Campus Electronic Mail Implementation Procedures
DRAFT FOR COMMENT
December 2, 1997
This revision of the February 1997 draft developed by Staff and Academic Human Resources addresses the procedures for faculty and staff with noted proposed changes to incorporated new language in the revised version of the University of California, Office of the President, Electronic Mail Policy.
(Note: Paragraphs that have changed since the February draft are
highlighted in green.)
Electronic Mail Guidelines
University of California,
Santa Cruz
I. Overview/Procedure Description
The University of California has adopted an electronic mail policy which clarifies the applicability of law and of other University policies to electronic mail ("email"). It also defines new policy and procedures where existing policy did not specifically address issues particular to the use of email. These procedures detail the specific manner in which the campus will carry out its responsibilities as articulated in Section IX of the University electronic mail policy, including: (1) the use of student electronic mail addresses, (2) the provision of electronic mail services to an individual whose affiliation with the University has been terminated, (3) the process for restricting service on an individual’s email account, (4) the process for monitoring, inspecting, and/or disclosure of email without the consent of the holder of such electronic mail, (5) the documentation requirements concerning electronic mail backup procedures, and (6) the process by which email users are to be notified of the University of California Electronic Mail Policy and of the campus procedures.
To meet their own business needs, individual departments/units may implement additional, local procedures and practices that further refine the email policy and these procedures. These must comply with University and campus policy and are subject to the campus review procedure and employee/employee organization notice, as appropriate. Local implementing procedures about personal use of email must comply with "time, place, and manner" regulations. (See Section V. References)
These Guidelines apply to: (1) all email services operated by University of California, Santa Cruz units and (2) all users of University of California, Santa Cruz email services. (See Section II.C. Definitions)
II. Procedure Details
A. Areas of Responsibility
1. Associate Vice Chancellor, Communications and Technology Services
a. Consult with Unit/Department Heads and Deans regarding the implementation of the "time-dependent, critical operational needs" provision of the University electronic mail policy.
2. Vice Chancellor--Business and Administrative Services
a. Authorize restrictions of service for non-University individuals and process any appeals.
b. Authorize the monitoring, inspection, and/or disclosure of electronic mail without the consent of the staff or academic email holder.
c. Appoint designee to act in his/her absence.
3. Vice Chancellor--Student Affairs
a. Authorize restrictions of service involving students.
b. Authorize the monitoring, inspection, and/or disclosure of electronic mail without the consent of the student email holder.
c. Appoint designee to act in his/her absence.
4. Unit/Department Heads and Deans
a. Authorize cancellations and restrictions of service for staff and academic employees, respectively.
b. Authorize steps to secure electronic mail records to preserve evidence.
c. Appoint designee to act in his/her absence.
5. Communications and Technology Services
a. Establish acceptable use guidelines.
b. Consult with Unit/Department Heads and Deans regarding alleged violations of acceptable use guidelines.
6. Chair Academic Senate
a. Consult with the Vice Chancellor--Business and Administrative Services in cases where the inspection, monitoring, or disclosure of email held by faculty is involved. The advise of the Academic Senate shall be sought in writing in advance and be provided in a timely manner (72 hours upon receipt of request).
7. Electronic Mail Providers
a. Ensure privacy of email addresses (or other personal information) associated with students who have filed a non-release of public information.
b. Terminate the email services of individuals who are no longer associated with the University.
c. Ensure that the security and confidentiality provisions of the University electronic mail policy are implemented on their system(s).
d. Ensure the preservation of electronic mail evidence when authorized by appropriate Unit/Department Head, Dean or University Police.
e. Ensure that the proper authorizations have taken place before placing service restrictions on an email user.
f. Ensure that the proper authorizations have taken place before permitting the monitoring, inspection, and/or disclosure of email without consent.
g. Document the backup procedures associated with electronic mail on their system(s) and provide the procedures, on request, to email users. Provide CATS with a copy of the backup procedures.
h. Develop mechanisms to notify and receive positive acknowledgment by email users of receipt and understanding of University of California Electronic Mail Policy and of campus electronic mail procedures.
i. Develop local implementing procedures and coordinate appropriate review.
8. Registrar’s Office
a. Office of Record for student requests for non-release of public information.
