Information Technology
Mesa State - Grand Junction, Colorado
Mesa State College Campus Directory Contact Us Help Site Index

E-MAIL AND FILE TRANSFER

MESA STATE COLLEGE
ELECTRONIC COMMUNICATIONS POLICY

I. INTRODUCTION

Mesa State College ("College") permits its employees and student to use College-owned or operated electronic communication facilities for official College business. Except as otherwise provided in paragraph IV of this Policy, the College will not monitor or disclose the content of employees' and students' electronic communications.

II. DEFINITIONS

"Confidential" means a restriction placed on access to information by federal or state laws (including administrative regulations), court orders and rules, contracts, licenses, or Trustee and College policies.

"Content" means any information concerning the substance, purport, or meaning of an electronic communication.

"Direct cost" means a cost, fee or charge that would not otherwise be incurred by the College (for example, long-distance telephone charges and printing costs).

"Electronic communication" includes, but is not limited to electronic mail ("e-mail"), newsgroup posts, World Wide Web ("WWW") pages, data or file transfers, and facsimile communications sent, published, or received by employees or students using College-owned or operated electronic communication facilities. "Electronic communication" includes any electronic communication that has been stored on a College-owned or operated network server, workstation, or personal computer or on removable media such as floppy or "zip" disks and tape. It does not include ordinary telephone communications.

"Electronic communication facilities" includes, but is not limited to public, private, and commercial computer networks (including the Internet), and facsimile facilities.

"Employees" means all full and part-time, temporary and regular College employees including faculty members, administrators, classified personnel, and student employees.

"Monitor" means to intercept, access, or inspect an electronic communication. "Monitor" does not include automatic scanning of an electronic communication by network security software such as firewall and anti-virus programs.

"Students" means students who are currently enrolled and in good standing at the College.

III. POLICIES

A. Permissible Uses of College Electronic Communication Facilities.

Except as expressly permitted in paragraph III.B.1 of this Policy, College-owned or operated electronic communication facilities are intended and shall be used solely for official College business including
employee and student academic pursuits.

B. Prohibited Uses of College Electronic Communication Facilities.

1. Personal and Commercial Purposes. College-owned or operated electronic communication facilities shall not be used for personal or commercial purposes. However, occasional use of e-mail, the Internet, and the WWW for personal purposes is permitted if it does not entail a direct cost to the College.

The College reserves the right to place additional restrictions on the personal use of its electronic communication facilities if necessary or convenient to conserve network resources for official College purposes.

2. Use by Other Persons. Only employees and students may use the College's electronic communication facilities to initiate or receive electronic communications. The College may also authorize guests to use
its electronic communication facilities. Guest use must be authorized in writing by the Assistant Director of Academic Computing.

3. Other Prohibited Uses. College electronic communications facilities shall not be used to:

a. Breach or attempt to breach the security of any electronic communications facility (including the unauthorized or intentionally deceptive use of network privileges, accounts, access codes, identifiers
or passwords); access or use any electronic communication facility without authorization; or knowingly intercept, access, disclose, disrupt, damage, or destroy any electronic communication, or any data,
software, or hardware without authorization.

b. Intentionally disrupt or interfere with others' use of any electronic communication facility (e.g., "spamming" and "mail bombs").

c. Send or store confidential information without authorization.

d. Infringe copyrights or violate other intellectual property rights and laws.

e. Threaten, intimidate, harass, or defame others in violation of College policies or state and federal laws.

f. Violate any other College policies or state and federal laws now or hereafter adopted.

C. E-Mail: Privacy; Ethics; and Unsolicited, Annoying, Threatening, Intimidating, or Harassing E-Mail.

1. Privacy. Current e-mail technology does not guarantee privacy. E-mail is not like a telephone call or a letter in an envelope. Information about e-mail, including the sender's and recipient's names and
addresses, the date, and the content of the communication, is automatically recorded by the computer networks over which it is transmitted and may be backed up and stored for long periods. Many people in addition to the sender and recipient may have authorized or unauthorized access to some or all of this information. For example, if e-mail is improperly addressed or there are problems with routing equipment, a "postmaster" may read the e-mail to try to redirect it correctly. Similarly, breaches of network security may result in unauthorized access to or disclosure of e-mail.

