Guidelines on use of e-mail and instant messaging
E-mail and instant messaging/chat applications are useful communication tools for conducting University business. E-mail and instant messages created and received by University employees in the course of their work are also University records to the same extent as information in other media, such as electronic and hard-copy documents.
- Once you send or forward a message you have no control over what a recipient may do with it. This can lead to the unintended disclosure of personal information or confidential information. Be prudent about messages that you create or forward and what you attach to those messages. Be objective and factual in what you write and avoid recording unsubstantiated or subjective comments.
- Avoid use of e-mail and instant messaging to transmit sensitive personal or other confidential information. If you must use e-mail or instant messaging to communicate such information, consider how to minimize the consequences of unintended disclosure (e.g., by disclosing only some information or by deleting personal identifiers).
- Communicate confidential information to individuals by using only those technologies endorsed by IST Information Security Services in their Guidelines for secure data exchange.
- When your e-mail or instant messages contain personal or other confidential information:
- verify the addresses and names of recipients
- avoid using “reply to all” features
- for e-mail, include the following statement at the bottom of the message, following your signature block:
"The information in this message, including any attachments, may contain confidential information intended only for the person(s) named above. Any other distribution, copying or disclosure which is not necessary and proper in the discharge of the University's functions is strictly prohibited. If you are not the intended recipient or have received this message in error, please notify us immediately by reply e-mail and permanently delete the original transmission from us, including any attachments, without making a copy. Thank you.”
- Messages sent over the internet are especially vulnerable to privacy breaches or unintended disclosure. University employees are expected to use university provided technologies for the transmission of work-related e-mail and instant messages.
- E-mail of continuing value for administration or to preserve corporate memory should be filed in a suitably named folder that facilitates retrieval by others, if that is ever required. E-mail and associated attachments must be stored in a location and manner that protects their confidentiality.
- Regularly dispose of e-mails that are transitory records, of only short-term, immediate or no value, except those which relate to a Freedom of Information and Protection of Privacy Act (FIPPA) access request or an ongoing legal dispute. The Privacy Officer or the University Secretary will notify you when e-mails should be retained because of a FIPPA request.
Chat & Work in MS Teams & Other Applications
- The availability and use of instant messaging/chat has expanded significantly with the increased use of Microsoft Teams across the University, supporting private one-to-one chat, group chat involving numerous individuals, and the sharing of digital files and links to other information resources via chat exchanges.
- As the name implies, chat applications are typically intended for informal exchanges, not for carrying out assigned work tasks. An exception would be specialized chat tools designed to support organizational processes – e.g., chat features available in customer relationship management systems – that have been reviewed under the Information Risk Assessment program.
- With the exception of these specialized chat tools, instant messaging/chat should not be used as a primary form of communication or information-sharing for work, decision-making, or the delivery of services which should be documented in a longer-lasting form to meet the University’s compliance and accountability obligations, or to preserve our corporate memory.
- If your chat exchanges do contain information of longer-term significance to the University and your work, be sure to document the exchange in a format better-suited to continuing storage, retrieval, and use: e.g., a memo stored on a shared drive, in SharePoint, or printed and stored securely in a hard-copy file folder.
- It may be prudent, in some cases, for decision-making bodies or work groups – e.g., committees or project teams – to establish rules limiting or prohibiting the use of chat in the conduct of their work to minimize the risk of chat applications recording information which differs from the content of the group’s official records – e.g., committee meeting minutes or project reports – or is an unwarranted duplication of confidential information, including personal information, which we must protect from unauthorized use and disclosure. Please contact the Privacy Officer or the University Records Manager for assistance with such cases.