TABLE OF CONTENTS
1.0 INTRODUCTION
2.0 ALLOWABLE USE
3.0 TERMINATION OF AFFILIATION
5.0 INSPECTION, MONITORING, OR DISCLOSURE
Attachment 1 Office Of The President Email Servers
Attachment 2 Tracking Form for Non-Consensual Access to Email Record (PDF document)
1.0 INTRODUCTION
1.1 Background
The Office of the President Implementing Guidelines for the University of California Electronic Mail Policy (the Guidelines) apply to (1) all email services operated by Office of the President units and (2) all users of UCOP email services, including anyone who has an email account in the domain ucop.edu. A list of current email services in the Office of the President is given in Attachment I.
These Guidelines supplement the University of California Electronic Mail Policy (the Email Policy) which can be viewed on the World Wide Web at
http://www.ucop.edu/ucophome/policies/email/
All users of UCOP email services should be familiar with the contents of the Email Policy.
When individuals have access to both UCOP and campus email services, both accounts are subject to the Email Policy. The UCOP account is subject to the Office of the President Guidelines, and the campus account is subject to the guidelines of the respective campus.
1.2 Definitions
Department Head - The head of an administrative or other unit as designated by the Senior Vice President--Business and Finance (on a campus, the Chancellor). For purposes of these Guidelines, the terms "department head" and "unit head" are used interchangeably. In the absence of the department head, responsibility shall be assumed by the individual to whom the department head reports.
Email Service Manager - The person who has administrative responsibility for an electronic mail system. At the Office of the President this refers to an email system within the domain ucop.edu.
Authorizing Senior Vice President - The person who has final authority for the restriction of access to email services and for the inspection, monitoring, or disclosure of email. At UCOP, the authorizing Senior Vice President shall be the Senior Vice President--Business and Finance, except that in the case of a member of the faculty, as defined in the Electronic Mail Policy, Appendix A, the authorizing Senior Vice President shall be the Provost and Senior Vice President - Academic Affairs.
2.0 ALLOWABLE USE
2.1 Allowable Users
2.1.1 Faculty and Staff
Office of the President employees may be issued UCOP email accounts for the purpose of conducting University business and for such other purposes as conform with Section VI.A. of the Email Policy. In addition, faculty and staff from other UC locations who are on temporary assignment at the Office of the President may be issued UCOP email accounts for the duration of their service on projects or special assignments under the auspices of the Office of the President.
2.1.2 Student Employees
Students who are employees or agents of the Office of the President may be issued UCOP email accounts for the purpose of conducting their Office of the President-related work.
2.1.2.1 The UCOP email addresses of students who are employees or agents of the Office of the President are public information.
2.1.2.2 Use of a student's campus account for Office of the President business will not change the status of the email records a) as administrative records that must be made available to the University and b) as University records that may be subject to public records laws and policies.
2.1.3 Other Students
Students who perform work at the Office of the President but do not have employee or agent status (e.g., students conducting research for classes) shall conduct all of their work using their home campus email account.
2.1.4 Volunteers
Volunteers who conduct business for the Office of the President may be issued temporary UCOP email accounts for the sole purpose of conducting their business on behalf of the University, unless agreed otherwise in writing. Volunteers shall be notified of the Email Policy and shall sign a written understanding that the account is not private and that the contents of electronic mail may be inspected, monitored, or disclosed by the University, consistent with the Email Policy, during and after the volunteer's service. Departments should assure that administrative records held by the volunteer can be accessed. Options for reduction of non-consensual access are suggested in Section 6.1 of these Guidelines. This paragraph of the Guidelines is a restriction of Section VI.A., Allowable Use, of the Email Policy in accordance with Section IX.B of the Email Policy.
2.1.5 Others
Contractors, independent consultants, and certain agents of the University other than employees may be issued temporary UCOP email accounts for the sole purpose of conducting their business on behalf of the University, unless agreed otherwise in writing. Such persons shall be notified of the Email Policy and shall sign a written understanding that the account is not private and that the contents of electronic mail may be inspected, monitored, or disclosed by the University, consistent with the Email Policy, during and after their service. Departments should assure that administrative records held by such persons can be accessed. Options for reduction of non-consensual access are suggested in Section 6.1 of these Guidelines. This paragraph of the Guidelines is a restriction of Section VI.A., Allowable Use, of the Email Policy in accordance with Section IX.B of the Email Policy.
