Roane State Community College
RSCC Policy GA-18-03; Electronic Information Systems (Email)
RSCC Policy GA-18-03; Electronic Information Systems (Email)
Roane State Community College
Policy Number: GA-18-03
Subject: Electronic Information Systems (Email)
Roane State Community College (hereafter referred to as the College) recognizes that principles of academic freedom and shared governance, freedom of speech, and privacy of information hold important implications for electronic mail and electronic mail services. The College affords electronic mail privacy protections comparable to that which it traditionally affords paper mail and telephone communications. This Policy reflects these firmly held principles within the context of the College's legal and other obligations.
- The College encourages the use of electronic mail and respects the privacy of users. It does not routinely inspect, monitor, or disclose electronic mail without the holder's consent. Nonetheless, subject to the requirements for authorization, notification, and other conditions specified in this Policy, the College may deny access to its electronic mail services and may inspect, monitor, or disclose electronic mail:
- Under time-dependent, critical operational circumstances
- When there are compelling circumstances
- When there is substantiated reason to believe that violations of law or of College policies have taken place
- When required by and consistent with law
- This Policy applies to:
- All electronic mail systems and services provided or owned by the College
- All users, holders, and uses of College email services
- All College email records in the possession of College employees or other email users of electronic mail services provided by the College
- This Policy applies only to electronic mail in its electronic form. The Policy does not apply to printed copies of electronic mail. Other College record management policies, however, do not distinguish among the media in which records are generated or stored. Electronic mail messages, therefore, in either their electronic or printed forms, are subject to those other policies, including provisions of those policies regarding retention and disclosure.
- This Policy applies equally to transactional information (such as email headers, summaries, addresses, and addressees) associated with email records as it does to the contents of those records.
- This Policy is effective immediately.
- Statement of policy
- Privacy, Confidentiality, and Public Records Considerations
- The College will make reasonable efforts to maintain the integrity and effective operation of its electronic mail systems, but users are advised that those systems should in no way be regarded as a secure medium for the communication of sensitive or confidential information. Because of the nature and technology of electronic communication, the College can assure neither the privacy of an individual user's use of the College’s electronic mail resources nor the confidentiality of particular messages that may be created, transmitted, received, or stored thereby. In addition, Tennessee law provides that communications of Roane State Community College personnel that are sent by electronic mail may constitute "correspondence" and therefore, may be considered public records subject to public inspection under Tennessee’s Public Records Act.
- Legal requirements on privacy of and access to personal information, prohibits College employees and others from seeking out, using, or disclosing without authorization, personal or confidential information and requires employees to take necessary precautions to protect the confidentiality of personal or confidential information encountered in the performance of their duties or otherwise. This prohibition applies to email records.
- Notwithstanding the previous paragraph, users should be aware that, during the performance of their duties, network and computer operations personnel and system administrators need from time to time to observe certain transactional addressing information to ensure proper functioning of College email services, and on these and other occasions may inadvertently see the contents of email messages. Except as provided elsewhere in this Policy, they are not permitted to see or read the contents intentionally; to read transactional information where not germane to the foregoing purpose; or disclose or otherwise use what they have seen. One exception, however, is that of systems personnel (such as “postmasters”) who may need to inspect email when re-routing or disposing of otherwise undeliverable email. This exception is limited to the least invasive level of inspection required to perform such duties. Furthermore, this exception does not exempt postmasters from the prohibition against disclosure of personal and confidential information of the previous paragraph, except insofar as such disclosure equates with good faith attempts to route the otherwise undeliverable email to the intended recipient. Re-routed mail normally should be accompanied by notification to the recipient that the email has been inspected for such purposes.
- The College attempts to provide secure and reliable email services. Operators of College electronic mail services are expected to follow sound professional practices in providing for the security of electronic mail records, data, application programs, and system programs under their jurisdiction. Since such professional practices and protections are not foolproof, however, the security and confidentiality of electronic mail cannot be guaranteed. Furthermore, operators of email services have no control over the security of email that has been downloaded to a user's computer. As a deterrent to potential intruders and to misuse of email, email users should employ whatever protections (such as passwords) are available to them. Users are prohibited from sharing email passwords with others.
- Users of electronic mail services should be aware that even though the sender and recipient have discarded their copies of an electronic mail record, there might be back-up copies that can be retrieved. Systems may be “backed-up” on a routine or occasional basis to protect system reliability and integrity, and to prevent potential loss of data. The back-up process results in the copying of data onto storage media that may be retained for periods and in locations unknown to the originator or recipient of electronic mail. The practice and frequency of back-ups and the retention of back-up copies of email vary from system to system. Electronic mail users are encouraged to request information on the back-up practices followed by the operators of College electronic mail services, and such operators are required to provide such information upon request.
