Home  l  Role & Plan  l  News & Updates  l  Policies  l  Helpdesk  l  Sections  l  Asset Systems  l  Location  l  Cisco Academy  l  
USP Home » Information Technology Services » Policies

Print


Quick Links
» Lab Bookings
» W32/Korgo.x worm
» W32/Bagle.ag@MM worm
» Staff Dialup Access
» Security Tips




Guidelines and Email Policy

  1. Introduction

    Electronic mail (Email) has become a major means of communication for the University of the South Pacific (USP). Email use raises a number of issues including privacy of messages, email address publication, rights of discovery, acceptable use, harassment, and storage.

    Email has become the key mode of written communication at the University of the South Pacific. It is important that all users are aware of the characteristics of email in order to make effective use of this medium for communications. All users must be aware that communicating electronically has legal ramifications, which must be clearly understood, if potential problems are to be avoided. For the purposes of this Policy, email includes email attachments (documents, graphics etc.). It is understood that risks for a University in providing user access to email cannot be eliminated but they can be significantly reduced through careful planning and appropriate policies and procedures.

    This Policy clarifies how the University policies apply to email. It also defines policy and procedures where existing policies do not specifically address issues particular to the use of email.

    The University recognises that principles of academic freedom, freedom of speech, and privacy of information hold important implications for email and email services.

    The University does not and will not routinely inspect, monitor, or disclose email content without the holder's consent. However there are strictly controlled circumstances as defined in Appendix A under which email may be inspected without the holder's consent.

    CAUTIONS

    In using email, users should be aware of the following characteristics of the medium.

    1. Email communication may not be as private as anticipated by users.

      For example; A reply to an email message sent to an email list, intended only for the originator of the message, could easily be distributed to all subscribers to the list by mistake. The University cannot protect users against such events

    2. Email, whether or not created or stored on University equipment, sometimes may need to be disclosed. The University does not automatically agree with all requests to disclose email, but evaluates all such requests. University users using email services should therefore be aware that there are situations where the University may need to disclose information within its control, and that it cannot guarantee complete protection of personal email stored on University facilities.

    3. The University of the South Pacific, in general, cannot protect users from receiving email they may find offensive. University users are strongly encouraged to please use professional courtesies when using email.
    4. There is no guarantee that email received was in fact sent by the supposed sender, since it is relatively straightforward. It is a violation of the Email Policy, for senders to create the impression to the recipient that the email came from another individual.
    5. While the use of email distribution lists can be a very effective, users are encouraged to use available web notice pages for large distributions. Excessive use of email lists, especially with large messages, can cause congestion on our network traffic.
    6. Users should be aware that encryption of email is also available, which can be used to scramble email messages to keep them from prying eyes. Digital signature is also available and can be used to authenticate the sender and the original message. However, the University is yet to formalised the use of Digital signatures to authenticate messages.

  2. Purpose

    The purpose of this policy is to assure that:

    1. The University community is informed about the applicability of policies to Email.

    2. Email services are used in compliance with those policies.
    3. Users of electronic mail services are informed about how concepts of privacy and security apply to email; and

    4. Disruptions to University email and other services and activities are minimized.

  3. SCOPE

    This Policy applies to:
    • All electronic mail systems and services provided or owned by the University; and•
    • All users, holders, and uses of University email services; and
    • All University Email records in the possession of University employees or other Email users of Email services provided by the University.

      This Policy applies only to Email in its electronic form. The Policy does not apply to printed copies of Email. Email messages, therefore, in either their electronic or printed forms, are subject to those other policies, including provisions of those policies regarding retention and disclosure.

      This Policy applies equally to transactional information (such as email headers, summaries, addresses, and addressees) associated with email records as it does to the contents of those records.

      This Policy is effective immediately, with implementation guidelines to be effective from the date this policy is approved.
  4. GENERAL PROVISIONS

    As noted in the Introduction, the University recognises that principles of academic freedom, freedom of speech, and privacy of information hold important implications for Email and Email services. This Policy reflects these firmly held principles within the context of the University's legal and other obligations.

