Email Use Policy
Purpose
Email is a unique communication channel that allows communicators direct access to constituents. The purpose of this policy is to ensure that the College’s email system is used in a way that supports the College’s mission. The policy describes responsibilities of individuals and the College with respect to the appropriateness of messaging and use of College email services.
The College may engage approved third parties to manage electronic mail correspondence and mailing lists. This policy pertains to all electronic email services provided, owned, or funded in part or in whole by the College regardless of the location of service infrastructure. The Communications and Marketing Office and the Library and Information Technology Services (LITS) are charged with managing email services for the College community.
This policy has been adopted from peer policies.
Scope
This policy applies to all users of email services provided, owned, or funded in part or in whole by Hamilton College and all records in the possession of or generated by College employees, students and other users of email services provided by the College, regardless whether the records were generated on College or non-College owned computers or mobile devices.
Policy
This policy defines the use of College email services by all Hamilton College constituents. The policy provides users with a strategy for ensuring efficient and effective communications and best-in-class experiences for recipients of these communications, regardless of whether the communication is a one-to-one email exchange or a one-to-many (mass/broadcast) email.
For the College, this policy is in place to ensure that anyone sending emails using the hamilton.edu domain follows best practices, brand guidelines, and in compliance with all applicable regulations, including, but not limited to, the Family Educational Rights and Privacy Act (FERPA) and the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act.
Official Use
Email is an official method of communication at Hamilton College. College-provided email accounts may be used for communication of official information to students, faculty, staff and other individuals.
The College expects individuals to use their assigned email accounts in a manner that does not violate College policy or community standards, violate the privacy rights of its employees and students, disclose confidential information of the College or otherwise detract from or cause harm to the College and/or individuals employed or associated with the College. This prohibition includes any email that violates the law. In addition, College employees may not disguise or fraudulently represent their identity when using the College’s email system.
Expectations of Use
- The College-provided email account is to be used for conducting College business over email. It is not a substitute for a personal email account, and should not be used as such.
- College community members are expected to check their Hamilton.edu email account on a regular basis, particularly for information that requires a reply or action to be taken by the recipient.
- All use of email will conform with applicable local, state and federal privacy laws, and all applicable College policies and Codes of Conduct.
- Senders may be limited to sending any message to a maximum number of accounts to prevent accidental or intentional misuse. Users must not attempt to circumvent the requirements for broadcast messages to the Hamilton community or outside the community.
- Senders are responsible for targeting the correct audiences with any email sends; repeated improperly targeted emails may result in the revocation of email sending privileges.
- All senders are expected to follow any other applicable guidelines specific to the service provider being used to send email messages.
Assignment of Email Addresses
Hamilton College will assign each user one official College email address [userid@hamilton.edu]. It is to this official address that the College will send email communications. This official address will be the email address listed in the College directories.
Email Forwarding
Manually forwarding College email that contains information classified as High or above is only permissible for valid business purposes and when done using appropriate security measures.
Automation tools, protocols, or rules to enable auto-forwarding (POP, IMAP etc.), to move email from a College managed email system to a non-College managed email system is not permissible without a formal exception from the appropriate Authorized Leader.
Personal email accounts or servers set up to receive or transmit College related business messaging is not permissible without a formal exception from the appropriate Authorized Leader.
Retention and Disposal
Users should avoid retaining large amounts of email for long periods of time. Email must comply with applicable College policies, including Hamilton’s Data Retention Policy. Email is not an appropriate place to retain College records; records in email should be removed to other paper or electronic storage media intended for archival purposes.
All email accounts are deactivated and deleted according to the following schedule:
- Employee Accounts. Deactivated at the end of the business day on the last day of employment.
- Student Accounts. Deactivated approximately three (3) months after you graduate.
- Faculty Accounts. Deactivated approximately three (3) months after you leave the College.
- Retiring Accounts. Employees and Faculty members that meet the qualifications to retire from the College can request to keep access to their email account through the appropriate process.
In all cases, the account will be deleted 20 days after deactivation.
Accessing Email Accounts
Hamilton College has the right and ability to access email accounts, despite the fact that a user has established login credentials. However, the College and its agents or custodians of the email system will not access or disclose the content of an individual’s Hamilton email account unless the College has a good faith belief that the terms of acceptable use have been violated.
In addition to a good faith belief of a violation, permission must be secured from an appropriate member of leadership designated for each constituency before disclosure of email content. They are as follows:
Constituency | Authorized Leader |
All groups | VP of LITS Backup: VP of Communications and Marketing |
Faculty | Dean of Faculty Backup: Associate Dean of Faculty* |
Students | Dean of Students Backup: Associate VP for Student Affairs |
Staff | Human Resources Director Backup: VP of Admin and Finance* |
All others | VP of LITS Backup: VP of Admin and Finance* |
*In situations where the authorizers listed above are unable to perform this duty in the manner or time frame needed, an Officer of the College will assume decision authority.
