大发彩票

Stewardship and Custodianship of Email

  1. Home
  2. About
  3. Offices, Centers, & Institutes
  4. Information Technology Services
  5. Policies
  6. Stewardship and Custodianship of Email

Policy Statement

大发彩票 provides an email system for students, faculty, staff, alumni, contractors and others to facilitate communication related to academic, administrative, and community engagement matters. Email is an official means of communication for the University, and users are responsible for communications via this system. The University strives to administer this system for the entire 大发彩票 community in a manner that preserves a level of confidentiality as outlined in this policy. The University will execute this policy while maintaining compliance with relevant State and Federal laws, regulations, and University policies.

Although the University does not recommend personal use, it recognizes and permits limited personal use of the colgate.edu email domain (and its subdomains). This personal use does not acquire a right of privacy for communications transmitted or stored using University electronic information resources (EIR).

This policy defines the roles of stewards and custodians in regards to email. Custodians are tasked with the care of email accounts. Stewards are responsible for ensuring email content is seen only by those who have a need to see it as defined by this policy. Account types are assigned specific stewards. A table of what stewards are responsible for what account types can be found under the email Stewards heading at the end of this policy.

Principles and Standards

Custodians of email must never access or disclose the contents of any email for which they are not correspondents except when authorized by defined email stewards under strict guidelines in the following situations:

  1. In the event of a health or safety emergency.
  2. In response to a court order, subpoena or other compulsory legal process.
  3. As part of an internal investigation involving a breach of policy or law.
  4. In immediate need to continue a critical and time-sensitive business process.
  5. To provide business continuity in the event of a death or employee departure.

Reason for this Policy

The University strives to protect email communications from inappropriate access or disclosure. This policy provides clear policy guidelines for those circumstances in which access to email is granted to those other than the named account holder. It insures an appropriate level of oversight, control, and accountability for such actions.

Scope of Policy

Entities affected and bound by this policy include all members of the University including those users of 大发彩票's email for Life offering except where otherwise indicated in this or other policy.

This policy is in direct relation to 大发彩票's email system but may be used as a general guideline concerning all other forms of electronic communications transmitted or stored using 大发彩票's electronic information resources where specific policy may not yet be adopted.

Procedures: Requests to Access or Disclose Email Content

In the event of a health or safety emergency, the University may access and/or disclose the content of email according to the following procedure:

  1. The Information Privacy & Security Officer (IPSO) may only grant access and/or disclose the data upon request of the Director of Campus Safety, Director of Health Services, Director of the Counseling Center or a member of the President's Staff. Emergency requests may be made directly to the IPSO.
  2. In order to preserve any potential evidence, the IPSO will make a second copy of the requested contents on read-only medium and stored in a secure location, clearly labeled and sealed. The IPSO will create an incident document summarizing the request, the process used in obtaining the contents and any other relevant observations during the event.
  3. In the interest of saving time during the emergency, the original request may be verbal. As such, after the request is fulfilled, the requesting party will provide the IPSO with a formal (written or emailed) request citing the nature and detail of the information requested. As soon as is practicable, the IPSO will notify the appropriate email steward(s) and the CIO of the request with a Notice of Preservation & Access.
  4. To ensure the emergency request procedure in this policy is not abused, emergency requests will be reviewed by the President鈥檚 Staff within a reasonable time after the event at which time any adjustments to this policy may be made.

In the event of a court order, Subpoena, litigation hold or similar request/demand, Legal Counsel may be asked to review the validity and authenticity of the request/demand. Legal Counsel may then provide advice regarding the University's obligations to comply and the University is free to comply with that advice notwithstanding any provision of this policy.

  1. A member of the President鈥檚 Staff or the Special Assistant to the President for Legal Affairs may make a direct request to the IPSO along with any additional and/or specific instructions to preserve the email content.
  2. The IPSO will make a copy(s) of the evidence as per the instructions and will create an incident document summarizing the request, the process used in obtaining the contents and any other relevant observations during the event.

In the event of an investigation involving an employee or faculty related to his or her employment status, requests for access may be made to specified email stewards.

