact that may result from any e-mail system abuse.
Responsible party: Messaging Services Group
Unauthorized Use
Unauthorized use of these systems as defined by this policy is prohibited. Violations can result in severe penalties and possible criminal prosecution.
Responsible party: All university employees
References and Cross-references
Protected Health Information Privacy Policy
Forms and Tools