- Permissible Uses of Electronic Mail
- Authorized Users: Only College faculty, staff, and students and other persons who have received permission under the appropriate institutional authority are authorized users of the College’s electronic mail systems and resources.
- Purpose of Use: The use of any College resources for electronic mail must be related to College business, including academic pursuits. Incidental and occasional personal use of electronic mail may occur when such use does not generate a direct cost for the College. Any such incidental and occasional use of College electronic mail resources for personal purposes is subject to the provisions of this policy.
- Prohibited Uses of Electronic Mail
- Prohibited Purposes
- Personal use that creates a direct cost for the College
- College electronic mail resources shall not be used for personal monetary gain or for commercial purposes that are not directly related to College business.
- Other Prohibited Uses (included but not limited to);
- Sending copies of documents in violation of copyright laws
- Inclusion of the work of others into electronic mail communications in violation of copyright laws
- Capture and opening of electronic mail except as required in order for authorized employees to diagnose and correct
- Use of electronic mail to harass or intimidate others or to interfere with the ability of others to conduct institutional business
- Use of electronic mail systems for any purpose restricted or prohibited by law or regulation
- Spoofing, or constructing an electronic mail communications so it appears to be from someone else
- Snooping, or obtaining access to the files or electronic mail of others for the purpose of satisfying idle curiosity, with no authorization or College business purpose
The purpose of this Policy is to assure that:
- The College community is informed about the applicability of policies and laws to electronic mail
- Electronic mail services are used in compliance with those policies and laws
- Users of electronic mail services are informed about how concepts of privacy and security apply to electronic mail
- Disruptions to College electronic mail and other services and activities are minimized
- College Access and Disclosure
- General Provisions
- To the extent permitted by law, the College reserves the right to access and disclose the contents of faculty, staff, students', and other users' electronic mail without the consent of the user. The College will do so when it believes it has a legitimate business need including, but not limited to, those listed in paragraph 3 (below), and only after explicit authorization is obtained from the appropriate College authority.
- Faculty, staff, and other non-student users are advised that the College's electronic mail systems should be treated like a shared filing system, i.e., with the expectation that communications sent or received on College business or with the use of the College resources may be made available for review by any authorized College official for purposes related to College business.
- Electronic mail of students may constitute "education records" subject to the provisions of the federal statute known as the Family Educational Rights and Privacy Act of 1974 (FERPA). The College may access, inspect, and disclose such records under conditions that are set forth in the statute.
- Any user of the College's electronic mail resources who makes use of an encryption device to restrict or inhibit access to his or her electronic mail must provide access to such encrypted communications when requested to do so under appropriate College authority.
- Monitoring of Communications
The College will not monitor electronic mail as a routine matter but it may do so to the extent permitted by law, as the College deems necessary for purposes of maintaining the integrity and effective operation of the College's electronic mail systems.
- Inspection and Disclosure of Communications
- The College reserves the right to inspect and disclose the contents of electronic mail:
- In the course of an investigation triggered by indications of misconduct or misuse
- As needed to protect health and safety
- As needed to prevent interference with the academic mission or
- As needed to locate substantive information required for College business that is not more readily available by some other means.
- The College will inspect and disclose the contents of electronic mail when such action is necessary to respond to legal processes and to fulfill the College's legal obligations to third parties.
- Limitations on Disclosure and Use of Information Obtained by Means of Access or Monitoring
The contents of electronic mail communications, properly obtained for official purposes, may be disclosed without permission of the user. The College will attempt to refrain from disclosure of particular communications if disclosure appears likely to create personal embarrassment, unless such disclosure is required to serve a business purpose or satisfy a legal obligation.
- Special Procedures to Approve Access to, Disclosure of, or Use of Electronic Mail Communications
Individuals needing to access the electronic mail communications of others, to use information gained from such access, and/or to disclose information from such access and who do not have the prior consent of the user must obtain in writing, approval in advance of such activity from the president. A list of guiding concepts and a template for such a procedure is provided as an attachment.
- Public Inspection, Retention, and Archiving of Electronic Mail
- Public Inspection of Electronic Mail
Communications of the College employees in the form of electronic mail may constitute "correspondence" and therefore may be a public record subject to public inspection under Tennessee’s Public Records Act. Requests for such public inspection will be referred to the president or designee for processing. Roane State Community College may charge a reasonable processing fee for such information.
- Retention and Archiving of Electronic Mail
- Electronic mail messages produced or stored using state-owned equipment or software generally are excluded from the definition of "records" subject to the provisions of the State Public Records Commission.
- If the recipient of electronic mail messages has previously segregated and stored such messages as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the College or because of the value of the official College data contained therein, then such messages must be retained, archived, and destroyed in compliance with the relevant portions of the State Public Records Act and Tennessee Board of Regents Guideline G-070, Disposal of Records, RDA 2161.
