UCLA Policy 455:	UCLA Email Policy and Guidelines
Issuing Officer:	Associate Vice Chancellor, Information Technology	Printable View
Responsible Dept:	Office of Information Technology
Effective Date:	November 8, 2006
Supersedes:	UCLA Policy 455, dated 5/16/2003

This Policy clarifies the applicability of law and of other University policies to Electronic Mail. It also defines new policy and procedures where existing policies do not specifically address issues particular to the use of Electronic Mail.

Electronic Mail is a primary means of communication in support of the University’s mission of teaching, research and public service. UCLA facilitates the widespread use of email by providing Email Services to current employees and students and, in some cases, to those that have left the University, including all students who have earned a degree from UCLA.

The University recognizes that principles of academic freedom and shared governance, freedom of speech, and privacy of information hold important implications for Electronic Mail and Electronic Mail Services. The University affords Electronic Mail privacy protections comparable to those which it traditionally affords paper mail and telephone communications. This Policy reflects these firmly-held principles within the context of the University’s legal and other obligations.

The University encourages the use of Electronic Mail and respects the privacy of users. It does not routinely inspect, monitor, or disclose Electronic Mail without the Holder’s consent. Nonetheless, subject to the requirements for authorization, notification, and other conditions specified in this Policy, the University may deny access to its Electronic Mail Services and may inspect, monitor, or disclose Electronic Mail (i) when required by and consistent with law; (ii) when there is Substantiated Reason to believe that violations of law or of University policies listed in Attachment C have taken place; (iii) when there are Compelling Circumstances; or (iv) under Time-dependent, Critical Operational Circumstances as those terms are defined below.

The University Electronic Communications Policy (ECP), revised as of August 18, 2005, is fully applicable to the UCLA campus. This campus Policy reflects all of the relevant provisions in the ECP concerning Email and has been extended to include certain required campus implementations in the area of Electronic Mail only. Provisions developed as local campus implementations or extensions of the ECP are identified throughout this policy by the placement of “UCLA” as a modifier in the section headings, definitions, or portions of text instead of the general reference to “University”.

II. PURPOSE

The purpose of this Policy is to assure that:

• The UCLA campus community is informed of the provisions of the UC ECP relevant to Email, extensions of the policy made applicable to the UCLA Campus, and the applicability of other policies and laws to Electronic Mail;
  
  
• Electronic Mail Services are used in compliance with those policies and laws;
  
  
• Users of Electronic Mail Services are informed about how concepts of privacy and security apply to Electronic Mail; and
  
  
• Disruptions to University Electronic Mail and other services and activities are minimized.

III. DEFINITIONS

The terms "Electronic Mail" and "Email" are used interchangeably throughout this Policy.

Compelling Circumstances: Circumstances where failure to act may result in significant bodily harm, significant property loss or damage, loss of significant evidence of one or more violations of law or of University policies listed in Attachment C, or significant liability to the University or to members of the University community.

Computing Facility or Facilities: Computing resources, services, and network systems such as computers and computer time, data processing and storage functions, computer systems and services, servers, networks, input/output and connecting devices, and related computer records, programs, software, and documentation.

Electronic Mail, Email Record or Email: Any of several electronic computer records or messages created, sent, forwarded, replied to, transmitted, stored, held, copied, downloaded, displayed, viewed, read, or printed by one or several Email Systems or Services. This definition of Email Records applies equally to the contents of such records and to transactional information associated with such records, such as headers, summaries, addresses, and addressees.

Electronic Mail Systems or Services: Any messaging system that depends on Computing Facilities to create, send, forward, reply to, transmit, store, hold, copy, download, display, view, read, or print computer records for purposes of asynchronous communication across computer network systems between or among individuals or groups, that is either explicitly denoted as a system for Electronic Mail or is implicitly used for such purposes, including services such as electronic bulletin boards, listservers, and newsgroups.

Emergency Circumstances: Circumstances where time is of the essence and where there is a high probability that delaying action would almost certainly result in Compelling Circumstances.