    1. Purpose: In support of its threefold mission of instruction, research, and public service, the University encourages the use of University Email services to share information, to improve communication, and to exchange ideas.

    2. University Property: University electronic mail systems and services are University facilities as that term is used in other policies and guidelines. Any electronic mail address or account associated with the University, or any sub-unit of the University, assigned by the University to individuals, sub-units, or functions of the University, is the property of The University of the South Pacific.

    3. Service Restrictions: Those who use University Email services are expected to do so responsibly, that is, to comply with other policies and procedures of the University, and with normal standards of professional and personal courtesy and conduct. Access to University Email services, when provided, is a privilege that may be wholly or partially restricted by the University without prior notice and without the consent of the email user when required by and consistent with law, when there is substantiated reason to believe that violations of policy or law have taken place, or, in exceptional cases, when required to meet time-dependent , critical operational needs. Such restriction is subject to established campus wide procedures or, in the absence of such procedures, to the approval of the Vice Chancellor.

    4. Consent and Compliance: An email holder's consent shall be sought by the University prior to any inspection, monitoring, or disclosure of University email records in the holder's possession. University employees are, however, expected to comply with University requests for copies of email records in their possession that pertain to the administrative business of the University, or whose disclosure is required to comply with applicable laws, regardless of whether such records reside on a computer housed or owned by the University. Failure to comply with such requests can lead to disciplinary actions.

    5. Restrictions on Access Without Consent: The University shall only permit the inspection, monitoring, or disclosure of electronic mail without the consent of the holder of such email (i) when required by and consistent with law; (ii) when there is substantiated reason to believe that violations of University policies have taken place; (iii) when there are compelling circumstances or (iv) under time-dependent, critical operational circumstances. When the contents of email must be inspected, monitored, or disclosed without the holder's consent, the following shall apply:

      1. Authorisation.

        Except in emergency circumstances , such actions must be authorised in advance and in writing by the Vice Chancellor. This authority may not be further re-delegated. Requests for such non-consensual access must be submitted in writing following procedures to be defined by the University.

        University Senate's advice shall be sought in writing prior to authorisation because of changing interpretations by the courts of laws affecting the privacy of electronic mail, and because of potential conflicts among different applicable laws. Where the inspection, monitoring, or disclosure of email held by campus is involved, the advice of the University Senate shall be sought in writing in advance, following procedures to be established by each campus. All such advice shall be given in a timely manner. Authorisation shall be limited to the least perusal of contents and the least action necessary to resolve the situation.

      2. Emergency Circumstances.

        In emergency circumstances, the least perusal of contents and the least action necessary to resolve the emergency may be taken immediately without authorisation, but appropriate authorisation must then be sought without delay following the procedures described in Section 4.E above. If the action taken is not subsequently authorised, the responsible authority shall seek to have the situation restored as closely as possible to that which existed before action was taken.

      3. Notification.

        In either case, the responsible authority or designee shall, at the earliest possible opportunity that is lawful and consistent with other University policy, notify the affected individual of the action(s) taken and the reasons for the action(s) taken.

    6. Recourse.

      Procedures for the review and appeal of actions taken under Sections 4.C, D, and E and under Section 6 shall be implemented (or existing procedures adapted) to provide a mechanism for recourse to individuals who believe that actions taken by employees or agents of the University were in violation of this Policy.

    7. Misuse.

      In general, both law and University policy prohibit the theft or other abuse of computing resources. Such prohibitions apply to electronic mail services and include (but are not limited to) unauthorised entry, use, transfer, and tampering with the accounts and files of others, and interference with the work of others and with other computing facilities. Under certain circumstances, the law contains provisions for felony offenses. Users of email are encouraged to familiarise themselves with these laws and policies.

  5. SPECIFIC PROVISIONS
    1. Allowable Use

      In general, use of University email services is governed by policies that apply to the use of all University facilities. In particular, use of University email services is encouraged and is allowable subject to the following conditions:

      1. Purpose: Electronic mail services are to be provided by the University in support of the teaching, research, and public service mission of the University, and the administrative functions that support this mission.