9. Student Judicial Affairs/College Administrative Officers
a. Consult with the Vice Chancellor--Student Affairs regarding alleged violations of student policy and procedures.
10. Title IX Office
a. Consult with Unit/Department Heads and Deans regarding allegations of sexual harassment.
11. University Counsel
a. Provide legal advice to Vice Chancellor--Business and Administrative Services or Vice Chancellor--Student Affairs, as appropriate.
12. University Police
a. Consult with Unit/Department Heads and Deans regarding alleged violations of the law.
b. Authorize steps to secure electronic mail records to preserve evidence.
13. Internal Audit/Staff Human Resources/Academic Human Resources/Labor Relations
a. Consult with Unit/Department Heads and Deans regarding alleged violation of University policies and procedures.
B. Allowable Uses
1. General: Email services are provided to University of California, Santa Cruz employees and agents for the purpose of conducting the University’s business. Access to electronic mail, if provided, is at the discretion of the unit/department in consideration of the job requirements, departmental needs, and cost and efficiency factors. (See Section II.C. Definitions - Eligibility for Access)
2. Incidental Personal Use: University of California, Santa Cruz email services may be used incidentally for personal purposes provided this use complies with all the provisions of Section VI.A of the University of California Electronic Mail Policy. Acceptable incidental personal use of an University of California, Santa Cruz email account is limited to email use on behalf of the individual and must comply with University time, place and manner regulations. This excludes use on behalf of an outside organization; whether the organization is for-profit, not-for-profit, or non-profit is not relevant. This limitation precludes publishing a University of California, Santa Cruz email address as the point of contact for non-University activities.
C. Procedure Steps/Checklist
1. Student Electronic Mail Addresses: In accordance with the Family Educational Rights and Privacy Act of 1974, prior to using/publishing student email addresses, Departments must:
a. Determine if an email address (in printed or electronic form) may become available to a non-University individual or a University employee who does not have a business need to know. If so, the Department must:
1) Verify with the Office of the Registrar whether or not the student has filed a "Request for Non-Release of Public Information" form.
2) Provide students who have requested non-release of personal information an alternative (e.g., an electronic pseudonym).
3) Take appropriate action to ensure that directory information for students who have requested non-release of personal information is kept confidential (i.e., names should not be published in either printed or on-line directories).
b. Inform students that their email addresses may become known if they use them in electronic contexts that are viewable outside of the University (e.g., to post messages to public news groups and listservs or on a Web page).
c. Consider options for preventing the ability of third parties to create and publish directory information from on-line sources (e.g., "whois," "finger," on-line directories). (Reference BUS RMP 12)
2. Termination of Affiliation: When staff, faculty, students, contractors, etc. terminate their affiliation with the University of California, Santa Cruz, the individual’s email account will be canceled.
a. Electronic mail providers should ensure that their policies are consistent with the campus policy on termination of affiliation.
3. Normal Account Closure: The Unit/Department Head who authorized an email account may cancel it. This normally occurs when an employee separates from employment, when email service is no longer required for the conduct of University business, under budgetary constraints, etc. or when records indicate that a student is no longer enrolled.
4. Service Restrictions: Access to University electronic mail services may be wholly or partially restricted without prior notice and without the consent of the email user when required by law, when there is a substantiated reason (see II.C. Definitions) to believe that violations of policy or law have taken place, or in exceptional cases, when required to meet time-dependent, critical operational needs.
a. If there is reason to believe that violations of policy or law have taken place, a Unit/Department Head or Dean may restrict an email user’s services after consultation with CATS, Student Judicial Affairs, College Administrative Officer, Title IX Office, University Police, Internal Audit, Staff Human Resources, Academic Human Resources, and/or Labor Relations, as appropriate. The Vice Chancellor--Student Affairs shall have authority for restricting student access; the Vice Chancellor--Business and Administrative Services shall have authority for restricting access by non-University individuals.
b. Suspected violations of the law should be reported to the University Police.
c. Electronic mail providers may temporarily restrict an email user’s services to perform system maintenance.
d. The email user shall be notified of the scope of the restriction, the reason for the restriction, and the duration of the restriction.
e. Email services may be restored when the situation that occasioned the restriction of service has been resolved.
f. Faculty, staff, and students may appeal the decision to restrict services in accordance with normal University and/or campus complaint procedures. Non-University individuals may appeal to the Vice Chancellor--Business and Administrative Services.
