1. Introduction
This Policy defines policy and procedures where existing University policies do not specifically address issues particular to the use of electronic mail. Users of University electronic mail services are responsible for making themselves familiar with the " Guidelines for Use of the Internet", and other relevant laws and University policies (see policies.)
The terms "electronic mail" and "email" are used interchangeably throughout this Policy.
2. Scope
2.1 This Policy applies to
- all electronic mail systems and services provided or owned by the University; and
- all users, holders, and uses of University email services; and
- alll University email records in the possession of University staff or students or other email users of electronic mail services provided by the University.
2.2 This Policy applies only to electronic mail in its electronic form. It does not apply to printed copies of electronic mail. Other University policies, however, do not distinguish among the media in which records are generated or stored. Electronic mail messages, in either their electronic or printed forms, are subject to those other policies, including provisions relating to secure handling and disclosure.
3. General Provisions
3.1 University Property
Any electronic mail address or account associated with the University, or any sub-unit of the University, assigned by the University to individuals, sub-units or functions of the University, is the property of Oxford Brookes University.
3.2 Service Restrictions.
Those who use University electronic mail services must do so responsibly, that is, in compliance with United Kingdom and European laws, with this and other University policies
and regulations (see policies ), and with normal standards of professional and personal courtesy and conduct. Access to University electronic mail services may be wholly or partially restricted by the University, for good cause, without prior notice and without the consent of the email user. Such restriction is subject to the approval of the Chief Information Officer, or his nominee, or, in their absence, the approval of the University Registrar.
3.3 Access to Email Records.
The University shall only permit the inspection, monitoring, or disclosure of electronic mail without the consent of the holder of such email (i) when required by or consistent with law; (ii) when there is reason to believe that a violation of law or of a University policy has taken place; (iii) when there are compelling circumstances; or (iv) under time-dependent, critical operational circumstances.
3.4 Authorisation.
Except in emergency circumstances, authorisation for access must be obtained from the Chief Information Officer, or his nominee. Authorisation shall be limited to the least perusal of contents and the least action necessary to resolve the situation. In emergency circumstances the least perusal of contents and the least action necessary to resolve the emergency may be taken immediately without authorisation, but appropriate authorisation must then be sought without delay.
4. Security and Confidentiality
4.1 The University does not guarantee the confidentiality of electronic mail.
4.2 Except as provided elsewhere in this Policy, computer operations personnel and system administrators are not permitted to see or read intentionally the contents of email messages, to read transactional information except where necessary to ensure proper functioning of University email services, or to disclose or otherwise use what they have seen.
4.3 There is one exception: systems personnel, such as the "Postmaster", who may need to inspect the contents of email messages when re-routing or disposing of otherwise undeliverable email. This exception is limited to the least invasive level of inspection required to perform such duties.
5. Archiving and Retention
It is University policy to delete email stored on the University mail server at regular intervals and to inform users of impending deletions. Operators of University electronic mail services are not required by this Policy to retrieve email from back-up facilities upon the holder’s request, although on occasion they may do so as a courtesy.
6. Policy Violations
Violations of this policy may result in disciplinary action being taken, or access to University facilities being withdrawn, or a criminal prosecution. Any apparent violations of policy or law should be reported either to the Postmaster or to the Information Compliance Officer at info.sec@brookes.ac.uk.
Appendix
Definitions
Computing Facilities: Computing resources, services, and network systems such as computers and computer time, data processing or storage functions, computer systems and services, servers, networks, input/output and connecting devices, and related computer records, programs, software and documentation.
Email Systems or Services: Any messaging system which depends on computing facilities to create, send, forward, reply to, transmit, store, hold, copy, download, display, view, read, or print computer records for purposes of asynchronous communication across computer network systems between or among individuals or groups, which is either explicitly denoted as an email system or is implicitly used for such purposes, including services such as electronic bulletin boards, mailing lists and news groups.
University Email Systems or Services: Electronic mail systems or services owned or operated by the University or any of its sub-units.
Email Record: Any or several electronic computer records or messages created, sent, forwarded, replied to, transmitted, stored, held, copied, downloaded, displayed, viewed, read, or printed by one or several email systems or services. This definition applies equally to the contents of such records and to transactional information associated with such records, such as headers, summaries, addresses, and addressees.
University Record: Any data recorded in any form, including paper files, computer files, audio- and videotapes, film and microfiche, which are maintained by University staff, or agents, in the course of their employment.
University Email Record: A University record in the form of an email record regardless of whether any of the computing facilities utilised to create, send, forward, reply to, transmit, store, hold, copy, download, display, view, read, or print the email record are owned by the University. The location of the record, or the location of its creation or use, does not change its nature as: (i) a University email record for the purposes of this or other University policy, and (ii) having potential for disclosure under the Data Protection Act 1998 or other laws.
Until determined otherwise or unless it is clear from the context, any email record residing on University-owned computing facilities, including personal email, may be deemed to be a University email record for the purposes of this Policy. Consistent, however, with the principles asserted in Section 3.4 of least perusal and least action necessary, the University shall, in good faith, make an initial effort to distinguish University email records from personal email where relevant to disclosures under the Data Protection Act and other laws, or for other applicable purposes of this policy.
Use of Email Services: To create, send, forward, reply to, transmit, store, hold, copy, download, display, view, read, or print email. A (University) email user is an individual who makes use of (University) email services.
Possession of Email: An individual is in "possession" of an email record, whether the original or a copy or modification of the original, when that individual has effective control over the location of its storage. Thus, an email record which resides on a computer server awaiting download to an addressee is deemed, for purposes of this Policy, to be in the possession of that addressee. Systems administrators and other operators of University email services are excluded from this definition with regard to email not specifically created by or addressed to them.
Email users are not responsible for email in their possession when they have no knowledge of its existence or contents.
Email Holder: An email user who is in possession of a particular email record, regardless of whether that email user is the original creator or a recipient of the content of the record.
Compelling Circumstances: Circumstances where failure to act may result in significant bodily harm, significant property loss or damage, loss of significant evidence of one or more violations of law or of University policies, or significant liability to the University or to members of the University community.
Emergency Circumstances: Circumstances where time is of the essence and where there is a high probability that delaying action would almost certainly result in compelling circumstances.
Time-dependent and Critical Operational Circumstances: Circumstances where failure to act could seriously hamper the ability of the University to function administratively or to meet its teaching obligations, but excluding circumstances pertaining to personal or professional activities, or to research.