The policies I studied were UNC-Chapel Hill Email policies [http://www.unc.edu/atn/policy/]. Policies concerning Email usage on UNC-Chapel Hill campus could be divided into three groups: Email privacy policy, special handling for Email accounts, and the university's policy on mass Email. Among them, Email privacy policy serves as the primary policy for general email system guidelines.
Summary
and Highlights:
Policy on the Privacy of Electronic Information provides a set of rules
"clarifies the applicability of law and certain other University
policies to electronic mail and the University's Policy on the privacy
of electronic information". Special Handling for Email Accounts answers
questions concerning campus email accounts management in special occasions.
ITS Mass Email Policy introduces Mass Email System that supports requesting,
approving and scheduling official mass emails.
According to the privacy policy, the University does not monitor email
routinely, yet electronic mail is still vulnerable to unauthorized access
by third parties. In order to maintain the University's computing system,
authorized employees could have access to electronic mail stored on the
University's computing system. This access, requiring the approval from
the Provost and the Vice Chancellor and General Counsel, is under strict
control. One important aspect of special handling of email accounts is
that a campus email account would be closed and mail in that account would
be deleted if that person leaves the University. Exceptions are made upon
request from someone retires in good standing or the executor of the estate
if someone dies. Electronic records and electronic mail concerning the
University business are "public records" according to the state
record acts, and are subject to that act's retention/disposition requirements.
Criteria:
Clarity-Is the policy easy to understand, in both language terms
and structure terms?
The language of UNC's set of email policies is easy to understand. There
are also efforts in categorizing the policy into three groups to address
to different situations. Policy on the privacy of electronic information
serves as the primary policy that covers not only electronic mail, but
also other data stored on the University computers and networks. ITS Mass
Email Policy authorizes the distribution of mass email on UNC campus.
Special Handling for Email Accounts explains the University's actions
in dealing with individual's email account when the person is no longer
at the University.
Scope-Who does the policy apply to? What information is covered
by the policy?
The Email policies that I studied are pretty comprehensive. On one hand,
it clearly defines the applicable group of the policy. On the other hand,
it clearly defines most situations in using the electronic resources of
the University. It is good to introduce University anti-discrimination
policy into this cyber realm. Seven purposes are listed in detail, strictly
providing situations that University officials having access to individuals'
email accounts. Special situations are also given full attention in Special
Handling for E-mail Accounts policies. Another good point of the E-mail
policies is that the University makes the email privacy policy an open
issue for discussion and hold public meeting to collect opinions.
Update-Is the policy often updated to address to latest situation?
The policy is under quite frequent update and is open to public discussion.
For example, in this semester the Email and Electronic Records Retention
Policy was replaced by ITS Mass Email Policy. The new ITS Mass Email Policy
is still under construction and the three published version could be found
on its page, with the latest version (March 25, 2003) listed most above.
Recommendations:
However, in my opinion the "authorized access" to individuals
email account should prescribe not only the detailed conditions mentioned
in the policy, but also the range of operators. This range of operators
needs to be highly restricted. For example, the authority had better be
given to a system administrator of a particular department instead of
the any other assistants working under him or her.
In consideration of space conservation, it is quite understandable that the university computing system will delete individual's email account when that person is no longer employed by or enrolled in the University. Yet there must be some inconvenience brought by this policy to the individual, and the University's computing system should not leave it unaddressed. A simple thing that the system could do to improve is to send email to the individual's off-campus email account, reminding him of thedeletion. By doing this, the user will at least not be left in surprise when he finds his account no longer exist.
Another thing that we might be able to improve is that the creator and/or receiver of the electronic records or mail that are defined as public records should keep them in electronic form, instead of making hard copies of them. Making hard copies of electronic materials denies the advantage of this electronic age, and increases archiving work, which should be computerized too. The creator and/or receiver are not the part to decide on materials' retention and disposal. This task should be left for the University Records Committee, who would decide on the final formats of the public records.
These are my observations of the University Email policies. Wrapping up, I want to say that I could see the policy maker's efforts in making this form of communication more efficient and secure throughout UNC community.