printer PRINT THIS POLICY

Electronic Mail (E-Mail) Procedures and Guidelines


A supplement to the MTSU Electronic Mail Acceptable Use Policy (http://www.mtsu.edu/~itd/policies/mail.html) March 28, 1999

I. PURPOSE
II. MTSU E-MAIL POLICY SCOPE
III. INTRODUCTION
IV. ETHICAL USE OF E-MAIL ON THE MTSU SYSTEM
V. E-MAIL AND RECORDS MANAGEMENT
VI. RESPONSIBILITIES AND AGREEMENT
VII. USER RESPONSIBILITIES
VIII. PRINCIPLES OF ACCEPTABLE USE
IX. ACCEPTABLE ACTIVITIES
X. UNACCEPTABLE ACTIVITIES
XI. PRIVACY CONSIDERATIONS
XII. SANCTIONS
XIII. VIRUS PROTECTION
XIV. COMPUTER ABUSE OR HARASSMENT
XV. OWNERSHIP
XVI. MASS MAILINGS AND LISTSERVS

 
 

I. PURPOSE

The purpose of this "Procedures and Guidelines" is to support the  MTSU Electronic Mail Acceptable Use Policy by establishing guidelines and minimum requirements governing the acceptable use of University-provided electronic mail (e-mail) services.  By establishing and maintaining compliance with this policy, risks and costs can be mitigated while the valuable potential of this communication tool is realized.  The objectives of the MTSU Electronic Mail Acceptable Use Policy are to assure that:

II. MTSU E-MAIL POLICY SCOPE

The MTSU Electronic Mail Acceptable Use Policy applies to all University employees, students, retirees, and holders of specially-granted accounts (hereinafter referred to as "users") whose access to or use of e-mail services is funded by the University and the State of Tennessee or is available through equipment owned or leased by the University.

Back to Top


III. INTRODUCTION

The University provides e-mail resources to support its work of teaching, scholarly research, and public service. The MTSU Electronic Mail Acceptable Use Policy sets forth the University's policy with regard to use of, access to, and disclosure of e-mail to assist in ensuring that the University's resources serve those purposes.

Access to MTSU e-mail accounts is a privilege granted by the University.  It should be subject to all of the same general protections afforded to traditional "paper" mail or telephone conversations.  When a user sends e-mail, the user account identification is included in each mail message.  The user is responsible for all e-mail originating from the userís account.

All users must be aware that e-mail and messages sent through computer networks, including the Internet, may not remain confidential while in transit or on the destination computer system.

E-mail refers to the electronic transfer of information typically in the form of electronic messages, memoranda, and attached documents from a sending party to one or more receiving parties via an intermediate network or telecommunications system.  Stated differently, e-mail is a means of sending messages between computers using a computer network or over a modem connected to a telephone line.  E-mail services, as defined in this policy,  consist not only of the use of University-provided e-mail systems but also the acts of sending and receiving e-mail across the Internet.

E-mail is an efficient and timely communication tool that can be used to accomplish University functions and conduct University business.  E-mail can help the University improve the way it operates by providing a quick and cost-effective means to create, transmit, and respond to messages and documents electronically. Well-designed and properly managed e-mail systems expedite communication, reduce paperwork, and automate routine office tasks thereby increasing productivity and reducing costs.  Daily tasks are accomplished more rapidly as individuals use e-mail services for sending and receiving text as well as avoiding "telephone tag".

A number of characteristics distinguish e-mail from other means of communication, such as paper records, telephones, and information stored on electronic media such as diskettes.  Awareness of these characteristics should guide individual and University use of e-mail services.

Back to Top

IV. ETHICAL USE OF E-MAIL ON THE MTSU SYSTEM

All users must refrain from the following:


Users of e-mail should adhere to the follow practices:

Back to Top

V. E-MAIL AND RECORDS MANAGEMENT
 

E-mail that is created in the normal course of University activity and retained as evidence of official policies, actions, decisions, or transactions are public records.  These records are subject to records management requirements under T.C.A. 10-7-301 through 10-7-308, and the rules of the Public Records Commission. A public record is defined as follows:

"Public record(s)" or "state record(s)" means all documents, papers, letters, maps, books, photographs, microfilms, electronic
data processing files and output, films, sound recordings or other material, regardless of physical form or characteristics made
or received pursuant to law or ordinance or in connection with the transaction of official business by any governmental agency.
(TCA 10-7-301, Paragraph 6)

Records transmitted using e-mail need to be identified, managed, protected, and retained as long as they are needed to meet historical, administrative, fiscal, or legal requirements of the University in keeping with its mission.  Records needed to support University, College and Departmental functions must be retained, managed, and accessible in record-keeping or filing systems in accordance with established records disposition authorizations approved by the Public Records Commission.