Privacy may be compromised in other ways. E-mail may be delivered to the wrong address as a result of user error or equipment failure. A recipient or recipients may store or print e-mail or forward it to others
including widely read mailing lists and newsgroups. Deleting e-mail does not erase the copies that have been made during transmission and network backups. Even after e-mail has been deleted from a server or
PC drive, it can sometimes be undeleted using specialized software.

Because privacy cannot be guaranteed, it is important to exercise good judgment in drafting and sending e-mail. Do not use e-mail to communicate information that would be embarrassing or damaging to you
or others if it were received by the wrong person or made public. Do not use e-mail to communicate confidential information. Be careful, courteous and professional in choosing what to say and how to say it.

These precautions are equally applicable to facsimile communications.

2. Encryption. Employees and students may encrypt electronic communications only if they furnish the encryption key or software to the College upon request if decryption is necessary to monitor or disclose a
communication under paragraph IV of this Policy.

Any electronic communication that may be a "public record" within the meaning of the Colorado Public Records Act or otherwise subject to monitoring or disclosure under this section IV of this Policy, must be
stored in clear text.

3. Ethics and Ettiquette. A comprehensive summary of e-mail ethics and ettiquette is beyond the scope of this Policy. However, please observe the following guidelines:

a. Conserve network resources. Do not send "who are you" messages, general broadcasts, chain letters, or mass mail.

b. Use good judgment in subscribing to mailing lists. Many lists are accessible by other means that use fewer network resources (e.g., though Usenet gateways or WWW pages).

c. When subscribing to a mailing list, keep the description of list server commands. Ensure that you know how to unsubscribe and do so when you leave the College. If possible, set the list server to "no mail"
during vacations and other lengthy absences from the institution. Retrieve and keep the list's FAQ (Frequently Asked Questions) file and comply with its policies and procedures. When sending e-mail to a list, be sure that you know the difference between sending mail to an individual subscriber and sending it to the entire list.

d. Return incorrectly addressed e-mail to the sender notifying him or her that the address is incorrect.

e. Don't forward confidential or personal e-mail to other individuals, mailing lists or newsgroups without the original sender's express or implied consent.

f. Remember that e-mail can be sent under forged names and addresses.

g. Don't disclose your password to anyone or allow anyone else to use your account.

h. Do your best to ignore "flame bait" and "flame wars."

4. Annoying, Unsolicited, Threatening, Intimidating, or Harassing, Communications. Except for automatic scanning by network security software, the College does not screen e-mail and other electronic communications received by employees and students and generally cannot control their content. However:

a. If you receive threatening, intimidating or harassing e-mail or facsimile communications, report the matter to the Director of Management Information Services. Under some circumstances, the
communications may violate the law and/or this and other policies.

b. If you repeatedly receive annoying or unsolicited e-mail from the same sender or address, consult the Director of Management Information Services. It may be technically feasible to block e-mail sent by a specific sender or from a specific address.

IV. MONITORING AND DISCLOSURE OF THE CONTENT OF
ELECTRONIC COMMUNICATIONS

A. In General.

The College will not routinely monitor or disclose the content of electronic communications sent, received, or stored using College-owned or operated electronic communication facilities.

B. Exceptions.

As the owner or operator of electronic communication facilities and a public institution of higher education subject to the Colorado Public Records Act, 24-72-101 et seq., C.R.S. (as now and hereafter amended), the College may monitor or disclose the content of employees' and students' electronic communications under the following circumstances:

1. A party to the communication consents; or

2. The communication is readily accessible to the public (for example, a WWW page, e-mail sent to a public mailing list, or a newsgroup post); or

3. Monitoring or disclosure of an electronic communication is in the normal course of College employees' employment and is necessarily incident to the maintenance of the College's electronic communication
facilities, the rendition of electronic communication services, or the protection of the College's rights or property (examples include but are not limited to routine maintenance, troubleshooting, or investigating an
excessive use of network resources that adversely affects performance); or