2.2 Allowable Uses
Access to electronic mail, if provided, is at the discretion of the department in consideration of job requirements, departmental needs, and cost and efficiency factors. All uses of electronic mail services provided by the Office of the President must conform to the provisions of the Email Policy. Email services are provided to UCOP employees and others for the purpose of conducting the University's business and (except in cases covered by Sections 2.1.4 and 2.1.5 above and Section 2.2.2 below) such other purposes as conform to Section VI.A. of the Email Policy. In particular, guidelines applicable to uses allowable under Section VI.A. of the Email Policy include:
2.2.1Use on Behalf of Outside Organizations
Email use on behalf of outside organizations must conform to the provisions of Section VI.A. of the Email Policy. Before using UCOP email services on behalf of the outside organization, email users shall verify with their supervisors that the proposed use complies with these Guidelines. The use of UCOP email services on behalf of outside organizations beyond the scope of incidental personal use (see Section 2.2.2 below) is not permitted except under the following circumstances.
2.2.1.1Charities
UCOP email services may be used only for charitable activities that have been approved by the Senior Vice President--Business and Finance in the role of chief administrative officer for the Office of the President. An example would be University employee participation in the annual United Way campaign. Before using UCOP email services for such approved purposes, the individual must obtain written authorization from the office of the Senior Vice President--Business and Finance.
2.2.1.2 Professional Organizations
UCOP email services may be used on behalf of an outside professional organization when the individual is participating as a representative of the University in the activities of a professional association of which the University is a member, or when the individual is a member of an organization in support of the University's mission.
2.2.1.3 Civic Committees or Task Forces
UCOP email services may be used on behalf of national, state, and local committees or task forces when associated with an approved University activity.
2.2.2 Incidental Personal Use
UCOP email services may be used incidentally for personal purposes under the provisions of Section VI.A.8., Personal Use, of the Email Policy (except by users restricted by Sections 2.1.4 and 2.1.5 above of these Guidelines). Personal use must comply with all the provisions of Section VI.A. of the Email Policy. Incidental personal use of an UCOP email account is acceptable on behalf of the individual, as opposed to use on behalf of an outside organization (except as provided in Section 2.2.1 above) whether the outside organization is for-profit, not-for-profit, or non-profit. A UCOP email address shall not be published as the point of contact for non-University activities.
3.0 TERMINATION OF AFFILIATION
3.1 Access to Administrative Records
When a UCOP email user's affiliation with the Office of the President terminates, the email holder shall turn over to the University all administrative records in his or her possession. This may be accomplished either by memo giving consent to access the email records and/or by giving the department head or its designee the password to the account. If the individual is unable or unwilling to turn over administrative records, the department may seek the records through the procedures for non-consensual access described in Section 5.2 of these Guidelines. The email holder may delete any records generated by incidental personal use of email before consenting to access.
3.2 Mail Forwarding
The email account of persons no longer affiliated with the University will be canceled with no forwarding services provided. However, at the discretion of the email user's Department Head, and at cost to the department at the then current rates, forwarding services may be provided after termination for a period normally not to exceed 6 months. In such cases, the email user whose mail is being forwarded must agree in writing that any mail that pertains to the University's business will be forwarded back to the department. A Department head may require that all mail forwarded to the employee from the UCOP address also be forwarded to a departmental account.
4.0 SERVICE RESTRICTIONS
The use of UCOP email services is a privilege that can be revoked without prior notice and without the consent of the email user. The Senior Vice President--Business & Finance has delegated responsibility for maintaining the integrity of the email system to the Associate Vice President for Information Resources & Communications, who will act as he or she deems necessary to prevent disruption of email services or damage to users of email, including disruption or damage caused by email users. Decisions of the Associate Vice President in support of email system integrity, which may include restriction or refusal of email services, are final.
4.1 Account Closure
The Department Head may cancel any email account that is funded by the unit. This normally happens when the email user's affiliation with the Office of the President is terminated or when continuation of the email service is no longer in the interest of the department. The email account of an employee who transfers to another unit may be continued with the consent of the new Department Head.
4.2 Restriction of Services
Email services may be suspended or restricted by the Email Service Manager, the email user's Department Head, or the Associate Vice President for Information Resources & Communications under the conditions described in Section V. C. of the Email Policy as well as in emergency circumstances described in Section V. E. 2. of the Email Policy.
4.2.1 Notification
Unless it is unlawful to do so, the Email Service Manager will inform the affected UCOP email user of the reason for the restriction and the manager under whose authority the restriction has taken place. This notification may be in person or in writing.