Faculty: A member of the academic community defined as Faculty Academic Personnel Policy 110-4 (14).

Holder of an Email Record or Email Holder: An Email User who is in Possession of a particular Email Record, regardless of whether that Email User is the original creator or a recipient of the content of the record.

Official UCLA Email Communication: Any Email communication from a UCLA department or unit, or an official of such department or unit, to a current, former or prospective UCLA employee, student or other person affiliated with UCLA concerning any University academic, administrative, or other business subject.

Possession of Email: An individual is in "possession" of an Email Record, whether the original record or a copy or modification of the original record, when that individual has effective control over the location of its storage. Thus, an Email Record that resides on a computer server awaiting download to an addressee is deemed, for purposes of this Policy, to be in the possession of that addressee. Systems administrators and other Operators of University Email Services are excluded from this definition of Possession with regard to Email not specifically created by or addressed to them.

Email Users are not responsible for Email in their Possession when they have no knowledge of its existence or contents.

Substantiated Reason: Reliable evidence indicating that a violation of law or of policies listed in Attachment C probably has occurred, as distinguished from rumor, gossip, or other unreliable evidence.

Time-dependent and Critical Operational Circumstances: Circumstances where failure to act could seriously hamper the ability of the University to function administratively or to meet its teaching obligations, but excluding circumstances pertaining to personal or professional activities, or to Faculty research or matters of shared governance.

UCLA Authorizing Official: the UCLA administrator identified in the Table in Section V.E.2. of this Policy with the ability to approve access to a UCLA Email User’s Email without the consent of the user under certain circumstances as set forth in the section.

UCLA Lifetime Email Address: a UCLA Email address that is intended to last indefinitely, whether as an Email account for a student or as a mechanism to forward email to another account following the graduation of the student from the University, and to facilitate consistent and reliable communication of University business-related matters.

UCLA Operator of University Email Systems or Facilities (Operator): The departmental computer system operator(s) or Email System administrator(s) responsible for operating and maintaining the department’s Email System.

UCLA Provider of Email System or Service (Provider): An organization, department or unit of UCLA, as represented by the department head of such unit, that provides and maintains an Email System or Services for the use of its Faculty, staff, and/or students.

University Email Record: A University Record in the form of an Email Record regardless of whether any of the Computing Facilities utilized to create, send, forward, reply to, transmit, store, hold, copy, download, display, view, read, or print the Email Record are owned by the University. This implies that the location of the record, or the location of its creation or use, does not change its nature as: (i) a University Email Record for purposes of this or other University policy (see, however, Sections V. D and E), and (ii) having potential for disclosure under the California Public Records Act. Until determined otherwise or unless it is clear from the context, any Email Record residing on University-owned Computing Facilities may be deemed to be a University Email Record for purposes of this Policy. This includes, for example, personal Email (see Section VI. A. 9). Consistent, however, with the principles asserted in Section V. E. of least perusal and least action necessary and of legal compliance, the University must make a good faith a priori effort to distinguish University Email Records from personal and other Email where relevant to disclosures under the California Public Records Act and other laws, or for other applicable purposes of this Policy.

University Email Systems or Services: Electronic Mail Systems or services owned or operated by the University or any of its sub-units.

University Record: A "public record" as defined in Business & Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information and the California Public Records Act. "Public records" include any writing containing information relating to the conduct of the public's business prepared, owned, used, or retained (by the University) regardless of physical form or characteristics. [California Government Code Section 6252(d)]. With certain defined exceptions, such University Records are subject to disclosure under the California Public Records Act.

Records held by students, including Email, are not University Records unless such records are pursuant to an employment or agent relationship the student has or has had with the University. This exemption does not, however, exclude student Email from other aspects of this Policy, regardless of whether such Email is a University Record.

Use of University or Other Email Services; (University) Email User: To create, send, forward, reply to, transmit, store, hold, copy, download, display, view, read, or print Email (with the aid of University Email Services). A (University) Email User is an individual who makes use of University Email Services.

