The first policy statement presented here is the University of California's Electronic Mail Policy. The second statement is the Acceptable Use Policy at the University of California, Davis.
The text in this chapter is taken directly from the University of California Web pages and Policy and Procedure Manual. Section numbering has been changed to reflect the section numbering of this text, and all cross-references have been updated. Finally, references to Web pages for “other information” have been deleted.
University of California E-mail Policy[1]
This is the Electronic Mail Policy issued on March 23, 1998, for the University of California. Both the summary and the policy were issued by the University's Office of the President.
This is a summary. Please refer to the full text of the Electronic Mail Policy.
E-mail may be subject to disclosure under the California Public Records Act. The University may access or disclose your e-mail under specified circumstances described in the Policy.
E-mail facility staff may inadvertently see the contents of e-mail messages in the course of their duties.
Your e-mail facility may have copies of e-mail on a backup system even after you have discarded the messages.
Backup copies may be retained for periods of time and in locations unknown to senders and recipients.
The security and confidentiality of e-mail cannot be guaranteed. Password protections are not foolproof.
It is possible for senders of e-mail to mask their identities.
Recipients are able to forward your e-mail without your knowledge or consent.
The contents of forwarded messages can be changed from the original.
Policy violations may result in restriction of access to University information technology resources and other serious consequences.
The California Penal Code makes certain computer crimes felony offenses.
Your University e-mail address is owned by the Regents of the University of California.
Think twice before you click on the “send” button.
Comply with University policies and state and federal laws that apply to e-mail.
Make administrative e-mail available to your supervisor if requested.
Protect the confidentiality of information you encounter inadvertently in e-mail or other records.
Follow campus procedures for authorization and notification if you must access another person's e-mail.
Respect the privacy of other people's e-mail.
Use personal and professional courtesy and considerations in e-mail.
Employ protections such as passwords to deter potential intruders.
Check with the sender if there is any doubt about the authenticity of a message.
Request information on the back-up practices of the e-mail facilities you use.
Ask for advice if you are not sure what the Policy allows.
Violate law and UC policy by theft or abuse of facilities or resources.
Seek out, use, or disclose personal or confidential information unless authorized.
Access or disclose other people's e-mail without prior consent.
Knowingly interfere with other people's use of e-mail.
Send “spam” or chain letters.
Knowingly disrupt University electronic mail and other services.
Use e-mail for unlawful activities, commercial purposes, or personal financial gain (except where permitted by academic policy).
Use e-mail in violation of other University policies (such as harassment, copyright violations).
Use e-mail to give the impression that you represent the University (unless authorized to do so).
Let personal use of e-mail interfere with your employment or other obligations to the University.
Increase costs to the University by excessive personal use of e-mail.
Rely exclusively on electronic mail for purposes of archiving and record retention.
The University of California's Electronic Mail Policy applies to (1) all electronic mail services provided by the University, (2) all users and uses of such services, and (3) all University records in the form of electronic mail, whether in the possession of University employees or other users of electronic mail services provided by the University. Please note that each campus has its own guidelines and procedures for implementing the UC Electronic Mail Policy.
University of California Electronic Mail Policy[2]
This Policy clarifies the applicability of law and of other University policies to electronic mail. It also defines new policy and procedures where existing policies do not specifically address issues particular to the use of electronic mail.
The University recognizes that principles of academic freedom and shared governance, freedom of speech, and privacy of information hold important implications for electronic mail and electronic mail services. The University affords electronic mail privacy protections comparable to that which it traditionally affords paper mail and telephone communications. This Policy reflects these firmly held principles within the context of the University's legal and other obligations.
The University encourages the use of electronic mail and respects the privacy of users. It does not routinely inspect, monitor, or disclose electronic mail without the holder's (as defined in Appendix 35.1.2.10, Definitions) consent. Nonetheless, subject to the requirements for authorization, notification, and other conditions specified in this Policy, the University may deny access to its electronic mail services and may inspect, monitor, or disclose electronic mail (i) when required by and consistent with law; (ii) when there is substantiated reason (as defined in Appendix 35.1.2.10, Definitions) to believe that violations of law or of University policies listed in Appendix 35.1.2.12 have taken place; (iii) when there are compelling circumstances as defined in Appendix 35.1.2.10; or (iv) under time-dependent, critical operational circumstances as defined in Appendix 35.1.2.10, Definitions.
Cautions:
Users should be aware of the following:
Both the nature of electronic mail and the public character of the University's business (see Caution 2 below) make electronic mail less private than users may anticipate. For example, electronic mail intended for one person sometimes may be widely distributed because of the ease with which recipients can forward it to others. A reply to an electronic mail message posted on an electronic bulletin board or “listserver” intended only for the originator of the message may be distributed to all subscribers to the listserver. Furthermore, even after a user deletes an electronic mail record from a computer or electronic mail account it may persist on backup facilities, and thus be subject to disclosure under the provisions of Section 35.1.2.5 of this Policy. The University cannot routinely protect users against such eventualities.
Electronic mail, whether or not created or stored on University equipment, may constitute a University record (see Appendix 35.1.2.10, Definitions) subject to disclosure under the California Public Records Act or other laws, or as a result of litigation. However, the University does not automatically comply with all requests for disclosure, but evaluates all such requests against the precise provisions of the Act, other laws concerning disclosure and privacy, or other applicable law. Users of University electronic mail services also should be aware that the California Public Records Act and other similar laws jeopardize the ability of the University to guarantee complete protection of personal electronic mail resident (see Section 35.1.2.6.A.8) on University facilities. The California Public Records Act does not, in general, apply to students except in their capacity, if any, as employees or agents of the University. This exemption does not, however, exclude student e-mail from other aspects of this Policy.
The University, in general, cannot and does not wish to be the arbiter of the contents of electronic mail. Neither can the University, in general, protect users from receiving electronic mail they may find offensive. Members of the University community, however, are strongly encouraged to use the same personal and professional courtesies and considerations in electronic mail as they would in other forms of communication.
There is no guarantee, unless “authenticated” mail systems are in use, that electronic mail received was in fact sent by the purported sender, since it is relatively straightforward, although a violation of this Policy, for senders to disguise their identities. Furthermore, electronic mail that is forwarded may also be modified. Authentication technology is not widely and systematically in use at the University as of the date of this Policy. As with print documents, in case of doubt, receivers of electronic mail messages should check with the purported sender to validate authorship or authenticity.
Encryption of electronic mail is another emerging technology that is not in widespread use as of the date of this Policy. This technology enables the encoding of electronic mail so that for all practical purposes it cannot be read by anyone who does not possess the right key. The answers to questions raised by the growing use of these technologies are not now sufficiently understood to warrant the formulation of University policy at this time. Users and operators of electronic mail facilities should be aware, however, that these technologies will become generally available and probably will be increasingly used by members of the community.
The purpose of this Policy is to ensure that:
The University community is informed about the applicability of policies and laws to electronic mail;
Electronic mail services are used in compliance with those policies and laws;
Users of electronic mail services are informed about how concepts of privacy and security apply to electronic mail; and
Disruptions to University electronic mail and other services and activities are minimized.
The terms “electronic mail” and “e-mail” are used interchangeably throughout this Policy.