  1. All requests to access an account holder's email must be made formally, in writing or by email, to the appropriate account holder鈥檚 email steward (see email Stewards) by an employee鈥檚 manager, immediate supervisor or director, a student鈥檚 academic advisor or professor, a member of the Equity Grievance Panel (EGP), a member of the President鈥檚 Staff or another email steward. To avoid unreasonable searches and fishing expeditions, each request must contain a detailed reason for the request with a range of dates in which to search along with keywords or other information that can narrow the search to the pertinent investigation.
  2. Requests will then be vetted through an Administrative Council consisting of four (or more) members of the President's Staff. The Council reserves the right to ask for the opinions of other University members when deliberating. Investigations involving faculty email will have two additional members taking part on the Council; the Chair of the Committee on Information Technology and the Chair of the Faculty Affairs Committee. Decisions will be made based on a majority vote of the Council.
  3. Approved requests will then be sent to the IPSO. The IPSO will perform the search on the email account(s) using the keywords and dates supplied with the approved request. The IPSO will create an incident document summarizing the request, the process used in searching for the keywords in the request and any other relevant observations during the event.
  4. Findings from the initial search may then be given to the email steward(s) along with a Notice of Preservation & Access if and when appropriate. If the initial search is fruitless, no further investigation may be made on the email account(s) without the requesting party making a new official request.
  5. If the initial search is fruitful, the IPSO will make a copy of the related contents to a read-only medium and store it in a secure location, clearly labeled and sealed. The IPSO will append the incident document with a summary of the request, the process used in obtaining the contents and any other relevant observations during the event. As soon as is practicable, the IPSO will notify the CIO of the request with a Notice of Preservation & Access.
  6. Access to the content of the emails identified from the initial search may then be requested by the email steward(s). If such a request is made, a second copy of the email contents will be saved to a read-only medium and delivered to the appropriate email steward.

In the event an employee or faculty member's professional association with the University has ended, or the account holder is unavailable and without access to their email, it may sometimes be necessary to access information stored in the account holder's email in order to preserve business continuity.

At no time may the user who has been granted access be permitted to send email as (or impersonate) the account holder.

  1. In such cases, supervisors may make requests for access through the proper email steward(s) (see email Stewards). Such requests must be reasonably limited in scope and time. Approval for granting access is under the discretion of the email steward. Approved requests may then be sent to the IPSO whereas the IPSO may change the account password and give that password to the email steward.
  2. The IPSO will create an incident document summarizing the request, the process used in obtaining the contents and any other relevant observations during the event. As soon as is practicable, the IPSO will notify the CIO of the request with a Notice of Preservation & Access.
  3. Requests will be reviewed by the President鈥檚 Staff within a reasonable time after the event at which time any adjustments to this policy can be made.

Parents or legal guardians may request access to email in the event of their child's death. If access to an account is granted, it must be for a defined and limited period of time. Prior to granting access, the account may be archived. Access requests can be made through the Dean of the College at his or her discretion.

  1. Approved requests will be sent to the IPSO at which time the IPSO will change the password and give it to the Dean of the College. All requests will be documented and may be reviewed.
  2. Students may also designate a proxy (usually a parent, grandparent or other legal guardian) to have access to their personal email in the event of a medical emergency or death. Student workers may not allow a proxy to access their given employee email account.

In the event of an employee鈥檚 departure from the University, access to email may be granted via the procedure to continue a critical and time-sensitive business process (Procedure D) above.

All other email accounts are designated and designed for 大发彩票 business use and are the property of the University; access to these accounts may not be granted or willed to spouses, family, or friends upon the account holder鈥檚 death.

Email Archiving Guidelines

As it is impossible for the University to anticipate every scenario involving access to email, the University strives to mitigate risk by archiving certain email accounts.

Email transmitted or stored in 大发彩票's email system may be archived. Unless otherwise noted in this policy, the archived email is not available to account holders. The length of time email is stored is listed below:

User Type Email Archive Life
Students Except in cases of legal matters and where otherwise noted in this policy, a student's email is not automatically archived and their account is purged one year after attending the University unless they sign up for the "Email for Life.鈥
Student workers Students employed by the University while attending 大发彩票 may be provided with a separate email account with which to conduct 大发彩票 business. Student worker email accounts may be archived during and after their employment.
Alumni Alumni are offered the opportunity to keep their student email address upon graduation through a program called 鈥淓mail for Life鈥. These accounts are not automatically archived and accounts may be purged immediately after an Alumni opts-out of the service except in matters where a litigation hold has been placed.
Alumni employees Many alumni spend some part of their professional career working for the University. Those alumni who have opted-in to "Email for Life" may be given a new account to be used for conducting 大发彩票 business. Both their 鈥淓mail for Life鈥 account and their business account may be subject to archiving during and after their employment.
General staff General staff email accounts may be archived during and after their employment.
Executive staff Executive staff positions and those positions which are permitted to conduct contract negotiations or make capital purchases on behalf of the University may have their email archived indefinitely.
Faculty All faculty email is to be archived during the professor's stay at 大发彩票. Faculty email may be purged ten years after their association with the University has ended.
Emeritus Emeritus faculty may retain access to their colgate.edu email account. Such accounts should be used primarily for conducting business, research and maintaining a professional connection to the University. Emeritus email accounts may be archived indefinitely and not purged upon the account holder's death.