Receipt of Email prior to actual viewing is excluded from this definition of "use" to the extent that the recipient does not have advance knowledge of the contents of the Email Record.

IV. SCOPE

• All Electronic Mail Systems and Services provided or owned by the University;
  
  
• All Email Users, Holders, and uses of University Email Services;
  
  
• All University Email Records in the Possession of University employees or other Email Users of Electronic Mail Services provided by the University.

1. General Restriction of Services

Access to University Electronic Mail Services, when provided, is a privilege that may be wholly or partially restricted by the University without prior notice and without the consent of the Email User:

• when required by and consistent with law;
  
  
• when there is a Substantiated Reason to believe that violations of policy or law have taken place; or
  
  
• in exceptional cases, when required to meet Time-dependent, Critical Operational Needs.

Personnel policies and procedures applicable to UCLA staff, including collective bargaining agreements, employment contracts, the Faculty Code of Conduct or the Student Code of Conduct may contain or imply other restrictions to an individual's Email Service.

A UCLA Provider may restrict access to Email Services to a particular user or users in accordance with the provisions of this Policy. A Provider intending to restrict an individual's Email Services must ensure that the action is in compliance with the policies and procedures that govern the individual's employment or, in the case of an individual not employed by the University, with any written agreement.

2. Allegations of Misuse of UCLA Email Services

Allegations concerning the misuse of Electronic Mail Services involving UCLA Faculty should be brought immediately to the attention of either the Department Chair of the employing department or the Dean of the appropriate school or division. Allegations regarding UCLA students should be coordinated with the Dean of Students Office.

In situations involving UCLA employees subject to staff policies, collective bargaining agreements or employee contracts, any proposed action should be coordinated with the employee's department and UCLA's Employee and Labor Relations Office. Suspected violations of law should be reported to the UCLA Police.

3. Notification of Restriction of Use of UCLA Email Services

The Email User shall be notified of the scope, reason and duration of the restriction consistent with applicable University policy. Email Services may be restored when the situation that occasioned the restriction of service has been resolved.

4. Restriction Upon Termination of UCLA Affiliation

UCLA Providers shall be required to terminate the access to Email Services of any individual, department, or group when such individual, department, or group ceases its affiliation with the University or is otherwise no longer eligible to utilize campus Email Services. Unless the Provider has defined otherwise, use will be canceled when Faculty, students, staff, contractors, etc., terminate their association with UCLA. UCLA Providers may, but are not required to, provide former Email Users with Email forwarding services, the duration of any such forwarding service to be at the discretion of the Provider. UCLA Providers shall provide notification prior to any service discontinuance.

This restriction on services upon termination of UCLA affiliation notwithstanding, UCLA Providers who have been designated for the purpose by the Office of the Registrar may issue a UCLA Lifetime Email Address to qualifying students as provided in VI.A.9, below.

D. Consent and Compliance

An Email Holder's consent shall be sought by the University prior to any inspection, monitoring, or disclosure of University Email Records in the Holder's Possession, except as provided for in Section V.E. University employees are, however, expected to comply with University requests for copies of Email Records in their Possession that pertain to the administrative business of the University, or whose disclosure is required to comply with applicable laws, regardless of whether such records reside on a computer housed or owned by the University. Failure to comply with such requests can lead to the conditions of Section V.E.

In order to reduce the need to access an employee's Email in the event of that employee's absence, UCLA departments and units may use, individually or in combination, a number of techniques, such as:

• Email forwarding, if available and with the consent of the Email Holder, so that during planned absences employees can forward Email to the person responsible for performing the work in their absence;
  
  
• common workgroup files for departmental-related business so that Email Records can be accessed by others in the employee's absence;
  
  
• an "on vacation" program, so that during absences correspondents can be advised to re-route business Email to an alternative address.

E. Access Without Consent

The University shall only permit the inspection, monitoring, or disclosure of Electronic Mail without the consent of the holder of such Email (i) when required by and consistent with law; (ii) when there is a Substantiated Reason to believe that a violation of law or of a University policy listed in Attachment C has taken place; (iii) when there are Compelling Circumstances; or (iv) under Time-dependent, Critical Operational Circumstances.

