Electronic Mail Policy
Approved: VP for Information Technology Date Established: 4/2015
Responsible Office: Information Technology Services
Date Last Revised: 5/2015 Responsible Executive: Information Security Director, VP for Information Technology
STATEMENT Electronic mail services provided by the college engender legal, regulatory and institutional limitations on its permitted use, content, and handling by all members of the institution. This policy provides the framework for the permitted and proper use of email by the institution and its members.
SCOPE This policy affects all members of the Smith College community who use the electronic mail and messaging services provided by the college.
POLICY Introduction: Electronic mail (email) is an established means of communication and information conveyance for a wide variety of institutional, professional and personal needs. Smith provides email services to its community members in support of the academic mission and administrative needs of the college. This policy sets limits and expectations on the permitted use and handling of email accounts, message content, and use of services to meet the compliance requirements of legal and regulatory mandates, and the general needs and expectations that the institution sets for itself.
- Responsibility for use: use of Smith email services must comply with all general user account policy requirements; in particular, all activities and use associated with an individual email account are the responsibility of the account owner.
- Account sharing: the use of an individual account by anyone other than the person assigned to the account is prohibited; however, delegated access to an email account is permitted.
- Account name changes: email services usernames are tied to your Smith College individual user account, and are not changed separately or independently from your Smith username; individual account username changes are generally made when official Registrar or HR name changes are approved.
Prohibited Use: the use of email services are expressly prohibited:
- to facilitate or engage in any illegal activity, including the unauthorized sharing of any content protected by copyright law.
- for obtaining unauthorized access to the files and communications of others, with no substantial institutional need.
- to infringe on the rights of others, or to harass other users in any way.
- to endorse, promote, canvass for, or support a political party or political candidate that in any way appears to act in violation of the college's legal requirement to remain politically neutral.
- for fundraising, business solicitation or advertising by groups or individuals other than officially recognized campus organizations.
- for non-college-related commercial or profit-making activities.
- To transmit "protected" institutional information as either as part of the message, or as content within an attachment to a message.
Permitted Use: some use of email services are permitted, but have certain restrictions or limitations on their use, such as:
- Personal communications: Incidental and occasional personal use of Smith's email is permitted, but such messages will be treated no differently from other messages with respect to privacy and compliance with this policy.
- Bulk email (see definition below): use of Smith email services for the sending of bulk email is permitted provided they meet with the following restrictions:
- Message content and recipient lists comply with the bulk email procedures included in this policy.
- Use complies with all applicable laws and regulations, including but not limited to the CAN-SPAM act.
- Allows recipients to opt out or be removed from the list for future bulk emails related to the message content or from the message sender.
- Complies with the procedures included below in this policy.
Email Privacy: email communications using Smith College's email services may contain confidential or personal information, with certain expectations regarding the privacy and disclosure of such communications. Electronic communications, including email, are subject to the following limitations regarding privacy and access:
- Smith's right to access and disclose information: Smith recognizes that members of the college community have some reasonable expectations of privacy with regard to the electronic mail messages they send or receive. The college reserves the right to access and disclose the contents of electronic mail messages, but will do so only when it has a legitimate work-related need to do so. The college also reserves the right to disclose any electronic mail message to law enforcement officials. The Responsible Executive of this policy will review any request for access to the contents of electronic mail without the consent of a sender or recipient. Such requests must be approved in advance and any access undertaken without such approval is a breach of college policy.
- Email service monitoring: ITS department systems staff routinely monitor information technology systems, including email systems and services. If anomalies are found indicating the possibility of illegal activity or violations of college policy or security, they will investigate further and report their findings to the Responsible Executive(s) of this policy.
- Suspected policy or legal breach investigation: the college may inspect the contents of electronic mail messages in the course of an investigation triggered by indications of impropriety.
Email as an "official record" of the college: Email is considered an official resource for the communications of the college, and may be subject to other institutional or legal regulations and compliance requirements pertaining to the official records of the institution. This includes but is not limited to:
- compliance with legal actions such as litigation hold notices.
