SUNY New Paltz provides email to faculty, staff, students, as well as a select group of non-employee affiliates of the college. The purpose of these email accounts is to provide a secure email system, including spam, virus, and phishing filtering in support of the teaching, learning, research, and operations of the college. The purpose of this policy is to:
- Ensure that the email system is available for communication within and outside the campus community and is not impacted by external blacklisting/greylisting.
- Prevent situations where email providers block delivery of New Paltz email to their systems.
- Inform users of their responsibilities in using the system.
- Inform users about the release of email as public records under New York State Freedom of Information Laws and the release of email under federal and state e-discovery rules.
- Detail our email retention policies.
The SUNY New Paltz email systems are used as an official channel of communication. Faculty, students, and staff, are responsible for reading their New Paltz email account regularly for official college communications.
All users are responsible for safeguarding their password and not sharing it with others, including family, friends, supervisors, subordinates, or Computer Services staff.
SUNY New Paltz employees need to be aware that law and policy relating to the use of state resources prohibit use of New Paltz email accounts for personal business or communication.
It is strongly recommended that New Paltz employees maintain a personal email account for communications not related to SUNY New Paltz or their positions on campus. Faculty and staff who use their campus account for personal communication may have that communication subject to public access under New York State Freedom of Information Law, and federal/state e-discovery rules.
College emails should not contain any PII information (SSNs, birthdates, credit card numbers, course grades) nor long lists of personal information (home addresses and phone lists, etc.). If an individual emails the college with protected PII information,the recipient should redact any PII information from any and all replies, and delete the original email.
All correspondence between professors/instructors and students regarding grades must be done through their official campus email accounts. Discussion on grades with individuals other than the student will be governed by FERPA.
Students or part-time faculty who choose to forward their campus email account may do so. It is the individual’s responsibility to make sure the destination account, where their mail is forwarded, is checked regularly and is under quota. SUNY New Paltz is not responsible for mail not delivered to or received by individuals who forward their email.
Full-time faculty, staff, and administrators are not permitted to forward their New Paltz email account off-campus.
Backup and Record Retention
SUNY New Paltz keeps backups of the Zimbra email system. These backups are for disaster recovery purposes only.
Deleted messages (in the Trash folder) are retained for 7 days. Messages in the Spam/Junk folder are retained for up-to 30 days. All other email on an individual’s email account is retained for 3 years. Mail on New Paltz mail servers older than 3 years will automatically be deleted. Senders and recipients of email are responsible for identifying and saving documents which must be retained in order to comply with federal, state, or local laws, or to meet operational, legal, audit, research, or other requirements.
Departments which have been identified by Internal Controls as having special retention requirements will have special archive folders setup for their departments to meet this purpose.
Any litigation hold supersedes this policy. During a litigation hold, Computer Services will archive all mail sent to/from specific individuals identified by SUNY Counsel or their designee for this hold.
Accounts hosted on-campus (Zimbra, Engineering, Computer Science) are filtered for spam and viruses internally by systems maintained by Computer Services. Messages with a high probability of being spam based on the sending server’s reputation will not be accepted or delivered. Messages with a high probability of spam based on their content will be delivered to a user’s Junk/Spam folder.
Outgoing mail originating from New Paltz servers with a high probability of being spam will be quarantined and not delivered. This is to prevent mail from a compromised account or machine from delivering spam to internal and/or external recipients.
Computer Services reserves the right to access an email account (student, faculty, or staff) when there is suspicion of account compromise. SUNY New Paltz will also comply with valid request from law enforcement for access to any accounts.
In the case of employees (current or former), a supervisor or their designee can only be given access to the account with written permission of the Director of Human Resources or the President of the College.
Personally Owned Devices
It has become commonplace to access email from various hand held devices (cell phones, tablet PCs, etc.). Due to the private nature of some College communications, we require that if you set up direct email access from your device, that the device be protected by a PIN or password so that should it be lost or accessed by an unauthorized person your campus email contents will be protected.
Public Records and E-discovery
Employee email accounts may contain official college correspondence as well as non-official correspondence. It is important for all employees to be aware that copies of email messages, including personal communications, may be released to the public under the New York State Freedom of Information Law. In addition, all email messages including personal email may be subject to and released in response to various governmental and court-ordered legal actions. New federal rules regarding discovery of electronically-stored evidence require the preservation and production/disclosure of any electronic evidence that is regularly and routinely available, including email messages, when there is active or expected litigation.
APPLICABILITY OF POLICY
This policy applies to all college email, and to all users of the college email systems.
Violations of this policy will result in appropriate disciplinary measures in accordance with University policies, applicable collective bargaining agreements, and state and federal laws.