Email Policy
Introduction
An email account assigned by Belmont University with an email address ending in belmont.edu is considered to be an “Official Belmont University Email Account.” Accordingly, an email sent from a belmont.edu email address shall be considered an “Official Belmont University Email Message.” An official Belmont University email account shall be considered an official means for communicating university business, and may in some cases be the sole means of communication to the Belmont community on a particular subject. Users are expected to read, and shall be presumed to have received and read, all official Belmont University email messages sent to their official Belmont University email accounts. .
Because the contents of email messages are subject to laws governing public records, users will need to exercise judgment in sending content that may be deemed confidential. Furthermore, email transmissions should not be assumed to be secure, and contents that are expected to remain confidential should not be communicated via email. Common examples of confidential contents include: student grades, personnel records, individual donor gift records, and data subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Family Educational Rights and Privacy Act (FERPA) regulations, and the Gramm Leach Bliley Act (GLBA).
Purpose
The purpose of this policy is to describe the permitted uses of university email. This policy is not meant to supersede or replace, but should be read together with, other university policies.
Compliance with this Policy helps the university to achieve two goals:- Improve the successful delivery of university communications to all faculty, staff and students, and
- Reduce the risk of inappropriate disclosure of university data classified as confidential by the university’s Data Classification Policy
Scope
This policy applies to, but is not limited to, university faculty and visiting faculty, adjunct faculty, staff, students, temporary email account holders, emeritus faculty, contractors, volunteers, and guests who are provided email services managed by or for Belmont University..
Policy
Employee email services are primarily intended to allow faculty and staff to conduct university business. Personal use of email is allowed, provided that personal use
- Does not materially interfere with performance of work responsibilities.
- Does not interfere with the performance of the university networks.
- In compliance with all university policies.
Users must use caution when sending an email from their official Belmont University email account, particularly when sending personal messages. Even the most careful user will occasionally send an email to unintended recipients. Users have no control over the forwarding or alteration of emails once they are sent. It is advisable that faculty and staff set up and use a personal email service such as Google Gmail for personal email outside of university-supported systems.
Accordingly, users must not use email to communicate data classified as level 1 confidential data under the university’s Data Classification Policy without appropriate security layers such as email encryption. It is not recommended as a best practice to send data classified as confidential to internal university recipients, but it is allowable within the Belmont email system . Common examples of this type of information include: social security numbers, credit card numbers, student grades and education records, personnel records, individual donor gift records, and health information subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Temporary Belmont University email accounts can be assigned as needed for the purpose of conducting university work on a temporary basis. The format of official temporary email accounts follow the same naming standard as Belmont employee email accounts. Temporary email accounts may include the following:
- Graduate students or interns who conduct research projects with faculty or staff.
- Temporary workers who are hired to perform a university project on a contract.
- Former employees who assist in transitioning new employees.
- University Lecturers who are not designated as Belmont employees.
- Sodexho employees who work at the university on contract.
- Monitored named email accounts used for conducting ongoing university business. (i.e., email accounts that are published on marketing sites)
The assignment and approval of a temporary Belmont email account should be limited in time and must be re-approved on an annual basis by a department head or senior leader. Temporary email account holders must adhere to all university policies and procedures.
Temporary email accounts may be requested from Network Infrastructure Services by email designating the person, reason for continuation and termination data of temporary status of the email account. All departments are encouraged to limit their use of temporary email accounts by using department group accounts for university purposes and on marketing materials and other university projects where communications by email are essential to conduct business.
The university currently provides email services to all students. Student use of email is subject to the student conduct codes as stated in the Bruin Guide, this policy, and the university’s Acceptable Use Policy.
A. Official Belmont University email AddressThe university currently provides email services to all students. Student use of email is subject to the student conduct codes as stated in the Bruin Guide, this policy, and the university’s Acceptable Use Policy.:
Students and university staff and faculty members will be assigned an official Belmont University email address, which will include a mailbox assigned to one of the two official university email systems:- Office 365 Exchange for faculty, adjunct faculty, and staff members
- Office 365 for Students members
The official Belmont University email address is the address from which, and to which, university business-related email is to be sent and received. An official Belmont University email address will be used for all university email correspondence lists, for populating lists for classes, and for the official online directory. Official communications from university offices, such as the President’s Office, Human Resources, the Provost, Security and others, will be directed to the Official Belmont University email Address. Accordingly, users shall be presumed to have received all official university email messages sent to their official university email address.
