Profile
SUNY New Paltz provides email to faculty, staff, students, as well as a select group of non-employee affiliates of the University. The purpose of these email accounts is to provide a secure email system, including spam, virus, and phishing filtering in support of the teaching, learning, research, and operations of the University. The purpose of this policy is to:
- Ensure that the email system is available for communication within and outside the campus community and is not adversely impacted by external blacklisting/greylisting.
- Prevent situations where email providers block delivery of New Paltz email to their systems.
- Inform users of their responsibilities in using the system.
- Inform users about the release of email as public records under New York State Freedom of Information Laws and the release of email under federal and state e-discovery rules.
- Detail our email retention policies.
Policy
User Responsibilities
The SUNY New Paltz email systems are used as an official channel of communication. Faculty, students, and staff, are responsible for reading their New Paltz email account regularly for official University communications.
All users are responsible for safeguarding their password and not sharing it with others, including family, friends, supervisors, subordinates, or Information Technology Services staff.
Employee Responsibilities
SUNY New Paltz employees need to be aware that law and policy relating to the use of state resources prohibit use of New Paltz email accounts for personal business or communication.
It is strongly recommended that New Paltz employees maintain a personal email account for communications not related to SUNY New Paltz or their positions on campus. Faculty and staff who use their campus account for personal communication may have that communication subject to public access under New York State Freedom of Information Law, and federal/state e-discovery rules.
Email Content
University emails should not contain any sensitive information in unencrypted form - and even in encrypted form, email should be used sparingly for sensitive information. This is especially true for Social Security Numbers. As per the Credit Card Processing and Handling Policy – credit card numbers should not be stored within email in any way (even if encrypted). Email should not contain nor long lists of personal information (course rosters with grades, birthdates, home addresses and phone lists, etc.). If an individual emails the University with protected PII information, the recipient should redact any PII information from any and all replies and delete the original email.
All correspondence between professors/instructors and students regarding grades must be done through their official campus email accounts. Discussion on grades with individuals other than the student will be governed by FERPA.
See the following link for more information on how to send encrypted emails: Sending Encrypted Email
Email Forwarding
Students who choose to forward their campus email account may do so. It is the individual’s responsibility to make sure the destination account, where their mail is forwarded, is checked regularly and is under quota. SUNY New Paltz is not responsible for mail not delivered to or received by individuals who forward their email.
Faculty, staff, and administrators are not permitted to forward their New Paltz email account off-campus.
Backup and Record Retention
Microsoft keeps backups of the Office 365 email accounts that they host for the University. These backups are for disaster recovery purposes only.
Deleted messages (in the Trash folder) are retained for 30 days. Messages in the Spam/Junk folder are retained for up-to 30 days. Senders and recipients of email are responsible for identifying and saving documents which must be retained in order to comply with federal, state, or local laws, or to meet operational, legal, audit, research, or other requirements.
Any litigation hold supersedes this policy. During a litigation hold, Information Technology Services will archive all mail sent to/from specific individuals identified by SUNY Counsel or their designee for this hold.
Spam Filtering
Our email accounts are filtered for spam and viruses by systems maintained by Microsoft. Messages with a high probability of being spam based on the sending server’s reputation will not be accepted or delivered. Messages with a high probability of spam based on their content will be delivered to a user’s Junk/Spam folder.
Outgoing mail originating from New Paltz servers with a high probability of being spam will be quarantined and not delivered. This is to prevent mail from a compromised account or machine from delivering spam to internal and/or external recipients.
Privacy
Information Technology Services reserves the right to access an email account (student, faculty, or staff) when there is suspicion of account compromise. SUNY New Paltz will also comply with valid request from law enforcement for access to any accounts.
In the case of employees (current or former), a supervisor or their designee can only be given access to the account with written or email permission of the VP of Human Resources, Diversity, and Inclusion or their designee, or the President of the University. In the case of employees working for the Research Foundation, such approval should come from the AVP of Sponsored Programs or their designee. For employees within Campus Auxiliary Services, such approval should come from their Executive Director.
Personally Owned Devices
It has become commonplace to access email from various hand held devices (cell phones, tablets, etc.). Due to the private nature of some University communications, we require that if you set up direct email access from your device, that the device be protected by a PIN or password so that should it be lost or accessed by an unauthorized person your campus email contents will be protected.
Public Records and E-discovery
Employee email accounts may contain official University correspondence as well as non-official correspondence. It is important for all employees to be aware that copies of email messages, including personal communications, may be released to the public under the New York State Freedom of Information Law. In addition, all email messages including personal email may be subject to and released in response to various governmental and court-ordered legal actions. Federal rules regarding discovery of electronically-stored evidence require the preservation and production/disclosure of any electronic evidence that is regularly and routinely available, including email messages, when there is active or expected litigation.
Other related policies
Additional aspects of the Acceptable Uses and Privacy Policy and the Confidential Information Policy, which this policy supplements, apply. See the "Related Articles" section of this page for these policies.
Scope
This policy applies to all University email, and to all users of the University email systems.
Compliance
Violations of this policy will result in appropriate disciplinary measures in accordance with University policies, applicable collective bargaining agreements, and state and federal laws.