Electronic Mail (Email) Policy

Approved Administration Committee 2288.3

1. PURPOSE

1.1 The purpose of this Policy is to describe the acceptable use of University email facilities, associated responsibilities, and rights of all users of University email facilities and official University email accounts.

2. APPLICATION, SCOPE AND INTERPRETATION

2.1 This Policy must be read in conjunction with Policy #116 (IT Resources Acceptable Use), Policy #23 (University of Ottawa Archives) and IT Security Procedures.

2.2 This email policy applies to the use, for the purpose of sending or receiving email messages and attachments, of any University IT resources including hardware, software and networks.

2.3 For the purposes of this Policy:

a) “Official University email account” means an account with an email address ending with “uottawa.ca”. An official University of Ottawa email account is provided to members of the University community and may be granted to other individuals and entities who have been given email privileges at the University of Ottawa. It is automatically created for admitted and enrolled University students as well as actively employed faculty and staff;

b) “University email facilities” includes all University IT assets, including facilities, hardware, software, and services required to accomplish the processing, storage, transmission and communication of email, whether individually controlled or shared, stand-alone, or networked;

c) “User” is anyone who is assigned an official University email account and uses or attempts to use University email facilities.

d) “Spam” means any commercial electronic message that is sent without the express consent of the recipient(s). Spam is also used as the vehicle for the delivery of other online threats such as spyware, phishing and malware.

2.4 The VP Governance is responsible for the interpretation of this policy.

3. OWNERS OF UNIVERSITY EMAIL FACILITIES

3.1 Information Technology is the owner of centralized University email facilities and directory information, and provides creation, management, and distribution of the official University email accounts.

3.2 University faculties, academic units and administrative services who choose to operate their own University email facilities as an alternative to the centrally available University email facilities are the owners of their own University email facilities and directory information.

4. ACCEPTABLE USE

4.1 Acceptable use of the University email facilities and official University email accounts are intended to support the University’s instructional, research and service activities.

4.2 The following is not meant to be an exhaustive or complete list of the acceptable use of University email facilities and the official University email account:

a) To perform activities associated with official work-related and/or academic duties in support of the University’s teaching, research and administrative activities; and,

b) Personal use provided; that it is not for financial gain; that it does not incur any additional costs for the University; that it does not interfere with the conduct of University business; and that it does not otherwise constitute an unacceptable use as set out in this Policy.

5. UNACCEPTABLE USE

5.1 Unacceptable use of University email facilities or the official University email account includes any use that violates University policies, procedures, academic regulations or other published requirements, including, but not limited to, activity or behavior that:

a) May give rise to criminal offences;

b) Violates federal and provincial statutes;

c) Impacts negatively on the performance of the University’s IT assets or University email facilities;

d) Impedes University operations or the delivery of services;

e) Breaches employment duties or results in academic fraud; and,

f) Could be deemed to reasonably result in lawsuits or other legal proceedings.

5.2 Without limiting the general interpretation of 5.1, the following is a non-exhaustive list of examples that are considered an unacceptable use of University email facilities and the official University email account:

a) Child pornography: possessing, downloading or distributing any child pornography;

b) Copyright infringement: knowingly distributing infringing copies of a copyrighted work;

c) Defamation;

d) Denying right of access under the Freedom of Information and Protection of Privacy Act: destroying, mutilating, altering, falsifying or concealing a record, or making a false record with intent to deny a right of access under the Freedom of Information and Protection of Privacy Act;

e) Hacking and other crimes related to computer security;

f) Gaining unauthorized access to a University email facility, official University email account or other University IT asset using someone else's password or encryption keys to engage in fraud or obtain money, goods or services through false representations made on a computer system or other improper purpose;

g) Trying to defeat the security features of the University email facility or other University IT assets;

h) Spreading viruses with intent to cause harm;

i) Destroying, altering or encrypting data without authorization and with the intent of making the data inaccessible to others who have a lawful need of access;

j) Interfering with others' lawful use of data and computers;

k) Harassment;

l) Hate propaganda;

m) Interception of private communications or electronic mail (in transit): unlawfully intercepting someone's private communications or unlawfully intercepting someone's electronic mail;

n) Obscenity;

o) Concealment or misrepresentation of names or affiliations in email messages;

p) Unauthorized use of invalid or forged “From” or “To” addresses in an attempt to misrepresent the identity of the sender or recipients;

q) Various other improper or criminal acts that can take place using the University email facilities or official University email account such as fraud, extortion, blackmail, bribery, illegal gambling, and dealing in illegal drugs.