Middle Tennessee State University, in accordance with this statute, is required to designate records officers who are responsible for coordinating records management programs for the various Executive, Administrative, and Academic divisions of the University. (TCA 10-7-304)

Retention and disposition of public records is determined per statute by the Public Records Commission based on an analysis conducted by a qualified Records Analyst to determine the administrative, fiscal, legal and historical value of the record.

Electronic records are generally defined as records stored in a form that only a computer can process. In accordance with established statutes, electronic records are to be managed and maintained in accordance with their administrative, fiscal, legal and historical values. In addition, these records are to be made available for public inspection upon request unless designated confidential by statute.

Communications of University personnel that are sent by electronic mail may constitute "correspondence" and, therefore, may be considered public records subject to public inspection under Tennessee's Public Records Act.

The individual to whom the message is addressed becomes the legal "custodian" once the message is received and is the person responsible for ensuring compliance with the Public Records Act.  Although the University periodically backs up information residing on system hard drives, this is not done for archival purposes to meet the requirements of the Public Records Act, but as a safety measure in case of system failure or unlawful tampering ("hacking"). The system administrator is not the legal custodian of messages which may be included in such back up files.

E-Mail messages generally fall into two categories.

    1. First, some e-mail is of limited or transitory value.  For example, a message seeking dates for a proposed meeting has little or no value after the meeting date has been set.  Retention of such messages in the computer system serves no purpose and takes up space. Such messages may be deleted as soon as they no longer serve an administrative purpose.
    2. Second, e-mail is sometimes used to transmit records having lasting value.  For example, e-mail about interpretations of University policies or regulations may be the only record of that subject matter.  Such records should not be maintained in e-mail format, but should be transferred to another medium and appropriately filed, thus permitting e-mail records to be purged at regular intervals.

While the methods for reviewing, storing or deleting e-mail vary, compliance with the retention requirements of the Public Records Act may be accomplished by doing one of the following:

    1. Print the e-mail and store the hard copy in the relevant subject matter file as would be done with any other hard-copy communication.   Printing the e-mail permits maintenance of all the information on a particular subject matter in one central location, enhancing its historical and archival value.
    2. Electronically store the e-mail in a file, a disk, or a server, so that it may be maintained and stored according to its content definition under the division's records retention policy.

 

Back to Top

VI. RESPONSIBILITIES AND AGREEMENT

Middle Tennessee State University has the responsibility to ensure that state-provided e-mail services are used for internal and external communications which serve legitimate educational functions and purposes consistent with the University's Mission. The University is responsible for the e-mail activities of its users and must familiarize each user with what is considered appropriate use of state-provided e-mail services. Managerial authority over e-mail services must be defined, and user training programs provided which address e-mail usage and policies.  The University Information Technology Division (ITD) hosts several of these programs each semester.

A University "Use Agreement" for e-mail services which stipulates compliance to the MTSU Electronic Mail Acceptable Use Policy must be agreed to by each user if they are to retain or be provided e-mail services.
Any significant problems encountered in using e-mail communications should be brought to the attention of the  the University Information Technology Division (ITD) Help Desk or call 898-5345.

Back to Top

VII. USER RESPONSIBILITIES

The MTSU Electronic Mail Acceptable Use Policy is intended to be illustrative of the range of acceptable and unacceptable uses of the University's e-mail facilities and is not necessarily exhaustive.  Questions about specific uses related to security or privacy issues not enumerated in this policy statement should be directed to the University Information Technology Division.  Reports of specific unacceptable uses should be directed to abuse@mtsu.edu.  Other questions about appropriate use should be directed to the userís supervisor, department chair or dean.
 

Users should be aware of potential e-mail security problems before transmitting private or confidential messages.  E-mail is not private communication.  All information transmitted via the University's Internet/e-mail system is the property of the State and is subject to review at any time.  E-mail correspondence may best be regarded as a postcard rather than as a sealed letter.  Disclosure may occur intentionally or inadvertently when an unauthorized user gains access to electronic messages.  Likewise, disclosure may also occur when e-mail messages are forwarded to unauthorized users, directed to the wrong recipient, or printed in a common area where others can read them.

