Electronic Mail (E-mail) Guidelines
This guideline provides information on the appropriate usage and retention of e-mail for University of North Texas System (UNT System) institutions, including the University of North Texas (UNT), the University of North Texas at Dallas (UNTD), the University of North Texas Health Science Center (UNTHSC), and the University of North Texas System Administration (System Administration). The UNT System provides e-mail services to facilitate the learning, teaching, research, and service missions of the UNT System and its institutions.
Disclaimer
UNT System e-mail services are the property of the UNT System and use of this resource constitutes an agreement to abide by relevant federal and state laws and institutional policies. Unauthorized use of the e-mail system is prohibited. Violations can result in penalties and criminal prosecution. Usage may be subject to security testing and monitoring. Users have no expectation of privacy except as otherwise provided by applicable privacy laws.
Definitions
- Bulk e-mails are duplicate e-mails sent to many recipients, such as announcements, newsletters, or emergency notifications.
- E-mail accounts are electronic repositories for electronic mail and contacts, and may include a calendar.
- E-mail system is computer hardware and software that routes e-mail from one address to another and may provide users with e-mail accounts.
- Protected personal information (PPI) is personally-identifying information protected by one or more laws including the Family Education Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Gramm-Leach-Bliley Act. PPI include social security number, driver’s license number, educational or health care records.
- Non-public financial information is any information a student or third party provides to obtain financial services from a university. This can be from a financial transaction with a university or by providing a financial service. For more information, see the Safeguards Rule of the Gramm Leach Bliley Act.
- Domain name is the internet identifier for computer resources. This is the portion of an e-mail address to the right side of the at symbol (@) or used in web addresses. The domain name for the UNT System and UNT System e-mails is untsystem.edu.
Procedures and Responsibilities
UNT System Information Technology Shared Services (ITSS) provides the e-mail service for communication and collaboration between students, faculty, and staff across UNT World.
Students, faculty, and staff across UNT World should monitor their assigned email accounts to receive important communications from the institutions.
Ownership
UNT World e-mail system and software managed by ITSS, academic or administrative departments, or employees, are the property of the UNT System and named institutions. All use of UNT System resources constitutes an explicit binding agreement to abide by relevant regulations, policies, standards, and applicable laws.
E-mail Records Retention and Disposition
State of Texas laws require that all UNT System e-mail be retained for the retention periods stated in the institution’s records retention schedule. Consult the institution’s records retention schedule for further guidance.
Personal Use
Personal use of e-mail is permitted as long as it is minimal and does not cause additional expense to the UNT System and its institutions. Using institutional e-mail for personal business and/or financial gain is strictly prohibited.
Employees using UNT World System e-mail resources for personal use must ensure that their statements are not interpreted as the opinion or policy of the UNT World. When sending a personal e-mail that could be interpreted as an official statement, the employee should use the following disclaimer at the end of the message:
This e-mail message is a personal communication and does not represent the opinion or policy of the [institution].
Protected Personal and Non-public Financial Information
Employees should not use e-mail to communicate protected personal or nonpublic financial information. When required by an unusual circumstance, an employee may only send such e-mail to appropriate UNT World employees, using only a UNT World e-mail address with encryption. Sending protected information to e-mail accounts that do not reside on UNT World e-mail systems is strictly prohibited.
When sending an e-mail with protected information, the sender should encrypt the email and add the following phrase at the end of the message content:
This message contains information that may be confidential – do not forward. Unless you are the addressee (or authorized by the addressee), you may not use, copy or disclose any information. If you have received this message in error, please contact the sender by phone or a new e-mail message and delete the errant message.
Use of UNT World Provided E-mail Required for Employee Work Duties
Employees must use the UNT World’s centrally-managed e-mail system for all e-mails sent and received in the course of their work duties. Use of personal e-mail accounts for UNT World business (e.g., Gmail, Yahoo!) is strictly prohibited.
Use of Unapproved E-mail Systems or Software
Use of any e-mail software, client, or system that has the effect of bypassing any safeguards implemented by ITSS is strictly prohibited.
Bulk E-mails
Bulk e-mail should be judiciously used and only in the case of internal UNT World communications or for the department, college, or newsletters. Unsolicited bulk e-mail is strictly prohibited.
The unregistered use of university email domains violate university policy (UNT Policy 14.003 Acceptable Use, sec B.2.a) and jeopardizes the reputation of institutional e-mail domains and the delivery of genuine business electronic communications. Business units that need to send e-mail from third-party systems must use the provider's email domain or request a UNT World child domain from Enterprise Collaboration Services for this purpose.
