Security and compliance Security and compliance

  • The University has an email policy as part of the Conditions of Computer Use which all members of the University must abide by. It lays down what should and should not be transmitted by email and the permitted levels of personal use.
  • UEA reserves the right to examine email messages without authorisation from the sender or recipient where there is reason to suspect a breach of regulations, or on user request where there are reasonable grounds to do so (see Conditions of Computer Use).
  • The Data Protection Act 1998 (DPA) applies to computerised records including email. We have guidance to help with compliance. Staff should not retain email messages containing personal information for longer than the information is required. The length of time an email with personal data should be retained is dependent upon the purposes for which the information was obtained. Once this purpose is complete, the email should be deleted.
  • Under DPA emails may be released as part of a subject access request, and under the Freedom of Information Act 2000 (FOIA) emails may be released into the public domain in response to a request for information.
  • Do not pass on emails which infringe the copyright of another person.
  • Anyone with access to your username and password can access your mailbox, read your emails, and send emails as if from you. Therefore, do not disclose your username and password to anyone.
  • If you have authorised someone to read and manage your mailbox (e.g. your personal assistant), add a note to this effect to your email signature so that those receiving emails from you are aware of this arrangement.
  • It is contrary to University regulations to share your username and password (see Conditions of Computer Use). Exchange supports delegated access to mailboxes so that emails may be sent on another's behalf, and this does not require sharing of usernames and passwords.
  • It is not possible to prove that a message has been received and read by the intended recipient. Email is therefore not a suitable means for conveying messages with contractual or disciplinary content where proof of receipt may be required.
  • Email is insecure. Anything you send can be read by others (unless you protect its contents through use of encryption).
  • Anything you receive may not have originated from where it appears to come from, as 'From:' addresses can be easily forged. Therefore never disclose anything confidential such as your password or credit card details in an email message.
  • Unsolicited mail should not receive serious attention until and unless the sender’s identity and authenticity of the mail have been verified.
  • GISP6 in the General Information Security Policy covers use of email. GISP18 gives the policy on encryption of data including files and email.
  • Use of email at UEA is also subject to external regulations laid down by the government and our service suppliers.