Policy 4-010: University Employee Individual Email Policy - Regulations Library

Purpose and Scope
1. Purpose: The primary purpose of this Policy is to bring the University into compliance with Utah law, including Rule R840 of the Utah Board of Higher Education (formerly Board of Regents) which requires all higher education institutions in the Utah System of Higher Education to establish an institutional business communications email policy regarding individual users of the enterprise email system.
  
  Rule R840 provides that:
  
  “Institutions shall establish a policy that requires its employees, officers, or other designated individuals to use only the institution’s enterprise email system when conducting institutional business by email. The policy must specifically prohibit employees from using any private or non- enterprise email service for institutional email business. Institutional employees shall maintain institutional business email communications in compliance with records retention regulations, records management regulation, or any applicable law or policy.”
  UBHE Rule 840-4.
  
  This Policy and any associated Regulations memorialize the requirement that all University of Utah employees and officers use the University’s official Enterprise Email System(s) whenever they are conducting the University Business Email Communications (as those terms are defined in this Policy).
  
  This Policy and any associated Regulations are intended to guide University units and administrators in managing University Business Email Communications sent from the individual University email accounts of Employees and Trustees within the University’s Enterprise Email System. The Policy will assist the University in complying with its legal responsibility to preserve and maintain Business Email Communications in the institutions Enterprise Email System according to required document retention schedules for security, auditability, records management, document preservation, personnel actions, archiving and destruction and other required purposes.
2. Scope: This Policy applies to all University of Utah units, including all administrative, academic and health care units. It applies to all University Employees and to the Trustees of the University when conducting Official University Business (as defined here). This Policy is not intended to apply to students as such, provided however that those sections applicable to Employees or Trustees do apply to any individual student who is also an Employee or member of the Board of Trustees when conducting Official University Business in that capacity of Employee or Trustee.
  
  This Policy applies to all University Business Email Communications to and from an Employee’s or a Trustee’s individual University email account. It is not intended to apply to University business unit mass email communications for marketing or similar purposes (e.g., “At the U” newsletter distribution, athletics or fine arts venues season ticket holder distributions, etc.). It is also not intended to cover other non-email methods of electronic communication such as texting, instant messaging and chatting through programs such as Skype, Instant Messenger, Zoom, Teams and Slack.
  
  This Policy applies to all Enterprise Email Systems, whether purchased, developed, leased or rented, including both on-premise Email as well as cloud- based Email.
  
  Neither this Policy nor its associated Regulations are intended to restrict the acquisition or use by individual members of the University community of email systems/ services that are intended for personal use and not used for the conduct of Official University Business. Any limitations on the use of University email systems for purposes other than Official University Business (including for reasonable and limited personal use) are governed separately by Rule 4-004A— Acceptable Use [of IT Resources], and Policy 4-002—Information Resources Policy.
Definitions

The following definitions apply for the limited purposes of this Policy and any associated University Rules and other University Regulations.
1. Service-Affiliate -- means a 3rdparty organization that a University Employee works with/for as part of their service obligation to the University, but which is not owned, operated or controlled by the University. Examples include agencies of the federal government, research journals, other academic institutions, non- profit community organizations, or professional associations.
2. Service-Affiliate Email System -- means a Service-Affiliate’s email system (e.g., @ars.usda.gov, @cabi.org, etc.) that Employees may use on behalf of a Service-Affiliate in connection with their service obligations to the University but which is intended for conducting the official business of the Service-Affiliate and not for Official University Business.
3. Email / or Email Communications -- means messages sent from one individual (or business) to another individual or business via telecommunications links between computers or terminals or other electronic devices using dedicated software. For purposes of this policy, the terms email or email communications do not include communications through text, instant messaging (IM), Zoom, Teams, Slack, chat functions or system generated messages.
4. Employees -- means all University employees, as defined in Policy 5-001 Employee Definitions (including administrative officers, faculty members, non- faculty academic employees, and staff members).
5. Trustees -- means the members of the Board of Trustees as referenced in University Policy 2-002.
6. University Enterprise Email Systems -- means an email system controlled by the University which is designed, implemented, and approved for use by University Employees and Trustees primarily to conduct Official University Business. The University’s main enterprise email system is the “@utah.edu” system and subdomains. The term also includes other email systems approved by the University’s Chief Information Officer. For a list of approved enterprise emails systems, see Guideline 4-010.
7. Official University Business -- means any activity that is carried out by an Employee or Trustee within the course and scope of their responsibilities for the University of Utah and is undertaken for or on behalf of the University itself. Official University Business includes but is not limited to University administrative work, teaching, research and patient care. Note that although service activities are often conducted as part of an Employee’s duties to the University, when such activities are conducted by an Employee primarily on behalf of or for a Service-Affiliate rather than directly for the University, those service activities are not considered to be Official University Business for the limited purposes of this Policy and so any Service Related Email Communications regarding those activities are not subject to the requirements of this Policy applicable for University Business Email Communications.
8. Private Email System -- means an email system that is not controlled by the University and provided for use of Employees or Trustees in conducting Official University Business, but rather is operated by a third party provider which is not directly subject to University Regulations. University Employees, along with other members of the general public typically make use of such systems for conducting private email communications (not constituting Official University Business Email Communications). Examples of such systems are those with the suffix @gmail.com,@hotmail.com or@yahoo.com.
9. Service-Related Email Communications -- means email communications that are related to an Employee’s service activities that may be performed as part of a service obligation to the University, but are sent or received by the Employee while acting on behalf of a Service-Affiliate and are part of the official business of the Service-Affiliate. For purposes of this Policy such communications are not considered University Business Email Communications for conducting the Official Business of the University.
10. University Business Email Communications -- means email communications that an Employee or Trustee sends within the course and scope of their responsibilities to the University and which relate to Official University Business.
Policy
1. Required Use of University Enterprise Email System.
  1. All University Employees and Trustees, when conducting Official University Business through email, must do so using their individual University email account in an approved University Enterprise Email System.
  2. No Employee or Trustee may transmit any University Business Email Communications, or otherwise conduct Official University Business by email, through use of a Private Email System or a Service-Affiliated Email System.
  3. The University shall provide Employees and Trustees with the appropriate technology, technical assistance, guidance, and training reasonably necessary for those individuals to comply with their obligations under this Policy and associated Regulations, including requirements for conducting Official University Business only through an approved University email system.
    