When the contents of Email must be inspected, monitored, or disclosed without the Holder's consent, authorization for such access must be obtained in accordance with the following procedures.

Except in Emergency Circumstances, as described below, such actions must be authorized in advance and in writing by the responsible UCLA Authorizing Official. Authorization shall be limited to the least perusal of contents and the least action necessary to resolve the situation.

1. UCLA Access Request

The person seeking access to the Email Records for the purpose of inspecting, monitoring, or disclosing such records shall bring a request in advance of the access to the attention of the affected Email Holder's Department/Unit Head or Dean. The requestor shall be responsible for preparing a "UCLA Authorization Form for Non-Consensual Access to Email Records" for this purpose and obtaining the required authorizations (see Attachment D). Where there is a Substantiated Reason to believe that a violation of criminal law has taken place, the request for authorization for access to Email Records will be made by the UCLA Police Chief.

2. UCLA Authorization

Authorization for the inspection, monitoring, or disclosure of Electronic Mail without the consent of the Email Holder must be obtained in advance and shall be made by the following UCLA Authorizing Officials depending upon the status of the affected Email Holder:

UCLA E-Mail Holder Status	UCLA Authorizing Official
Faculty	Vice Chancellor - Academic Personnel, after consulting with Campus Counsel and with the written advice of the Chair of the Academic Senate, may so authorize the Department/Unit Head or Dean.
Student (Not in a capacity as a Staff Employee)	Vice Chancellor - Student Affairs, after consulting with Campus Counsel, may so authorize the Dean of Students.
Staff Employee or Student in a capacity as a Staff Employee (Non-Medical Center, Non-Schools of Medicine & Dentistry)	Administrative Vice Chancellor, after consulting with Campus Counsel and/or Campus Human Resources, may so authorize the Department/Unit Head or Dean.
Staff Employee of the Medical Enterprise (Medical Center or Schools of Medicine & Dentistry) or Student in a capacity as such Staff Employee	Associate Vice Chancellor & CEO - Hospital Systems, after consulting with Medical Center Counsel and/or Medical Center Human Resources, may so authorize the Department/Unit Head Associate Administrator.

This authority may also be exercised by the Chancellor or the Executive Vice Chancellor/Provost without regard to the status of the affected Email Holder. This authority may not be further redelegated.

The authorization shall be in writing and shall be based on a request submitted in writing. The "UCLA Authorization Form for Non-Consensual Access to Email Records" (Attachment D) is intended for this purpose. The authorization shall be limited to the least perusal of contents and the least action necessary to resolve the matter.

Campus Counsel's advice shall be sought prior to authorization because of changing interpretations by the courts of laws affecting the privacy of Electronic Mail, and because of potential conflicts among different applicable laws. Where the inspection, monitoring, or disclosure of Email held by Faculty is involved, the advice of the Campus Academic Senate shall be sought in writing in advance. All such advice shall be given in a timely manner.

3. UCLA Authorization under Special Circumstances

Authorization under certain special circumstances is to be provided as follows:

• Violation of Criminal Law
  
  The UCLA Police Chief will request authorization for access to Email Records when there is Substantiated Reason to believe that violations of law have taken place, following the procedure set forth above. In the event of compelling, or Time-dependent, Critical Operational Circumstances, the emergency procedure set forth below will be followed instead.
  
  
• Preservation of Evidence
  
  A Department/Unit Head or Dean may request authorization to take steps to secure Email Records to preserve evidence when there is a Substantiated Reason to believe that violations of law or of University policies have taken place, following the procedure set forth in Section E above. However, no such evidence may be inspected or disclosed without written authorization as specified herein. In the event of a Compelling Circumstances, or Time-dependent and Critical Operational Circumstances, the emergency procedure set forth in Subsection 4 below, will be followed instead.

