Policy 557: Institutional Email Service

Category: Operating Policies
Sub Category: Information Technology
Covered Individuals: All Employees and Affiliates
Responsible Executive: Vice President for Finance and Administrative Services
Policy Custodian: Chief Information Officer, Information Technology Service
Last Revised: 2022/11/02
Download the PDF File for Policy 557

557.1 PURPOSE

The intentions of this policy are (i) to collect all official and business communications of the University in one email system of record (using @usu.edu addresses) for security, auditability, records management, document preservation, archiving and destruction, and other purposes as appropriate; (ii) to restore to the University at the termination of employment, control of the @usu.edu email addresses and @usu.edu email accounts that had previously been assigned to employees; and (iii) to comply with requirements specified in USHE Policy R840, Institutional Business Communications.

557.2 POLICY

2.1

One enterprise email system (@usu.edu), managed by Information Technology Services, will be used for all institutional email business. All institutional email communications must be sent to or from @usu.edu addresses.

2.2

Messages that constitute a record of the official business of the institution must be preserved on the enterprise email system with the same care and for the same duration, in compliance with regulations and policies that apply to similar hard copy communications.

2.3

Email messages must not contain Personally Identifiable Information or payment card data (prohibited examples include academic, employment, or medical records, social security numbers, and credit or debit card numbers). An acceptable alternative is to direct the authorized recipient to a secure source for that information. Other confidential information must be encrypted in transit and in storage as a precaution against exposure.

2.4

An @usu.edu email address will be provided to all employees during their term of employment to be used in support of their job function. Additional use of the email service for personal purposes, consistent with Appropriate Use Policy #550, is permitted during the term of employment, but is not supported or encouraged. USU does not guarantee the privacy, access, delivery, or retention of personal email.

2.5

At the conclusion of a term of employment, the employee's @usu.edu email address and email storage may be made accessible to departmental personnel for business continuity purposes, according to procedure, upon request to Human Resources.

2.6

The @usu.edu email address, previously assigned to the employee, will be retained by USU and deleted or reassigned at USU's sole discretion. Information contained in email storage will be retained or deleted at USU's sole discretion.

2.7

Enterprise email accounts (@usu.edu) may be provided to personnel who have a no-pay position.

2.8

Formally approved Emeritus Faculty will retain use of their @usu.edu e-mail address and service remaining subject to USU policy and procedure.

2.9

Personal accounts will not be used for USU business by employees as those accounts do not meet the University's needs for security, auditability, records management, document preservation, archiving and destruction of business data.

557.3 RESPONSIBILITIES

3.1

Information Technology Services and Human Resources are responsible to develop and maintain procedures consistent with this policy. Information Technology Services is specifically responsible for developing, maintaining, and publishing “Terms of Use” associated with enterprise email accounts.

557.4 REFERENCES

• USHE Policy R840
• USU IT Terms of Use

557.5 RELATED USU POLICIES

• Information Technology Policies (550-579)

557.6 DEFINITIONS

• Personally Identifiable Information - Non-public information maintained by or accessible through IT Resources such as networks and/or computers, that can be used to identify an individual alone (e.g., full social security number, biometric records, etc.) or when an individual’s first name or initial and last name is combined with other information linkable to that person, including but not limited to the following: last four digits of a Social Security number, date or place of birth, mother’s maiden name, government issued identification numbers such as driver license or state identification card number, and/or protected health information. Access to such data is governed by state and federal laws, both in terms of protection of the data, and requirements for disclosing the data to the individual to whom it pertains. Personally Identifiable Information does not include public information that is lawfully made available to the general public from federal, state, or local government records and/or pursuant to the Utah Government Records Access and Management Act, or in the case of student records, “directory information” as designated by USU in keeping with the Family Education Rights and Privacy Act.

---

Information below is not included as part of the contents of the official Policy. It is provided only as a convenience for readers/users and may be changed at any time by persons authorized by the president.

RESOURCES

Procedures

• General procedures, including those related to the provisioning and deprovisioning of accounts, are documented in ServiceNow Knowledge Articles and may be found by visiting https://it.usu.edu and searching for “@usu.edu email”.
• Emeritus Faculty Benefits, Policies and Procedures.

Contacts

• USU IT Services: https://it.usu.edu
• Chief Information Officer, Eric Hawley, 435 797-1134
• Service Desk, 435 797-HELP

POLICY HISTORY

Original issue date: 2008/09/24
Last review date: 2022/11/02
Next scheduled review date:
Previous revision dates: 2013/07/31, 2016/08/10, 2022/11/02