The following terms used in this Policy are defined in Appendix 35.1.2.10. Knowledge of these definitions is important to an understanding of this Policy.
Computing Facility(ies)
Electronic Mail Systems or Services
University E-mail Systems or Services
E-mail Record or E-mail
University Record
University E-mail Record
Use of University or Other E-mail Services
Possession of E-mail
Holder of an E-mail Record or E-mail Holder
Faculty
Substantiated Reason
Compelling Circumstances
Emergency Circumstances
Time-dependent, Critical, Operational Circumstances
This Policy applies to:
All electronic mail systems and services provided or owned by the University;
All users, holders, and uses of University e-mail services; and
All University e-mail records in the possession of University employees or other e-mail users of electronic mail services provided by the University.
Excluded from the foregoing are electronic mail services of Department of Energy Laboratories managed by the University, and e-mail users of such electronic mail services who are employees and agents of those Laboratories.
This Policy applies only to electronic mail in its electronic form. The Policy does not apply to printed copies of electronic mail. Other University records management policies (see RMP series policies listed in Appendix 35.1.2.11, “References”), however, do not distinguish among the media in which records are generated or stored. Electronic mail messages, therefore, in either their electronic or printed forms, are subject to those other policies, including provisions of those policies regarding retention and disclosure.
This Policy applies equally to transactional information (such as e-mail headers, summaries, addresses, and addressees) associated with e-mail records as it does to the contents of those records.
This Policy is effective immediately, with implementation guidelines to be effective July 1, 1998 (See Section 35.1.2.9).
As noted in the Introduction, the University recognizes that principles of academic freedom, freedom of speech, and privacy of information hold important implications for electronic mail and electronic mail services. This Policy reflects these firmly held principles within the context of the University's legal and other obligations.
Purpose. In support of its threefold mission of instruction, research, and public service, the University encourages the use of University electronic mail services to share information, to improve communication, and to exchange ideas.
University Property. University electronic mail systems and services are University facilities as that term is used in other policies and guidelines. Any electronic mail address or account associated with the University, or any subunit of the University, assigned by the University to individuals, subunits, or functions of the University, is the property of The Regents of the University of California.
Service Restrictions. Those who use University electronic mail services are expected to do so responsibly, that is, to comply with state and federal laws, with this and other policies and procedures of the University, and with normal standards of professional and personal courtesy and conduct. Access to University electronic mail services, when provided, is a privilege that may be wholly or partially restricted by the University without prior notice and without the consent of the e-mail user when required by and consistent with law, when there is substantiated reason (as defined in Appendix 35.1.2.10, “Definitions”) to believe that violations of policy or law have taken place, or, in exceptional cases, when required to meet time-dependent, critical operational needs. Such restriction is subject to established campuswide procedures or, in the absence of such procedures, to the approval of the appropriate campus Vice Chancellor or University Vice President.
Consent and Compliance. An e-mail holder's consent shall be sought by the University prior to any inspection, monitoring, or disclosure of University e-mail records in the holder's possession, except as provided for in Section 35.1.2.5.E. University employees are, however, expected to comply with University requests for copies of e-mail records in their possession that pertain to the administrative business of the University, or whose disclosure is required to comply with applicable laws, regardless of whether such records reside on a computer housed or owned by the University. Failure to comply with such requests can lead to the conditions of Section 35.1.2.5.E.
Restrictions on Access Without Consent. The University shall only permit the inspection, monitoring, or disclosure of electronic mail without the consent of the holder of such e-mail (i) when required by and consistent with law; (ii) when there is substantiated reason (as defined in Appendix 35.1.2.10, “Definitions”) to believe that violations of law or of University policies listed in Appendix 35.1.2.12 have taken place; (iii) when there are compelling circumstances as defined in Appendix 35.1.2.10; or (iv) under time-dependent, critical operational circumstances as defined in Appendix 35.1.2.10, “Definitions.”
When the contents of e-mail must be inspected, monitored, or disclosed without the holder's consent, the following shall apply:
Authorization. Except in emergency circumstances as defined in Appendix 35.1.2.10, “Definitions,” and pursuant to Paragraph 35.1.2.5.E.2, such actions must be authorized in advance and in writing by the responsible (see Section 35.1.2.9, “Campus Responsibilities and Discretion”) campus Vice Chancellor or University Vice President. This authority may not be further redelegated. Requests for such nonconsensual access must be submitted in writing following procedures to be defined by each campus. University counsel's advice shall be sought prior to authorization because of changing interpretations by the courts of laws affecting the privacy of electronic mail, and because of potential conflicts among different applicable laws. Where the inspection, monitoring, or disclosure of e-mail held by faculty is involved, the advice of the Campus Academic Senate shall be sought in writing in advance, following procedures to be established by each campus. All such advice shall be given in a timely manner. Authorization shall be limited to the least perusal of contents and the least action necessary to resolve the situation.
Emergency Circumstances. In emergency circumstances as defined in Appendix 35.1.2.10, “Definitions,” the least perusal of contents and the least action necessary to resolve the emergency may be taken immediately without authorization, but appropriate authorization must then be sought without delay following the procedures described in Section 35.1.2.5.E.1, above. If the action taken is not subsequently authorized, the responsible authority shall seek to have the situation restored as closely as possible to that which existed before action was taken.
Notification. In either case, the responsible authority or designee shall, at the earliest possible opportunity that is lawful and consistent with other University policy, notify the affected individual of the action(s) taken and the reasons for the action(s) taken. Each campus will publish, where consistent with law, an annual report summarizing instances of authorized or emergency nonconsensual access pursuant to the provisions of this Section.
Compliance with Law. Actions taken under Paragraphs 1 and 2 shall be in full compliance with the law and other applicable University policy, including laws and policies listed in Appendix 35.1.2.11. This has particular significance for e-mail residing on computers not owned or housed by the University. Advice of counsel always must be sought prior to any action taken under such circumstances. It also has particular significance for e-mail whose content is protected under the Federal Family Educational Rights and Privacy Act of 1974, which applies equally to e-mail as it does to print records.
Recourse. Procedures for the review and appeal of actions taken under Sections 35.1.2.5.C, D, and E and under Section 35.1.2.7 shall be implemented (or existing procedures adapted) by each campus to provide a mechanism for recourse to individuals who believe that actions taken by employees or agents of the University were in violation of this Policy.
Misuse. In general, both law and University policy prohibit the theft or other abuse of computing resources. Such prohibitions apply to electronic mail services and include (but are not limited to) unauthorized entry, use, transfer, and tampering with the accounts and files of others, and interference with the work of others and with other computing facilities. Under certain circumstances, the law contains provisions for felony offenses. Users of electronic mail are encouraged to familiarize themselves with these laws and policies (see Appendix 35.1.2.11, “References”).
In general, use of University electronic mail services is governed by policies that apply to the use of all University facilities. In particular, use of University electronic mail services is encouraged and is allowable subject to the following conditions:
Purpose. Electronic mail services are to be provided by University organizational units in support of the teaching, research, and public service mission of the University, and the administrative functions that support this mission.
Users. Users of University electronic mail services are to be limited primarily to University students, faculty, and staff for purposes that conform to the requirements of this Section.
Noncompetition. University electronic mail services shall not be provided in competition with commercial services to individuals or organizations outside the University.
