Email Policy

Approved by IT Policy Committee on 27-Feb-02, endorsed by Academic Council on 15-May-02.

Summary

1. University email accounts may not be used for private gain or commercial purposes.
2. They are provided for UWA purposes, although some private use may be tolerated.
3. The privacy of email cannot be guaranteed, and is subject in any case to scrutiny where necessary for the University to pursue its normal business operations.
4. The security of email cannot be ensured, so should not be used for highly sensitive messages.
5. Email content must not be offensive, harassing, discriminatory, etc.
6. As official University records, email must be properly stored, archived, etc.
7. Be aware of the accepted etiquette for email.
8. Use mailing lists properly.

Details

1. The University firmly encourages the implementation and use of email, though it does recognise that there are some risks associated with this technology.

2. The University guarantees network access and encourages budget units to provide sufficient computers for staff and student access, and mandates that requirements for students to use email may only be imposed if a department provides or funds the necessary equipment.

3. All students shall be assigned a central email account for which they should be encouraged to register on enrolment, and which should be used for all university email.

4. University email accounts may not be used for private gain or commercial purposes (except where duly authorised).

5. All users of email employing University facilities should recognise that these facilities are provided primarily for University purposes, and so all communications undertaken employing them (except as provided for in 4 above) are official University records and should comply with all other guidelines regarding other forms of University communications and records.  Appropriate Guidelines are set out in Appendix A.

6. The content and use of email must comply with the University’s Computer Use Regulations, its Policies on Discrimination, Harassment and Disabilities (viz must not exhibit discrimination on the grounds of Sex, Race, Marital Status, Pregnancy, Political Conviction, Religious Conviction, Impairment, Family Responsibility or Family Status, Age, and Sexual Preference – see http://www.hr.uwa.edu.au/policy/toc/perform_mgt/conduct_workplace, and must not be harassing), and all other applicable Policies, Regulations and Laws.

7. All users of electronic mail using University facilities should understand that there are some circumstances in which the contents of their email may be disclosed to others;  sometimes this may be accidental, at other times may be incidental to investigating some technical problem, and at other times may be deliberate and conscious.  All actions resulting in such disclosure must comply  with the Guidelines set out in Appendix B.

8. Email should not be used for highly sensitive or confidential information, unless appropriate actions are taken to secure the contents against disclosure, alteration and forgery.  The University encourages users to be aware of the degree of privacy and security that can be attached to email transmissions, and of the measures that can be taken to minimise risk of disclosure or alteration.  Guidelines for securing email transmissions are set out in Appendix C.

9. All email of any consequence should be properly filed and safeguarded;  consideration should be given to printing out important email and filing it in the normal fashion, and/or sending copies to the University Archives for long-term storage (in the latter case, after complying with the Archivist’s requirements regarding classification and identification, etc).  It should also be noted that copies of deleted email may still exist as part of information backed up on an email server, but such copies should not be relied upon as archives.

10. The University encourages social responsibility in the use of email, and advocates compliance with generally-accepted “netiquette” principles (see Appendix D).

11. The University encourages the appropriate use of mailing lists, which should conform with the Guidelines set out in Appendix E.

Appendix A:  Guidelines for Treating Email as Official University Records:

Given that emails will typically be official University records, the following guidelines should be observed:

(a) Good records of important communications should be kept, just as for printed communications.

(b) Since email systems are subject to change and personal computer filing systems may depend on local knowledge, reliance should not be placed on them for long-term storage of significant emails.

(c) The simplest short-term approach is to print out such records and store them in a regular filing system.  Alternatively, they should be stored in an approved electronic records management system such as TRIM (see http://www.admin.uwa.edu.au/archives/).  This approach should be taken for all records of value to the University as a whole, as they are then indexed and readily accessible to all authorised people throughout the University.

(d) Good management principles should be employed in managing email, using folders intelligently (eg use folder names the same as word processing headings).  Consideration should be given to automatic diversion of email with certain subjects into associated folders.

(e) Ensure there is sufficient information in a preserved email to identify the originator, the recipient and the subject adequately, as well as the date and time of the communication.  Ensure the Subject field is used appropriately (not with contents of the form “you may be interested in this”).

(f) Encrypted email should be decrypted before preservation (it may be best to print it out and file it in the same way as for other confidential printed material).

(g) Email should not be preserved longer than is necessary;  it may subject the holder to legal vulnerabilities.  But records should only be deleted in accordance with guidelines advanced by the University Archivist.

(h) Broadcast email should not be preserved, except by the originator (if it is worth preserving at all).  Broadcast email originating outside the University which is worth preserving should be saved by the most senior person receiving a copy.