Therefore:

Back to Top

VIII. PRINCIPLES OF ACCEPTABLE USE

As with any state-provided resource, the use of e-mail services should be dedicated to legitimate University activities and is governed by rules of conduct similar to those applicable to the use of other information technology resources.  The use of e-mail services is a privilege which imposes certain responsibilities and obligations on State users and is subject to State policies and local, State, and Federal laws.  Acceptable use must be legal, ethical, reflect honesty, and show restraint in the consumption of shared resources.  It demonstrates respect for intellectual property, ownership of information, system security mechanisms, and the individual's rights to privacy and freedom from intimidation, harassment, and unwarranted annoyance.
All e-mail users should:

Back to Top

IX. ACCEPTABLE ACTIVITIES

Acceptable e-mail activities are those that conform to the purpose, goals, and mission of the university and to each userís job duties and/or responsibilities.  The following list, although not inclusive, provides some examples of acceptable uses:

NOTE: Users may be subject to limitations on their use of e-mail as determined by the appropriate supervising authority.  Users are advised to remove themselves from e-mail lists not dealing with work-related topics.

The use of any University resources for e-mail must be related to University business, including academic pursuits.  Incidental and occasional personal use of e-mail may occur when such use does not generate costs to the University.  Any such incidental and occasional use of University e-mail resources for personal purposes is subject to the provisions of this policy.

Back to Top

X. UNACCEPTABLE ACTIVITIES

Unacceptable use can be defined generally as activities that do not conform to the purpose, goals, and mission of the University and to each userís job duties and responsibilities.  Any e-mail usage in which acceptable use is questionable should be avoided. In other words, when in doubt seek policy clarification prior to pursuing the activity.  The following list, although not all-inclusive, provides some examples of unacceptable uses:

Back to Top

XI. PRIVACY CONSIDERATIONS

In an operational sense, files in users accounts and data on the network are regarded as personal: that is, employees of the University do not routinely monitor this information.  However, the University reserves the right to view or scan any file or software stored on University systems or transmitted over University networks, and may do so periodically to verify that software and hardware are working correctly, to look for particular kinds of data or software (such as computer viruses), or to audit the use of University resources.  Violations of policy that come to the Universityís attention during these and other activities will be acted upon.

The University will make reasonable efforts to maintain the integrity and effective operation of its e-mail systems, but users are advised that those systems should in no way be regarded as a secure medium for the communication of sensitive or confidential information.  Because of the nature and technology of electronic communication, the University can assure neither the privacy of an individual user's use of the University's e-mail resources nor the confidentiality of particular messages that may be created, transmitted, received, or stored thereby.

Data on University computing systems may be copied to backup drives or tapes periodically.  The University makes reasonable efforts to maintain confidentiality, but if users wish to ensure confidentiality, they are advised to encrypt their data. Although users may use encryption software, they are responsible for remembering their encryption keys; once data is encrypted, the University will be unable to help to recover it should the key used to encrypt the data be forgotten or lost .  Additionally, any user of the University's e-mail resources who makes use of an encryption device to restrict or inhibit access to his or her e-mail must provide access to such encrypted communications when requested to do so under appropriate University authority.

When sources outside the University request an inspection and/or examination of any University owned or operated communications system, computing resource, and/or files or information contained therein, the University will treat information as confidential unless any one or more of the following conditions exist:

The Family Educational Rights and Privacy Act, or FERPA, requires the University to protect the confidentiality of student educational records.  These include academic records, financial records, disciplinary records, medical records and placement office records.  To be in compliance with FERPA, the University must receive the written consent of a student or a court order before disclosing information.  The rights of a student user to see his or her records does not extend to parents or guardians.

Additionally, the University may not release directories, rosters, lists or address labels of students to parties not affiliated with the University when a student has requested that this information be withheld.  And, the University may not post grades and test scores publicly using any personally identifiable information, without the written consent of the students involved.

Users can expect that e-mail messages exchanged within the University and on the network are only somewhat confidential because the University itself does not monitor student's or employee's use of e-mail.  All users should be aware, however, that e-mail messages are written records that could be subject to review with just cause and may be subject to Freedom of Information Act requests.

Back to Top

XII. SANCTIONS

Violations of the MTSU Electronic Mail Acceptable Use Policy may result in the immediate suspension of the User's account, followed by timely review of the charges by the appropriate person or persons.

Violations of the MTSU Electronic Mail Acceptable Use Policy may subject users to the regular disciplinary processes and procedures of the University for students, staff, administrators, and faculty and may result in loss of their computing privileges.

