(1) Email provides a channel for members of the University community to interact with one another, business, government and students. It can be used effectively to further the vision, mission and goals of the University by sharing information and exchanging ideas. However, the same protocols, courtesies, lines of management and approvals apply to email as they do to hard copy communications. (2) This policy provides a framework for the appropriate, effective and efficient use of University email resources. In addition to general usage principles the policy also addresses the issues of privacy, confidentiality and security. Use of University email resources is also subject to the IT Acceptable Use of Resources Policy and must be consistent with all relevant University policies including the Code of Conduct - refer to the Associated Information page for more information. (3) Where email is sent and received by an employee who is acting in their University capacity, it forms part of the official record of the University. Record-keeping and archival policy and procedures ensure that accountability, audit requirements and the requirements of the State Records Act, 1998 are met. The deletion of emails sent or received by a member of staff in the performance of their duties as an employee of the University must conform to the minimum retention requirements issued under the State Records Act, 1998. (4) Email is subject to the laws and protocols applying to other communications including copyright, breach of confidence, defamation, privacy, contempt of court, anti-discrimination legislation, the creation of contractual obligations and criminal law. Emails can be accessed under the Freedom of Information Act, 1989 and the University can be legally required to produce emails as part of its records. A listing of relevant legislation is provided on the Associated Information page. The immediacy and convenience of email and the ability to use it to contact a wider group of people can also make it easier to inadvertently breach the law. (5) The University acknowledges that the use of email can increase pressure on workplaces through the large number of emails sent to some staff and the expectations of an immediate reply. Staff are not expected to respond to emails outside of normal work hours. (6) This policy does not address the ownership of intellectual property stored in or transmitted via email which is governed by the Intellectual Property Policy. (7) For the purpose of this policy: (8) This policy applies to all users of University email accounts. (9) This policy applies to emails, the contents of emails, electronic attachments to emails and transactional information associated with such communications. (10) All University staff and students, and some associates of the University are provided with access to an individual University email account for the purpose of sending and receiving official emails related to the business of the University or the student's enrolment and program of study with the University. (11) The University distributes important information, formal notices and other official communications via University email accounts and expects staff and students to check their account and read their University email regularly. It is recommended that all users check and read their email daily, where practical. (12) When using University email resources, as with all other forms of communication, it is expected that users will respect confidentiality, privacy and legal/professional privilege and ensure that the content and distribution of emails will not undermine responsibilities in regard to these requirements. It should be noted that unnecessary dissemination of email drastically increases the likelihood of a breach in this regard. (13) Users are also expected to ensure that their usage is legal and complies with all relevant University policies and procedures in particular those governing record management. A list of key statutes and policies is provided on the Associated Information page for this policy. (14) The University's email resources are not to be used to broadcast unsolicited personal views on non-University related matters. Any public comment or representation as a spokesperson of the University must be made in compliance with the provisions of the University's Media Policy and the Code of Conduct. (15) Users must not use University Email Resources in a manner that includes language that constitutes unlawful discrimination, including vilification, or in a manner that intimidates, offends or humiliates any person contrary to the University's policies on harassment, vilification and bullying. (16) Use of University email resources for any private commercial activity or external private work is prohibited except where the University has specifically granted exemption from this restriction in accordance with the External Work Policy. (17) Staff must use their University email address and provide their University identity when sending official University correspondence via email and must place these emails in the University's records. (18) Official correspondence to students must be sent to students' UWS email addresses, although copies may also be sent to students' personal addresses. (19) The University permits limited personal use of University email accounts on the proviso that such use is legal, consistent with all relevant University policies and does not interfere with or conflict with University business. Users should note that personal emails remain subject to the provisions of this policy and as such may be accessed in accordance with the relevant procedures. Having regard to this and the general insecurity of email, the University strongly recommends users utilise non-University