Email addresses for faculty, adjunct faculty, and staff are assigned upon official employment by the university. Students are assigned a Belmont email address upon matriculation to the university.
The format for addresses are as follows:
- Faculty, adjunct faculty, and staff email addresses consist of first and last names, and in rare examples may include a middle initial or alternative format, along with the domain name belmont.edu.
- (e.g. sue.jones@belmont.edu) or (suej.jones@belmont.edu)
- Student email addresses are assigned similarly to faculty and staff email addresses with the domain being bruins.belmont.edu
- (e.g. sue.smith@bruins.belmont.edu) or (sue.smith12@bruins.belmont.edu)
- Duplicate email addresses will be assigned a unique number after the last name of the student
If an individual has both a student and employee affiliation, the university may provide a separate email address for each affiliation. Email services should be provided only while a user is employed by or enrolled at the university. Exceptions may be granted for conditions such as email extensions for emeritus status, retirements, or on approval by the Provost or CIO.
B. Email ForwardingManually forwarding university email that contains information classified as level 1 is not approved and violations are subject to sanctions as described below. Any exceptions to this policy must be approved by the CIO and coordinated with the Director of Information Security to ensure that proper email encryption is in place to secure sensitive data.
Users must not assume that email content will remain private and confidential. A user’s expectation of privacy in emails is defined and limited by the university’s Acceptable Use Policy. In addition, email can be altered or forwarded by a recipient without the sender’s knowledge, may be discoverable in litigation, or may be disclosed to comply with a subpoena.
The password associated with an official Belmont University email account may be used to authenticate identity in other university online services. To safeguard your identity and your privacy, do not share your account with other individuals or give your password to anyone. Periodically, users will be required to change their password. Official Belmont University email accounts must use strong passwords and comply with the university’s Password Policy.
- Email Groups
The university maintains email groups to facilitate efficient email communications with users. The university limits access to student email groups to users who have been approved by the Provost and the Office of Communications. Use of email groups for campus communications and used in conjunction with instant messaging, social media and campus web services such as MyBelmont for effective campus communications.
General email usage is a vital tool in day-to-day operations and, with education and awareness, can be a safe means of communication. Users should learn what to look for and how to avoid becoming victims and take all necessary precautions to protect themselves. We also recommend as a best practice that faculty and staff create a personal email account and address for non-Belmont email communications. It is important to be aware of the following points when communicating via email:
- Scams and Spam
- An increasingly common type of scam using spam is phishing. Phishing attacks use 'spoofed' emails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc.
- Emails can be forged, including the send and return address, the email body, and other email information.
- Steps for Prevention
- Treat all email with suspicion.
- Never click on a link in an email to get to a web page. If you must visit the website, type the URL directly into your browser's address bar.
- Never send personal or financial information to anyone via email.
- Email Security Concerns
- Beware of all attachments. Only open those that you are expecting from a bona fide source or have confirmed with the sender before opening.
- The Know Test: Is the email from someone that you know?
- The Received Test: Have you received email from this sender before?
- The Expect Test: Were you expecting email with an attachment from this sender?
- The Sense Test: Does email from the sender with the contents as described in the Subject line and the name of the attachment(s) make sense?
- The Virus Test: Does this email contain a virus?
- Use email filters to move identified suspected spam mail to a spam folder for later verification or deletion.
- Email spoofing
- Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another. Email spoofing is often an attempt to trick the user into releasing sensitive information (such as passwords), or making a damaging statement. Spoofed email can range from harmless pranks to social engineering ploys. Examples of spoofed email that could affect security include:
- Email that appears to come from a known source, but contains a virus or other malicious code or instructions
- Email claiming to be from a system administrator requesting users to change their password to a supplied word or phrase and/or threatening to suspend their account unless they comply.
- Email claiming to be from a person in authority requesting users to send them a password or other sensitive information. If someone can obtain the username and password used to access an email account, they can read and send email messages impersonating the user of that account. It is very easy to construct messages that appear to be from someone other than from the actual sender.