6. RESPONSIBILITIES OF USERS

6.1 All users have a responsibility to ensure that they conduct electronic correspondence with respect, professionalism and courtesy.

6.2 Users shall ensure that they use and manage their official University email account in accordance with University policies, procedures, academic regulations or other published requirements.

6.3 It is the responsibility of the individual who holds the official University email account to manage and retain any message or attachment that is required for academic-related or work-related purposes in accordance with University Archives Records Retention Schedule (Records Retention Periods Procedure) or other University recordkeeping and/or records retention requirements, rules or policies.

7. USE OF EMAIL FOR UNIVERSITY OF OTTAWA BUSINESS

7.1 The official University email account shall be considered an official means for communicating University business or matters, and may in some cases be the sole means of communication.

7.2 Email should not be considered a completely reliable means of information transmission. Senders of email should not assume that recipients will necessarily receive or read their emails. Reasons for non-receipt may include, but are not limited to, a) Lack of capacity in the email system or the recipient's inbox, b) misinterpretation by the system, technical staff or recipient that the email is inappropriate or intended for others, c) accidental deletion, d) other forms of human or system error.

7.3 Because the contents of emails are subject to access and information laws governing records in the University’s custody or control, users must take reasonable measures to preserve email records, when applicable, and not alter, conceal or destroy email, or cause any other person to do so, with the intention of denying a right under access to information laws or other applicable laws.

7.4 Furthermore, email transmissions may not be secure, and contents that are expected to remain restricted (reference: Information Classification and Handling Policy) should not be communicated via email or any other insecure electronic means.

7.5 The University reserves the right to reject any email message or suspend an official University email account that could compromise the University email facilities or University IT assets.

7.6 Information Technology will maintain reasonable processes to deal with email containing viruses, to reject email from unwanted spam sites, and to scan incoming email for spam; the University cannot guarantee the success of such processes and the user must accept the risk inherent in the use of the technology.

8. PUBLIC RECORD AND PRIVACY

8.1 Users should exercise extreme caution in using email to communicate restricted, confidential or internal information (reference: Information Classification and Handling Policy) or any other personal or sensitive matters. A user cannot reasonably expect that when using University email facilities or the official University email account that such use is entirely private and confidential by reason that records may be subject to the applicability of the Freedom of Information and Protection of Privacy Act or other applicable access to information or protection of privacy laws, and by reason that confidentiality of email communications may also be impacted by unintended redistribution or unauthorized access. If users choose to store their own personal information on the official University email account or by using University email facilities or University IT resources, then it is at their own risk.

8.2 The University does not monitor the content of electronic messages as a routine procedure. However, the University reserves the right to access content of University email facilities or official University email accounts to investigate instances or complaints of non-compliance with Policy #116 (IT Resources Acceptable Use), or with any other University policies, procedures, or academic regulations to comply with applicable laws or a legal requirement to produce records, to maintain control over and proper operation of University business processes, University email facilities and University’s IT assets and IT resources, or to guard against threats of misconduct or attacks on University email facilities or the University’s IT assets and IT resources.

8.3 The right to access user information as described in 8.2 requires a written approval from relevant administration of the organizational unit. The Security Architect, Legal Services, Access to Information and Privacy Office (AIPO), Human Resources and Office of Risk Management may be consulted for advice on security, legal and other risks.

9. EMAIL RETENTION AND DISPOSAL

9.1 Log files associated with email messages which provide a record of actual email transactions, but not the email content, will be preserved for no longer than 21 days.

10. COMPLIANCE

10.1 Any instances of non-compliance with this Policy should be reported to the Vice-President, Governance for investigation.

10.2 Requests for an exception to this Policy must be documented and then reviewed by the Vice-President, Governance. The request must include the reasons for the exception and the planned alternative control measures. Such requests will be decided by the Vice-President, Governance on a case-by-case basis, and communicated in writing.

10.3 No exclusions or exceptions may be made to this Policy without consulting with and obtaining a written consent from the Vice-President, Governance.

10.4 The Administrative Committee will be informed annually on the exceptions and non-compliance matters.

11. MAINTENANCE

This Policy will be reviewed by the Office of the Vice-President, Governance on a regular basis, or as deemed appropriate based on changes in technology or regulatory requirements.

12. EFFECTIVE DATE

This Policy comes into effect on June 15, 2016