Policy on Employee Use of Email

AVÀÇ East Bay Policy on Individually assigned Email Addresses 

Introduction

Purpose

AVÀÇ East Bay (“CSUEB” or “University”) must protect University data. This includes keeping records protected, accurate and accessible. The University takes extra precautions to protect Sensitive Information (Level 1 or 2) sent or received by email. This policy describes University obligations related to email, especially the requirement to use only University email accounts, not personal ones for University business.

Policy FAQ

Policy Scope

This policy applies to University employees and anyone else who is “affiliated” with the University and conducts University business by email. 

Policy Statement

University employees and others affiliated with the University who conduct University business by email must: 

  • Maintain and use only University email accounts for University business and not use any external/personal email account to conduct the business of CSUEB.
  • Limit or minimize personal use of their University email account to occasional and incidental use (e.g. must have so little value that accounting for it would be unreasonable or impractical). See
  • Enter and keep an official University email address (and not an external/personal email account) as their business email in the , , Syllabi, etc.  
  • Limit auto-forwarding of University email.
    • Auto-forwarding to personal accounts or other non-University accounts is not allowed. Users may forward individual messages to any email address if they follow University policies, standards, and procedures.
    • Auto-forwarding between University departmental and individual email accounts is allowed, and is managed by ITS directly.
  • Keep, archive, or manage emails according to the .
    • All email messages sent or received related to University business are covered by the California Public Records Act (CPRA, specifically . Public records may be subject to disclosure. 


Roles and Responsibilities

Employees and those affiliated with the University must follow this policy. Violations of this policy must be reported to the Information Security Office (iso@csueastbay.edu). 

Managers and Department Heads must make this policy available to staff members and provide guidance on following it. 

The ITS Servicedesk can help people follow this policy. 

Compliance

Failure to follow this policy may put the University at risk. Employees who do not comply may face disciplinary actions. Students who do not comply may be referred to the Office of Student Conduct. Contractors and vendors who do not comply may face termination of their contracts with CSUEB. 

Violation of this policy may also carry the risk of civil or criminal penalties. 


Exceptions

  • If a person affiliated with the University receives University business email message at a non-University account, they must forward the email message to their University account and tell the sender to use their University email address in the future.  
    • Marketing, spam, and other messages that a person can delete immediately do not need to be sent to a University account.  
  • Concerning any Sensitive Information (Level 1 or 2), please consult the Information Security Office for help. 
  • If a person is not required to have a University Directory entry at all or is not provided an official University email account, they do not need to keep an official email listing there. 
  • Exceptions to this policy may only be authorized in writing by the campus CIO or CISO.

Definitions

Auto-Forward: An automated way to forward email from one account to another without a person having to take action. 

Non-University Email Account: An email account provided by someone other than CSU East Bay. This could be a personal email (like Gmail, Yahoo, or another provider that you have set up yourself). This account could also be associated with another organization (such as a professional organization, or another University). 

Departmental Email Account: A departmental email account is provisioned by ITS as a shared inbox model that is made available to employees designated by the requesting the account. This is also known as a delegated email account, which does not require a separate NetID to access. Departments are responsible for alerting ITS to changes in employee assignments so that delegates can be added or removed from a shared email account.

Public Record: Any record created or received in conducting University business, in any format, including paper, photographs, recordings, emails or digital images. The only exceptions are ones that apply under federal or state law. 

University Email Account: Email account(s) provided by CSUEB ITS. With rare exceptions, a University account address will almost always end in "csueastbay.edu."  

Related Requirements

CSU Policies, Standards, and Procedures

Regulations


Contact Information

Policy Contacts
Subject Contact Telephone Online
Email address questions Service Desk 510-885-4357(HELP)
Reporting an security incident or violation Information Security Office 510-885-4357(HELP) iso@csueastbay.edu
Questions about Sensitive Information or this Policy Information Security Office 510-885-4357(HELP) iso@csueastbay.edu