Restrictions. University electronic mail services may not be used for: unlawful activities; commercial purposes not under the auspices of the University; personal financial gain (see applicable academic personnel policies); personal use inconsistent with Section 35.1.2.6.A.8; or uses that violate other University policies or guidelines. The latter include, but are not limited to, policies and guidelines (see Appendix 35.1.2.11, “References”) regarding intellectual property, or regarding sexual or other forms of harassment.
Representation. Electronic mail users shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless appropriately authorized (explicitly or implicitly) to do so. Where appropriate, an explicit disclaimer shall be included unless it is clear from the context that the author is not representing the University. An appropriate disclaimer is: “These statements are my own, not those of the University of California.”
False Identity. University e-mail users shall not employ false identities. E-mail may, however, be sent anonymously provided this does not violate any law or this or any other University policy, and does not unreasonably interfere with the administrative business of the University.
Interference. University e-mail services shall not be used for purposes that could reasonably be expected to cause, directly or indirectly, excessive strain on any computing facilities, or unwarranted or unsolicited interference with others' use of e-mail or e-mail systems. Such uses include, but are not limited to, the use of e-mail services to: (i) send or forward e-mail chain letters; (ii) “spam,” that is, to exploit listservers or similar broadcast systems for purposes beyond their intended scope to amplify the widespread distribution of unsolicited e-mail; and (iii) “letter-bomb,” that is, to resend the same e-mail repeatedly to one or more recipients to interfere with the recipient's use of e-mail.
Personal Use. University electronic mail services may be used for incidental personal purposes provided that, in addition to the foregoing constraints and conditions, such use does not: (i) directly or indirectly interfere with the University operation of computing facilities or electronic mail services; (ii) burden the University with noticeable incremental cost; or (iii) interfere with the e-mail user's employment or other obligations to the University. E-mail records arising from such personal use may, however, be subject to the presumption in Appendix 35.1.2.10, “Definition of a University E-mail Record,” regarding personal and other e-mail records. E-mail users should assess the implications of this presumption in their decision to use University electronic mail services for personal purposes.
The confidentiality of electronic mail cannot be ensured. Such confidentiality may be compromised by applicability of law or policy, including this Policy, by unintended redistribution, or because of inadequacy of current technologies to protect against unauthorized access. Users, therefore, should exercise extreme caution in using e-mail to communicate confidential or sensitive matters.
Business and Finance Bulletin RMP-8, “Legal Requirements on Privacy of and Access to Information,” prohibits University employees and others from “seeking out, using, or disclosing” without authorization “personal or confidential” information, and requires employees to take necessary precautions to protect the confidentiality of personal or confidential information encountered in the performance of their duties or otherwise. This prohibition applies to e-mail records. In this Policy the terms “inspect, monitor, or disclose” are used within the meaning of “seek, use, or disclose” as defined in RMP-8.
Notwithstanding the preceding paragraph, users should be aware that, during the performance of their duties, network and computer operations personnel and system administrators need from time to time to observe certain transactional addressing information to ensure proper functioning of University e-mail services, and on these and other occasions may inadvertently see the contents of e-mail messages. Except as provided elsewhere in this Policy, they are not permitted to see or read the contents intentionally; to read transactional information where not germane to the foregoing purpose; or disclose or otherwise use what they have seen. One exception, however, is that of systems personnel (such as “postmasters”) who may need to inspect e-mail when rerouting or disposing of otherwise undeliverable e-mail. This exception is limited to the least invasive level of inspection required to perform such duties. Furthermore, this exception does not exempt postmasters from the prohibition against disclosure of personal and confidential information of the preceding paragraph, except insofar as such disclosure equates with good faith attempts to route the otherwise undeliverable e-mail to the intended recipient. Rerouted mail normally should be accompanied by notification to the recipient that the e-mail has been inspected for such purposes.
The University attempts to provide secure and reliable e-mail services. Operators of University electronic mail services are expected to follow sound professional practices in providing for the security of electronic mail records, data, application programs, and system programs under their jurisdiction. Since such professional practices and protections are not foolproof, however, the security and confidentiality of electronic mail cannot be guaranteed. Furthermore, operators of e-mail services have no control over the security of e-mail that has been downloaded to a user's computer. As a deterrent to potential intruders and to misuse of e-mail, e-mail users should employ whatever protections (such as passwords) are available to them.
Users of electronic mail services should be aware that even though the sender and recipient have discarded their copies of an electronic mail record, there may be backup copies that can be retrieved. Systems may be “backed up” on a routine or occasional basis to protect system reliability and integrity, and to prevent potential loss of data. The backup process results in the copying of data onto storage media that may be retained for periods of time and in locations unknown to the originator or recipient of electronic mail. The practice and frequency of backups and the retention of backup copies of e-mail vary from system to system. Electronic mail users are encouraged to request information on the backup practices followed by the operators of University electronic mail services, and such operators are required to provide such information on request.
University records management policies do not distinguish among media with regard to the definition of University records. As such, electronic mail records are subject to these policies. In particular, such records are subject to disposition schedules in the University of California Records Disposition Schedules Manual, which distinguishes among different categories of records, from the ephemeral to the archival.
The University does not maintain central or distributed electronic mail archives of all electronic mail sent or received. Electronic mail is normally backed up (see Section 35.1.2.6.B.5), if at all, only to ensure system integrity and reliability, not to provide for future retrieval, although backups may at times serve the latter purpose incidentally. Operators of University electronic mail services are not required by this Policy to retrieve e-mail from such backup facilities on the holder's request, although on occasion they may do so as a courtesy.
E-mail users should be aware that generally it is not possible to ensure the longevity of electronic mail records for record-keeping purposes, in part because of the difficulty of guaranteeing that electronic mail can continue to be read in the face of changing formats and technologies and in part because of the changing nature of electronic mail systems. This becomes increasingly difficult as electronic mail encompasses more digital forms, such as embracing compound documents composed of digital voice, music, image, and video in addition to text. Furthermore, in the absence of the use of authentication systems (see Section 35.1.2.1, Caution 4), it is difficult to guarantee that e-mail documents have not been altered, intentionally or inadvertently.
E-mail users and those in possession of University records in the form of electronic mail are cautioned, therefore, to be prudent in their reliance on electronic mail for purposes of maintaining a lasting record. Sound business practice suggests that consideration be given to transferring (if possible) electronic mail to a more lasting medium/format, such as acid-free paper or microfilm, where long-term accessibility is an issue.
Violations of University policies governing the use of University electronic mail services may result in restriction of access to University information technology resources. In addition, disciplinary action, up to and including dismissal, may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.
The Associate Vice President, Information Resources and Communications (IR&C) in the Office of the President is responsible for development and maintenance of this Policy for issuance by the President.
Each Chancellor shall develop, maintain, and publish specific procedures and practices that implement this Policy and communicate its provisions to campus users of University electronic mail services. The following are assigned to individual campus authority and discretion:
Each Chancellor shall decide whether to publish students' electronic mail addresses as directory information. An electronic mail address assigned by the University to a student is a student record, unless assigned in the student's capacity, if any, as an employee or agent of the University. In accordance with the policies and procedures in the University's “Policy Applying to the Disclosure of Information from Student Records” (Sections 130–134 of the Policies Applying to Campus Activities, Organizations, and Students), campuses are responsible for designating the categories of personally identifiable information about a student that are public. Individual students may, consistent with the above-mentioned policy, request the campus not to make their e-mail addresses public for other than educational purposes.
