Overview and Purpose

The [variable: Covered Organization] Electronic Mail ( email) facility offers employees and contractors an efficient way to communicate with others inside, and outside (via Internet) the [variable: Covered Organization] using the organization's computer systems.

The purpose of the [variable: Covered Organization] Acceptable Use, Email Policy is to:

• Establish rules for the creation and transfer of information through the [variable: Covered Organization]'s internal email system
• Prevent unintended disruption or degradation of network communications and the efficient operations of email systems

Coverage

All individuals authorized to use any [variable: Covered Organization] information Resource with the capacity to send, receive, or store electronic mail.

Definitions

General Terminology

• Email ( electronic mail)
• Email ( electronic mail) system
• Information Resource (IR)

Roles and Functions

• [No roles and functions defined for this policy]

Policy

• [variable: Covered Organization] email is provided for use to accomplish day-to-day business activities. Whenever possible, users should limit the distribution of email to the smallest group possible in order to eliminate unnecessary network congestion.
• Authorized [variable: Covered Organization] email users are not permitted to forward [variable: Covered Organization] email or attachments to personal accounts managed by public email or Internet access service providers where the information might be compromised.
• [variable: Covered Organization] employees and contractors are not authorized to use the email system to send sensitive information via the Internet where information might be intercepted.
• [variable: Covered Organization] employees may make incidental personal use of email. Any incidental email usage may not interfere with official duties, must have a minimal effect on the organization, and must be consistent with standards of ethical conduct.
• System users must not send, forward, receive or store confidential or sensitive [variable: Covered Organization] information utilizing non-[variable: Covered Organization] accredited mobile devices. Examples of mobile devices include, but are not limited to, Personal Data Assistants (PDAs), two-way pagers, and cellular telephones.

Appropriate Use of Email

Appropriate use of the [variable: Covered Organization] email system includes generating and sending emails regarding:

• [variable: Covered Organization] mission and program related activities
• Other [variable: Covered Organization] business-related and endorsed activities
• Subject to the limitations contained in this email policy statement, brief occasional personal messages

Inappropriate Use of Email

• The [variable: Covered Organization] email facility may not be used to:
  • Send email intended to intimidate or harass individuals or organizations
  • Conduct personal business
  • Send unsolicited messages to large groups, except as required to conduct organizational business
  • Sending excessively large messages or messages with attachments larger than [variable: file size]
  • Send or forward email that is likely to contain computer viruses
  • Sending or forward personal messages to everyone in the company directory or other large user groups
  • Send or forward chain letters
  • Conduct political lobbying or campaigning
  • Violate copyright laws by inappropriately distributing protected works
• Email system users may not:
  • Represent themselves as anyone other than themselves when sending email, except when explicitly authorized to do so in an administrative support role
  • Use unauthorized email software
• All sensitive [variable: Covered Organization] material transmitted over external network must be encrypted.
• Email system users must not give the impression that the user is representing or making statements on behalf of [variable: Covered Organization], except under condition of explicit authorization. The following disclaimer must be included in all messages sent through the email system: “The opinions expressed in this message are my own, and not necessarily those of my employer."

For other terms and criteria of system use, refer to the organization’s policy on Acceptable Use: Internet.

Enforcement

All activity on [variable: Covered Organization] Information Resources is subject to logging and review

If an inappropriate email is brought to our attention, the sender mat be directed by either the email Postmaster or the Computer Security Officer to retract the message. Inappropriate or unauthorized email may be retracted by the Postmaster if the sender is not available.

Violation of this policy may result in disciplinary action, including termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [variable: Covered Organization] Information Resources access privileges, civil, and criminal prosecution.

Supporting Documentation

This policy is supported by the following rules, standards, and procedures:

• [variable: internal documents (with links, if available)]
• [variable: external documents (with links, if available)]

Policy Support Contact

• [variable: title (not personal name) of role responsible for overseeing this procedure]
• [variable: Contact information of office responsible for overseeing this procedure]

Policy Publication Date

[variable: Policy publication date]

Revision(s)

• [variable: Policy revision date]

References

• Copyright Act of 1976
• Foreign Corrupt Practices Act of 1977
• Computer Fraud and Abuse Act of 1986
• Computer Security Act of 1987
• The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Policy Model(s)

• US State of Texas Department of Information Resources