Guidelines for Email Use at University of Guelph
September 7, 2017
Electronic mail (email) resources are provided to students, faculty, staff and other authorized individuals for use in the support of learning, teaching and research at the University of Guelph. This set of guidelines is meant to assist in ensuring that the University’s resources are used appropriately. These guidelines are not intended to conflict with internal department or business unit practices, but rather to help to further inform those practices. Where there is an overlap between this guideline and departmental guidelines, the more restrictive guideline should be followed.
These guidelines apply to all email resources provided by the University including centrally managed email services, as well as those provided by individual Faculties and Departments on campus.
- Email Access - Access to University email is provided to users for their use in pursuing the learning, teaching and research mission of the University and the administrative activities that support the mission. E-mail accounts are provided in accordance with account management guidelines and procedures.
- Confidentiality - Email should not be considered a secure method of communication. By default the contents are not encrypted and it is possible for messages to be intercepted, forwarded, or read without the knowledge of the sender or intended recipient. Confidential information, such as passwords and personally identifiable information (PII), should never be sent unencrypted via email. Individuals that have a need to send confidential information via email must use email encryption or encrypt attachments prior to sending (for example, Microsoft Office365 users can password protect and encrypt Office documents).
- Acceptable Use - All email users shall adhere to the University’s Acceptable Use Policy (AUP) for Information Technology. Examples of activities that would violate the AUP include, but are not limited to, sharing copyrighted material, cyberbullying, and accessing another user’s information.
- Personal Use - Email resources may be used for limited personal purposes, provided that such use does not violate any law or University policy (such as the Acceptable Use Policy). Limited personal use must not be for financial gain, must not incur any additional costs for the University, and must not negatively impact the operation of University systems, peripherals, applications, networks, or impede the ability of other University users from doing their work.
- Account Locking - The University may lock user accounts when there is evidence that an account has been compromised, is being used to deliver unsolicited email, is found to be in violation of the University Acceptable Use Policy, or when required by law enforcement or University Human Resources.
- University Access - The University reserves the right for authorized University officials to access or monitor email in accordance with the Acceptable Use Policy, such as when there is reasonable grounds to suspect a breach of the AUP, law, or University policy. The procedure to access user information is described in Section 3 of the Acceptable Use Policy.
- Routine Monitoring - The University uses automated network and automated email security monitoring systems for detecting spam and malicious content which may affect the integrity or operation of the University’s email system. Logs will be collected and used to ensure compliance with established University policies, capacity planning, pattern analysis, troubleshooting, investigative purposes, and for reporting. Logs will contain email header information but will not contain actual message content or personal data. Logs will be subject to periodic review by authorized CCS staff members only and will be retained for a period of one year.
- Mass Email - Individuals or groups within the University that need to send email messages to a large number of recipients must follow the Mass Email Policy. As well, you should familiarize yourself the Canadian Anti-Spam Legislation (CASL). Email being sent to groups or distribution lists should, as a matter of best practice, identify how recipients can “unsubscribe” if they no longer wish to receive those communications.
- Unsolicited, Phishing, or Offensive Email – When individuals receive phishing messages, unsolicited messages, or messages with offensive content, they are encouraged not to reply. Doing so only confirms that the email address is active and will result in more email. Instead users should report the issue by forwarding the email to the CCS Help Centre.
Written by: CCS Information Security