Custom Domain Name E-mail Addresses
There are special cases when colleges, departments, or individuals want a custom domain name in their e-mail address, for example, john.doe@special-project.org instead of john.doe@untsystem.edu. These requests must adhere to the following guidelines and procedures:
- Requests for institutionally-funded colleges, departments, or individuals are not permitted if the intent or effect would be to disassociate itself from any institution within the UNT System.
- Requests must be for organizations or projects that are being hosted by but are not part of, any institution within the UNT System.
- The request must have the approval of the appropriate provost, vice president, president, or chancellor of the university.
- UNT System institution employees that have e-mail addresses with a custom domain must only use it for inbound e-mails. All outgoing e-mails must use the employee’s UNT System institution’s e-mail address.
- Submit the proper e-mail account access request.
Request to access an employee’s e-mail account or e-mails is only considered in these two situations:
- Business continuity — When an employee’s absence or lack of e-mail access could result in a loss of business or income to a UNT System institution, ITSS grants the employee’s supervisor or designee access to the employee’s e-mail account.
- Administrative review — When an employee violates a UNT institution’s policies or commits a crime, ITSS grants the supervisor, designee, and the UNT System Office of General Counsel access to the employee’s e-mail account.
Request process:
- Requests must be approved by the requestor’s supervisor (including higher-ranking supervisors) or designee.
- Requests must include a reasonable and defined duration for the request. In cases where the employee no longer works for the UNT System institution, an indefinite request may be submitted.
- Requestor must submit a request form to the UNT System Information Security office for review.
- In cases of business continuity requests, the e-mail account owner must be notified.
E-mail Impersonation Requests
Most e-mail systems have the ability to allow one user to send an e-mail as another, with no external indications that the e-mail did not originate from the documented sender. This permission is carefully regulated and monitored.
Impersonation requests:
- The account owner must submit an impersonation request form to the UNT System Information Security office for review. The request must contain a statement certifying that the owner understands all risks that arise from permitting another employee to use the account.
- Requests for generic accounts (example: Official Notice) must be approved by the appropriate department head.
- E-mail sent from generic accounts should have a signature identifying the person responsible for the message content.
- Impersonation requests will be reviewed on a periodic basis by ITSS.
Using impersonation permissions with the intent of misrepresenting the account owner is prohibited.
E-mail Account Custody
In general, an e-mail account is provided to an employee to perform college or department business and is the property of the college or department.
When a college or department no longer employs an employee, the college or department is responsible for retaining the contents of that departing account to maintain business continuity as appropriate. An employee that retires from the organization may apply for an email account but must not use the primary mail domain of the institution (e.g., @untsystem.edu) as an outgoing primary address.
When an employee transfers their employment to another college or department, the losing department has custody of the data accumulated by the employee up to the point in which employment is transferred. The losing department may not retain the email identity of the departing employee. The winning college or department shall notify onboard the incoming employee of new communication and storage resources (i.e., Outlook email, One Drive for Business, Teams Voice, etc.) E-mail should only be kept if deemed eligible by the university’s retention schedule. The employee must make available any e-mail account content at the request of the former employing department. The transferring employee must notify any former contacts of the change in employment and must redirect any e-mail correspondence intended for their former college or department to a designee of that former employing college or department.
Retirees
Upon retiring from the university, your supervisor should review the official university e-mail account for content that may need to be retained to meet the university’s retention schedule for business continuity and then deleted.
An employee that retires from the organization may apply for an email account by following the Retiree E-mail Request Procedures but must not use the primary mail domain of the institution (e.g., @untsystem.edu) as an outgoing primary address.
In special situations, a dean or vice president of a college or department may request that the official e-mail account be retained for continued use by the retiree. The college/department will provide account support. These special situations will be reviewed periodically by ITSS.
Personnel Practices
Enterprise Collaboration Services of ITSS maintains a website that details procedures and best practices for using UNT World e-mail systems. The use of UNT World e-mail systems implies that the user has knowledge of and agrees to comply with relevant regulations, policies, and standards.
Authority
Enterprise Collaboration Systems (ECS) of ITSS is the official UNT World e-mail system's administrative owner. They have the authority to intervene in cases that include but are not limited to E-mail abuse and security breaches, as these situations might impact UNT World business or compromise the protected information of UNT World employees and/or students.
While the ECS is not the owner of all UNT World e-mail systems, it has the authority to work with the owning department and appropriate service providers to mitigate or minimize the impact that may result from any e-mail system abuse.
References
- UNT Policy 14.003 - Acceptable Use
- UNT Policy 07.018 - FERPA
- UNT Policy 07.010 - Protected Health Information Privacy
- UNT Policy 04.008 - Records Management and Retention
Forms and Tools
- E-mail Account Access Request
- E-mail Account Impersonation Request
- Retiree E-mail Account Request Procedures
Last update: 7/11/2022