All users of University electronic mail are subject to:

• Comply with all federal, Michigan, and other applicable laws and regulations; all generally applicable University rules and policies; and all applicable contracts and licenses. Examples of such laws, rules, policies, contracts, and licenses include the laws of libel, privacy, copyright, trademark, obscenity, and child pornography; the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, which prohibit unauthorized use or entry into another’s account; the University's Student Code; the University’s Anti-Harassment policy; and all applicable software licenses.
• Users who engage in electronic communications with persons in other states or countries or on other systems or networks should be aware that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.
• Act within the normal standards of professional and personal courtesy and conduct. Access to University electronic mail services, when provided, is a privilege that may be wholly or partially restricted by the University without prior notice and without the consent of the e-mail users when required by and consistent with violations of University polices, regulations and law.
• Use only those computing resources that they are authorized to use and use them only in the manner and to the extent authorized. Ability to access computing resources does not, by itself, imply authorization to do so. Users are responsible for ascertaining what authorizations are necessary and for obtaining them before proceeding. Accounts and passwords may not, under any circumstances, be shared with, or used by, persons other than those to whom they have been assigned by the University.
• Inspection, monitoring or disclosure of University e-mail records will be at the e-mail holders consent wherever possible. However, if consent cannot be obtained either voluntarily or involuntarily, the request shall be brought before University Counsel. 

Specific Provisions

A. Users
Users of University electronic mail services are to be limited primarily to University students, faculty, staff, retirees, and others authorized by the University. Upon normal termination of employment, employees may retain access to the e-mail account for 30 days. Employees terminated by the University will have the e-mail account terminated immediately. Employees who meet the GVSU requirements for official retirement retain access to the e-mail account as part of the benefit package. Students retain access to an e-mail account as long as they are registered for courses or completed graduation in 2009 and forward. GVSU retains the right to remove email services at any time.

B. Account Usage
GVSU has the right to restrict the amount of storage space available on the network. If an individual wishes to backup and store e-mail for extended purposes, it is the individual’s responsibility to do so.

Users are granted access to services only for so long as they abide by the Acceptable Use policy. No person shall gain use of the University's computer system without proper authorization. Any attempt by a user to gain access to another person’s network account, private network drive, or restricted areas on the GVSU computer system is prohibited.

University e-mail services shall not be used to send unsolicited commercial emails and such use may result in your account being disabled.

 

C. Representation

Electronic mail users shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless appropriately authorized (explicitly or implicitly) to do so. Where appropriate, an explicit disclaimer shall be included unless it is clear from the context that the author is not representing the University. An appropriate disclaimer is: "These statements are my own, not those of the Grand Valley State University."

Security and Privacy

The University owns all electronic mail address assigned by the University. The University employs various measures to protect the security of its computing resources and of their users’ accounts. Users should be aware, however, that the University couldn’t guarantee such security. Users should therefore engage in "safe computing" practices by establishing appropriate access restrictions for their accounts, guarding their passwords, and changing them regularly. Security and privacy of e-mail sent or received outside of GVSU is subject to standards of other organizations and may be more or less restrictive and provide more or less privacy protection.

Users should also be aware that their uses of University computing resources are not completely private. While the University does not routinely monitor individual usage of its computing resources, the normal operation and maintenance of the University’s computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for the rendition of service.

The University reserves the right to monitor e-mail records, without notice, when 

a. The user has voluntarily made them accessible to the public

b. It reasonably appears necessary to do so to protect the integrity, security, or functionality of University or other computing resources or to protect the University from liability

c. There is reasonable cause to believe that the user has violated, or is violating, this Policy

d. An account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns

e. It is otherwise required or permitted by law 

Any such individual monitoring, other than that specified in "a" above, required by law, or necessary to respond to perceived emergency and/or time-sensitive situations, must be authorized in advance by University Counsel and an Executive Officer.

The University, in its discretion, may disclose the results of any such general or individual monitoring, including the contents and records of individual communications, to appropriate University personnel or law enforcement agencies and may use those results in appropriate University disciplinary proceedings.

Normal examination of e-mail headers by the e-mail administrator is standard procedure to resolve problems and redirect incorrect addressed e-mail. 

 

GVSU Security Framework References

• NIST ID.GV-1; PR.AT-1; PR.AT-3; PR-AT-4; PR-AT-5