4. Emergency Circumstances

In Emergency Circumstances the least perusal of contents and the least action necessary to resolve the emergency may be taken immediately without authorization, but appropriate authorization must then be sought without delay following the procedures described above. Such Emergency Circumstances may include Compelling Circumstances or Time-dependent and Critical Operational Circumstances. If the action taken is not subsequently authorized, the responsible authority shall seek to have the situation restored as closely as possible to that which existed before action was taken.

5. Notification

In either case, the responsible authority or designee shall, at the earliest possible opportunity that is lawful and consistent with other University policy, notify the affected individual of the action(s) taken and the reasons for the action(s) taken. Each campus will publish, where consistent with law, an annual report summarizing instances of authorized or emergency non-consensual access pursuant to the provisions of this section.

The UCLA Authorizing Official, as identified in the table under section V.E.2. above, shall be responsible for tracking instances of authorized or emergency non-consensual access and reporting such information to the UCLA Director, Information Technology Policy. The UCLA Director, IT Policy shall be responsible for tabulating the non-consensual access data for the campus and providing the annual report as called for above. The UCLA Director, IT Policy shall provide a copy of such annual report to the Chair of the UCLA Academic Senate.

6. Compliance with Law

Actions taken under this section, including access to Email Records residing on computers not owned or housed by the University, shall be in full compliance with the law and other applicable University policy, including laws and policies listed in Attachment B. Advice of counsel always must be sought prior to any action taken under such circumstances, particularly with respect to Email Records whose content is protected under the Federal Family Educational Rights and Privacy Act of 1974, which applies equally to Email as it does to print records.

F. UCLA Recourse

UCLA Email Users who believe that actions taken by employees or agents of the University were in violation of this Policy regarding procedures for review and appeal of actions taken under Sections V.C. and E. may file a complaint with the appropriate UCLA Authorizing Official as noted above in Section V.E.2. The decision of the UCLA Authorizing Official may be appealed to the Executive Vice Chancellor, whose decision is final.

G. Misuse

In general, both law and University policy prohibit the theft or other abuse of computing resources. Such prohibitions apply to Electronic Mail Services and include, but are not limited to, unauthorized entry, use, transfer, and tampering with the accounts and files of others, and interference with the work of others and with other Computing Facilities. Under certain circumstances, the law contains provisions for felony offenses. Users of Electronic Mail are encouraged to familiarize themselves with these laws and policies (see Attachment B, References).

VI. SPECIFIC PROVISIONS

1. Purpose

Electronic Mail Services are to be provided by University organizational units in support of the teaching, research, and public service mission of the University, and the administrative functions that support this mission.

2. Users

Users of University Electronic Mail Services are to be limited ordinarily to University students, Faculty, and staff for purposes that conform to the requirements of this Policy.

A Provider may choose to provide or not provide Email Services to defined categories of users, and may limit the types of services offered based upon consideration of campus or local department or unit missions, available resources, or other academic or business needs and priorities.

Examples of other categories which Providers may deem eligible for access to campus Email Services include, but are not limited to:

• emeriti Faculty;
  
  
• students who have earned a degree from UCLA;
  
  
• Faculty at other University of California campuses;
  
  
• individuals in the Visiting Scholar Program, exchange students, or other participants in their educational programs;
  
  
• contractors, independent consultants, temporary agency employees or similar qualifying individuals for the sole purpose of conducting their business with the University; or
  
  
• groups as defined by the UC Policy on Support Groups, Campus Foundations and Alumni Associations.

Email Services may be provided for individuals, groups, or entities not affiliated with the University provided such use is determined to be in the institutional interests of the University and, provided further, that the terms, conditions, and restrictions to be placed on such use are contained in a written agreement.

3. Non-Competition

University Electronic Mail Services shall not be provided in competition with commercial services to individuals or organizations outside the University.

4. Restrictions

University Electronic Mail Services may not be used for: unlawful activities; commercial purposes not under the auspices of the University; personal financial gain (see applicable academic personnel policies); personal use inconsistent with VI.A.11; or uses that violate other University policies or guidelines. The latter include, but are not limited to, policies and guidelines (see Attachment B, References) regarding intellectual property, or regarding sexual or other forms of harassment.

