930 Electronic Mail Acceptable Use
Approved by President
Effective Date: June 5, 2017
Responsible Division: Information Technology
Responsible Office: Information Technology
Responsible Officer: Vice President for Information Technology
This policy establishes guidelines and minimum requirements governing the acceptable use of electronic mail (email) services provided by Middle Tennessee State University (MTSU or University). By establishing and maintaining compliance with this policy, risks and costs can be mitigated, while the valuable potential of this communication tool is realized. The objectives of this policy are to assure that:
A. All email used to conduct University business is transmitted via an approved University email system. An approved email system is a system that has been risk assessed and approved by Information Technology Division (ITD) Information Security Services.
B. The use of University provided email services is related to, or for the benefit of, MTSU and the State of Tennessee.
C. Users understand that email messages and documents may be subject to the same laws, regulations, policies, and other requirements as information communicated in other written forms and formats.
D. Disruptions to University activities from inappropriate use of University provided email services are avoided.
E. Users are provided information describing their personal responsibilities regarding confidentiality, privacy, and acceptable use of University provided email services as defined by this policy.
This policy applies to all University faculty, staff, students, retirees, and holders of specially-granted accounts (hereinafter referred to as users) whose access to, or use of, email services is funded by the University and the State of Tennessee or is available through equipment or software services owned or leased by the University.
III. Principles of Acceptable Use
As with any state-provided resource, the use of email services should be dedicated to legitimate University activities and is governed by rules of conduct similar to those applicable to the use of other information technology resources. The use of email services is a privilege that imposes certain responsibilities and obligations on State users and is subject to State policies and local, state, and federal laws.
Acceptable use must be legal, ethical, reflect honesty, and show restraint in the consumption of shared resources. It demonstrates respect for intellectual property, ownership of information, system security mechanisms, and the individual's rights to privacy and freedom from intimidation, harassment, and unwarranted annoyance.
All email users should:
A. comply with state and University policies and procedures;
B. be courteous and follow accepted standards of etiquette;
C. protect others' privacy and confidentiality;
D. be responsible for the use of their email accounts; and
E. use information technology resources efficiently and productively.
The official email address is the email address that users are assigned by ITD. The official email address is the address from which, and to which, University business-related email is to be sent and received. Official communications from University offices will be directed to the official email address. In cases where the official email address is not available to receive email, an alternate email address on record with the University may be used for official correspondence. Alternate email addresses are supplied by the assignee of the official email address and are maintained within the University’s Enterprise Resource Planning system.
If an individual has both a student and employee affiliation, the University may provide a separate email box for each affiliation.
IV. Acceptable Activities
Acceptable email activities are those that conform to the purpose, goals, and mission of the University and to each user's job duties and/or responsibilities. The following list, although not all-inclusive, provides some examples of acceptable uses:
A. Communications, including information exchange, for professional development or to maintain job knowledge or skills;
B. Use in applying for or administering grants or contracts for University research programs or work-related applications;
C. Communications with other University agencies and research partners of University agencies providing document delivery or transferring working documents/drafts for comments;
D. Announcements of University regulations, procedures, policies, services, or activities;
E. Use involving research and information gathering in support of advisory, standards, analysis, and professional development activities related to the user's University duties; and,
F. Communication and information exchange relating directly to the mission, charter, and work tasks of the University, including email in direct support of work-related functions or collaborative projects.
NOTE: Users may be subject to limitations on their use of email as determined by the appropriate supervising authority. Users are advised to remove themselves from email lists not dealing with work-related topics.
The use of any University resources for email must be related to University business, including academic pursuits. Incidental and occasional personal use of email may occur when such use does not generate costs to the University. Any such incidental and occasional use of University email resources for personal purposes is subject to the provisions of this policy.
V. Unacceptable Activities
Unacceptable use can be defined generally as activities that do not conform to the purpose, goals, and mission of the University and to each user's job duties and responsibilities. Any email usage in which acceptable use is questionable should be avoided. In other words, when in doubt, seek policy clarification prior to pursuing the activity. The following list, although not all-inclusive, provides some examples of unacceptable uses:
A. Transmission or disclosure of any data considered confidential or sensitive. This includes social security numbers, credit card numbers, etc. Excluded from this provision is the transmission or disclosure of student education records, such as grades, to a party authorized to receive such data, so long as the user complies with the provisions of Section VI;
B. Private or personal for-profit activities. This includes use of email services for private purposes such as marketing or business transactions, private advertising of products or services, and any activity meant to foster personal gain;
C. Personal use that creates a direct cost to the University;
D. Unauthorized not-for-profit business activities. This includes the conducting of any non-University-related fund raising or public relations activities such as solicitation for religious and political causes;
E. Transmission of incendiary statements which incites violence or describes or promotes the use of weapons or devices associated with terrorist activities;
F. Use for, or in support of, unlawful/prohibited activities as defined by federal, state, and local laws or regulations.
VI. Privacy Considerations
Although employees of the University do not routinely monitor the contents of electronic files, including those containing incoming or outgoing electronic mail, such files may be considered public records under public records law, and therefore, subject to public inspection.
Additionally, the University reserves the right to view or scan any file or software stored on University systems or transmitted over University networks, and may do so periodically to verify that software and hardware are working correctly, to look for particular kinds of data or software (such as computer viruses), or to audit the use of University resources. Violations of policy that come to the University's attention during these and other activities will be acted upon and may subject those violating policy to disciplinary sanctions.
The University will make reasonable efforts to maintain the integrity and effective operation of its email systems, but users are advised that there are risks associated with the use of these systems to transmit confidential or sensitive data. Due to the nature of electronic communication, the University cannot assure that confidentiality and privacy of information is maintained through an individual user's use of the University email resources.
The University will utilize best practices when emailing student education records, such as grades, in order to reduce the risk of accidental exposure of the data. Faculty and staff will follow the rules below when communicating student education records through email:
A. Send messages only from an official email address provided through an approved email system that has been risk assessed and approved by ITD Information Security Services.
B. Send messages only to an official email address, or alternate email address, as outlined above.
VII. Signature Blocks
Signature blocks may include an employee’s name, title, and contact information. With the exception of official University-related taglines, graphics, or insignia, the inclusion of quotes of any kind are not acceptable and may not be used.
Violations of this policy may result in the immediate suspension of the user's account, followed by timely review by the appropriate person(s).
Violations of this policy may subject users to the regular disciplinary processes and procedures of the University for students, staff, administrators, and faculty, and may result in loss of their computing privileges.
Illegal acts involving University computing resources may also subject violators to prosecution by local, state, and/or federal authorities. Suspected law violations may be referred to the appropriate law enforcement agencies.
If a user is found to have violated this policy, the user's computing privileges at MTSU may be permanently and totally removed. There will be no refund of any technology access fees.
Student users in violation of this policy may be recommended for suspension or dismissal from MTSU. Employees in violation of this policy may be recommended for termination from MTSU employment.