The Catholic University of America

Employee Electronic Communications Guidelines

These guidelines provide some examples of permitted or prohibited employee use of university electronic communications resources. This list is not intended to be exhaustive but rather to provide some illustrative examples. In the event of a conflict between these Guidelines and the university's Electronic Communications Policy for Employees or the Acceptable Use Policy, the policy shall prevail.

Personal Use

Incidental personal use of the systems and equipment is allowed as time permits; however, personal use of the university's electronic communications systems and equipment should be minimal and must not interfere with university operations and must not be of a nature that could cause harm or embarrassment to the university. Any incidental, personal use of the university's electronic communications systems will be on employees' own time and must not interfere with timely performance of job responsibilities. Use of university notebook computers or similar equipment at home or elsewhere off campus should reflect a similar understanding of the limit on personal use.

Use of electronic resources for political activities (supporting the nomination of any person for political office or attempting to influence the vote in any election or referendum) is forbidden.

Any use of university electronic resources to represent the interests of a non-university group must be authorized by an appropriate university official.

Determining legal requirements

Users who engage in electronic communications with persons in other states or countries or on other systems or networks should be aware that they may be subject to the laws of those other states or countries and the rules and policies on other systems and networks. Users are responsible for ascertaining, understanding, and complying with the laws, rules, policies, contracts and licenses applicable to their particular uses.

Following CUA business procedures

Employees may not use university information technology resources to sell or solicit sales for any goods, services or contributions unless such use conforms to CUA policy.

Inappropriate remarks or materials

Electronic communications or digital materials containing derogatory or inflammatory remarks about an individual or group's race, religion, age, disability (or other protected categories) are considered inappropriate and are prohibited by the university, unless they are in the context of a CUA academic activity (for example, electronic discussion of literature which might be considered offensive).

Employees are also prohibited from using the university's electronic communications systems to engage in pornography, violence, gambling or any illegal activity.

Employees are prohibited from using the University's electronic communications systems to conduct non-university business, pursuing hobbies or for purposes resulting in personal gain to the employee.

Security and Privacy

For remote access, the employee may be advised or required to install software to assist in preventing a security breach. Employees should consult with the Center for Planning and Information Technology for best practices and to ensure that software utilized is appropriate.

Employees should not access their CUA e-mail from external providers such as Gmail or Yahoo!.

Wide open access rights

Responsibilities of persons with wide open (elevated) access rights include: the protection of individual passwords; accessing the contents of user files or messages only for a legitimate business interest (performing a task that is specified in his or her position description, maintaining the safety or security of the campus or otherwise acting to ensure the operation of the university); and avoiding direct or indirect contact with user's information and communication content whenever possible.

University monitoring of Electronic Resource activity

The university may monitor the activity and accounts of individual users of university computing resources, without notice, when (a) the user has voluntarily made them accessible to the public, as by posting to a blog or a web page; (b) it reasonably appears necessary to do so to protect the integrity, security, or functionality of university or other computing resources or to protect the university from liability; (c) there is reasonable cause to believe that the user has violated, or is violating, the Electronic Communications policy or guidelines; (d) an account appears to be engaged in unusual or unusually excessive activity, as indicated by the monitoring of general activity and usage patterns; or (e) it is otherwise required or permitted by law. Any such individual monitoring, other than of information made available voluntarily, required by law, or necessary to respond to perceived emergency situations must be authorized in advance by the Chief Information Officer or the Director of Information Technology.

The university, in its discretion, may also disclose the results of such monitoring, including the contents and records of individual communications, to appropriate university personnel or law enforcement agencies and may use those results in appropriate university disciplinary proceedings.

Under certain circumstances the university may access and modify the contents of an email account. In cases concerning the health safety or welfare of the university community, as determined by senior university officials, the university may authorize accessing or modifying an employee's email account. In cases where personally identifiable information has been inadvertently disclosed, university officials may authorize modification of the email accounts of both senders and recipients.

Access to email upon departure from the University

Access to email upon departure from the university will be in accord with the computer account disposition procedure. A former employee's supervisor may request copies of university-related email that arrives in the mail account as long as the account is retained. The request must be approved by the Chief Information Officer or the Director of Information Technology.