4.2.2 Restoration
UCOP email services may be restored by the manager under whose authority the restriction of UCOP email service has taken place, with the approval of the Associate Vice President for Information Resources and Communications. Further recourse may be sought through normal personnel policies and procedures.
5.0 INSPECTION, MONITORING, OR DISCLOSURE
5.1 Authorization
An email holder's records may be inspected, monitored, or disclosed without the consent of the individual only under the circumstances and in the manner described in Section V. E. of the Email Policy and with the approval of the authorizing Senior Vice President as defined in Section 1.2 above.
5.2 Procedures
The form "Request to Inspect, Monitor, or Disclose Email Records" shall be used to document that proper procedures have been followed before email is accessed without the consent of the email holder. The following procedure shall be used to authorize the inspection, monitoring, or disclosure of email records without the consent of the email holder:
5.2.1 The individual seeking the record(s) shall bring the request in writing to the attention of the affected email holder's Department Head.
5.2.2 The Department Head shall verify that the request is consistent with the provisions of the Email Policy and shall consult with General Counsel regarding legal aspects of the request.
5.2.3 If General Counsel concurs that the request is lawful, the Department Head shall document the circumstances of the request and Counsel's advice.
5.2.4 The Department Head shall present this documentation and a formal, written request to access the email holder's records to the authorizing Senior Vice President for approval.
5.2.5 If the email holder is a member of the faculty, as defined in the Email Policy, the Provost and Senior Vice President--Academic Affairs shall consult with the Chair of the Academic Council. The time period allowed for the consultation shall be specified by the Provost and Senior Vice President--Academic Affairs and shall not exceed four weeks.
5.2.6 If the authorizing Senior Vice President approves, the Department Head shall present the authorized request to the Email Service Manager.
5.2.7 The Email Service Manager shall arrange for the requested email records to be accessed, providing only the relevant email records, if any, to the Department Head.
5.2.8 If it is lawful to do so, the Department Head shall notify the email holder that the record(s) have been inspected, monitored, or disclosed.
5.3 Procedures for "Emergency Circumstances"
In emergency circumstances, as defined in the Email Policy, records may be inspected, monitored, or disclosed without the prior consent of the authorizing Senior Vice President. The form "Request to Inspect, Monitor, or Disclose Email Records" shall be used to document the post-authorization of emergency access to email without prior consent of the individual. The following procedures shall be used in such emergency circumstances:
5.3.1 The Email Service Manager shall act on the authorization of the Department Head, and notify the authorizing Senior Vice President accordingly.
5.3.2 The Department Head, without delay, shall seek the advice of Counsel and the approval of the authorizing Senior Vice President.
5.3.3 If it is lawful to do so, the Department Head shall notify the email holder that the record(s) have been inspected, monitored, or disclosed.
5.3.4 If the approval of the authorizing Senior Vice President is not subsequently given, the Department Head shall take measures to restore the situation as closely as possible to that which existed before action was taken.
5.4 Recourse After Non-Consensual Inspection, Monitoring, or Disclosure
Under both the normal and emergency procedures, the email holder may appeal the decision of a Department Head or the authorizing Senior Vice President through normal personnel procedures.
5.5 Annual Reporting
The Senior Vice President--Business & Finance, in cooperation with the Provost and Senior Vice President--Academic Affairs, shall publish an annual report summarizing all instances in which electronic mail was inspected, monitored, or disclosed without the consent of the individual.
6.0 ADMINISTRATIVE RECORDS
Under Section V. D. of the Email Policy University employees are expected to comply with University requests for copies of email records in their possession that pertain to the administrative business of the University, or whose disclosure is required to comply with applicable laws, regardless of whether such records reside on a computer housed or owned by the University. If an employee fails to provide a copy of the requested email record, or is absent and unable to do so, the email record may be sought without the consent of the email holder subject to the provisions of Section V.E. of the Email Policy.
6.1 Departmental Options
In order to reduce the need for non-consensual access to email in the event of absences, departments may use, individually or in combination, any of the following techniques or other methods that are consistent with provisions of the Email Policy and Section 6.2 below of the Guidelines.
6.1.1 Mail Forwarding - use email forwarding capabilities, if available, so that during planned absences email will be forwarded to the person responsible for covering the work;
6.1.2 Workgroup Accounts - establish common workgroup accounts for department-related business so email records can be accessed by others in the email holder's absence;
6.1.3 Service Accounts - establish accounts for copies of incoming mail that requires action;
6.1.4 Advance Consent Forms - arrange for written consent, in advance, for the Email Service Manager to reset the password at the request of the department in the email holder's absence;
6.1.5 Password Provided to Supervisor - arrange for passwords to be provided to supervisors in a confidential manner (for instance in a sealed envelope) for the purpose of allowing access to email records in the email holder's absence;
6.1.6 Password Provided to Another - arrange for supervisors to be provided with the name of a third party who has been given the account's password for the purpose of allowing access to the email holder's records in his or her absence.