5. Representation

Electronic Mail Users shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless appropriately authorized (explicitly or implicitly) to do so. Where appropriate, an explicit disclaimer shall be included unless it is clear from the context that the author is not representing the University. An appropriate disclaimer is: "These statements are my own, not those of the University of California."

6. False Identity

University Email Users shall not employ a false identity. Email may, however, be sent anonymously provided this does not violate any law or this or any other University policy, and does not unreasonably interfere with the administrative business of the University.

7. Mass Messaging

A UCLA Email User shall not send or forward unsolicited bulk email messages (also known as “spam”; see VI.A.10, below), including any attachments to such messages, to mailing lists, to other UCLA Email Users, or to other non-UCLA persons. The mass messaging of content related to University business or activities sent to a specific target audience using campus list services, BruinPost or user-created distribution lists is permitted, provided that the name of the sender is properly identified and the University-business-related purpose of the Email is clearly stated in the message. Subscribers to a UCLA-sponsored electronic mailing list will be deemed as having solicited any material delivered by such a service so long as the material is consistent with the list's purpose and the service has published a procedure for opting out of the service. Mass messaging to UCLA students must be coordinated through the Office of the Registrar, consistent with the Registrar’s Policy for Access to Student Lists. UCLA Electronic Mail Services may be used for incidental personal purposes in accordance with VI.A.11, below.

8. Use of Official UCLA Email Communication

University departments or units may send communications concerning official University business to UCLA Faculty, staff and students by means of Email as they determine such means of communications to be more efficient and expeditious than paper mailings. Students are responsible for designating one Email address for receipt of Official UCLA Email Communication. Academic units or Faculty that wish to send department or course-specific Emails to their students may do so at their discretion via department-issued Email addresses not specifically designated for receiving Official UCLA Email Communications. Faculty, staff and students are responsible for checking their Email with regularity to stay current with Official UCLA Email Communications.

9. Provision of UCLA Lifetime Email Address

Every UCLA student enrolled in regular session or summer session courses at UCLA as determined by the Office of the Registrar shall be issued a UCLA email address by a UCLA Provider of Email Service designated for such purpose by the Office of the Registrar. A student who has earned a degree from UCLA, as determined by the Office of the Registrar, shall be entitled to continue using this email address as a UCLA Lifetime Email Address provided that such use conforms to the provisions of this policy and such other guidelines as may be issued by the University or the UCLA Lifetime Email Address provider.

10. Interference

University Email Services shall not be used for purposes that could reasonably be expected to cause, directly or indirectly, excessive strain on any Computing Facilities, or unwarranted or unsolicited interference with others' use of Email or Email Systems. Such uses include, but are not limited to, the use of Email Services to: (i) send or forward Email chain letters; (ii) "spam," that is, to exploit listservers or similar broadcast systems for purposes beyond their intended scope to amplify the widespread distribution of unsolicited Email; and (iii) "letter-bomb," that is, to resend the same Email repeatedly to one or more recipients to interfere with the recipient's use of Email.

11. Personal Use

University Electronic Mail Services may be used for incidental personal purposes provided that, in addition to the foregoing constraints and conditions, such use does not: (i) directly or indirectly interfere with the University operation of Computing Facilities or Electronic Mail Services; (ii) burden the University with noticeable incremental cost; or (iii) interfere with the Email User's employment or other obligations to the University. Email Records arising from such personal use may, however, be subject to the presumption in the definition of a University Email Record regarding personal and other Email Records. Email Users should assess the implications of this presumption in their decision to use University Electronic Mail Services for personal purposes.

B. Security and Confidentiality

1. Limitations on Confidentiality

Confidentiality of Email may be compromised by the applicability of law or policy, including this Policy, by unintended redistribution, or because of the inadequacy of current technologies to protect against unauthorized access. Users, therefore, should exercise extreme caution in using Email to communicate confidential or sensitive matters.

