Individual Email Address Policy

Title

University of North Carolina at Chapel Hill Policy on Individual Email Addresses 

Introduction

Purpose

University of North Carolina at Chapel Hill (“UNC-Chapel Hill” or “University”) must protect University data. This includes keeping records accurate and accessible. The University takes extra precautions to protect Sensitive Information (Tier 2 or 3) sent or received by email. This policy describes University obligations related to email, especially the requirement to use only University email accounts, not personal ones for University business.   

Scope

This policy applies to University employees and anyone else who is “affiliated” with the University and conducts University business by email. 

Policy

Policy Statement

University employees and others affiliated with the University who conduct University business by email must: 

  1. Maintain and use only University email accounts for University business and not use any external/personal account to conduct the business of UNC-Chapel Hill. 
  2. Enter and keep an official University email address (and not an external/personal account) as their business email in the University Directory).  
  3. Limit auto-forwarding of University email. Auto-forwarding between University email accounts is allowed. Auto-forwarding to personal accounts or other non-University accounts is not allowed. People may forward individual messages to any email address if they follow University policies, standards, and procedures. 
  4. Keep, archive, or manage emails according to the Records Retention and Disposition Schedule. All email messages sent or received related to University business are covered by the North Carolina Public Records Act (NC General Statutes, Chapter 132). Public records may be subject to disclosure. 

Compliance

Failure to follow this policy may put the University at risk. Employees who don't comply may face disciplinary consequences, including termination of employment. Students who don't comply may be referred to the Office of Student Conduct. Contractors and vendors who don't comply may face termination of their contracts with UNC-Chapel Hill. 

Violation of this policy may also carry the risk of civil or criminal penalties. 

Roles and Responsibilities

People affiliated with the University must follow this policy. They must report violations to the Information Security Office. 

Supervisors and Unit Heads must make this policy available to team members and provide guidance on following it. 

ITS Staff can help people follow this policy. 

Exceptions

If a person affiliated with the University receives University business email on a non-University account, they must forward the email to their University account. Then they must tell the sender to use the University account in the future.  

Marketing, spam, and other messages that a person can delete immediately do not need to be sent to a University account.  

Any Sensitive Information (Tier 2 or 3), consult Information Security for help. 

If a person is not required to have a University Directory entry at all or is not provided an official University email account, they do not need to keep an official email listing there. 

Exceptions to this policy may only be authorized in writing by one of the following people:  

  • Chief Information Officer,  
  • Chief Information Security Officer,  
  • Chief Privacy Officer, or 
  • their authorized delegates. 

Definitions

Auto-Forward: An automated way to forward email from one account to another without a person having to take action. 

Non-University Email Account: An email account provided by someone other than UNC-Chapel Hill. This could be a personal email (like Gmail, Yahoo, or another provider that you go to directly). This could also be associated with another organization (such as a professional organization, or another University.) 

Public Record: Any record created or received in conducting University business, in any format, including paper, photographs, recordings, emails or digital images. The only exceptions are ones that apply under federal or state law. 

University Email Account: Email account(s) provided by UNC Information Technology Services or by an authorized University department. With rare exceptions, a University account address will almost always end in "unc.edu."  

Related Requirements

External Regulations and Consequences

University Policies, Standards, and Procedures

Informational References

Contact Information

Policy Contacts
Subject Contact Telephone Online
Email address questions ITS Service Desk 919-962-HELP help.unc.edu
Reporting an information security incident or violation ITS Information Security Office

(Ask that your Request be marked "critical" for the Information Security Office (ISO) and do not provide detail on the incident until called back by an ISO incident handler)		 919-962-HELP N/A
Questions about Sensitive Information Data Governance Oversight Group (DGOG) 919-962-HELP datagov.unc.edu
Policy questions ITS policy Office 919-962-HELP its_policy@unc.edu
100% helpful - 1 review

Details

Article ID: 131262
Created
Thu 4/8/21 9:05 PM
Modified
Thu 2/29/24 2:38 PM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
12/07/2020 2:14 PM
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Vice Chancellor for Information Technology and Chief Information Officer
Last Review
Date on which the most recent document review was completed.
12/13/2023 12:00 AM
Last Revised
Date on which the most recent changes to this document were approved.
12/12/2018 11:00 PM
Next Review
Date on which the next document review is due.
12/13/2026 12:00 AM
Origination
Date on which the original version of this document was first made official.
03/01/2011 11:00 PM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Information Technology Services

Related Articles (2)

Information Security Controls Standard
This standard defines the minimum security controls for Information Technology systems in use at UNC-Chapel Hill including personal and University-owned devices. Units within the University may apply stricter controls to protect information and systems in their areas of responsibility. The standard applies to each UNC-Chapel Hill Constituent, student, employee, or other for any covered system under their control.
Policy on Public Records Requests
The University of North Carolina at Chapel Hill (UNC-Chapel Hill) is a constituent institution of the University of North Carolina and an agency of the State of North Carolina and is open and responsive to information requests from the public and the news media. UNC-Chapel Hill is committed to a policy of openness, honesty, and cooperation.