Staff Email Usage Policy
1 Aims
1.1 This policy establishes the proper and effective
staff use of email and calendaring, and exists to protect the
security of the systems and the reputation of the University.
1.2 The policy applies to any member of staff or
associate who uses the University email service.
2 Basic Premise
2.1 The Information Technology resources are owned by the
University and represent a work tool for use in the service of
the University business except where used in accordance with the
policy on private use of email in section 5. The University will
not accept damage to or inappropriate use of the email service.
3 Individual Responsibilities
3.1 Users have an individual responsibility to understand
their responsibilities under this policy, and to know the rules
and abide by them when using the University email service.
3.2 Users must notify their Head of Department or Head of
Computing Services if they believe a violation of this policy
has occurred.
3.3 Breaches of this policy may result in disciplinary
action under the University Disciplinary Procedure.
4 Existing Policies
4.1 This policy should be read in conjunction with the
other policies and procedures relating to information security,
data protection, confidentiality and copyright. These policies,
which also apply to the use of email, are available on the
website
www.canterbury.ac.uk.
5 Private Use Of Email
5.1 Whilst the use of the email service is intended for
the effective delivery of our business the University recognises
the benefits of allowing staff to use email as a way of
developing and maintaining an appropriate work-life balance.
5.2 The personal use of email is allowed as long as this
is reasonable. Wherever possible the personal use of email
should be outside normal working hours, should at no time
interfere directly or indirectly with work commitments and
should be used only in accordance with section 6 of this policy.
5.3 University email should not be used to enter into any
private contract or business relationship. It may however be
used to receive acknowledgement only for purchases made from a
website.
5.4 Failure to use the system in accordance with the
guidance or the abuse or misuse of email may result in
disciplinary action.
6 Use of Email and Systems For Electronic Communication
6.1 Email, whilst it has benefits for the effective and
efficient communication of information, may also have
consequences which could potentially impact on the individual
and the University. These consequences could represent damage to
the reputation of the University, additional costs or fines, and
potentially civil or criminal action. It is important therefore
that any use of email (whether personal or business) complies
with the following.
6.2 Claims of defamation, breaches of confidentiality or
contract can arise from any misuse or careless use of internet
and email messages. All such communications must be treated like
any other form of correspondence and the content and language
utilised should be consistent with established University
practices.
6.3 Users need to be aware that electronic messages can
easily be archived by other parties and made searchable over a
long period of time. Messages stored electronically by the
University are also subject to searches under the Data
Protection Act 1998 and Freedom of Information Act 2000.
6.4 The use of email to send or forward messages that are
defamatory, obscene or otherwise inappropriate will be treated
as misconduct under the appropriate disciplinary procedure. In
serious cases this could be regarded as gross misconduct and
lead to dismissal.
6.5 Individual or bulk sending of messages must be done
in accordance with English law (especially but not limited to
the Data Protection Act). Staff with a requirement for
widespread communications to all members of staff, students or
other large groups should follow the procedure at
http://www.canterbury.ac.uk/support/computing-services/support-and-advice/email.asp
.
These requests will be decided in line with other policies.
6.6 Email delivery is not guaranteed. Notifications of
delivery failure may not be sent to the originator and read
receipt requests can be ignored. Therefore email should not be
assumed to be suitable for essential correspondence unless other
steps are taken to confirm receipt.
6.7 Users are expected to treat electronic information
with the same level of confidentiality as they would paper based
information. All information should be kept secure, used only
for its intended purpose and not disclosed to unauthorised
employees or third parties. Any personal data must be handled in
accordance with the University Data Protection Policy which can
be found on the University web site.
6.8 Electronic mail must not be used to communicate
confidential or sensitive information unless appropriate
measures have been taken to ensure authenticity and
confidentiality, that it is correctly addressed and that the
recipients are authorised to receive it.
6.9 Users are required to check their email account on a
sufficiently regular basis to allow them to meet the
requirements of their post and to use “out of office” messages,
using the vacation message service, if they are unable to read
emails for more than one week.
6.10 Computing Services may investigate the content of
all electronic information when authorised by both a Head of
Department and the University Solicitor with reference to Human
Resources.
6.11 Staff must configure suitable signatures to comply
with the law (see appendix 1) and such signatures must be
applied by staff to email messages destined for outside of the
University. Non-work related matter should not be included. The
Institution does not support the use of disclaimers in
signatures.
6.12 All email should be sent and displayed as plain
text.
6.13 All mailboxes (this includes your inbox and any
folders) are subject to a maximum size limit (see Appendix 2 -
Technical Limits Schedule). When this is exceeded, warning and
restrictions will be implemented including the inability to send
further messages until email has been deleted or archived. The
user will continue to be able to receive email.
6.14 Email transmitted across the University computing
network or onto the Internet is subject to a maximum size limit
(see Appendix B - Technical Limits Schedule).