      2. Users. Users of University email services are to be limited primarily to registered University students, and registered staff for purposes that conform to the requirements of this Section and consistent with special provisions outlined in Section 8.

      3. Non-Competition. University email services shall NOT be provided in competition with commercial services to individuals or organisations outside the University.

      4. Restrictions. University email services may not be used for: unlawful activities; commercial purposes not under the auspices of the University; personal financial gain, personal use inconsistent with Section 5.A.8; or uses that violate other University policies or guidelines. The latter include, but are not limited to, policies and guidelines regarding intellectual property or regarding sexual or other forms of harassment.

      5. Representation. Email users shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless appropriately authorised (explicitly or implicitly) to do so. Where appropriate, an explicit disclaimer shall be included unless it is clear from the context that the author is not representing the University.

      6. False Identity. University email users shall not employ a false identity. Email may, however, be sent anonymously provided this does not violate any law or this or any other University policy, and does not unreasonably interfere with the administrative business of the University.

      7. Interference. University email services shall not be used for purposes that could reasonably be expected to cause, directly or indirectly, excessive strain on any computing facilities, or unwarranted or unsolicited interference with others’ use of email or email systems.

      8. Personal Use. University email services may be used for incidental personal purposes provided that, in addition to the foregoing constraints and conditions, such use does not: (i) directly or indirectly interfere with the University operation of computing facilities or electronic mail services; (ii) burden the University with noticeable incremental cost; or (iii) interfere with the email user's employment or other obligations to the University. Email records arising from such personal use may, however, be subject to the presumption covered in Section 3. Email users should assess the implications of this presumption in their decision to use University email services for personal purposes.

    2. Security and Confidentiality
      1. The confidentiality of email cannot be assured. Such confidentiality may be compromised by applicability of law or policy, including this Policy, by unintended redistribution, or because of inadequacy of current technologies to protect against unauthorised access. Users, therefore, should exercise extreme caution in using email to communicate confidential or sensitive matters.

      2. The law prohibits University employees and others from “seeking out, using, or disclosing” without authorisation “personal or confidential” information, and requires employees to take necessary precautions to protect the confidentiality of personal or confidential information encountered in the performance of their duties or otherwise. This prohibition applies to email records. In this Policy the terms “inspect, monitor, or disclose” are used within the meaning of “seek, use, or disclose” as defined by law.

      3. Notwithstanding the previous paragraph, users should be aware that, during the performance of their duties, network and computer operations personnel and system administrators need from time to time to observe certain transactional addressing information to ensure proper functioning of University email services, and on these and other occasions may inadvertently see the contents of email messages. Except as provided elsewhere in this Policy, they are not permitted to see or read the contents intentionally; to read transactional information where not truly relevant to the foregoing purpose; or disclose or otherwise use what they have seen. One exception, however, is that of systems personnel who may need to inspect email when re-routing or disposing of otherwise undeliverable email. This exception is limited to the least invasive level of inspection required to perform such duties.

        Furthermore, this exception does not exempt systems personnel from the prohibition against disclosure of personal and confidential information of the previous paragraph, except insofar as such disclosure equates with good faith attempts to route the otherwise undeliverable email to the intended recipient. Re-routed email normally should be accompanied by notification to the recipient that the email has been inspected for such purposes.

      4. The University attempts to provide secure and reliable email services. Operators of University email services are expected to follow sound professional practices in providing for the security of email records, data, application programs, and system programs under their jurisdiction. Since such professional practices and protections are not foolproof, however, the security and confidentiality of email cannot be guaranteed. Furthermore, operators of email services have no control over the security of email that has been downloaded to a user's computer. As a deterrent to potential intruders and to misuse of email, email users should employ whatever protections (such as passwords) are available to them.