6.1.7 Autoforwarding with Filtering - set filters to forward selected email to relevant employees in the email holder's absence.
Users of UCOP email services may not be compelled to consent to allow others to access their email or to provide their email passwords to any other persons, including supervisors. However, should they choose not to do so, the department may have recourse to the provisions for non-consensual access in Section V.E of the Email Policy.
6.2 Email Holder Protections
In addition to following all provisions of the Email Policy, supervisors and other persons to whom email holders have given either consent to access their email or their email password must follow these guidelines. They:
6.2.1 must not use the password to access the email holder's records except to obtain email records required to continue University business in the email holder's absence;
6.2.2 must limit their inspection of the employee's email records to the least perusal of contents and the least action necessary to obtain the needed records;
6.2.3 may not seek out, use, or disclose any personal or confidential information contained in the employee's email files; and
6.2.4 must not violate Section VI.A.6. of the Email Policy regarding use of a false identity by transmitting email in the other person's name.
7.0 POSTMASTER PROCEDURES
Network and computer operations personnel and system administrators should be familiar with and must adhere to the provisions of Section VI.B.3 of the Email Policy. When re-routing or disposing of otherwise undeliverable email they should limit their inspection to the least invasive action required to perform their duties (e.g. search header information before text, use electronic keyword searches, etc.) and notify the recipient that the email has been inspected. They must also conform to the privacy provisions of this section of the Email Policy.
8.0 BACK-UP PRACTICES
8.1 Back-Up Notification
The Email Service Manager shall provide notification about back-up practices for that service's email:
8.1.1 to the service's new email users when an account is first opened;
8.1.2 to all the service's email users on an annual basis;
8.1.3 to all the service's email users whenever back-up practices change; and
8.1.4 upon request by a user of the email service.
This notification may be written or electronic, and need not be acknowledged by the user of the email service.
The Information Management unit of Information Resources and Communications shall coordinate with the various UCOP Email Service Managers to provide the department of Human Resources with current information on back-up procedures. The department of Human Resources shall provide materials explaining the back-up practices for UCOP email services at the time of new employee orientation.
8.2 Archiving
The Office of the President does not maintain archives of all email sent or received.
8.2.1 Email service personnel are not required to back-up electronic mail. To the extent that email is backed up, the purpose of the back-up is to assure system integrity and reliability, not to provide for future retrieval.
8.2.2 Email service personnel are not required to retrieve email from back-up facilities upon the request of UCOP email users.
8.2.3 The Email Service Manager will make use of back-up copies of email in situations described in Section V.E. of the Email Policy.
9.0 NOTIFICATION OF POLICY
9.1 Responsibility
Email Service Managers shall provide notification of the Email Policy and the Guidelines:
9.1.1 to the email service's new users at the time an email account is opened; and
9.1.2 to all the email service's users on an annual basis.
Such notification may be in print or electronic form.
9.2 Requirements
Notification about the Email Policy shall include, at a minimum:
9.2.1 notice that users of UCOP email services are required to abide by the provisions of the Email Policy and the Office of the President Guidelines;
9.2.2 directions on how to obtain a full copy of the Email Policy and these Guidelines;
9.2.3 an explanation of current back-up procedures; and
9.2.4 reference to the name, address and telephone number of an individual who can answer questions about the Email Policy, the Guidelines, and current back-up procedures.
9.3 Acknowledgment
New users of UCOP email services must attest that they have read and understand the Email Policy. This attestation may be in written or electronic form, according to procedures in use by the email service at the time the account is opened.
Ongoing users of UCOP email services must attest that they have been notified of the Email Policy. Continued use of UCOP email services after the annual notification implies acknowledgment of notification of the Email Policy.
| Server |
Contact |
| Corporate Data Center | Richard Hintz, Corporate Data Center Manager Richard.Hintz@ucop.edu |
|
Note, the Corporate Data Center serves all UCOP units except those indicated below. | |
| Laboratory Administration | Steve McGrath, Facilities Manager Steve.McGrath@ucop.edu |
| Continuing Education of the Bar | James Acker, Manager, Information Services AckerJ@ceb.ucop.edu |