Electronic-Mail (E-mail) 7.104
Administrative Procedure 7.104
Purpose
The purpose of this Administrative Procedure is to:
- Protect the integrity of Elgin Community College’s electronic-mail (e-mail) system;This includes e-mail from the @elgin.edu and @student.elgin.edu domains.
- Prevent accidental misuse and intentional abuse of e-mail by employees and other users of email systems;
- Ensure the proper use of Elgin Community College’s e-mail system, while increasing employee awareness regarding appropriate and inappropriate use of the College’s e-mail system; and
- Reduce the risk of confidentiality breaches and legal liabilities.
Elgin Community College provides e-mail access to allow employees to communicate effectively and efficiently with students and the general public. Any e-mail sent from an Elgin Community College e-mail address to the general public may be viewed as a statement from the college.
Scope and Definitions
This Administrative Procedure applies to any user who electronically accesses non-public information owned or stored by Elgin Community College. A user is any administrator, faculty, staff, contractor, consultant, auditor, intern, trustee, student assistant or partner. A secured electronic employee system is any system that is non-public, contains confidential information, or where use may be restricted or monitored.
Prohibited Use
Elgin Community College’s e-mail system shall not be used for the creation or distribution of any disruptive or offensive messages, including offensive comments about race, gender, disabilities, age, sexual orientation, pornography, religious beliefs and practice, political beliefs, or national origin. Any employee who receives an e-mail containing information of this content and nature from another user of the college's email systems should report this incident immediately to their supervisor.
Elgin Community College prohibits sending and forwarding chain letters, joke e-mails, and mass mailings unrelated to the business of the College, from the College’s e-mail account. These non-business activities may unnecessarily impede the network traffic.
Employees shall not use their Elgin Community College e-mail account to register on websites and mailing lists unrelated to the business of the College. By doing so, may jeopardize the integrity of Elgin Community College’s e-mail system which may result in unsolicited mail and viruses
Employees shall not use the e-mail system to impersonate a College officer, faculty/staff member, or student.
Personal Use
The primary use of Elgin Community College’s e-mail system is to conduct the business of the College. Personal use of the College’s e-mail systems is not allowed. For simplicity, let’s just say that personal use of ECC e-mail is not allowed. AP 2.303 states that employees cannot use ECC computers for personal use, nor can they use ECC software for personal use. So, by extension, if they use an ECC device to access their ECC e-mail or if they use a personal device to access their ECC Outlook or Webmail, then they should not be sending/receiving personal e-mails through it. So, for the sake of consistency with 2.303, let’s not even allow minimum personal use and just say no to all of it.
Best Practices
All employees should:
- Be courteous and follow accepted standards of etiquette;
- Protect others' privacy and confidentiality;
- Refrain from using the College e-mail system for personal commercial purposes or other gain;
- Protect their passwords; and
- Limit personal use to such times and manner as to minimize delay, disruption or distraction from the business of the College.
Security
E-mail security is a joint responsibility of Elgin Community College’s systems administrators and e-mail users. All users of the College’s e-mail systems are responsible for taking all reasonable precautions, including but not limited to safeguarding and frequently changing passwords to protect the integrity of the e-mail systems and prevent unauthorized use.
Ownership & Confidentiality
All electronically stored information (ESI), such as the e-mails used at Elgin Community College, is owned by the College and is, therefore, its property. In order to better ensure systems reliability, prevent business data loss, meet regulatory and litigation needs, and to provide business intelligence, archival and backup copies of e-mail messages may exist despite end-user deletion. E-mail is sent in clear-text and can therefore be read by unintended recipients. Please exercise extreme caution when communicating confidential or sensitive information (CSI) via e-mail. Please see the Administrative Procedure 7.106 Information Security Program for additional information.
Retention
Elgin Community College’s Information Technology Department performs scheduled back-ups of all user e-mail primarily to restore service in case of failure. Archival copies are designed for quick and accurate access by college delegates for a variety of management and legal needs, such as review by the legal team during the federally mandated discovery of electronic information (e-discovery) phase of litigation or observation by management in cases of suspected abuse.
The following table provides details on the method of backup and the retention periods for e-mail. It should be noted that the timeframes indicated are the goals defined within our process documents. Occasionally a backup for a specific timeframe or system might not be created due to technical reasons.
| Location of e-mail (@elgin.edu) | Available for online recovery | Tape Backup Recovery* |
|---|---|---|
| All inbound e-mails received by Exchange Server** | 1 year | 23 months |
| Deleted e-mails | 1 year from deletion | 23 months after deletion |
| Personal e-mail Inbox | Daily – 24 Hours | Weekly and Monthly – retained for 1 year offsite |
| Personally managed archive stored on local drive | Not backed-Up | Not backed-Up |
| Personally managed archive stored on network drive | Daily – 24 hours as part of network drive backup | Weekly and Monthly – retained for 1 year offsite |
| Legal Holding | As long as required by HR, designated by name | Weekly and Monthly – retained for 1 year offsite |
| Employee Leaving or Terminated | 14 Days | Weekly and Monthly – retained for 1 year after last disk backup |
| Recovery from backup source is not a trivial task and will consume exceptional resources within the IT Department. It is expected that these backups will only be used for disaster recovery scenarios. Also note that any items blocked by our e-mail spam filter do not reach our Exchange Server (where e-mail is stored) and are only retained for two weeks. Finally, please note that Elgin Community College’s e-mail systems shall not be used as the system of record for compliance with Administrative Procedure 3.102 – Records Retention and Disposal. Other tracking systems other than e-mail should be used to retain these required records. | ||
Due to the possibility of limited disk space, all users may at some future time receive a quota for e-mail space, i.e., a limit on the amount of storage available. The amount of space may vary based on the needs of the College and resource availability. To prevent this, users are encouraged to regularly review and delete old messages.
Retention student.elgin.edu e-mail
Backups of student e-mail accounts, with the domain student.elgin.edu, are not maintained by the Information Technology Department of Elgin Community College. They are managed and maintained by Google and fall under their backup, retention, and other operational policies. E-mail backups can be created by the Information Technology Department of Elgin Community College at any time if needed to support a variety of management and legal needs, such as review by the legal team during the federally mandated discovery of electronic information (e-discovery) phase of litigation or observation by management in cases of suspected abuse or any other type of investigation.
Enforcement
Elgin Community College reserves the right to scan and monitor all e-mail traffic to ensure that it is free from computer viruses and other malware and to protect the unauthorized disclosure of confidential and sensitive information (CSI) defined in Administrative Procedure 7-101.
Any employee found violating this Administrative Procedure may lose their e-mail privileges and could be subjected to disciplinary action, including termination of employment.