Each campus shall establish guidelines as to who may use campus electronic mail services, consistent with the provisions of Section 35.1.2.6.A of this Policy.
Each Chancellor shall establish regulations and procedures on actions to be taken once an e-mail user's affiliation with the campus is terminated. In particular, the campus may elect to terminate the individual's e-mail account, redirect electronic mail, or continue the account, subject to the provisions of Section 35.1.2.6.A of this Policy.
Each campus shall establish guidelines and procedures for:
Restriction of use of University e-mail services pursuant to Section 35.1.2.5.C of this Policy;
Authorization, advice, notification, and recourse pursuant to Sections 35.1.2.5.E and F of this Policy;
Response to requests for information from users concerning the backup of electronic mail, pursuant to Section 35.1.2.6.B.5 of this Policy; and
Any other provisions of this Policy for which procedures are not explicitly stated.
Each Chancellor shall designate the appropriate Vice Chancellor to be responsible for the authorization of action pursuant to Sections 35.1.2.5.C and E of this Policy. This authorization responsibility may not be further redelegated.
Each campus shall establish appropriate notification procedures regarding this Policy to all e-mail users. New users shall positively acknowledge receipt and understanding of the policy. Such notification and acknowledgment may be electronic to the extent that the e-mail user's identity can be ensured. It is recognized that it may not be possible to phase in such procedures immediately; however, the lack of comprehensive procedures shall not, in the interim, invalidate the provisions and applicability of this Policy.
Each campus may establish its own procedures that further refine and conform with this Policy.
For purposes of this Section 35.1.2.9, the Office of the President shall be regarded as a campus with respect to its own internal operations, except that for this purpose “Vice President” shall replace “Vice Chancellor” in Sections 35.1.2.5.C and E.
Computing Facility(ies): Computing resources, services, and network systems such as computers and computer time, data processing or storage functions, computer systems and services, servers, networks, input/output and connecting devices, and related computer records, programs, software, and documentation.
Electronic Mail Systems or Services: Any messaging system that depends on computing facilities to create, send, forward, reply to, transmit, store, hold, copy, download, display, view, read, or print computer records for purposes of asynchronous communication across computer network systems between or among individuals or groups, that is either explicitly denoted as a system for electronic mail or is implicitly used for such purposes, including services such as electronic bulletin boards, listservers, and newsgroups.
University E-mail Systems or Services: Electronic mail systems or services owned or operated by the University or any of its subunits.
E-mail Record or E-mail: Any or several electronic computer records or messages created, sent, forwarded, replied to, transmitted, stored, held, copied, downloaded, displayed, viewed, read, or printed by one or several e-mail systems or services. This definition of e-mail records applies equally to the contents of such records and to transactional information associated with such records, such as headers, summaries, addresses, and addressees. This Policy applies only to electronic mail in its electronic form. The Policy does not apply to printed copies of electronic mail.
University Record: A “public record” as defined in Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information and the California Public Records Act. “Public records” include any writing containing information relating to the conduct of the public's business prepared, owned, used, or retained (by the University) regardless of physical form or characteristics [California Government Code Section 6252(d)]. With certain defined exceptions, such University records are subject to disclosure under the California Public Records Act.
Records held by students, including e-mail, are not University records unless such records are pursuant to an employment or agent relationship the student has or has had with the University. This exemption does not, however, exclude student e-mail from other aspects of this Policy, regardless of whether such e-mail is a University record.
University E-mail Record: A University Record in the form of an e-mail record regardless of whether any of the computing facilities utilized to create, send, forward, reply to, transmit, store, hold, copy, download, display, view, read, or print the e-mail record are owned by the University. This implies that the location of the record, or the location of its creation or use, does not change its nature as: (i) a University e-mail record for purposes of this or other University policy (see, however, Sections 35.1.2.5.D and E), and (ii) having potential for disclosure under the California Public Records Act.
Until determined otherwise or unless it is clear from the context, any e-mail record residing on University-owned computing facilities may be deemed to be a University e-mail record for purposes of this Policy. This includes, for example, personal e-mail (see Section 35.1.2.6.A.8). Consistent, however, with the principles asserted in Section 35.1.2.5.E of least perusal and least action necessary and of legal compliance, the University must make a good faith a priori effort to distinguish University e-mail records from personal and other e-mail where relevant to disclosures under the California Public Records Act and other laws, or for other applicable purposes of this Policy.
Use of University or Other E-mail Services: To create, send, forward, reply to, transmit, store, hold, copy, download, display, view, read, or print e-mail (with the aid of University e-mail services). A (University) E-mail User is an individual who makes use of (University) e-mail services.
Receipt of e-mail prior to actual viewing is excluded from this definition of “use” to the extent that the recipient does not have advance knowledge of the contents of the e-mail record.
Possession of E-mail: An individual is in “possession” of an e-mail record, whether the original record or a copy or modification of the original record, when that individual has effective control over the location of its storage. Thus, an e-mail record that resides on a computer server awaiting download to an addressee is deemed, for purposes of this Policy, to be in the possession of that addressee. Systems administrators and other operators of University e-mail services are excluded from this definition of possession with regard to e-mail not specifically created by or addressed to them.
E-mail users are not responsible for e-mail in their possession when they have no knowledge of its existence or contents.
Holder of an E-mail Record or E-mail Holder: An e-mail user who is in possession of a particular e-mail record, regardless of whether that e-mail user is the original creator or a recipient of the content of the record.
Faculty: A member of the faculty as defined by Academic Personnel Policy 110-4 (14).
Substantiated Reason: Reliable evidence indicating that violation of law or of policies listed in Appendix 35.1.2.12 probably has occurred, as distinguished from rumor, gossip, or other unreliable evidence.
Compelling Circumstances: Circumstances where failure to act may result in significant bodily harm, significant property loss or damage, loss of significant evidence of one or more violations of law or of University policies listed in Appendix 35.1.2.12, or significant liability to the University or to members of the University community.
Emergency Circumstances: Circumstances where time is of the essence and where there is a high probability that delaying action would almost certainly result in compelling circumstances.
Time-Dependent and Critical Operational Circumstances: Circumstances where failure to act could seriously hamper the ability of the University to function administratively or to meet its teaching obligations, but excluding circumstances pertaining to personal or professional activities, or to faculty research or matters of shared governance.
The following list identifies significant sources used as background in the preparation of this Policy, whether or not they are directly referenced by this Policy. It does not, however, include all federal and state laws and University policies that may apply to electronic mail. These policies and laws change from time to time; therefore, users of this Policy are encouraged to refer to online versions of this and other University policies accessible on the Office of the President home page on the World Wide Web.
