This document sets out provisions for the use of University Internet facilities (including email). You are required to familiarise yourself with these and other University policies and guidelines, and with the relevant laws.
The University has software and systems in place to monitor and record all Internet usage, and only those servers which have been registered with the Internetworking Manager will be enabled at the Internet firewall (a security device which is used to control access to University systems).
If you install your own software or IT products (e.g., a web server) on your Brookes computer, then you should be aware of any potential security problems which might arise as a consequence, and take appropriate action to safeguard Brookes systems. It is essential that all updates for software are installed as soon as they become available. If in doubt, consult your IT Support Officer.
Users should be aware of the following:
- It is not safe to assume that email is either confidential or secure. For example, email intended for one person may sometimes be widely distributed because of the ease with which recipients can forward it to others. A reply to an email message, intended only for the originator of the message, which is posted on an electronic bulletin board or through a mailing list may be distributed to all subscribers to the service. Also, even after you delete an email record, it may persist on backup facilities and thus be subject to disclosure under section 3 of the electronic mail policy.
- Email, whether or not created or stored on University's equipment, may constitute a University email record (see definition in Appendix A of the electronic mail policy and be subject to disclosure under the Data Protection Act 1998 or other laws, or as a result of litigation.
- There is no guarantee, unless "authenticated" mail systems are used, that email received was in fact sent by the purported sender, since it is relatively straightforward, although a violation of the Regulations for Use of IT Facilities, for senders to disguise their identity. Also, email that is forwarded may also be modified. As authentication technology is not widely used within the University at present, you should check with the purported sender to validate authorship or authenticity, if there is any doubt.
- Encryption technology enables the encoding of email so that for all practical purposes it cannot be read by anyone who does not possess the right key. You should not send confidential or sensitive personal information by email unless you use encryption or password protection.
- The University does not currently use email for the conclusion of contracts. You should be aware, however, that email messages may form legally binding contracts particularly if signed by means of certified digital signatures.
- You should not rely on email for record-keeping purposes. (Most back-up files are currently overwritten every four weeks.) Also, in the absence of authentication systems, it is difficult to guarantee that email documents have not been altered, intentionally or inadvertently. Where long-term accessibility is an issue, you should transfer email records to a more lasting medium or format.
C. Specific Guidelines
You should not give the impression that you are representing, giving opinions, or otherwise making statements on behalf of the University, or any unit of the University, unless appropriately authorised to do so. Where appropriate, an explicit disclaimer should be included unless it is clear from the context that you are not representing the University.
An appropriate disclaimer is: "These statements are my own, not those of Oxford Brookes University."
Do not release confidential information via a mailing list, on-line discussion group or electronic noticeboard. All disclosures of personal information, including via the Internet must comply with the Data Protection Act 1998.
Any file, which is downloaded from the Internet or attached to an email, should be scanned for viruses before it is run or accessed. If you are in doubt about the safety of opening an email attachment, consult your IT support officer. (There is a product called WordViewer which enables you to view an attached document without opening it. For more information about this product, consult the OBIS IT Services Help Desk.)
Termination of Affiliation
When you leave the University, permanently or for periods of leave, you should make arrangements which ensure continuity of University business. These may include the handing over, or forwarding, of relevant University email records (see definition in Appendix A of the electronic mail policy) or messages, to an appropriate member of staff, or directing regular contacts to address future messages to another member of staff. You must not give your password to another member of staff so that they can access your account.
The email accounts of persons no longer associated with the University will be cancelled and no personal forwarding services will be provided. When including your email address in published materials, such as journal articles, it may be more effective to use an external email address (e.g., Hotmail or Yahoo) which is not tied to your place of work. In exceptional circumstances, and at the discretion of your head of school or directorate, forwarding services may be provided after termination for a period normally not to exceed six months. In such cases, you must agree in writing that any mail which pertains to the University's business will be forwarded back to the school or directorate. (A head of school or directorate may require that all mail forwarded from the University email address also be forwarded to a school or departmental account.) Before forwarding can begin, you must remove your name from any mailing lists, internal or external.
Copyright and Other Relevant Law
The laws applying to copyright, data protection, libel, sexual harassment and other offences are applicable to email messages and attachments. You should make yourself familiar with all the relevant laws and University policies.