4. Monitoring or disclosure of an electronic communication is: (i) based on an individualized suspicion that an employee or student has violated this Policy, other College or Trustee policies, or state or federal law; and (ii) limited in scope to an investigation of the suspected violation; or

5. The College is legally obligated to monitor or disclose an
electronic communication.

a. The Colorado Public Records Act defines "public records" as any "documentary materials, regardless of physical form or characteristics" expressly including "electronic mail messages," that are "maintained or kept by the state or any ... institution ... thereof for use in the exercise of functions required or authorized by law or administrative rule or involving the expenditure of public funds ... ." 24-72-202, C.R.S. Employees are cautioned that electronic communications sent, received, and/or stored using College-owned or operated electronic communication facilities may be public records subject to public inspection and disclosure under 24-72-203 of the Public Records Act!

b. Warrants, subpoenas, court orders and discovery requests submitted under the Federal or Colorado Rules of Civil Procedure may require the College to monitor or disclose electronic communications.

V. RETENTION AND ARCHIVAL STORAGE OF ELECTRONIC
COMMUNICATIONS

A. State and College Records Policies. State laws and College record-keeping policies apply to records created or stored in digital format including electronic communications.

B. Employees Are Responsible for Copying Electronic Communications for Storage in Departmental or Office Files.

1. Mesa State College does not maintain centralized or distributed archives of electronic communications sent or received over its electronic communication facilities. Backups made for maintenance or
troubleshooting purposes are erased at regular intervals.

2. Individual employees are responsible for making and keeping copies of electronic communications sent or received by them if the communications appear to be:

a. Public records under the Colorado Public Records Act; and

b. Appropriate for preservation either as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the College or because of the value of the official governmental data they contain.

3. Employees should periodically store such copies in departmental or office files for subsequent review followed by either archival storage or destruction in accordance with general College record-keeping policies and the State Archives and Public Records Act, 24-80-101 et seq., C.R.S.

4. However, e-mail received by employees need not be retained for review and storage "unless the recipient has previously segregated and stored such messages as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the government or because of the value of the official governmental data contained therein." 24-80-101 (1) (f), C.R.S. (emphasis added).

C. Copying, Storage, and Inspection.

1. Short-term Electronic Storage. Electronic communications may be copied and saved to a workstation's hard drive or to floppy disks. However, because of rapidly evolving technologies, deterioration of storage media, and the risk of deliberate or inadvertent alteration, long-term digital storage is discouraged.

2. Long-term Storage. Whenever practicable, electronic communications should be transferred to and stored in more durable formats such as print-outs copied to acid-free paper, microform, or other technologies such as CD-ROM.

3. Inspection and Copying of Electronic Records. Public records that are kept in digital format shall be made available for public inspection and copying on floppy disks, on-line, and/or as print-outs in accordance with 24-72-203 (1) (b) & -205, C.R.S. To facilitate compliance with the Public Records Act's very short deadlines for producing public records for inspection and copying, employees, departments, and or offices shall store digital records using a database or other electronic filing system that permits prompt identification and retrieval of the requested records.

V. VIOLATIONS. Violations of this Policy may result in disciplinary action up to and including termination or expulsion in accordance with the State Colleges in Colorado Handbook for Professional Personnel, the
State Personnel System's rules and procedures, and College policies. In addition, the College reserves the right to delete any electronic communication that violates paragraph III.B of this Policy from its electronic communication facilities.

VI. RELATIONSHIP TO OTHER COLLEGE COMPUTING/NETWORK
FACILITIES USE POLICIES. This Policy supplements and does not supersede other College policies governing the appropriate or acceptable use of computing and network facilities.

VII. EFFECTIVE DATE. July 1, 1997.

 

Information Technology
Welcome
Students
Faculty & Staff
Media Services
Banner
Telephone
Acceptable Use

Mesa State College

Information for:
Prospective Students
Current Students
Faculty & Staff
Parents & Family
Alumni & Friends
Mesa in the Community
Extended Studies