(i) Ensure arrangements are in place for handling email when staff are on leave or otherwise absent.

(j) In general, apply the following tests in order to decide if a particular piece of email should be preserved:
i. if sent by a member of UWA, then the sender is responsible for preserving it (where applicable);
ii. attachments should be filed with the message;
iii. many emails have only temporary value (eg setting up a meeting time), so should not be preserved beyond the time to which they relate;
iv. if the email has the same standing as a paper document which would previously have been filed, then it should be preserved;
v. it should be preserved if it records University business, records a decision or precedent, or if someone will need it in future.

Appendix B:  Guidelines for Disclosing Email Contents:

There will be occasions when email may be seen by someone other than the intended recipient.  In what follows, an “authorised person” for an IT facility is a person so designated in accordance with the Computer and Software Use Regulations.  There are several different possible scenarios in which email may be disclosed, as follows:

Disclosure types:
(i) Email gets accidentally routed to the wrong person (eg when replying to a list rather than an individual, or mistyping an email address, or a system malfunction occurs);
(ii) Email is seen accidentally by the authorised person of an IT facility in the course of monitoring network traffic behaviour (it would normally not be the contents of email that is being examined, but the volume, the routing, the source or destination, etc);
(iii) Email is seen or examined by the authorised person of an IT facility in the course of investigating a systems malfunction or suspected malfunction (sometimes it is only fragments of email that may be seen, and the originator’s identity may not be known – indeed, part of the investigation may involve a search for the originator);
(iv) A member of the University is absent and unreachable, and the business of the University is being impeded because relevant email or computer files are under the control of this member and normally inaccessible to colleagues.
(v) The email of a specific individual is examined in the course of investigating some breach or suspected breach of Regulations by that individual.
(vi) Other situations in which email is disclosed.

The following guidelines govern the actions of anyone who sees other people’s email or other electronic files under such conditions.

1. For all types of disclosure:

Except as provided for below, all members of the University, including authorised persons who possess special privileges in connection with certain computer or network systems under their control, must treat all the email (and all other computer files) of other people as strictly confidential (except where the context clearly indicates that public viewing is expected);  this applies equally to any accidental disclosure of the contents.

2. For type (i) disclosure:

Anyone receiving email in error should endeavour to forward it to the correct recipient (if known) and should always treat its contents in strict confidence.

3. For types (ii) and (iii) disclosure:

(a) Normally, only properly authorised persons for particular IT facilities may undertake this activity.  Such persons have delegated authority to undertake this activity upon appointment;  sometimes this is made explicit in their duty statements, but in other situations it is implicit as part of their duties.
(b) All such persons must agree to abide by the confidentiality requirement in 1. above.
(c) Where someone other than the officers identified in (a) above has reason to carry out such work, then the explicit authority of that person’s Head of Department or equivalent must be obtained, except there the work is carried out in emergency conditions, when the Head must be notified as soon as possible thereafter.
(d) Duly authorised persons for particular IT facilities should normally confine their investigations to those facilities, except where explicitly invited by another Head to undertake such activity within that Head’s department or unit.
(e) For type (ii) and (iii) disclosure, it will not normally be necessary for relevant authorised persons to notify the person owning the email, if indeed they can be identified at all.  Authorised persons are expected to use their discretion and only need notify the email owner where the circumstances seem to warrant it.

4. For type (iv) disclosure:

(a) In this situation, the Head of Department or equivalent of the missing person must explicitly authorise the examination of email or other computer files by authorised persons.
(b) Detailed records of files examined or copied must be kept, and the missing University member notified as soon as possible on their return.
(c) Every reasonable effort must be made to contact the missing University members before this action is taken, and such efforts should be continued until they have been located or they return.

5. For type (v) disclosure:

(a) In the situation where there is reason to believe that certain email or files may infringe the University’s Regulations or other applicable laws or policies, or in the pursuit of some other suspected infringement, then only the Registrar (in the case of students) or the Deputy Vice-Chancellor (in the case of staff and others) may authorise the email (or other computer files) of an identified individual to be examined or copied, with or without the knowledge of the individual in question.
(b) The person undertaking the examination of the email or computer files must keep full records of all files examined and copied, and the names of anyone else who sees them or to whom they have been passed.
(c) In this situation, the normal procedures applicable to such suspected misconduct investigations will be observed.
(d) No investigation of this kind may be prolonged unduly.
(e) In circumstances where some external authority has required the disclosure (eg the Police, acting with proper authorisation), then the above procedures will be modified to comply with the normal procedures applicable to such actions.
(f) If a suspected case of infringement that requires urgent action is brought to the attention of authorised persons, they may undertake a preliminary examination of the user’s files in order to determine if there is sufficient evidence to warrant a full investigation as provided for in (a) to (e) above.  The procedures for obtaining authorisation for this preliminary investigation must follow those set out in (a) above, but if a timely response cannot be obtained from the relevant authority, then the authorised person’s Head of Department or equivalent or that person’s delegate may give authorisation.
(g) Note that none of the above shall be taken to abrogate the qualified privilege that applies to the correspondence and files of employee Unions.