2. Unauthorized Access or Disclosure

Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information, prohibits University employees and others from "seeking out, using, or disclosing" without authorization "personal or confidential" information, and requires employees to take necessary precautions to protect the confidentiality of personal or confidential information encountered in the performance of their duties or otherwise. This prohibition applies to Email Records. In this Policy the terms "inspect, monitor, or disclose" are used within the meaning of "seek, use, or disclose" as defined in RMP-8.

3. Access by Computer Operations Personnel in the Performance of Their Duties

Notwithstanding the previous paragraph, users should be aware that, during the performance of their duties, network and computer operations personnel and system administrators need from time to time to observe certain transactional addressing information to ensure proper functioning of University Email Services, and on these and other occasions may inadvertently see the contents of Email messages. Except as provided elsewhere in this Policy, they are not permitted to see or read the contents intentionally; to read transactional information where not germane to the foregoing purpose; or disclose or otherwise use what they have seen.

One exception, however, is that of systems personnel (such as "postmasters") who may need to inspect Email when re-routing or disposing of otherwise undeliverable Email. This exception is limited to the least invasive level of inspection required to perform such duties. Furthermore, this exception does not exempt postmasters from the prohibition against disclosure of personal and confidential information of the previous paragraph, except insofar as such disclosure equates with good faith attempts to route the otherwise undeliverable Email to the intended recipient. Re-routed mail normally should be accompanied by notification to the recipient that the Email has been inspected for such purposes.

4. Security of Email Records

The University attempts to provide secure and reliable Email Services. Providers of University Electronic Mail Services are expected to follow sound professional practices in providing for the security of Electronic Mail Records, data, application programs, and system programs under their jurisdiction. However, such professional practices and protections are not foolproof and the security and confidentiality of Electronic Mail cannot be guaranteed. Furthermore, Operators of Email Services have no control over the security of Email that has been downloaded to a user's computer. Email Users should employ whatever protections (such as passwords) that are available to them as a deterrent to potential intruders and to misuse of Email.

5. Discarded Email Records

Users of Electronic Mail Services should be aware that, even though the sender and recipient have discarded their copies of an Electronic Mail Record, there may be back-up copies that can be retrieved. Systems may be "backed up" on a routine or occasional basis to protect system reliability and integrity, and to prevent potential loss of data. The back-up process results in the copying of data onto storage media that may be retained for periods of time and in locations unknown to the originator or recipient of Electronic Mail. The practice and frequency of back-ups and the retention of back-up copies of Email vary from system to system. Electronic Mail users are encouraged to request information on the back-up practices followed by the Operators of University Electronic Mail Services, and such Operators are required to provide such information upon request.

6. UCLA Email Addresses

Email addresses that are issued by a UCLA Provider to students, staff, faculty or others affiliated with UCLA are generally considered to be public information and as such, may be made available in electronic or paper directories.

• The student Email address is considered Personally Identifiable Information under the provisions of the Federal Family Educational Rights and Privacy Act (FERPA) and state law, which are incorporated in University policies applying to the disclosure of information from student records. In the category of Personally Identifiable Information, UCLA has designated the student Email address as Public Information, the release of which must be in compliance with the provisions of UCLA Policy 220 (Disclosure of Information from Student Records). An Email address that is included in the UCLA employment records of a student who is employed as a result of his/her status as a student is a Student Record under the provisions of UCLA Policy 220. The release of Email addresses from Student Records must comply at all times with the laws and policies governing the disclosure of student information.
  
  
• Email addresses of UCLA faculty, staff and others affiliated with UCLA are generally considered as non-personal information and may be released upon request in accordance with applicable policies and laws.

C. Archiving and Retention

Violations of law or University policies in the Use of University Electronic Mail Services may result in restriction of access to University information technology resources. In addition, disciplinary action, up to and including dismissal, may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.

A. Cautions in the Use of Email

B. Policy and Law References (updated as of April 2005)