      5. Users of email services should be aware that even though the sender and recipient have discarded their copies of an email record, there might be back-up copies that can be retrieved. Systems may be "backed-up" on a routine or occasional basis to protect system reliability and integrity, and to prevent potential loss of data. The back-up process results in the copying of data onto storage media that may be retained for periods of time and in locations unknown to the originator or recipient of electronic mail. The practice and frequency of back-ups and the retention of back-up copies of email vary from system to system. Email users are encouraged to request information on the back-up practices followed by the operator(s) of University email services, and such operator(s) are required to provide such information upon request.

    3. Archiving and Retention

      The University does not maintain central or distributed email archives of all email sent or received. Email is normally backed up (see Section 5.B.5), if at all, only to assure system integrity and reliability, not to provide for future retrieval, although back-ups may at times serve the latter purpose incidentally. Operator(s) of University email services are not required by this Policy to retrieve email from such back-up facilities upon the holder’s request, although on occasion they may do so as a courtesy.

      Email users should be aware that generally it is not possible to assure the longevity of email records for record-keeping purposes, in part because of the difficulty of guaranteeing that email can continue to be read in the face of changing formats and technologies and in part because of the changing nature of email systems. This becomes increasingly difficult as email encompasses more digital forms, such as embracing compound documents composed of digital voice, music, image, and video in addition to text. Furthermore, in the absence of the use of authentication systems (see Section 1, Caution 6), it is difficult to guarantee that email documents have not been altered, intentionally or inadvertently.

      Email users and those in possession of University records in the form of email are cautioned, therefore, to be prudent in their reliance on email for purposes of maintaining a lasting record. Sound business practice suggests that consideration be given to transferring (if possible) email to a more lasting medium/format, where long-term accessibility is an issue.

  6. POLICY VIOLATIONS

    Violations of University policies governing the use of University email services may result in restriction of access to University information technology resources. In addition, disciplinary action, up to and including dismissal, may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.

  7. RESPONSIBILITY FOR POLICY

    The Chairperson, Communication Information Technology Committee (CITC) in the Office of the Chairperson is responsible for development and maintenance of this Policy for issuance by the Chairperson.

  8. ALLOWABLE USE AND TERMINATION OF USE

    Email services are available to all registered students and all staff employed at the University of the South Pacific for the purpose of instruction, research and conducting university business.

    The USP Electronic Mail Policy and these Guidelines apply to all campus email service providers and their users.

    The Information Technology Services Department as the sole email provider is responsible for informing all users (current and new) that using any USP email service implies;

    1. They have read and understood the USP Electronic Mail Policy and the USP guidelines; and

    2. Acknowledge that their usage will comply with the policy and the USP guidelines.

    <dl> <dt>Email service may be provided to USP visitors or other qualifying individuals for the sole purpose of conducting University business. Such users must agree to comply with this policy and are responsible for any of their activities using University email services.

    Email accounts will be terminated once the user's affiliation with the University is terminated.

    </dl>
  9. RESPONSIBILITIES AND DISCRETION

    The University of the South Pacific, under the direction of the CITC shall develop, maintain, and publish specific procedures and practices that implement this Policy and communicate its provisions to campus users of University email services. The following are the assigned authority and discretion:

    1. The Vice Chancellor shall decide whether to publish students’ email addresses as directory information. An email address assigned by the University to a student is a student record, unless assigned in the student's capacity, if any, as an employee or agent of the University. The University is responsible for designating the categories of personally identifiable information about a student that are public. Individual students may, consistent with the above policy, request the campus not to make their email addresses public for other than educational purposes.

    2. The University shall establish guidelines as to who may use the email services, consistent with the provisions of Section 8 of this Policy.

    3. The Director ITS shall establish regulations and procedures on actions to be taken once an email user’s affiliation with the campus is terminated. In particular, the campus may elect to terminate the individual’s email account, redirect electronic mail, or continue the account, subject to the provisions of Section 8 of this Policy.

    4. The University shall establish guidelines and procedures for:

      1. Restriction of use of University email services pursuant to Section 4.C of this Policy;
      2. Authorisation, advice, notification, and recourse pursuant to Sections 4.E and F of this Policy;
      3. Response to requests for information from users concerning the back up of email, pursuant to Section 5.B.5 of this Policy; and
      4. Any other provisions of this Policy for which procedures are not explicitly stated.