University Policies and Guidelines
Business and Finance Bulletins:
A-56, Academic Support Unit Costing and Billing Guidelines
BUS-29, Management and Control of University Equipment
BUS-43, Materiel Management
BUS-65, Guidelines for University Mail Services
IS-3, Electronic Information Security (pdf document)
IS-6, Campus Communications Guidelines
RMP-1, University Records Management Program
RMP-2, University Records Disposition Program
RMP-7, Privacy of and Access to Information Responsibilities
RMP-8, Legal Requirements on Privacy of and Access to Information
Personnel Manuals and Agreements:
Academic Personnel Manual
Personnel Policies for Staff Members
Administrative and Professional Staff Program Personnel Policies
Staff Personnel Policies
Collective Bargaining Contracts (Memoranda of Understanding)
Other Related Policies and Guidelines:
Campus Access Guidelines for Employee Organizations (Local Time, Place, and Manner Rules)
Policies Applying to Campus Activities, Organizations, and Students
Policy and Guidelines on the Reproduction of Copyrighted Materials for Teaching and Research
Policy on Copyright Ownership
University of California Records Disposition Schedules Manual
State of California Statutes:
State of California Education Code, Section 67100 et seq.
State of California Information Practices Act of 1977 (Civil Code, Section 1798 et seq.)
State of California Public Records Act (Gov. Code, Section 6250 et seq.)
State of California Penal Codes, Section 502
Federal Statutes:
Federal Family Educational Rights and Privacy Act of 1974
Federal Privacy Act of 1974
Electronic Communications Privacy Act of 1986
This University Electronic Mail Policy references circumstances where access to electronic mail may occur without the prior consent of the holder (see Section 35.1.2.1, “Introduction,” and Section 35.1.2.5.E). Following is the list of University policies that may trigger such nonconsensual access following procedures defined in Section 35.1.2.5.E.2.
Policies governing sexual or other forms of harassment, specifically: Section APM-035, Appendix A of the Faculty Code of Conduct; Personnel Policies for UC Staff Members; Administrative and Professional Staff Program Personnel Policies, Sections 112.1 and 112.2; Staff Personnel Policies, Section 200.2. (For exclusively represented employees in units where initial collective bargaining agreements are under negotiation, applicable personnel policies continue to govern until an agreement is concluded.) Sexual harassment by students is covered by item 6 below.
Certain portions of policies governing access to University records, specifically RMP-1, Section III; RMP-8, Section VIIG; and RMP-8, Exhibit D.
The Academic Personnel Manual, APM-015, Section II, Part II, limited to those parts headed Unacceptable Faculty Conduct, and the University Policy on Integrity in Research.
University of California Personnel Policies for Staff Members, Administrative and Professional Staff Program Personnel Policies, and Staff Personnel Policies. (For exclusively represented employees in units where initial collective bargaining agreements are under negotiation, applicable personnel policies continue to govern until an agreement is concluded.)
All collective bargaining agreements and memoranda of understanding.
Section 102, governing student conduct, of the policy entitled “Policies Applying to Campus Activities, Organizations, and Students.”
Sections 35.1.2.5 and 35.1.2.6 of this Electronic Mail Policy.
Violations of other policies can normally be detected and investigated without requiring nonconsensual access to electronic mail. However, on occasion, attention to possible policy violations is brought about because of the receipt by others of electronic mail. Electronic mail, however, can be forged; the true identity of the sender can be masked; and the apparent sender may deny authorship of the electronic mail. In such circumstances and provided there is substantiated reason (as defined in Appendix 35.1.2.10, “Definitions”) that points to the identity of the sender, nonconsensual access to the purported sender's electronic mail may be authorized following the procedures defined in Section 35.1.2.5.2, but only to the least extent necessary for verifying unambiguously the identity of the sender, and only for major violations of the following policies:
Business and Finance Bulletin A-56, Section IV-H, governing sales of goods or services outside the University.
Business and Finance Bulletin BUS-29, Section N, governing use of University materiel or property.
Business and Finance Bulletin BUS-43, Part 3, Section X-A, governing use of University credit, purchasing power, or facilities.
Policies Applying to Campus Activities, Organizations, and Students, Section 42.40, governing use of University properties for commercial purposes and personal financial gain.
Business and Finance Bulletin BUS-65, Section VII, governing provision of University mailing lists to others.
Policy and Guidelines on the Reproduction of Copyrighted Materials for Teaching and Research.
Campus Access Guidelines for Employee Organizations.
Posting and Authority to Change
Because University policies are subject to change, this list may change from time to time. The authoritative list at any time will be posted under the listings of University policies posted on the World Wide Web. Authority to change this list rests with the President of the University acting, where policies affecting faculty are concerned, with the advice of the Academic Senate.
UC Davis Implementation of the Electronic Mail Policy[3]
This is from the UCD Policy and Procedure Manual, Section 310-16—Electronic Mail, dated September 24, 1999.
This section provides UC Davis implementing guidelines for, and is supplemental to, the University of California Electronic Mail Policy. The UC E-mail Policy and these guidelines apply to (1) all e-mail services operated by UCD units and (2) all users of UCD e-mail services, including anyone who has an e-mail account in the domain ucdavis.edu, in its subdomains (e.g., cs.ucdavis.edu, ucdmc.ucdavis.edu), or on any computers connected to the UCD network. See also the UCD Computer and Network Acceptable Use Policy.
Authorizing Vice Chancellor—. the person who has final authority for the inspection, monitoring, or disclosure of e-mail, as described in the UC E-mail Policy. At UCD, the authorizing vice chancellors shall be the Provost & Executive Vice Chancellor for faculty accounts, the Vice Chancellor—Administration for staff and other nonfaculty/student accounts, and the Vice Chancellor—Student Affairs for student accounts.
Campus Counsel—. the office that provides legal advice to the authorizing vice chancellors.
Department Head—. the head of an administrative or other unit as designated by the Chancellor. For purposes of this section, the terms “department head” and “unit head” are used interchangeably. In the absence of the department head, responsibility shall be assumed by the individual to whom the department head reports. For students, “department head” shall be the Director of Student Judicial Affairs.
E-mail Service Manager—. the person who has systems, security, and/or administrative responsibility for an electronic mail system, and/or the person receiving mail as the postmaster of the site. At UCD, this refers to an e-mail system within the domain ucdavis.edu, in its subdomains (e.g., cs.ucdavis.edu, ucdmc.ucdavis.edu), or on any computer connected to the UCD network.
Faculty and Staff
UCD employees may be issued UCD e-mail accounts for the purpose of conducting University business and for such other purposes as conform with UC E-mail Policy provisions on allowable use. In addition, faculty and staff from other UC locations who are on temporary assignment at UCD or temporarily affiliated with UCD may be issued UCD e-mail accounts for the duration of their service on projects or special assignments under the auspices of UCD.
Students
Registered matriculating students are eligible for access to campus e-mail services.
Directory Information
Students' electronic mail addresses shall be considered directory information as defined by Section 320-21, Disclosure of Information from Student Records, and may be published or released to third parties without the student's consent.
Request for Confidentiality
As provided by Section 320-21, a student may request that her/his directory information remain confidential. If so requested, a student's e-mail address shall not be published in any campus directory (electronic or print), nor shall that student's e-mail address be released by the University to third parties without the student's consent.
A request for confidentiality cannot guarantee complete privacy of one's e-mail address. Use of e-mail implies consent by the user to release one's address. Students' e-mail addresses are generally available to faculty and Teaching Assistants on class rosters and on the logs of the automated class mailing lists. A person's e-mail address may also remain accessible through computer system commands such as “finger” or “who is.”