- records management requirements specified in the College's "Records Retention" policy.
- compliance with FERPA and any other regulatory requirements that pertain to the content of a message or its attachments.
POLICY VIOLATIONS Violations of college policies are adjudicated according to procedures outlined in the Student Handbook and the Staff Handbook, with disciplinary consequences imposed by the adjudicating authority up to and including dismissal. Some offenses are punishable under state and federal laws.
STANDARDS AND PROCEDURES
Standards for email attachments: Attachments to email messages are expected to comply with the following standards and best practices recommendations:
- attachments should be clean of any viruses or malware embedded within the attachment.
- should not contain any information that is classified as "Protected", unless the file is encrypted with a commonly accepted encryption protocol, and the decryption key is communicated in some way other than in an email message to the recipient(s).
- must conform to this policy as though they are part of the email message or content.
Procedures for Bulk email: The following requirements govern the use of email services for the sending of "bulk email" messages:
- Distribution lists for bulk email to large numbers of constituents (100+), and that include non-Smith.edu email addresses, must be sent using an officially supported bulk email service provider.
- Bulk email communications should be sanctioned by someone with governance oversight of the recipient group.
- Bulk email message content should adhere to the email composition standards included in this policy.
- Additional guidelines for sending bulk, broadcast or distribution list email are listed in the ITS "Email Services Guidelines" document online.
Procedures for departments: Departments are expected to develop internal procedures relevant to their business processes that support compliance with this policy. Review and approval of internal procedures by the policy Responsible Executive is recommended if questions of compliance or best practices arise.
Standards and Best Practices for email composition: In order to promote consistency and professionalism in official communications, and to better ensure that users both read and trust the messages sent by representatives of the college, adherence to the following guidelines is suggested:
- Subject lines should directly state essential message content, avoid misleading or generic subject lines
- provide explicit contact information for recipients' questions
- is signed at the end with relevant person or departmental information
- is approved by someone with governance authority for the message scope before it is sent out
- is sent only from an @smith.edu email sender address, do not obfuscate sender info
- message content conveys Smith-specific information
Web links in message content: care should be used when including clickable content within email messages, as this is how most phising email messages attempt to compromise a recipient's identity or personal information. Whenever reasonable, ensure that URLs are explicit in the message text; try not to hide link addresses behind alternate clickable text.
Best Practices for email composition :
- provide a specific person by name as sender or as a contact for questions
- use correct grammar, spelling and idiomatic phrases
- be succinct
- Edit : proofread for style, and vet for accuracy
- for distribution lists, send TO: an individual account, and BCC: the list
- send only to recipients directly targeted by the message content
- avoid "alarmist" words or phrases, such as : "your URGENT action is needed"
DEFINITIONS These definitions apply to terms as they are used in this policy.
Email message content that is sent to a list of more than 25 recipients that is derived or maintained by an individual or group, and which the recipients did not explicitly agree to receive.
Email messages sent to an institutionally maintained list ("system list") of Smith College users, such as all faculty or a class roster of students, usually from an account with explicit permission to send to that list; recipients cannot opt out of system lists.
Distribution list email:
Email messages sent to a list of users who have explicitly agreed to receive messages pertaining to the distribution list's subject or purpose.
Generally, Smith institutional information that has specific legal or regulatory compliance restrictions or protections, such as Social Security Numbers; see the Comprehensive Information Security Program for more detailed information.
Related Policies :
- Acceptable Use Policy : Comprehensive policy on the college's standard for acceptable use of all institutional Information Technology related resources and services. http://www.smith.edu/its/policies/acceptable_use_policy.html
Other Resources :
- Comprehensive Information Security Program: An umbrella document that brings together multiple information and data security processes and policies intended to enhance the overall security of the information that touches all aspects of the college. http://www.smith.edu/its/policies/cis_program.pdf
- Staff Handbook: http://www.smith.edu/hr/handbook.php
- Student Handbook: https://www.smith.edu/student-handbook