6.15 Unsolicited email (i.e. SPAM) should be deleted.
7 Multi-User (Shared) Email Accounts
7.1 It is recognised that in addition to the ‘personal’
account that each member of staff is entitled to, there is the
occasional need for some form of shared email account and/or
shared email address. Prior to the current Exchange/Outlook
service the requirement was met by way of additional standard
email accounts that were referred to as ‘Generic accounts’,
these had a number of flaws.
7.2 There are four aspects of multi-user or shared email
use that will be accommodated:
- a role with a single staff occupant e.g. Head of an
administrative department
- provision: Email alias forwarding to personal account.
- many staff acting in a role
- provision: An administrative department Shared email account.
- staff group coordination collective calendar
- provision: limited access shared email account
- one way communication to many staff
- provision - staff email mailing list
7.3 Computing Services must act to avoid excessive
proliferation of email addresses or accounts, for both technical
reasons and in order to maintain a sensible approach to email
address books. Computing Services has to account for all IT
resources, and establish a life cycle that clearly sets out how
the resources come into existence and how they are managed
through their use and when they are removed.
7.4 The University owns the ‘email address space’ – i.e.
all addresses @canterbury.ac.uk – it is incumbent on the
University to ensure that email addresses are appropriate from
the perspective of the whole University and to all users, be
they internal or external.
7.5 All multi user or shared email must comply with this
policy.
7.6 The University discourages the use of role based
email accounts where the role has a singular occupant.
7.6.1. Roles that require a persistent address across
changes in occupant should have an email alias that re-directs
the email to the current role holder.
7.6.2. Role holders may delegate access to their personal
email account to cover absences, or for administrative
assistance.
7.6.3. When the role holder leaves post they may extract
email addressed to the alias by a simple search, but note that
important messages should not be stored in email long term
7.6.4. Existing role-based accounts will be allowed to
continue, but their existence may be reviewed at a later date.
7.7 Where there is a role that has many staff operating
in it then a shared email account can be provided. Each shared
account will have an owner, who is responsible for its use and
decides who else is given delegated access.
7.7.1. Those delegated ‘full access’ (i.e. read, write,
delete permissions) must manage the account.
7.7.2. Sub-roles will not justify separate shared
accounts but will be catered for by email aliases pointing to
the main role. Rules in the shared email account can then
pre-process the sub-role email into separate folders.
7.7.3. Staff using the shared account must use their
identity when sending email.
7.7.4. The shared account is not a medium for storage and
the account must be actively managed.
7.8 Where a formal group of staff need sight of a group
calendar then a limited shared account can be provided.
7.8.1. No more than four staff will be allowed full
access.
7.8.2. The ‘limited shared account’ will not allow any
email to be sent on its behalf.
7.9 Where groups of people need to receive email but do
not need to work collaboratively on the email, mailing lists
should be used.
7.9.1. Mailing lists enable the University comply with
E-commerce Regulations, such as allowing recipients to withdraw
from the mailing list, to know who is on the list and for the
list owners to control misuse.
7.9.2. Owners of lists must be University staff who have
agreed to take active responsibility for the lists they manage.
7.10 Any one individual email account should not have
more than four additional full access mail boxes configured.
7.11 Any shared account should have no more than 20 users
with full access.
7.12 Shared accounts will have quotas as applied to
individual accounts. The resources consumed by a shared account
will be accounted for by the ‘owner’.
7.13 Shared accounts will only be created for a
persistent purpose. Transient requirements will be catered for
by means of email aliases forwarding email to either an existing
shared account or to a personal account.
7.14 All shared account identifiers, email aliases and
email list addresses must reflect their true nature, be
unambiguous, and be appropriate for use across the whole
University.
7.15 Life cycle management:
7.15.1. Computing Services will from time to time note
the traffic levels of multi-user accounts.
7.15.2. Any accounts with no or very little traffic will
be candidates for removal.
7.15.3. The owners of candidate shared accounts will be
consulted prior to any possible deletion. The owners will need
to justify the continued existence of the shared account.
7.16 The procedure for multi-user account creation will
be published on Computing Services web site, and must be
followed when applying for a multi-user account.
7.17 All multi-user accounts, email aliases, mailing
lists must be arranged prior to any publicity of email
addresses. It is not sufficient justification when asking for a
particular email address to claim that publicity has already
started.
7.18 Decisions as to relevance, address suitability, etc
will be handled by Computing Services. Appeals will be to the
Head of Computing Services in the first instance and then to the
Chair of the Information Systems Committee, whose decision will
be final.
8 Glossary
• email alias a synonym for a different email address.
• full access ‘full access’ to a shared email account will allow
someone to access the account as if it were their own.
• individual email account The basic default email account each
member of staff is entitled to.
Updated September 2008