6. For type (vi) disclosure:

In all other cases where disclosure may happen or be required, then action should be taken which is in keeping with the principles set out in the above five cases.

Appendix C:  Guidelines on Securing Email Transmissions:

The University strongly urges all users of email to observe the following guidelines on ensuring that an appropriate level of security is applied to all their email.

(a) Users should not expect that their emails are any more certain of being delivered than regular mail.

(b) Users should realise that “clear text” email messages may be seen by people other than the intended recipient;  they should regard the privacy of email messages as only moderately better than that of a postcard.

(c) Users should be aware that it is possible for hackers to forge email, making it appear to originate with others, so should treat all email with some degree of circumspection.

(d) Notwithstanding the above, all members of the University are expected to treat other people’s email (and other computer files) as strictly confidential, except as provided for below, and except where the context clearly indicates that the email is for general viewing (eg by being posted to an open mailing list or newsgroup).

(e) Users should be encouraged to abide by generally-accepted “netiquette” for all email (see Appendix D).

(f) If reliance in any serious way upon any email or upon its integrity is required, then use must be made of encryption and digital signatures;  both these are extremely reliable, and are now widely available (eg PGP encryption and signatures).

(g) Email which is to be archived must not be in encrypted form.  Generally speaking, it is best to print it out and submit it for filing in the same way as for normal printed confidential information.

Note:  for email encryption and digital signature technology to become readily and widely used within the University, appropriate systems must be set up (eg a public key repository and secure authenticating agency).  This is proposed in the IT Strategy Implementation Plan for 2001/2002.

Appendix D:  Email Etiquette Guidelines:

The IT Policy Committee strongly recommends the adoption of the following guidelines by all users of email, mailing lists and newsgroups at the University of Western Australia.

In the established communication media (such as postal mail and telephone) certain widely-observed conventions have emerged which help promote a sound basis for communication between the relevant parties.  Electronic mail and newsgroups are relatively new forms of communication, and appropriate conventions may not yet be widely known.  These are gradually emerging, and the following set is based on advice being provided to network users at many sites around the world.

These conventions (often called “network etiquette”, or “netiquette”) recognise that it is very easy to despatch email messages or newsgroup postings very quickly, possibly with little thought being given to how the message will be received.  For instance, if the writer had intended something in fun, will the humour be evident?  If not, it could become quite offensive.

1. Daily Routines and Housekeeping

(a) Check mail regularly;  ignoring a mail message is discourteous and confusing to the sender.
(b) If email calls for a reply, but it may take some time to formulate, send an acknowledgement, so the sender is not left wondering if the email ever reached its intended recipient.
(c) Conversely, never assume that simply because a message has been sent, it has been read.
(d) Reply promptly.  Email systems often do not have the conventional “pending” trays of the desktop, nor secretaries to remind, so it may be easier to forget an email message.
(e) Treat the security of email messages about the same as a message on a postcard;  ie recognise that anyone along the chain of distribution could get to see what the message contains, and it may even end up in someone else’s hands.  If the message is highly sensitive, use some form of encryption, or use some other more secure medium.
(f) Develop an orderly filing system for any email messages to be retained;  delete unwanted ones to conserve disk space.
(g) Make arrangements for email to be forwarded when absent, or install an automatic reply system advising it will not be read during the absence.
(h) Encourage others to communicate by email, including email addresses on business cards and letterheads.

2. Writing Styles

(a) Be very careful how emails are expressed, especially if emotionally driven at the time of composition.  Email lacks the other cues and clues that convey the sense in which it is to be taken;  wrong impressions can easily be conveyed.
(b) Use “emoticons” to convey the sense in which a statement is to be taken;  eg if something is meant in jest, use a “smiley” [ :-) ] to convey that.
(c) Remember that the message may be read by someone who may not appreciate the personality or style of the sender.
(d) Don’t reproduce a message in full when responding to it, especially if it is to be posted to a newsgroup.  This is hard on the readers, and wasteful of resources.  Instead, be selective in the parts that are included in a response.
(e) Try to keep messages fairly brief.  Most people wouldn’t choose a computer screen on which to read text in preference to a printed document, and it can get very tiring for some users.  Try to restrict messages to one or two screens at most.  A long document should be prepared in some more appropriate form (eg as a Word document, with proper formatting) and sent as an attachment.