Illegal acts involving University computing resources may also subject violators to prosecution by local, state, and/or federal authorities.  Suspected law violations may be referred to police agencies.

If a user is found to have violated the MTSU Electronic Mail Acceptable Use Policy, the user's computing privileges at MTSU may be permanently and totally removed. There will be no refund of any technology access fees.

Student users in violation of the MTSU Electronic Mail Acceptable Use Policy may be recommended for suspension or dismissal from MTSU. Employees in violation of the Policy may be recommended for termination from MTSU employment.

Disclaimer:  As part of the services available through the Universityís campus network, access is provided to a large number of conferences, lists, bulletin boards, and Internet information sources.  These materials are not affiliated with, endorsed by, edited by, or reviewed by the University, and the University takes no responsibility for the truth or accuracy of the content found within these information sources.  Moreover, some of these sources may contain material that is offensive or objectionable to some users.

Monitoring and Enforcement:

In general, the following procedures should be used in monitoring and enforcing e-mail etiquette and policy:

    1. Responsibility: All University community users are responsible for monitoring e-mail to ensure that etiquette is observed and that e-mail use is in accord with University, State, and Federal policy, law, and regulation.
    2. Issues of Etiquette: Concerns over issues of e-mail etiquette by faculty, staff, and administration should first be discussed with the offender.  If the etiquette issue continues, the offended user should alert their supervisor who may discuss it with the offender's supervisor.  Violations of etiquette by students should be discussed with the offender.
    3. Violations of Policy: Violations of the Middle Tennessee State University Electronic Mail Acceptable Use Policy should be discussed with the offender.  If such behavior continues, the offended user should alert their supervisor to discuss the violation with the offender's supervisor.  Complaints involving policy violations by students should be discussed with the Assistant Dean in the Office of Judicial Affairs and Mediation Services, Division of Student Affairs. If the policy violation persists, the e-mail account may be restricted or removed.  Complaints and offending e-mail may also be forwarded to abuse@mtsu.edu.
    4. Violations of Law: When violations of law are alleged, the offended user should inform their supervisor, the alleged offender's supervisor, the Director of the Information Technology Division, and the appropriate Vice President. Together, these parties will decide whether the alleged offender should be disciplined within University guidelines for similar offenses and/or turned over to University attorneys for legal action. Complaints involving violations of law by students should be discussed with the Assistant Dean in the Office of Judicial Affairs and Mediation Services, Division of Student Affairs. Complaints and offending e-mail may also be forwarded to abuse@mtsu.edu.
Back to Top

XIII. VIRUS PROTECTION

Computer viruses infect computer systems by physical contact.  Computer viruses are really segments of program code that interfere with the smooth running of the programs and data on a personal computer.  The virus code resides on a diskette or on another computer system on a network.  When the virus code is copied from the diskette or from another computer system over the network, it infects the system it is copied onto.

Boot sector viruses spread when a user places an infected diskette in the floppy drive of a personal computer and restarts it, or boots it.  Program viruses spread when  a program is run in which the code is embedded.

Viruses are designed and may be propagated by malicious users.  Virus code may be surreptitiously inserted into files with the intent of damaging other users computer systems.  Quite often viruses are made available under false pretenses. Eventually, someone uses the infected file.  The physical contact is made, and the virus starts to spread.

Many other viruses, however, destroy data and render computer systems inoperable. The Michelangelo virus overwrites the hard disk. The Jerusalem virus deletes executable files.  Some viruses -- called "rabbits" -- just reproduce, eventually taking up all processor capacity, memory and disk, denying the user access to system resources.
 

Back to Top

XIV. COMPUTER ABUSE OR HARASSMENT

Unfortunately computer abuse, harassment, malicious behavior, and unauthorized account access do happen. Should any of these things happen to a University user, it should be reported to the user's immediate supervisor, the Information Technology Division system administrator, or other appropriate University authorities.  Computing resource abuse should be reported to the e-mail address abuse@mtsu.edu. This will alert University staff to the situation.  Users should be aware that investigating authorities will want the offended user to retain harassing e-mail messages, dates and times of unauthorized access, etc., for investigative purposes.  Cases are handled individually and confidentiality.

Threatening e-mail must be viewed as anti-social behavior and is a violation of University policy, State and Federal law.  Respectful users of the Internet abide by the same principles of fairness, decency and respect used everywhere else.  If a University user receives threatening e-mail, contact abuse@mtsu.edu.
 