To increase personal security of one's e-mail, a student may choose a login ID that is not personally identifiable. Also, in extraordinary situations, system administrators may hide a student's account from computer system commands.
Further information about a student's privacy rights with respect to student records (including e-mail) is available in Sections 320-20 and 320-21 of this manual and from the Office of Student Judicial Affairs.
Others
Other individuals may be eligible for UCD e-mail services.
Qualifying individuals with proven UCD affiliation, such as retirees, emeriti faculty, faculty at other UC campuses, and University Extension students enrolled in courses requiring e-mail access, may be determined eligible for e-mail access at the discretion of departments providing or sponsoring e-mail services. Direct charges for e-mail services are based on affiliation and current UCD policy for central funding of core services and are subject to change. Eligibility is determined by continued affiliation with UCD and a University-related need for services.
Contractors, independent consultants, and certain agents of the University other than employees may be issued temporary UCD e-mail accounts for the sole purpose of conducting their business on behalf of the University, unless agreed otherwise in writing. Such persons shall be notified of the UC E-mail Policy and shall sign a written understanding that the account is not private and that the contents of electronic mail may be inspected, monitored, or disclosed by the University, consistent with the E-mail Policy, during and after their service. Departments should ensure that administrative records held by such persons can be accessed. Options for reduction of nonconsensual access are suggested in paragraph 35.1.3.3-F-1, below.
Access will be provided only to those applicants who can provide proof of formalized affiliation with the UCD campus, signed by the appropriate UCD sponsor. In addition, a Temporary Computing Account for Special UCD Affiliates form must be filed with the UCD E-mail Postmaster.
Eligible users must agree to comply with the UC E-mail Policy and with these guidelines, and departments are responsible for any of their activities using UCD e-mail services.
Departments may further restrict eligibility, but may not expand it to additional categories of users.
Use for University Purposes
Access to electronic mail, if provided, is at the discretion of the department in consideration of educational requirements, job demands, departmental needs, and cost and efficiency factors. E-mail services are provided to UCD employees and others for the purpose of conducting the University's business and such other purposes as conform with allowable use provisions in the UC E-mail Policy.
Incidental Personal Use
UCD e-mail services may be used incidentally for personal purposes as described in UC E-mail Policy Paragraph 35.1.2.6-A-8, except by “other” users restricted by paragraph 35.1.3.3-A-3, above. Personal use must comply with the allowable use provisions of the UC E-mail Policy and with other policies regarding appropriate use of University resources, including the UCD Computer and Network Acceptable Use Policy.
Incidental personal use of a UCD e-mail account is not permitted on behalf of an outside organization, whether the outside organization is for-profit, not-for-profit, or nonprofit, except under the circumstances listed below. Before using UCD e-mail services on behalf of an outside organization, therefore, e-mail users shall verify with their UCD supervisors that the proposed use complies with UC and UCD policy. A UCD e-mail address shall not be published as the point of contact for non-University activities.
Charities
UCD e-mail services may be used only for charitable activities that have been approved by the Chancellor (for example, the annual United Way campaign). Before using UCD e-mail services for such approved purposes, the individual must obtain written authorization from the Chancellor or designee.
Professional Organizations
UCD e-mail services may be used on behalf of an outside professional organization when the individual is participating as a representative of the University in the activities of a professional association of which the University is a member, or when the individual is a member of an organization in support of the University's mission.
Civic Committees or Task Forces
UCD e-mail services may be used on behalf of national, state, and local committees or task forces when associated with an approved University activity.
Unions
Employees may use UCD e-mail services to occasionally write to unions about their own personal needs within the limits of incidental personal use.
Employees shall not use UCD e-mail services on behalf of a union's needs (e.g., mass mailings, surveys) unless such use is specifically permitted by the applicable collective bargaining agreement.
Policy Violations
Violations of University policies and guidelines governing the use of e-mail services may result in service restriction. In addition, corrective action under applicable University personnel policies and collective bargaining agreements may occur.
Access to Administrative Records
When an e-mail user's affiliation with UCD terminates, the e-mail holder shall turn over to UCD all administrative records in his or her possession. This may be accomplished either by memo giving consent to access the e-mail records and/or by giving the department head or designee the password to the account. If the individual is unable or unwilling to turn over administrative records, the department may seek the records through the procedures for nonconsensual access described in paragraph 35.1.3.3-E-3, below. The e-mail holder may delete any records generated by incidental personal use of e-mail before consenting to access.
Mail Forwarding
At the discretion of the e-mail user's department head, and at cost to the department at the current rates, forwarding services may be provided after termination for a period normally not to exceed 1 month for students, 3 months for staff, or 6 months for faculty. In such cases, the e-mail user whose mail is being forwarded must agree in writing that any mail that pertains to the University's business will be returned to the department. The department head may require that all mail forwarded to a terminated employee from the UCD address also be forwarded to a departmental account. If the department head does not authorize forwarding, the e-mail accounts of persons no longer affiliated with the University will be canceled with no forwarding services provided.
The use of UCD e-mail services is a privilege that can be revoked without prior notice and without the consent of the e-mail user. The Chancellor has delegated responsibility for maintaining the integrity of all UCD e-mail systems to the Vice Provost—Information and Educational Technology, who will act as he or she deems necessary to prevent disruption of e-mail services or damage to users of e-mail, including disruption or damage caused by e-mail users.
Account Closure
The department head may cancel any e-mail account that is funded by the unit. This normally happens when the e-mail user's affiliation with UCD is terminated or when continuation of the e-mail service is no longer in the interest of the department. The e-mail account of an employee who transfers to another unit may be continued with the consent of the new department head.
Restriction of Services
Aside from required maintenance to the e-mail servers that may necessitate suspending e-mail services for all users, e-mail services may be suspended or restricted by the e-mail service manager or the e-mail user's department head under the conditions described in UC E-mail Policy, paragraph 35.1.2.5-C, Service Restrictions.
Notification
Unless it is unlawful to do so, the e-mail service manager will inform the affected UCD e-mail user of the reason for the restriction and the manager under whose authority the restriction has taken place. This notification may be oral or written.
Restoration
UCD e-mail services may be restored by the manager under whose authority the restriction of service has taken place.
Recourse
The decision to restrict services may be appealed to the Vice Provost within 30 days of the notification. Further appeal may be made to the Chancellor within 30 days of the Vice Provost's decision.
Authorization
An e-mail holder's records may be inspected, monitored, or disclosed without the consent of the individual only under the circumstances and in the manner described in UC E-mail Policy, paragraph 35.1.2.5-E, Restrictions on Access Without Consent, and with the approval of the authorizing Vice Chancellor.
Procedures for Consensual Access
Exhibit A, Request to Inspect, Monitor, or Disclose E-mail Records—Consensual Access, should be used to track compliance with the UC E-mail Policy and these guidelines. Users of UCD e-mail services may not be compelled to consent to allow others to access their e-mail or to provide their e-mail passwords to any other persons, including supervisors.
However, should they choose not to do so, the department may have recourse to the provisions for nonconsensual access, below.
