Email Use & Retention

Overview

This policy provides the rules and requirements for the secure use and management of electronic mail (email). Email is a critical communication tool used by York College of Pennsylvania. Because of its power and ease of use, misuse of college information and resources through email poses a significant risk.

 

Purpose

This policy is designed to outline the various responsibilities that users have with regards to their use of email in order to protect the College, its faculty, staff and students from electronic and legal harm resulting from improper use of Library Technology Services.

 

Scope

All email users are expected to comply with this policy. This policy applies whether email is accessed from York College networks or via any remote location. This policy covers appropriate use of any email sent from a York College email address and applies to all employees, students, alumni, vendors, and agents operating on behalf of York College of Pennsylvania.

All email accounts, messages, attachments, metadata, and related records created, transmitted, received, or stored using York College of Pennsylvania email systems are the property of the College. Users should have no expectation of privacy in any email or related communications transmitted through or stored on College systems. Use of the College’s email system constitutes consent to monitoring, access, review, and disclosure of email communications as permitted by law and College policy.

 

Acceptable Use and Security Measures

The following lists the acceptable use and security measures that one must exercise when using York College’s email system:

  • No email may be sent or forwarded through a College system or network for purposes that violate State or federal statutes or regulations or for an illegal or criminal purpose.

  • When conducting College business, users must use a York College–issued email account. The use of personal email accounts to conduct College business, store College records, or represent the College in any official capacity is prohibited unless expressly authorized in writing by the College.

  • Nuisance email or other online messages such as chain letters or obscene, harassing, offensive or other unwelcome messages are prohibited. Such email should be reported to the LTS Help Desk.

  • Unsolicited email messages are prohibited unless explicitly approved by the LTS Department.

    • This includes, but is not limited to, communications regarding student job, internship, and employment opportunities, regardless if they are forwarded or initiated by a YCP user. Any such opportunity (internal or external) must follow the proper procedures outlined by the Career Development Center. This includes that all postings must be submitted through the official job posting and career development platform (currently Handshake).

  • Users must not transmit confidential or sensitive information via email unless expressly authorized and appropriate safeguards are used. Confidential or sensitive information includes, but is not limited to, Social Security numbers, financial account information, payment card data, medical or health information, student education records protected by FERPA, and credentials such as passwords or authentication codes. Such information may only be transmitted electronically using College-approved encryption tools or secure messaging systems. Confidential or sensitive information must never be included in the body of an email, and passwords or decryption keys must never be transmitted in the same communication as the protected information.

  • All messages must show the genuine sender information (i.e., from where and from whom the message originated). Users are not allowed to impersonate other users or user groups, real or fabricated, by modifying email header information in an effort to deceive the recipient(s).

  • Potentially damaging emails (e.g., unsolicited, mass or commercial messages; messages that appear to contain viruses) will disrupt College operations. To prevent the spread of this type of email, the College reserves the right to terminate its connection to outside host servers, as well as filter, refuse and/or discard these messages.

  • Email systems are not intended to serve as official records repositories. The College does not guarantee the retention, archiving, or availability of email messages beyond system-defined timeframes. Email messages may be retained, stored, filtered, or deleted in accordance with system configurations, operational needs, and applicable law. Emails that constitute College records must be retained in accordance with the College’s Record Retention Policy and applicable retention schedules, using approved storage locations such as College-managed network drives or document management systems. Users are responsible for ensuring that records requiring retention are preserved outside of the email system. The LTS Help Desk will assist individuals who wish to retain essential information from emails.

  • In situations where litigation is reasonably anticipated, or actually pending, College officials should immediately inform the York College Human Resources Director, who in turn will formally notify the Library Technology Services Department to use any available administrative means to preserve relevant existing documents, data, or email, and to ensure that any electronically stored information that is subject to such a litigation hold is protected against deletion until such time as the College’s counsel authorizes the lifting of such protection.

Monitoring

York College of Pennsylvania reserves the right to monitor, access, review, intercept, disclose, and retain email communications and related system data without prior notice, to the extent permitted by law. Monitoring may occur for purposes including, but not limited to, system maintenance, security, compliance with policy, investigation of suspected misuse, response to legal process, or protection of College interests.

While the College does not routinely review the content of email communications, it may do so when reasonably necessary to fulfill its administrative, legal, or operational responsibilities. The College will comply with lawful requests for email records, including subpoenas and court orders valid in the Commonwealth of Pennsylvania.

 

Enforcement

Users who violate this policy may be denied access to College computing resources and may be subject to other penalties and disciplinary action, including possible expulsion or dismissal. Alleged violations will be handled through the college disciplinary procedures applicable to the user. The College may suspend, block, or restrict access to an account, independent of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of the College or other computing resources or to protect the College from liability. The College may also refer suspected violations of applicable law to appropriate law enforcement agencies. For vendors, contractors, alumni, and other non-employees, violations may result in immediate revocation of access and may be addressed through contractual or other legal remedies.

Related Policies

This policy should be read in conjunction with the Record Retention Policy, and other applicable data security, privacy, and acceptable use policies of York College of Pennsylvania. In the event of a conflict, the more restrictive or protective policy shall apply.

 

Related Policies:

 

Revised 1/26/2026

 

Print Article