- The College does not maintain central or distributed electronic mail archives of all electronic mail sent or received. Electronic mail is normally backed up only to assure system integrity and reliability, not to provide for future retrieval, although back-ups may at times serve the latter purpose incidentally. Operators of College electronic mail services are not required by this policy to retrieve email from such back-up facilities upon the holder's request, although on occasion they may do so as a courtesy.
- Email users should be aware that generally it is not possible to assure the longevity of electronic mail records for record-keeping purposes, in part because of the difficulty of guaranteeing that electronic mail can continue to be read in the face of changing formats and technologies and in part because of the changing nature of electronic mail systems. This becomes increasingly difficult as electronic mail encompasses more digital forms; such as compound documents composed of digital voice, music, image, and video in addition to text. Furthermore, in the absence of the use of authentication systems, it is difficult to guarantee that email documents have not been altered, intentionally or inadvertently.
- Email users and those in possession of College records in the form of electronic mail are cautioned, therefore, to be prudent in their reliance on electronic mail for purposes of maintaining a lasting record. Sound business practice suggests that consideration be given to transferring (if possible) electronic mail to a more lasting medium format, such as microfilm or a digital medium such as a Zip drive, where long-term accessibility is an issue.
- An example of a use that does not create a direct cost is sending an email message during an employee’s lunch hour: the College will pay no more for maintaining the email system than it would have paid had the message not been sent. An example of a use that does create a direct cost is printing an email message without reimbursing the College.
- Students who are also employees of the College should be given the opportunity to have separate accounts for their employment-related electronic mail to insulate their student communications from inadvertent disclosure.
- Digital or Electronic Signatures and Transactions
- To comply with the Tennessee Uniform Electronic Transactions Act (T.C.A. 47-10-101 et. swq.), this Act permits the use of electronic signatures and electronic transactions under certain circumstances. To be legally enforceable, electronic signatures must meet the following two criteria:
- An electronic signature must be attributable (or traceable) to a person who has the intent to sign the record or contract with the use of adequate security and authentication measures that are contained in the method of capturing the electronic transaction (e.g., use of personal identification number or personal login identification username and password) (T.C.A. 47-10-109) Public Key Infrastructure or PKI technology will not be used.
- The recipient of the transaction must be able to print or store the electronic record of the transaction at the time of receipt. (T.C. A. 47-10-109)
- Use of electronic signatures and transactions is permitted. For assistance with the creation of an electronic signature, contact the Information Technology Help Desk.
- Granting Approval to Access Electronic Communications of Others
Only the President may grant approval to access electronic communications addressed to others.
- The following information is needed to determine whether a request should be approved
- Name and title of the person whose communications will be accessed
- Name and title of the person who will do the accessing
- Why the access is needed
- What forms of communication will be accessed (e.g., voice mail, E-Mail, FAX)
- Required duration of the access
- If possible, Tennessee Board of Regents, Legal Counsel should be contacted.
- Only those executives or administrators who have a need to know will receive notification of the request for access to electronic messages.
- Concerns about fiscal misconduct or criminal activity should not be investigated by individuals or departments but should be referred to College Security or Internal Auditor in accordance with the College policy.
- Contents of electronic communications obtained after appropriate authorization may be disclosed without the permission of the employee. At the same time, the College will attempt to refrain from disclosure of particular messages if disclosure could create personal embarrassment, unless such disclosure is required to serve a business purpose or satisfy a legal obligation.
- A sample access request form is attached as Appendix A.
- For access requests related to litigation holds, see the “Litigation Hold Procedures, Electronic Records Requirements”, 2007, on Roane State’s website.
- Requesting Email Account and Requirements
- Each user must complete training on Outlook and Exchange before an email account will be activated. Training is conducted by the Center for Teaching Arts and Technology.
- Each user will fill out a request for an email account and submit the form through the department director or dean for approval and verification.
- The form will then be forwarded to the Assistant Vice President for Information Technology. An Email account request form is attached as Appendix B.
- Disciplinary Action
- Appropriate disciplinary action will be taken against individuals found to have engaged in prohibited use of the College's electronic mail resources.
- Violations of this policy may result in restrictions or termination of access to College information technology resources. In addition, disciplinary action, up to and including dismissal, may be applicable under other College policies, guidelines, or other agreements.
- Responsibility for Policy
The Assistant Vice President for Information Technology is responsible for development and maintenance of this policy for issuance by the President.
Revision History: Revised: 02/18/2000, 11/10/2003, 06/25/2007
TBR Policy Reference: 1:08:00:00
TBR Guideline Reference: G-070
Revision Date Effective: 06/25/2007
Revision Approval By: Gary Goff, President
Original Date Effective: 04/03/1995
Original Approval By: Sherry L. Hoppe, President
Office Responsible: Executive Vice President for Business & Finance
© Roane State Community College