    5. The Vice Chancellor shall designate the appropriate authority to be responsible for the authorisation of action pursuant to Sections 4.C and E of this Policy. This authorisation responsibility may not be further re-delegated.

    6. The University shall establish appropriate notification procedures regarding this Policy to all email users. New users shall positively acknowledge receipt and understanding of the policy. Such notification and acknowledgment may be electronic to the extent that the email user's identity can be assured. It is recognised that it may not be possible to phase in such procedures immediately; however, the lack of comprehensive procedures shall not, in the interim, invalidate the provisions and applicability of this Policy.

    Appendix A:

    RESTRICTIONS AND UNACCEPTABLE USE AND PRACTICE

    Harassment:
    It is a violation of this policy to use email to harass or threaten other students, staff or organizations.

    Copyright:
    Sending copies of documents in violation of copyright laws, into email communications in violation of copyright laws is prohibited.

    Representation:
    Email users using University email services shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any department of the University unless appropriately authorsed to do so. A disclaimer shall be included unless it is clear from the context that the user is not representing the University.

    False Identity (Spoofing):
    Email users using University email services are not to use an identity other then their actual name, student number or an informal name. Informal names used are to be directly associated with the correct email account. It is a violation of this Policy to create an impression to the recipient that the email originated from another individual. Users are advised to ensure their identity, through means of a signature.

    Interference:
    University email services shall not be used for purposes that could cause directly or indirectly, excessive strain on any computing facilities, or unwarranted interference with the use of email or email systems by others. Such uses include, but are not limited to, the use of email services to:

    1. send or forward email chain letters;
    2. "spam," that is, to exploit listservers or similar broadcast systems for purposes beyond their intended scope to increase the distribution of unsolicited email; and
    3. "letter-bomb," that is, to resend the same email repeatedly to one or more recipients to interfere with the recipient's use of email.

    Unauthorized access:
    Attempting unauthorised access to an email account or attempting to breach any security measures on any email system, or attempting to intercept any email transmissions without proper authorization, is a violation of this Policy.

    The Director of IT Services may suspend any person from using the email facilities for a period of 20 days (and may recommend additional penalties to the Disciplinary Committee) if after appropriate investigation that person is found to be:

    • In possession of confidential information obtained improperly.
    • Responsible for willful destruction of information.
    • Gaining or attempting to gain unauthorized access to accounts and passwords.
    • Gaining or attempting to gain access to restricted areas without the permission of the Director
    • Responsible for inappropriate use of the facilities

Top

substantiated - Reliable evidence indicating that violation of law or of University policies probably has occurred, as distinguished from rumor, gossip, or other unreliable evidence.


Time-dependant - Circumstances where failure to act could seriously hamper the ability of the University to function administratively or to meet its teaching obligations, but excluding circumstances pertaining to personal or professional activities, or to faculty research or matters of shared governance.


Circumstances - Circumstances where failure to act may result in significant bodily harm, significant property loss or damage, loss of significant evidence of one or more violations of law or of University policies, or significant liability to the University or to members of the University community.


Circumstances - Circumstances where time is of the essence and where there is a high probability that delaying action would almost certainly result in compelling circumstances


Disclaimer - An appropriate disclaimer is: "These statements are my own, not those of the University of the South Pacific."


Use - Such uses include, but are not limited to, the use of email services to: (i) send or forward email chain letters; (ii) "spam," that is, to exploit listservers or similar broadcast systems for purposes beyond their intended scope to amplify the widespread distribution of unsolicited email; and (iii) "letter-bomb," that is, to resend the same email repeatedly to one or more recipients to interfere with the recipient's use of email.


Visitors - Officially invited on behalf of the University and recognised by Personnel office.


Individuals - A signed agreement with USP on the use of its services and facilities

Disclaimer & Copyright l Contact Us l 
© Copyright 2004. All Rights Reserved.
Page updated: Tuesday, August 31, 2004
 The University of the South Pacific
Laucala Campus, Suva, Fiji
Tel: +679 331 3900