5. Monitoring/inspection/disclosure of Email Without Consent: University employees/students are expected to comply with requests for copies of email records in their possession that pertain to University business or as required by law. An email holder’s consent shall be sought by the University prior to any inspection, monitoring, or disclosure of email records in the holder’s possession except when: "(1) required by and consistent with law, (2) there is substantiated reason to believe that violations of law or University policy may have taken place, or (3) in exceptional cases, to meet time-dependent critical operational needs."
When the contents of email must be inspected, monitored, or disclosed without the holder’s consent, the following steps shall be taken:
a. Authorization under the California Information Practices Act: Written requests for electronic mail records filed in accordance with the Information Practices Act shall be forwarded to the campus Information Practices Coordinator for action.
b. Authorization when violation of law or University policy is suspected:
1) After consultation with CATS, Student Judicial Affairs, Title IX, Internal Audit, University Police, Academic Senate, Staff Human Resources, Academic Human Resources, and/or Labor Relations, as appropriate, a Unit/Department Head or Dean may authorize steps to secure electronic mail records to preserve evidence. However, no such evidence may be inspected or disclosed without written authorization of, for employees and non-University individuals, the Vice Chancellor--Business and Administrative Services or, for students, the Vice Chancellor--Student Affairs
.2) The University Police Chief may authorize steps to secure electronic mail records when a violation of law is suspected.
3) For employees and non-University individuals, the Vice Chancellor--Administrative and Business Services, after consultation with University Counsel may authorize the Unit/Department Head or Dean to inspect, monitor, or disclose electronic mail without the consent of the email holder; authorization shall be limited to the least perusal of contents and the least action necessary to resolve the matter and such authorization shall be in writing. The Vice Chancellor--Student Affairs may authorize the inspection, monitoring or disclosure of student electronic mail in accordance with the above.
4) Where the inspection, monitoring, or disclosure of email held by faculty is involved, the Vice Chancellor--Administrative and Business Services, after consultation with University Counsel and with the written advice of the Campus Academic Senate may authorize the Unit/Department Head or Dean to inspect, monitor, or disclose electronic mail without the consent of the email holder; authorization shall be limited to the least perusal of contents and the least action necessary to resolve the matter and such authorization shall be in writing
.c. Emergency Authorization: In an emergency situation (i.e., when the danger of delay outweighs the danger of taking action, especially with regard to protection of life and limb and incurring liability and costs to the University), the least perusal of contents and the least action necessary to resolve the matter may be taken immediately without authorization; however, authorization by the Vice Chancellor--Business and Administrative Services or Vice Chancellor--Student Affairs, as appropriate, shall be sought without delay. If the action is not subsequently authorized, the Unit/Department Head or Dean shall seek to have the situation restored as closely as possible to that which existed before action was taken.
d. Notification: The Unit/Department Head or Dean shall notify the email holder, in writing, as soon as possible of the action(s) taken and the reasons for the action(s) taken.
e. Appeals: Under both the normal and emergency procedures, affected individuals may appeal the decision in accordance with normal University and/or campus complaint procedures. Non-University individuals may appeal to the Vice Chancellor--Business and Administrative Services.
f. Annual Report The campus will publish an annual report summarizing, where consistent with law, instances of authorized or emergency non-consentual access pursuant to the provisions in university policy
.6. Administrative Records: University employees are required to provide the University with copies of email records in their possession that pertain to the administrative business of the University. In order to reduce the need to access an employee’s email in the event of absence, units/departments may use, individually or in combination, a number of techniques, such as:
a. using email forwarding, if available and with the consent of the email holder, so that during planned absences employees can forward email to the person responsible for covering the work in their absence;
b. establishing common workgroup files for departmental-related business so email records can be accessed by others in the employee’s absence.