- The university will never ask users to send any personal information via email. If it is suspected that an email is spoofed by someone with malicious intent, contact the Service Desk immediately.
All email accounts are the sole property of Belmont University and the university reserves the right to render an email address inactive and no longer usable. Official Belmont University email Addresses assigned to individuals no longer affiliated with the university will be declared inactive after a period of time as described below.
Retention of email accounts are as follows:
- Faculty and staff email accounts are declared inactive at termination of service with the following exceptions:
- Requests to extend use of Belmont email accounts must be approved by a Senior Leader and designated as a Temporary Account.
- Temporary accounts will be verified annually by Network Services and designated as inactive unless approved by a Senior Leader.
- Emeritus faculty can request to keep their email account active through the Provost Office
- Student email accounts remain active for up to 6 months after graduation or departure from the university.
- Student email accounts will be designated as inactive after 1 full term (Spring or Fall terms only) without course enrollment.
- Inactive student email accounts will be purged on January 1st and on June 1st of each calendar year.
- Student email account addresses are not considered permanent and can be reassigned to new students once the student email account is purged.
- Students who reapply for admission to the university will be granted a new email account name based on availability of the email account name at the time of reapplication for admission to the university.
- Purged student email accounts will be reassigned as needed to new students based on availability.
- Exceptions to student email account timeline:
- Students who are currently designated as active returning students and not enrolled with prior approval of the Provost, Dean or CIO can apply to retain the original email account address assigned at matriculation.
- Students who are otherwise affiliated with the university after inactive status as a student
- Alumni are encouraged to setup a forwarding personal email address through the Alumni website after they no longer are actively enrolled in classes.
As mentioned above, email is simply another communication technology. Any policy of the university that applies to communications also generally applies to the use of email. Use of email in violation of other university policies is also a violation of the Acceptable User Policy.
Examples of improper uses of university email:
- Concealment or misrepresentation of names or affiliations (e.g., misrepresenting oneself as another user);
- Use of email to send spam (unsolicited non-university commercial email);
- Alteration of source or destination address of Email;
- Use of email to violate the university’s policies related to harassment or discrimination;
- Use of email to violate the law.
Sanctions
Violations of this policy will be handled under normal university disciplinary procedures applicable to the relevant persons or departments. In addition, a violation may result in:
- suspension, blocking, or restriction of access to information and network resources when it reasonably appears necessary to do so in order to protect the integrity, security, or functionality of university resources or to protect the university from liability;
- disciplinary action up to and including separation from the university;
The Email Policy is administered through a collection of Belmont standards. The Belmont University Email Policy and its standards are in effect at all times. LITS works in concert with the Dean of Students Office, Senior Leadership, Legal Counsel and Human Resources to ensure fair and appropriate investigation, consideration, and consequences where appropriate. Users are expected to familiarize themselves with applicable Belmont standards and comply with them.
- Password Policy
- Acceptable User Policy
- Wireless Communication Policy
- Technology Purchasing Policy
USER: Any person using any of the university’s computer or information resources, including but not limited to:
- Faculty
- Students
- Alumni
- Contractors
- Consultants
- Associates, honoraries and visiting staff
- Community members and guests
- Other users authorized by the university
- Third parties (ex. Vendors, contractors, etc.)
- Anyone connecting non-Belmont equipment (e.g. laptop computers) to the university network
Library and Information Technology Services (LITS)
The Library and Information Technology Services is a Belmont division that supports technology and library services for the campus.
Microsoft Office365: Belmont’s hosted email system for faculty and staff
Date of Change | Responsible | Summary of Change |
---|---|---|
May 19, 2016 | Randall Reynolds, Director of Information Security | New Policy |
Oct 20, 2016 | Randall Reynolds, Director of Information Security | Policy Update |
May 12, 2017 | Randall Reynolds, Director of Information Security | Policy Update |
February 15, 2019 | Randall Reynolds, Director of Information Security | Policy Updated to define Temporary Accounts |
July 12, 2020 | Randall Reynolds, Director of Information Security | Policy updated to reflect change in student email to Office 365 |