3. Message Subjects

(a) Make sure that the “subject” field of the message is meaningful.  Where someone receives many messages, it can be very confusing and frustrating not to be able to judge the subject matter correctly from its subject field.  This is especially important when posting messages to newsgroups.  When the “reply” option is used, ensure that the subject field (usually filled in automatically from the original email) still accurately reflects the content of the message.
(b) Try to restrict the message to one subject, sending multiple messages if there are multiple subjects.  This helps recipients to use the “subject” field to manage the messages they have received.
(c) Don’t broadcast email messages unnecessarily.  It’s very easy to do, but can be very annoying to recipients (and wastes resources).  In particular, do not send or forward chain email – it offends some people and is wasteful of network resources.

4. Other People’s Messages – Quoting, Replying, Forwarding

(a) Don’t extract and use text from someone else’s message without acknowledgement.  This is plagiarism.  Don’t let the ease of being able to do it with email lead into bad habits.
(b) Make sure the originator has given permission (explicitly or implicitly) for their email to be passed on – emails are subject to copyright Laws too.
(c) Don’t make changes to someone else’s message and pass it on without making it clear where changes have been made.  This would be misrepresentation.
(d) When forwarding a message, ensure only relevant attachments are included.
(e) When replying to a message, ensure the recipient(s) are correct – sometimes you might inadvertently reply to a whole group of people when you meant it for the originator only (especially pertinent when replying to emails sent via a mailing list).

5. Be Legal, Decent, Honest and Truthful

(a) Remember that sending email from a University account is similar to sending a letter on a University letterhead, so don’t say anything that might discredit or bring embarrassment to or inappropriately commit the University.
(b) Don’t pretend to be someone else when sending mail.
(c) Don’t send frivolous, abusive or defamatory messages.  Apart from being discourteous or offensive, they may break the law.
(d) Be tolerant of others’ mistakes.  Some people are new to this medium, and may not be good typists, or they may accidentally delete a message and ask for it to be resent.
(e) Remember that the various Laws of the land relating to written communication apply equally to email messages, including the laws relating to defamation, copyright, obscenity, fraudulent misrepresentation, freedom of information, and wrongful discrimination.

Appendix E:  Mailing List Guidelines:

The following guidelines should apply to the establishment, management and use of electronic mailing lists within the University.

(a) Any member of staff may set up a mailing list for any purpose associated with their employment.

(b) Any student may set up a mailing list for any purpose associated with their membership of the University, subject to the approval of UCS.

(c) No person may be added to a mailing list without their permission (except where provided for below).

(d) Each person creating a mailing list is responsible for defining and publicising its purpose, for monitoring (moderating, where considered appropriate) the general content of postings and general behaviour of members, for monitoring membership, for ensuring the original purpose of the mailing list is not widely abused, for ensuring membership is primarily drawn from members of the University (but see (h) below), for passing on responsibility for the list should they cease to belong to the University, and for closing the list down when it has fulfilled its purpose.

(e) If postings on any list are found to contravene the University’s Computer Use Regulations, or other applicable Law, Regulation or Policy, then it will be shut down pending resolution of the contravention.

(f) The university centrally may set up mailing lists comprising certain sets of staff and/or students, for the purpose of general University communications, without the permission of members.  These lists fall into 2 categories – those intended for official communications, and those intended for more general, informational communications.  Any request by a member to be removed from the latter category must be acceded to.  Only if a member has good reason (as judged by the Registrar) may they request removal from the former category.  Only approved postings may be made to these central, official lists, consistent with guidelines laid down by the Registrar from time to time.

(g) Faculties and other units may set up lists comparable to these central, official lists, which may operate in comparable fashion at that level.

(h) Normally, membership of mailing lists set up using University facilities should be confined to members of the University (including official visitors).  Individuals who have some association with the University are exempted from this restriction.  Temporary mailing lists for conferences or similar activities which are organised by the University or members of the University are permitted, provided they are the responsibility of a member of the University, have been approved by the relevant Head of Department or equivalent, and comply with other Rules on use of University facilities (eg clause 5 of this Email Policy).  The same guidelines apply to more permanent mailing lists set up for professional societies or similar.