email resources for confidential or sensitive personal communications. (20) The Director Information Technology or nominee may grant access to email records to appropriate University employees for business purposes, strictly in accordance with the procedures in this Policy. (21) The University protects the privacy of individuals in their use of University email in terms of their personal (and health) information. Access to, use or disclosure of personal email cannot be granted other than in accordance with the University's Privacy Policy and privacy law or as required at law generally. For more information refer to Part B - Authorising Access to Staff and Student Emails. (22) Access to and use of the University's Email resources is a privilege accorded at the discretion of the University. The Director Information Technology or their nominated delegate may temporarily deny or restrict access to its email resources by a user when necessary to: (23) A breach of this policy may be dealt with as a breach of discipline and dealt with in accordance with the relevant employment agreement and/or University policy. (24) The University endeavours to maintain the security of University email, whether of a business or personal nature, but it cannot guarantee confidentiality or undiscovered interception or alteration of communications by third parties. Current email transportation methods cannot be regarded as secure. Email forgery can and does occur. To prevent the misuse of email, users should: (25) In order to efficiently manage the University Email Servers, the University monitors server performance and retains logs, backups and archives of emails sent or received through the server. Even if an email has been deleted by a user, the University may still retain archived andor backup copies of the email. Only staff approved by the Director Information Technology may examine such records, and only for the purposes of this policy, as required by law or for ensuring the confidentiality, integrity and availability of the University Information Systems. (26) As part of monitoring the system the University may limit: (27) The University may block emails that are determined by the University and/or its security and email monitoring software to: (28) Further detail about the monitoring of University email is contained in the Workplace Surveillance Policy. (29) Users should not use University email resources in a manner that could reasonably be expected to directly or indirectly cause excessive strain on any part of the University Information System, or unwarranted or unsolicited interference with others' use of the University Information System. This would include use that consumes a large amount of bandwidth (e.g. through the use of large attachments) or the distribution of screen savers, games, spam or the like. (30) Any surveillance must be conducted in accordance with the University's Workplace Surveillance Policy and the Workplace Surveillance Act 2005. (31) The Director Information Technology may formally delegate any responsibilities, powers or duties assigned under this policy to another person or persons. (32) The University provides directories of email addresses ("University Email List"). These are important to our ongoing work and their integrity and usefulness must be preserved. There are three types of mailing list: (33) General Email Lists: (34) Business Unit Email Lists: (35) Special Interest Email Lists are subject to the following: (36) All University Email Lists are subject to the following: (37) This Part deals with circumstances under which access may be provided to the contents of a University email account assigned to another user. While it is highly unlikely that a student may need to access the email records of another user, the same procedures will apply, if a genuine need can be established. (38) This Part does not apply to information within an email account pertaining to personal or health information about any individual. Such information can only be accessed in accordance with the University's Privacy Policy and the associated legislation. (39) The main circumstances under which such access could be provided would be where there is evidence that email is being used for malicious purposes or where there is a serious and imminent threat to University property or individual safety. The University Privacy Management Plan provides a formal complaint procedure where a person believes that there has been or will be a breach of their privacy. The University investigates these complaints with oversight by the NSW Privacy Commissioner. (40) While the University allows reasonable personal use of its email system users are strongly advised to use other email providers if they have concerns about personal content being accessible in the University's systems. Organising email folders so that personal email is not interspersed with University related email could also help to protect privacy. (41) Emails dealing with University business are University records. As such, staff are obliged to ensure these emails are placed on formal University files (such as TRIM), preventing the need for access to the user's email account. Staff who will be absent from the University must ensure that information held in their email accounts that is relevant and necessary to conducting the University's business is accessible to those having a need for it. (42) Access to a user's email records, albeit for official business purposes, must be regulated to protect the privacy of individuals. The following procedure aims to maintain the integrity and privacy of email accounts but at the same time enable legitimate access to official University information in the absence of the user concerned. (43) The Director Information