Procedures for Nonconsensual Access
Exhibit B, Request to Inspect, Monitor, or Disclose E-mail Records—Nonconsensual Access, shall be used to document that proper procedures have been followed. The following procedure shall be used to authorize the inspection, monitoring, or disclosure of e-mail records without the consent of the e-mail holder:
If necessary to prevent destruction of or tampering with e-mail records, a service restriction may be made as described in paragraph 35.1.3.3-D-2, above, and/or an employee may be placed on investigatory leave.
The individual seeking the records shall bring the request in writing to the attention of the affected e-mail holder's department head.
The department head shall verify that the request is consistent with the provisions of the UC E-mail Policy and shall consult with Campus Counsel regarding legal aspects of the request.
If Campus Counsel concurs that the request is lawful, the department head shall document the circumstances of the request and Counsel's advice.
The department head shall present this documentation and a formal written request to access the e-mail holder's records to the authorizing Vice Chancellor for approval.
If the e-mail holder is a member of the faculty, as defined in Academic Personnel Manual, Section APM 110-4(14), the Provost and Executive Vice Chancellor shall consult in writing with the Chair of the Academic Senate. The time period allowed for the consultation shall be specified by the Provost & Vice Chancellor and shall not exceed 4 weeks.
If the authorizing Vice Chancellor approves, the department head shall present the authorized request to the e-mail service manager.
The e-mail service manager shall arrange for the requested e-mail records to be accessed, providing only the relevant e-mail records, if any, to the department head.
If it is lawful to do so, the department head shall notify the e-mail holder that the records have been inspected, monitored, or disclosed.
Procedures for Emergency Circumstances
In emergency circumstances, as defined in the UC E-mail Policy, records may be inspected, monitored, or disclosed without the prior consent of the authorizing Vice Chancellor. Exhibit B, Request to Inspect, Monitor, or Disclose E-mail Records—Nonconsensual Access, shall be used to document the postauthorization of emergency access to e-mail without prior consent of the individual. The following procedures shall be used in such emergency circumstances:
The e-mail service manager shall act on the authorization of the department head, and notify the authorizing Vice Chancellor.
The department head, without delay, shall follow the procedures provided in paragraph 35.1.3.3-E-3, above.
If the approval of the authorizing Vice Chancellor is not subsequently given, the department head shall take measures to restore the situation as closely as possible to that existing before action was taken.
Recourse after Nonconsensual Inspection, Monitoring, or Disclosure
Under both the normal and emergency procedures, the e-mail holder may appeal the decision of the authorizing Vice Chancellor to the Chancellor within 30 days of the notification.
Inspection in Response to Operational Concerns
Periodic statistical analysis of e-mail transaction logs is required for planning and resource management purposes. When troubleshooting, information in e-mail logs and “headers” such as sender, recipient, date, and subject may be examined by staff in response to normal operational concerns (e.g., problems with the delivery of e-mail, excessive copies of messages, or excessive length of messages). Certain technical tools used in the management of computer systems may display the entire content of a file. In such cases, staff will exercise professional judgment about viewing the content of the file. In addition, a user request for help in resolving e-mail problems is implicit consent to peruse the user's e-mail files in the most noninvasive manner possible to resolve the user's problem.
Annual Reporting
The Vice Provost—. Information and Educational Technology shall require the authorizing Vice Chancellors to provide an annual report summarizing all instances in which electronic mail was inspected, monitored, or disclosed without consent of the individual. The annual report will be retained by the Office of the Vice Provost in accord with UC policy.
Under UC E-mail Policy paragraph 35.1.2.5-D, University employees are expected to comply with University requests for copies of e-mail records in their possession that pertain to the administrative business of the University, or whose disclosure is required to comply with applicable laws, regardless of whether such records reside on a computer housed or owned by the University. If an employee fails to provide a copy of the requested e-mail record, or is absent and unable to do so, the e-mail record may be sought without the consent of the e-mail holder according to 35.1.3.3-E, above.
Departmental Options
In order to reduce the need for nonconsensual access to e-mail in the event of absences, departments may use, individually or in combination, any of the following techniques or other methods that are consistent with provisions of the UC E-mail Policy and paragraph 35.1.3.3-F-2, below.
Mail forwarding—. use e-mail forwarding capabilities, if available, so that during planned absences e-mail will be forwarded to the person responsible for covering the work.
Departmental accounts—. establish common workgroup accounts for department-related business so e-mail records can be accessed by others in the e-mail holder's absence.
Service accounts—. establish accounts for copies of incoming mail that requires action.
Autoforwarding with filtering—. set filters to forward selected e-mail to relevant employees in the e-mail holder's absence.
Mailing lists—. establish mailing lists so that all subscribers receive a copy of any messages posted to the list.
E-mail Holder Protections
In addition to following provisions of the UC E-mail Policy, supervisors and other persons to whom e-mail holders have given either consent to access their e-mail or their e-mail passwords must follow these guidelines. They:
Must not use the password to access the e-mail holder's records except to obtain e-mail records required to continue University business in the e-mail holder's absence.
Must limit their inspection of the employee's e-mail records to the least perusal of contents and the least action necessary to obtain the needed records.
May not seek out, use, or disclose non-University-business-related information contained in the employee's e-mail files.
Must not violate the UC E-mail Policy regarding use of a false identity by transmitting e-mail in the other person's name.
Network and computer operations personnel and system administrators should be familiar with and must adhere to the provisions regarding security, confidentiality, and privacy in the UC E-mail Policy and these guidelines. When rerouting or disposing of otherwise undeliverable e-mail, they should limit their inspection to the least invasive action required to perform their duties (e.g., search header information before text, use electronic keyword searches) and notify the recipient that the e-mail has been inspected.
Backup Notification
The e-mail service manager shall provide notification about backup practices for that service's e-mail:
To the service's new e-mail users when an account is first opened.
To all the service's e-mail users on an annual basis.
To all the service's e-mail users whenever backup practices change.
On request by a user of the e-mail service.
This notification may be written or electronic and need not be acknowledged by the user of the e-mail service.
Archiving
UCD does not maintain archives of all e-mail sent or received.
E-mail service personnel are not required to back up electronic mail. To the extent that e-mail is backed up, the purpose of the backup is to ensure system integrity and reliability, not to provide for future retrieval.
E-mail service personnel are not required to retrieve e-mail from backup facilities on the request of e-mail users.
The e-mail service manager will make use of backup copies of e-mail in situations where access without consent is necessary.
Responsibility
E-mail service managers shall provide notification of the UC E-mail Policy and the UCD guidelines:
To the e-mail service's new users at the time an e-mail account is opened.
To all the e-mail service's users on an annual basis.
Such notification may be in print or electronic form.
Requirements
Notification shall include, at a minimum:
Notice that users of UCD e-mail services are required to abide by the provisions of the UC E-mail Policy and UCD guidelines.
Directions on how to obtain a full copy of the UC E-mail Policy and UCD guidelines.
An explanation of current backup procedures.
Reference to the name, address, and telephone number of an individual who can answer questions about the UC E-mail Policy, UCD guidelines, and current backup procedures.
Acknowledgment
New users of UCD e-mail services must attest that they have read and understand the UC E-mail Policy and UCD guidelines. This attestation may be in written or electronic form, according to procedures in use by the e-mail service at the time the account is opened.