Examples of Acceptable Access to an Email Account
Although Hamilton College does not monitor email content routinely, users must not assume that email content will remain private and confidential. Email can be altered or forwarded by a recipient without the sender’s knowledge, and may also be discoverable in litigation or may be disclosed to comply with a subpoena.
Although not a complete list, the following conditions represent potential situations for access:
- Suspected violation of the law, regulation or College policy
- Enforceable governmental request, a subpoena or legal request to which the College is required to respond
- For any lawful purposes, including but not limited to cybersecurity investigations, system maintenance, or quality control
- Suspected criminal conduct, or need to protect against harm to the rights, property, or safety of the College, its employees or the public
- When information is necessary to conduct College business and the user of the account is unavailable
- A health or safety emergency
Examples of Unacceptable Access to an Email Account
Examples of unacceptable access include, but are not limited to:
- Curiosity
- When permission from an authorized leader is not requested or is not given
- Desire to bypass engaging an individual in conversation when that individual is available and there is not sufficient evidence to suggest an emergent situation
Institutional Privileges
If a user is on leave from work, for any reason, or is otherwise unavailable, a manager may request access to that individual’s account for business continuity purposes. Whenever possible, arrangements should be made before a leave if the need for access is foreseeable.
Managers may request access to an individual’s email account upon termination of employment for business continuity purposes.
Managers will need to demonstrate to the appropriate authorizer why access to a user’s account is warranted and to the extent possible; access will be tailored to the need. Internal guidelines will dictate the access, review, and data retrieval processes. Any access request of this type must be approved by the following persons:
Vice President of LITS |
Vice President of Communications and Marketing |
Director of Human Resources (staff), Dean of Faculty (faculty) |
Director of Information Security and Privacy |
Exceptions will be made on a case-by-case basis with a compelling rationale. Upon the conclusion of this period, the account and its contents will follow College termination processes.
Google Workspace
Google retains the right to access to the Gmail Accounts for violations of its Acceptable Use Policy, or in response to subpoena or National Security Letter. (http://www.google.com/a/help/intl/en/admins/use_policy.html).
Inappropriate Use of Email Communications
Please consider your audience carefully (e.g., do not send a mailing to “all” if you only need to reach students). Examples of inappropriate uses include, but are not limited to:
- A message that violates any Hamilton College policy, Code of Conduct, or third party vendor agreement
- A message that contains no actual announcement (e.g. does not meet the criteria listed above for an event or a non-event)
- Giveaways of personal property such as furniture, tickets, equipment, books, etc.; College-owned property that is being given away must be announced by individuals representing the academic or administrative department responsible for the property.
- Unapproved surveys
- Chain mail
- Lost and found (except when it is College property, or involves animals; otherwise community members should use the Lost and Found tab in MyHamilton).
- Requests for rides (use the Rides tab in MyHamilton)
- Personal announcements or other unapproved non-work related messaging
- Items for sale or items desired, such as houses, tickets, books, services, etc. (use the Community Marketplace tab in MyHamilton).
Spam and Phishing
Spam is defined as unsolicited and undesired advertisements for products or services sent to a large distribution of users.
Phishing is defined as the attempt to acquire sensitive information such as usernames, passwords, or credit card details (and sometimes, indirectly, money), often for malicious purposes, by masquerading as a trustworthy entity in an electronic communication.
All incoming mail is scanned for viruses, phishing attacks, and spam. Suspected messages are blocked from the user’s inbox. Due to the complex nature of email, it is impossible to guarantee protection from all malicious emails. It is the responsibility of every user to practice proper care and prevent the spread of viruses and malicious emails. In many cases, these malicious messages appear to be sent from a friend, coworker, or other legitimate source. Users should not click links or open attachments unless they are confident of the contents and sender..
Noncompliance and Sanctions
Users who violate this policy may be denied access to the College’s resources and may be subject to penalties and disciplinary action, both within and outside the institution, subject to the appropriate enforcement process. The College may temporarily suspend or block access to an account, prior to the initiation or completion of such procedures, when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of the College or other computing resources or to protect the institution from liability.
Suspected violations will be reviewed by the Director of Information Security and the Vice President for Communications and Marketing; confirmed violations will follow established procedures in the appropriate enforcement process.
Last Reviewed: 9/6/2022
Approved: August 2022