Guidelines on use of e-mail and instant messaging
E-mail and instant messaging/chat applications are useful communication tools for conducting University business. E-mail and instant messages created and received by University employees in the course of their work are also University records to the same extent as information in other media, such as electronic and hard-copy documents.
- Once you send or forward a message you have no control over what a recipient may do with it. This can lead to the unintended disclosure of personal information or confidential information. Be prudent about messages that you create or forward and what you attach to those messages. Be objective and factual in what you write, and avoid recording unsubstantiated or subjective comments.
- Avoid use of e-mail and instant messaging to transmit sensitive personal or confidential information. If you must use e-mail or instant messaging to communicate such information, consider how to minimize the consequences of unintended disclosure (e.g., by disclosing only some information or by deleting personal identifiers).
- Communicate sensitive information to individuals by using only those technologies endorsed by IST Information Security Services in their Guidelines for secure data exchange.
- When your e-mail or instant messages contain personal or confidential information:
- verify the addresses and names of recipients
- avoid using “reply to all” features
- for e-mail, include the following statement at the bottom of the message, following your signature block:
"The information in this message, including any attachments, may contain confidential information intended only for the person(s) named above. Any other distribution, copying or disclosure which is not necessary and proper in the discharge of the University's functions is strictly prohibited. If you are not the intended recipient or have received this message in error, please notify us immediately by reply e-mail and permanently delete the original transmission from us, including any attachments, without making a copy. Thank you.”
- Messages sent over the internet are especially vulnerable to privacy breaches or unintended disclosure. University employees are expected to use university provided technologies for the transmission of work related e-mail and instant messages. Further, e-mail and associated attachments must be stored in a location and way in which privacy is protected.
- If an e-mail has some ongoing administrative, financial, legal, research or historical value, file it in a suitably named folder that facilitates retrieval by others if that is ever required.
- Regularly dispose of e-mails that have only short-term, immediate or no value except those which relate to a Freedom of Information and Protection of Privacy Act (FIPPA) access request or an ongoing legal dispute. The Privacy Officer or the University Secretary will notify you when e-mails should be retained because of a FIPPA request.
- Management of chat histories in instant messaging applications approved for use by University employees is the responsibility of the system administrators for those applications. Since you do not have direct control over your chat history, and since instant messages are intended to be ephemeral, be sure to document issues or decisions which arise through instant messaging in another, longer-lasting, medium: e.g., in a memo stored on a shared drive or in SharePoint, or printed and stored securely in a hard-copy file folder.