Email Use Policy

1.   Overview

See Purpose.

2.   Purpose

To prevent unauthorized or inadvertent disclosure of Protected Institutional Data.

3.   Scope

Employees, as well as vendors and agents operating on behalf of the university, must exercise caution and operate consistent with university rules and policies when using the University of Akron’s (UA’s) email system.  This policy covers use of university email systems, including the potentially inadvertent transmission of Protected Institutional Data by employees, vendors, and agents operating on behalf of UA.  This policy does not apply to individual student email accounts.

4.   Definitions

  • Automatically Forwarded Email – The modification of email systems to automatically forward university email messages to a non-UA owned destination. For example, setting the UA email system to automatically forward email to a personal email account.
  • Protected Institutional Data – Any information classified as more restricted than Public Use by the Data Owner, or appointed Data Steward(s), according to ITS Data Classification Standards. 

5.   Policy

  • University Email Accounts
    • Employees and authorized individuals operating on behalf of the university are provided an email address associated with the university to perform functions on behalf of the university.  This email address currently ends with “@uakron.edu”.

    • This email address is to be used primarily for business purposes, with incidental personal use as outlined in the Acceptable Use Policy.

    • Any additional email accounts associated with the university, such as an alumni or retiree email account, are not to be used for course work or business purposes.

    • Access to an authorized university email address, and associated email messages, ceases upon separation from the university.

  • Automatically Forwarded Email
    •  Individuals using an authorized university email account may not automatically forward their university email to a non-UA owned destination.
    • Ad-hoc email forwarding is permitted as needed to perform university business so long as the recipient is authorized to access the information contained within the email as defined by the ITS: Data Access Policy and the ITS: Data Classification Standard

6.   Policy Compliance

  • Compliance Measurement
    • IT Security Services will verify compliance with this policy through various methods including but not limited to internal and external audits, system reports, and feedback to the policy owner.

  • Exceptions

    • Any exception to this policy must be approved by the employee’s Department Head and the university’s Chief Information Security Officer (CISO) in advance.

  •  Non-Compliance
    • An employee, vendor, or agent operating on behalf of UA who knowingly violates this policy or any university policy or standard applicable to information security, and/or in any way intentionally breaches the confidentiality of Protected Institutional Data, may be subject to appropriate disciplinary action or sanctions.

    7.   Related Documents

    University Rule 3359-11-08: Policies and Procedures for Student Records
    University Rule 3359-11-10: Acceptable Use Policy
    University Rule 3359-11-10.3: Information Security and System Integrity Policy
    University Rule 3359-11-10.4: Customer Information Security Policy
    University Rule 3359-11-10.6: Social Security Number Use Policy
    University Rule 3359-11-10.8: Identity Theft Detection, Prevention, and Mitigation Policy
    University Rule 3359-11-19: Policies and Procedures for Release, Privacy, and Security of Selected Health Information
    ITS: Data Classification Standards
    ITS: Secure Access and Data Storage Standards

    8.   Policy History

    Approval Authority: Chief Information Officer
    Policy Manager: Chief Information Security Off
    icer
    Effective Date: 2/13/2022
    Prior Effective Dates: N/A
    Next Review Date: 2/01/2024

     

    Contact IT Security      Contact IT Service Desk