Individual Email Address Policy

Title

UNC-Chapel Hill Individual Email Address Policy

Introduction

Purpose

The University has obligations to ensure integrity and accessibility of records, and security of sensitive University information that may be sent or received via email. This policy advises affiliates of their obligations to use only their University email account and not personal email accounts for University business and to manage the records resulting from that use in accordance with applicable policy, standards, and procedures.

Scope of Applicability

UNC-Chapel Hill Affiliates who conduct University business via email.

Policy

Policy Statement

All UNC-Chapel Hill employees and other affiliates who conduct University business (including students, and others employed by the University or otherwise conducting University business) will:

  1. Maintain and use only University email accounts and not use any external/personal account to conduct the business of UNC-Chapel Hill.
  2. Enter and maintain a University email account address (and not an external/personal account) in the UNC-Chapel Hill Campus Directory (unless an exception exists and no directory entry is present).
  3. Not auto-forward University email to an external email account. (auto-forwarding between University email accounts is permitted. auto-forwarding to external/personal accounts is not permitted, though manual forwarding of individual messages to an external account is generally permissible if in accord with all other applicable University policies, standards, and procedures.)
  4. Ensure that email is retained, sent to archives, or otherwise managed in accordance with the UNC-Chapel Hill Records Retention Schedule. (All email messages sent or received in transacting University business are covered by NCGS 132, the NC Public Records Act, and may be subject to disclosure).

Compliance

Failure to comply with this policy may put University information assets at risk and may have disciplinary consequences for employees, up to and including termination of employment. Students who fail to adhere to this policy may be referred to the UNC- Chapel Hill Office of Student Conduct. Contractors, vendors, and others who fail to adhere to this policy may face termination of their business relationships with UNC- Chapel Hill.

Violation of this policy may also carry the risk of civil or criminal penalties.

Roles and Responsibilities

University Affiliates: Fulfill the requirements of this policy and report violations to the Information Security Office.

Supervisors and Unit Heads: Make this policy available to team members and provide guidance on implementation.

ITS Staff: Monitor implementation and provide assistance as requested.

Exceptions

If email which would constitute University business (other than marketing or other ephemeral messages which may be deleted immediately) is received on a personal/external account, the affiliate may comply with this policy by forwarding a copy of the message to their University account and notifying the sender to use the University account in future. If the email contains any sensitive information (defined as Tier 2 or Tier 3 of the UNC-Chapel Hill Information Classification Standard), please consult Information Security for assistance.

Exceptions to this policy may only be authorized in writing by the Chief Information Officer, Deputy Chief Information Officer, Chief Information Security Officer, Chief Privacy Officer, or their authorized delegates.

Definitions

  • Auto-Forward: The act of forwarding email through the use of an automated forwarding mechanism. Once configured, these mechanisms forward email from one server to another without any user intervention and/or oversight.
  • External/Personal Email Account: An email account provided by an organization not affiliated with UNC-Chapel Hill. This may be a personal Gmail, Yahoo, or other account, or may be provided by another organization (such as a professional organization, or another University with which the user is also affiliated.)
  • Public Record: Any record created or received in conducting University business, in whatever format, including but not limited to paper, photographs, recordings, emails or digital images, unless an exception applies under federal or state law.
  • University Email Account: Email account(s) provided by UNC Information Technology Services or by an Affiliate's University department for the purpose of transacting University business. With rare exceptions a University account address will end in "unc.edu."
  • UNC-Chapel Hill Affiliate: UNC-Chapel Hill faculty, staff, students, retirees, contractors, distance learners, visiting scholars and others who require UNC-Chapel Hill resources to work in conjunction with UNC-Chapel Hill. This policy is addressed to those affiliates who conduct University Business using email.

Related Requirements

External Regulations and Consequences

University Policies, Standards, and Procedures

Informational References

Contact Information

Policy Contacts
Subject Contact Telephone Online
Email address questions ITS Service Desk 919-962-HELP help.unc.edu
Reporting an information security incident or violation ITS Information Security Office

(Ask that your Request be marked "critical" for the Information Security Office (ISO) and do not provide detail on the incident until called back by an ISO incident handler)
919-962-HELP N/A
Questions about Sensitive Information Data Governance Oversight Group (DGOG) 919-962-HELP datagov.unc.edu
100% helpful - 1 review

Details

Article ID: 131262
Created
Thu 4/8/21 9:05 PM
Modified
Thu 7/22/21 10:10 AM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
12/07/2020 2:14 PM
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Vice Chancellor for Information Technology and Chief Information Officer
Last Review
Date on which the most recent document review was completed.
12/07/2020 2:14 PM
Last Revised
Date on which the most recent changes to this document were approved.
12/12/2018 11:00 PM
Origination
Date on which the original version of this document was first made official.
03/01/2011 11:00 PM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Information Technology Services