Overview
This policy provides the rules and requirements for the secure use and management of electronic mail (email). Email is a critical communication tool used by York College of Pennsylvania. Because of its power and ease of use, misuse of college information and resources through email poses a significant risk.
Purpose
This policy is designed to outline the various responsibilities that users have with regards to their use of email in order to protect the College, its faculty, staff and students from electronic and legal harm resulting from improper use of Library Technology Services.
Scope
All email users are expected to comply with this policy. This policy applies whether email is accessed from York College networks or via any remote location. This policy covers appropriate use of any email sent from a York College email address and applies to all employees, students, vendors, and agents operating on behalf of York College of Pennsylvania.
Policy
The following lists the acceptable use and security measures that one must exercise when using York College’s email system:
-
No email may be sent or forwarded through a College system or network for purposes that violate state or federal statutes or regulations or for an illegal or criminal purpose.
-
When conducting College business, only a York College email account is acceptable for official College and/or business related correspondences. The use of personal email accounts to conduct College business or to represent oneself or one’s enterprises on behalf of the College is prohibited.
-
Nuisance email or other online messages such as chain letters or obscene, harassing, offensive or other unwelcome messages are prohibited. Such email should be reported to the LTS Help Desk.
-
Unsolicited email messages to multiple users are prohibited unless explicitly approved by the LTS Department.
-
Confidential and/or sensitive information (e.g., SSN, credit card, medical records) must not be sent by email. The only acceptable ways to transmit such information electronically are to attach the information as an encrypted file or via York College’s encrypted email system. Never type confidential or sensitive information in the body of an email and never send a password or decryption key in the same email. Unless the file is encrypted, it can be read by others and therefore should not be considered private communication.
-
All messages must show the genuine sender information (i.e., from where and from whom the message originated). Users are not allowed to impersonate other users or user groups, real or fabricated, by modifying email header information in an effort to deceive the recipient(s).
-
Potentially damaging emails (e.g., unsolicited, mass or commercial messages; messages that appear to contain viruses) will disrupt College operations. To prevent the spread of this type of email, the College reserves the right to terminate its connection to outside host servers, as well as filter, refuse and/or discard these messages.
-
Existing Retention, Disposition and Destruction Schedules apply to records created as emails. York College's email system offers no guaranteed retention of email records and York College does not archive or backup email records. Email messages that require long-term or archival retention should be retained by students and employees using currently available technology, such as the College H: drive or CD/DVD. The LTS Help Desk will assist individuals who wish to retain essential information from emails.
-
In situations where litigation is reasonably anticipated, College officials should immediately inform the York College Human Resources Director, who in turn will formally notify the Library Technology Services Department to use any available administrative means to preserve relevant existing documents, data, or email.
Monitoring
York College may monitor messages without prior notice and staff members have no reasonable expectation of privacy in email received or transmitted over York College’s computer systems. The College and its email system administrators will not read email unless necessary in the course of their duties, conducting an investigation for suspected inappropriate use, or if directed by legal counsel. The College will comply with the release of emails to law enforcement if presented with an executed subpoena or court order valid in the Commonwealth of Pennsylvania.
Enforcement
Users who violate this policy may be denied access to College computing resources and may be subject to other penalties and disciplinary action, including possible expulsion or dismissal. Alleged violations will be handled through the college disciplinary procedures applicable to the user. The College may suspend, block, or restrict access to an account, independent of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of the College or other computing resources or to protect the College from liability. The College may also refer suspected violations of applicable law to appropriate law enforcement agencies.
Revised 6/12/2019