7. Backup Procedures: Each electronic mail provider must document procedures for backup of electronic mail and provide those procedures to CATS and to email users upon request.
a. CATS Backup Procedures
1) Backups at the central CATS mail server (i.e., cats.ucsc.edu) shall be retained for one week. If email messages are saved as a file on one of the CATS-operated central servers, they will be backed up just like other files on that computer. As a result, email messages may exist as backup "records" as long as three years from the time they are purged from the central servers.
b. Campus Electronic Mail Providers Backup Procedures
1) It is recommended that procedures be published on an internal departmental Web page.
2) Procedures (or an electronic link to) shall be provided to CATS so that they may be made available centrally to those who request them.
3) This procedure does not require that backups of email be made.
8. Policy Notification to Electronic Mail Users: Electronic mail providers shall:
a. Require each email user to sign a form at the time they are issued an account indicating that s/he has access to a copy of the University of California Electronic Mail Policy and that s/he understands the provisions.
1) Current account holders who have not previously signed a form shall do so within six months of the effective date of this procedure.
2) Signatures may be electronic to the extent that the email user’s identity can be assured and a record is kept of the acknowledgment.
b. On an annual basis, provide email users with a reminder of University policy and campus electronic mail procedures, a summary of any changes, and information about where they can view/obtain the complete policy and campus procedures.
III. Definitions
University-wide definitions are found at
http://www.ucop.edu/irc/policy/email-policy.html Section III.Campus definitions:
Electronic mail provider: Any campus unit or individual who provides electronic mail services which involve the use of University equipment and facilities.
Eligibility for Access:
Any individual, department, or group officially affiliated with UCSC, as outlined below, may have access to electronic mail services provided by the campus when such access is necessary for the conduct of university business and is departmentally authorized. Such eligibility is subject to compliance with the University of California Electronic Mail Policy and to the campus Computer Use Policy.Registered students and any faculty or staff employed by the Santa Cruz campus are eligible for access to campus email services. Other qualifying individuals, with proven affiliation, such as students in UC Extension enrolled in courses requiring email access, retirees, emeriti faculty may also be determined eligible for email access at the discretion of departments providing services. Direct charges for email services are based on affiliation and current campus policy for central funding of core services and are subject to change. Eligibility is determined by continued affiliation with the campus and a university related need for services. Multi-campus units located at Santa Cruz or groups as defined by University Policy on Support Groups, Campus Foundations, and Alumni Associations. (See Section V. References)
Departments may provide email service to contractors, independent consultants, or other qualifying individuals for the sole purpose of conducting their business with the University. Such users must agree to comply with this Guideline and departments/units are responsible for any of their activities using University email services. Faculty at other University of California campuses may be eligible for access to email services at the discretion of the departments/units which provide the email services.
Access will be provided only to those employees and applicants who can provide proof of formalized affiliation with the Santa Cruz campus, signed by the appropriate Santa Cruz campus authority.
Individual departments/units may further restrict eligibility, but may not expand it to additional categories of users.
Substantiated reason: Reliable evidence indicating that a violation of law or University policy has occurred, as distinguished from rumor, gossip, or other unreliable evidence.
Timely Manner:
Within 72 hours of request.
IV. Getting Help
Communications and Technology Services provides training and assistance to campus units on topics associated with electronic mail policies and procedures, including help with completing forms, carrying out procedures, or interpreting policy. Contact the Information Resource Center at 459-4357 or email infocat@cats.ucsc.edu.
V. Applicability and Authority
These Electronic Mail Implementing Procedures apply to the operation of all electronic mail systems operated by campus units or utilizing University facilities. They implement the University of California Electronic Mail Policy issued August 6, 1996, by President Atkinson.
VI. References
Related Systemwide Policies (http://www.ucop.edu/irc/policy/email-policy.html)
Campus References:
Campus 1997-1999 RuleBook
(http://www2.ucsc.edu/judicial/index.html)
The Navigator, 1996-97 Undergraduate Handbook
(http://www.ucsc.edu/ucsc/navigator/index.html)
Policies for use of UCSC computing facilities
(http://www2.ucsc.edu/cats/sc/help/policies/compuse.shtml)
Prepared by Linda Listmann (llg@cats.ucsc.edu), Breck Caloss (breck@cats.ucsc.edu), and Robin Ove (robino@cats.ucsc.edu), 12/2/97.