Back to Top

XV. OWNERSHIP

The State of Tennessee and the University owns the central computers, computer labs, the microcomputing sites, the computers it places on its employees' desks and all the software it has installed on them. The University determines who may use these resources and how they may use them.

The State of Tennessee and the University owns the University network - all the wires, cables and routers that connect the central computers, computer labs, microcomputer sites and the campus connections that allow the networkability of personal computers to each other and to the Internet. The University determines who is authorized to use its network.

The University will determine basic user disk space allocations and will alert users when this maximum allotment has been reached.  Users must expediently remove or transfer files from their allocated disk area when prompted to do so by University computer system administrators.

University policy on e-mail establishes that the messages users receive and transmit may not remain private due to the open structure of network transmissions [1], [2], [3].  However, users can expect that their accounts  will not be monitored by the University or the State on a regular basis.  Additionally, users must be aware that in case of system problems, through hardware or software failure or through attacks by malicious users, the staff who maintain the central computers and disk stores are authorized to look at any information or any files necessary to correct network system problems and to protect the various computing systems and the information they contain. Such situations are rare.

The University respects user's privacy to all reasonable limits.  However, it  can not be assumed that messages and files remain private in all cases.  In addition to the authorized actions of system administrators working on problems, user's e-mail could end up in the hands of computing staff if it was so badly misaddressed that it can't be delivered, and it is possible to make mistakes in addressing  e-mail that places private messages in the mailbox of someone other than the intended recipient. Courts have also ruled that e-mail records and information in electronic form on central computers can be subpoenaed in some cases. Under present circumstances, the privacy of user's e-mail can't be guaranteed.

Above all else, users must not permit anyone else to use their MTSU computing ID and password to gain access to their files.
 

Back to Top

XVI. MASS MAILINGS AND LISTSERVS

Authority to Send Large-scale Messages:

System-wide electronic messages by e-mail should be reserved for rare and truly urgent emergency notices. The frequency, content, and other characteristics of most messages are inappropriate for such wholesale delivery. Authority to use the entire University master list of user addresses rests with the University President,  Vice Presidents, the Director of the Information Technology Division, or their designees.
Other college deans and heads of major departments, or their designees, may approve the creation and use of large subsets of that list within their areas, on either a standing or ad hoc basis, in accord with this policy.


Use Of the "News" Item At Log On:

Occasionally, due to system maintenance or other scheduled interruptions in the use of computing services, the Information Technology Division may place information in the News item which is brought up with user log-in.  In rare circumstances it may also be necessary to alert all users logging on to other campus events.  It is the responsibility of the President, Vice Presidents, and/or the Information Technology Division system administrator to determine when this is necessary.  The News item should not be considered to be a campus-wide bulletin board.


Responsibility of Segmented E-mail List "Owners":

The University respects and encourages the dissemination of ideas and communication regarding specific academic disciplines.  Faculty users may wish to initiate and moderate Listservs which allow the rapid electronic communication of many list members on topics related to the creation of the list.  These Listservs may grow in popularity and stature based upon the worldwide number of those who subscribe to the list and whose interests are similar.
Listserv management may support the ability of new or old subscribers to sort through previous postings to the Listserv.  The University ITD has established the position of Listserv Administrator to aid those on campus with the creation of Listserv Archives.  However, as noted in Section XIV, the State of Tennessee and the University own all disk space in University computing systems.  Provisions will be made for Listserv archive space provided that maintenance of the Listserv is in keeping with the mission of the University.  In most cases, the archive of postings to a Listserv will extend to one year's time.  It will be the responsibility of the Listserv moderator to store postings more than one year old.  If a Listserv moderator would like to make postings more than a year old available on-line, it will be necessary for the moderator to petition the appropriate supervisory Vice President for funds for additional disk space.
Owners of standing e-mail lists and identified moderators of Listservs, whether involuntary or voluntary, are expected to develop and monitor compliance with written operating procedures for the use of their lists.  All list owners are encouraged to consider the benefits of moderating or otherwise controlling access to large lists. This applies whether a list has been created for one-time use or is maintained as a standing list, whether compiled manually or from the central database, and whether involuntary or by subscription.
All electronic communications are expected to comply with relevant federal and state laws, as well as University regulations and policies, including those governing public computing resources, security considerations, and ethics in computing.  The texts of these policies and handbooks outlining responsible computer usage at the University are available on-line at http://www.mtsu.edu/~itd/policies/index.html.   Revocation of one's network access is among the possible sanctions for violating the terms of these policies.