    [Note: Parts IV-VII of this Regulation (and all other University Regulations) are Regulations Resource Information – the contents of which are not approved by the Academic Senate or Board of Trustees, and are to be updated from time to time as determined appropriate by the cognizant Policy Officer and the Institutional Policy Committee, as per Policy 1-001 and Rule 1-001.]
Rules, Procedures, Guidelines, Forms, and other related resources.
1. Rules
  1. Utah Administrative Rule 4-010A Enterprise Email Service
2. Procedures [reserved]
3. Guidelines
  1. Guideline 4-010
4. Forms [reserved]
References
1. State Law
  1. Utah Code Ann. §63G-2-101 et seq.
  2. Utah Board of Higher Education (formerly Board of Regents) Rule 840 Institutional Business Communications. https://ushe.edu/ushe-policies/r840-institutional-business-communications/
2. University of Utah Regulations
  1. University Policy 2-002, Board of Trustees
  2. University Policy 4-004 ---University of Utah Information Security Policy, regarding the safeguarding of all University Data
  3. University Rule R4-004A—Acceptable Use [of IT resources]
  4. University Guideline G4-004D regarding the use and approval of all cloud- based services.
    
    Policy 4-002—Information Resources Policy.
    
    Policy 5-001 Employee Definitions.
Contacts.

The designated contact officials for this Policy are:
1. Policy Owners (primary contact person for questions and advice): University Deputy Chief Information Officer (DCIO)
2. Policy Officers: Office of General Counsel for the University of Utah
  
  These officials are designated by the University President or delegee, with assistance of the Institutional Policy Committee, to have the following roles and authority, as provided in University Rule 1-001:
  
  “The ‘Policy Officer’ will be assigned by the President for each University Policy, and will typically be someone at the executive level of the University (i.e., the President and his/her Cabinet Officers). The assigned Policy Officer is authorized to allow exceptions to the Policy in appropriate cases…”
  
  “The Policy Officer will identify an ‘Owner’ for each policy. The policy owner is an expert on the policy topic who may respond to questions about, and provide interpretation of the policy; and will typically be someone reporting to an executive level position (as defined above), but may be any other person to who the President or a Vice President has delegated such authority for a specified area of University operations. The owner has primary responsibility for maintaining the relevant portions of the regulations library… [and] bears the responsibility for determining which reference material are helpful in understanding the meaning and requirements of particular policies.
  
  University Rule 1-001-III-B & E
History.
1. Current version: University Policy 4-010, Revision # 0
  Approved by the Academic Senate: April 26, 2021
  Approved by the Board of Trustees: August 10, 2021, effective immediately

Policy 4-010
Date: August 10, 2021

View All Policies by

Website Feedback

Policy 4-010: University Employee Individual Email

Purpose and Scope

Definitions

Required Use of University Enterprise Email System.

Rules, Procedures, Guidelines, Forms, and other related resources.

References

Contacts.

History.