Ongoing users of UCD e-mail services will be notified annually of the UC E-mail Policy and UCD guidelines. Continued use of UCD e-mail services after the annual notification implies acknowledgment of notification.
Office of the President: University of California Electronic Mail Policy, 3/23/98.
Policy and Procedure Manual:
Section 320-20, Privacy of and Access to Information.
Section 320-21, Disclosure of Information from Student Records.
Section 330-95, Misuse of University Resources.
UC Davis Computer and Network Acceptable Use Policy, 12/15/98.
The Acceptable Use Policy for the University of California, Davis[4]
The policy is in two parts. Part 1 describes what is, and what is not, allowed. Part 2 gives examples of acceptable and unacceptable use.
This acceptable use policy governs the use of computers and networks on the UC Davis campus. As a user of these resources, you are responsible for reading and understanding this document. This document protects the consumers of computing resources, computing hardware and networks, and system administrators.
Computers and networks can provide access to resources on and off campus, as well as the ability to communicate with other users worldwide. Such open access is a privilege and requires that individual users act responsibly. Users must respect the rights of other users, respect the integrity of the systems and related physical resources, and observe all relevant laws, regulations, and contractual obligations. Since electronic information is volatile and easily reproduced, users must exercise care in acknowledging and respecting the work of others through strict adherence to software licensing agreements and copyright laws.
All existing laws (federal and state) and University regulations and policies apply, including not only those laws and regulations that are specific to computers and networks, but also those that may apply generally to personal conduct.
Users do not own accounts on University computers but are granted the privilege of exclusive use. Under the Electronic Communications Privacy Act of 1986 (Title 18 U.S.C., Section 2510 et. seq.), users are entitled to privacy regarding information contained on these accounts. This act, however, allows system administrators or other University employees to access user files in the normal course of their employment when necessary to protect the integrity of computer systems or the rights or property of the University. For example, system administrators may examine or make copies of files that are suspected of misuse or that have been corrupted or damaged. User files may be subject to search by law enforcement agencies under court order if such files contain information that may be used as evidence in a court of law. In addition, student files on University computer facilities are considered “educational records” under the Family Educational Rights and Privacy Act of 1974 (Title 20 U.S.C., Section 1232[g]).
Misuse of computing, networking, or information resources may result in the loss of computing and/or network access. Additionally, misuse can be prosecuted under applicable statutes. Users may be held accountable for their conduct under any applicable University or campus policies, procedures, or collective bargaining agreements. Illegal production of software and other intellectual property protected by U.S. copyright law is subject to civil damages and criminal punishment including fines and imprisonment. The Davis campus of the University of California supports the policy of EDUCOM on “Software and Intellectual Rights.”
Other organizations operating computing and network facilities that are reachable via the UC Davis network may have their own policies governing the use of those resources. When accessing remote resources from UC Davis facilities, users are responsible for obeying both the policies set forth in this document and the policies of the other organizations.
Minor infractions of this policy, when accidental, such as consuming excessive resources or overloading computer systems, are generally resolved informally by the unit administering the accounts or network. This may be done through electronic mail or in-person discussion and education.
Repeated minor infractions or misconduct that is more serious may result in the temporary or permament loss of computer access privileges or the modification of those privileges. More serious violations include, but are not limited to, unauthorized use of computer resources, attempts to steal passwords or data, unauthorized use or copying of licensed software, repeated harassment, or threatening behavior. In addition, offenders may be referred to their sponsoring advisor, department, employer, or other appropriate University office for further action. If the individual is a student, the matter may be referred to the Office of Student Judicial Affairs for disciplinary action.
Any offense that violates local, state, or federal laws may result in the immediate loss of all University computing privileges and will be referred to appropriate University offices and/or law enforcement authorities.
Conduct that violates this policy includes, but is not limited to, the activities in the following list.
Unauthorized use of a computer account.
Using the campus network to gain unauthorized access to any computer system.
Connecting unauthorized equipment to the campus network.
Unauthorized attempts to circumvent data protection schemes or uncover security loopholes. This includes creating and/or running programs that are designed to identify security loopholes and/or decrypt intentionally secure data.
Knowingly or carelessly performing an act that will interfere with the normal operation of computers, terminals, peripherals, or networks.
Knowingly or carelessly running or installing on any computer system or network, or giving to another user, a program intended to damage or to place excessive load on a computer system or network. This includes, but is not limited to, programs known as computer viruses, Trojan Horses, and worms.
Deliberately wasting/overloading computing resources, such as printing too many copies of a document.
Violating terms of applicable software licensing agreements or copyright laws.
Violating copyright laws and their fair use provisions through inappropriate reproduction or dissemination of copyrighted text, images, etc.
Using University resources for commercial activity such as creating products or services for sale.
Using electronic mail to harass or threaten others. This includes sending repeated, unwanted e-mail to another user.
Initiating or propagating electronic chain letters.
Inappropriate mass mailing. This includes multiple mailings to newsgroups, mailing lists, or individuals—e.g., “spamming,” “flooding,” or “bombing.”
Forging the identity of a user or machine in an electronic communication.
Transmitting or reproducing materials that are slanderous or defamatory in nature or that otherwise violate existing laws or University regulations.
Displaying obscene, lewd, or sexually harassing images or text in a public computer facility or location that can be in view of others.
Attempting to monitor or tamper with another user's electronic communications, or reading, copying, changing, or deleting another user's files or software without the explicit agreement of the owner.
It is the intention of the Joint Campus Committee on Information Technology in adopting this policy that it should be reviewed annually by a subcommittee of the Joint Campus Committee on Information Technology. It is further our intention that this policy should be incorporated into the UC Davis Policy and Procedure Manual as soon as possible.
For further information, refer to:
University of California Electronic Mail Policy
UC Davis Directive #90-108, “Principles of Community”
UC Davis Policy and Procedure Manual, Section 210-70, “Copyright”
UC Davis Policy and Procedure Manual, Section 280-05, “Prohibited Discrimination”
UC Davis Policy and Procedure Manual, Section 320-20, “Privacy and Access to Information”
UC Davis Policy and Procedure Manual, Section 380-12, “Sexual Harassment”
UC Davis Code of Academic Conduct
University of California: Standards of Conduct for Students
UC Davis Administration of Student Discipline
The EDUCOM Code: Software and Intellectual Rights
Office of Student Judicial Affairs
Information Technology IT-EXPRESS
[1] The text of this policy is copyrighted by the Regents of the University of California © 1998. Used by permission. Minor wording and numbering changes were made to conform to the layout for this book. The changes do not affect the contents of the policy.
[2] To obtain the numbering in the original, delete “35.1.2” from each number (and reference number) and change the integer to a Roman numeral. For example, 35.1.2.6.A.8 in this chapter is VI.A.8 in the original. In addition, Appendices 35.1.2.10, 35.1.2.11, and 35.1.2.12 in this chapter are Appendices A, B, and C, respectively, in the original.
[3] To obtain the numbering in the original, delete “35.1.3” from each number (and reference number) and change the integer to a Roman numeral. For example, 35.1.3.3-F-1 in this chapter is III-F-1 in the original.
[4] The text of this policy is copyrighted by the Regents of the University of California, ©2000. Used by permission. Cross-references have been updated to reflect the chapter numbering of this text, and references to Web pages for “other information” have been deleted.