Technology's, or nominated delegate, may provide a staff member with copies of (or extracts from) official University emails sent by or to another user, and/or access to email logs, where the user has consented to making the information available, or in the following circumstances: (44) A staff member may apply to the Director Information Technology or their nominated delegate for access to an official email account in accordance with this Part. The application must address the points in the previous clause and the relevant Head of School /Director of University Research Centre, Director, College Manager or more senior officer must endorse the application. (45) In considering the application, the Director Information Technology or their nominated delegate should ensure that only the least perusal of contents and least action necessary to comply with the application occurs and that any content not relevant to the business of the University or containing personal information relating to any person is deleted from the information provided to the applicant. (46) The Director Information Technology or their nominated delegate will also forward a notice to the user of the action taken and provide advice of the information that has been released. If the user believes the action taken with respect to official University information was inappropriate, they should initially raise the matter with their supervisor, Head of School, or the relevant Deputy Vice-Chancellor /Chief Operating Officer. The University's complaints procedures are also available if the matter cannot be resolved. If the user is of the view that their privacy has been breached by this action they may request an Internal Review in accordance with the Privacy Management Plan. (47) In order to provide access to an email account, the Director Information Technology or their nominated delegate, or ITD Staff appointed by the Director Information Technology or their nominated delegate, may examine all the emails of the user in order to determine the correct email records and whether the information contained in the application relating to the email is accurate. Any personal information that may be inadvertently found during such examinations must be kept strictly confidential. (48) From time to time University staff may engage in the sending of commercial emails that offer goods or services from the University. The full definition of what constitutes commercial email is contained in the definitions (Section 2). All Commercial Emails are governed by the Spam Act, 2003. (49) A Commercial Email must contain: (50) Staff sending Commercial Emails must ensure that the unsubscribe facility specified in the email is functional and requests are acted upon. (51) Commercial Email must not be sent to a person who has submitted an unsubscribe request. (52) University staff must not use email address harvesting software or an email address list that has been produced using such software. For this reason, care must be taken when using email lists provided by sources outside the University. (53) By law, digital signatures can have the same legal status as written signatures. Staff must not use digital signatures in place of written signatures without authorisation from the Director Information Technology. (54) Attachments must be in a format that can be read by a readily available program for which the University holds a licence in order to ensure that they can be read in the future. This means that documentary attachments (not including spreadsheets, databases and the like) should be in ASCII, TXT, RTF, DOC or PDF format. (55) Official emails must only be encrypted and sent using software approved by the Director Information Technology. (56) Emails, including emails of a private or personal nature, are regularly backed up and/or archived by the University. It is not feasible to separate private or personal email from this process. Nothing in this policy prevents such backups or archiving. Requests for copies of backed up or archived emails will be treated in the same way as requests for copies of the original email. (57) Information Technology is not obliged to provide a user with copies of personal emails that it has backed up or archived although all reasonable efforts, within the constraints of Information Technology's resources, will be made to comply with such a request. (58) The following information is provided as a guide to facilitate efficient use of University Email Resources. (59) Users should: (60) Users should: (61) Users should avoid:Email Policy
Section 1 - Purpose and Context
Section 2 - Definitions
Top of Page
Section 3 - Policy Statement
Conditions of Use
Personal Use of the University Email System and Privacy
Authority of Information Technology Directorate Officers to Restrict Access
Security of the Email System
Monitoring and Performance of the Email System
Surveillance of the Email System
Delegation
Section 4 - Procedures
Part A - Mailing Lists
Part B - Authorising Access to Staff and Student Emails
Personal Email
Official Email - Related to Work or Study
Part C - Commercial Emails
Part D - Digital Signatures, Formats and Encryption
Part E - Backup and Archiving
Section 5 - Guidelines
Distribution and Addressing of Emails
Subject and Content of Emails
"This message contains information that may be confidential and privileged. Unless you are the addressee (or authorised to receive the message for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by return email and delete the message."
"This email contains the thoughts and opinions of (your name) and does not represent the official University policy."Things to Avoid
View Current
This is not a current document. To view the current version, click the link in the document's navigation bar.