Use of Electronic Mail
IT-21
About This Policy
- Effective Date:
- 01-03-2002
- Date of Last Review/Update:
- 08-17-2011
- Responsible University Office:
- Information Policy Office
- Responsible University Administrator:
- Office of the Vice President for Information Technology & Chief Information Officer
- Policy Contact:
University Information Policy Office, uipo@iu.edu
- Policy Feedback:
- If you have comments or questions about this policy, let us know with the policy feedback form.
Scope
This policy applies to all users of Indiana University information technology resources regardless of affiliation, and irrespective of whether those resources are accessed from on-campus or off-campus locations.
Policy Statement
Indiana University electronic mail (e-mail) users are required to comply with State and Federal law, University policies, and normal standards of professional and personal ethics, courtesy, and conduct. All communications via e-mail will be consistent with all pertinent sections of the Code of Student Ethics, the Academic Handbook, and all other applicable administrative policies.
Under normal circumstances, when an individual's affiliation with the University ends, eligibility to use a University-provided e-mail account also ends. The University may elect to continue the account for use by the individual as necessary to further University missions.
Unless inappropriate use stems from technical or other problems outside of the individual's control, persons to whom Indiana University e-mail accounts are assigned are responsible for actions taken with their accounts. Accounts and account passwords are not to be sold, rented, or shared with any other person, including friends, family, roommates, supervisors, technical staff, vendors, etc.
Unless an individual or an organization has explicitly solicited anonymous input or comments, all communications sent using any Indiana University technology service or facility must clearly identify the actual sender by a valid address in the basic header (From:) or in the message text. Forged communications are prohibited under any circumstance.
No one may state or imply in an e-mail that they represent or speak on behalf of Indiana University or any organizational element of Indiana University, unless they are tasked to do so by virtue of their assigned duties or they have been formally designated to do so by the Board of Trustees of Indiana University or by University executive administration.
Electronic mail will not be sent by members of the University community to persons with whom the sender does not have an established mutually-accepted personal, business, or academic relationship.
Sensitive institutional and personal information will not be sent via e-mail, unless specific steps are taken to confirm that the transmission is secure.
University electronic mail will not be used for personal commercial purposes or for personal financial or other gain.
All mailing lists supported by University resources will be owned and maintained by members of the Indiana University community, and each list will have a stated purpose and policy. Mailing lists will be moderated so that inappropriate postings are intercepted and rejected, and electronic mailing lists will be protected as far as technically possible from commercial exploitation. Communications to mailings lists will be in accordance with the stated purpose and policy, and list members who consistently experience inappropriate postings may unsubscribe even if membership was initially required. Requests from individuals to be unsubscribed from these and from voluntary lists must be honored.
Reason for Policy
Electronic mail (.e-mail.) has become an essential tool for accomplishing the University's day-to-day academic and administrative activities.
However, the ease at which an e-mail can be sent to one or thousands of recipients can be a disadvantage as well as an advantage. There are millions of e-mail messages traversing through the University network daily. Most users are receiving dozens of e-mails per day, and some are receiving hundreds per day. While much of this e-mail is appropriate to the activities of the recipient, more and more e-mail can be classified as Internet junk e-mail, often referred to as .Spam,. unsolicited bulk e-mail (UBE), or unsolicited commercial e-mail (UCE). Mailings from marketers and anonymous sources on the Internet are increasing - users are being placed on marketing lists without their consent, and often if the user responds to ask to be removed, the volume of unsolicited e-mail simply increases because the validity of their e-mail address is confirmed. Unfortunately at this time there is no real technical way to stop this unsolicited e-mail, and as of December 2001 there are no Indiana State or Federal statutory limits on these mailings.
Thus, users of e-mail are getting used to discarding e-mails that do not have a direct relevance to them or to their activities. Unfortunately, legitimate internal mailings often get lost amongst this flood of junk mail, reducing the effectiveness of e-mail as a tool for communication.
It is also very important that e-mail, like all other communication methods, be used in a collegial and constructive manner. Messages must be formed in ways that reduce the possibility of confusion as to source, destination, or intent, and in ways that show respect for others and tolerance of differences in culture, attitudes and opinions.
Administrative communications in e-mail carry the same business requirements as do communications on paper; for example, restrictions on access to data protected by statute, retention schedules, etc. As requirements vary for different business processes, individual administrators and offices must understand what these requirements are related to activities in which they are involved.
Finally, e-mail should not be considered a completely secure method for transmitting sensitive information. In the past, it has been said that e-mail should be considered as secure as sending a paper postcard. While this isn't exactly analogous, and e-mail can be secure under certain circumstances, this is a good rule from which to start.
Procedures
Complaints concerning violations of this or other technology policies should be reported to UIPO Incident Response. After technical verification is complete using system or other logs, and in accordance with other applicable policies and procedures, the incident will be reported to the appropriate University judicial officer for review and possible action.
Definitions
- Mutually-accepted personal, business, or academic relationship
- an association between two individuals established as a result of a job function, a business function, or an academic activity. Examples: a person sending an invitation to a party to a friend; a Human Resources employee sending an e-mail to employees enrolled in a specific benefits plan; a professor sending class information to students in the class; a student asking another student in class a question about an assignment.
- Forged communications
- e-mails that are made to appear as if they originated from a person or organization other than the person from whom the message was actually sent.
- University judicial officer
- is the Dean of Students or equivalent (for Students), the Dean of a School and Dean of Faculties (for faculty members), the director of a department and Human Resources Management (for staff).
Sanctions
Indiana University will handle reports of misuse and abuse of information and information technology resources in accordance with existing policies and procedures issued by appropriate authorities. Depending on the individual and circumstances involved this could include the offices of Human Resources, Vice Provost or Vice Chancellor of Faculties (or campus equivalent), Dean of Students (or campus equivalent), Office of the General Counsel, and/or appropriate law enforcement agencies. See policy IT-02, Misuse and Abuse of Information Technology Resources for more detail.
Failure to comply with Indiana University information technology policies may result in sanctions relating to the individual's use of information technology resources (such as suspension or termination of access, or removal of online material); the individual's employment (up to and including immediate termination of employment in accordance with applicable university policy); the individual's studies within the university (such as student discipline in accordance with applicable university policy); civil or criminal liability; or any combination of these.
History
- Revised August 17, 2011: changed titles in Sanctions section to more accurately reflect current usage.
- Revised March 4, 2010: enhancing language in Sanctions section
- Draft: January 3, 2002