Board of Regents Policy IT Policy - Electronic Communication IT-002

CSCU encourages the use of electronic communications resources for legitimate and authorized academic and administrative purposes and makes them widely available to the CSCU community. To insure the reliable operation of these resources, their use is subject to the following:

• Email is an official means for communication within CSCU unless otherwise prohibited by law. The colleges and universities reserve the right to send official communications to employees and students via email. In the event of an emergency, the colleges and universities shall utilize all available communication mechanisms including email to reach employees and students.

• All employees and students will be given official college/university email accounts. Official university communications shall be sent to official college/university email addresses. Employees and students are expected to check their official email accounts on a frequent and consistent basis in order to stay current with campus related communications. Failure to receive or read official communications does not absolve the employee or student from knowing and complying with the content of such official communications.

• Employees are not allowed to conduct official CSCU business via private (unofficial) email accounts unless specifically authorized.

• Students, who choose to have their emails auto-forwarded to private (unofficial) email addresses, do so at their own risk. The college/university is not responsible for any difficulties that may occur in the transmission of the emails.

• Contents of all electronic communications shall conform to state and federal laws and CSCU policies regarding protection of privacy, intellectual property, copyright, patents and trademarks

• Using electronic communications resources for any purpose restricted or prohibited by state and federal laws, regulations or CSCU policies is prohibited.

• Using electronic communications resources for monetary gain or for commercial, religious, or political purposes that are not directly related to CSCU institutional missions or otherwise authorized by appropriate CSCU authority is prohibited.

• Usage that directly or indirectly causes strain on the electronic communications resources is prohibited.

• Capturing, opening, intercepting or obtaining access to electronic communications, except as otherwise permitted by the appropriate CSCU authority is prohibited.

• Using electronic communications to harass or intimidate others or to interfere with the ability of others to conduct CSCU business is prohibited.

• Users of electronic communications resources shall not give the impression that they are representing, giving opinions or otherwise making statements on behalf of CSCU unless authorized to do so.

• Directly or by implication, employing a false identity (the name or electronic identification of another), except under the following circumstances, is prohibited:

  • A supervisor may direct an employee to use the supervisor's identity to transact CSCU business for which the supervisor is responsible. In such cases, an employee's use of the supervisor's electronic identity does not constitute a false identity.

  • A user of the CSCU electronic communications services may not use a pseudonym (an alternative name or electronic identification for oneself) for privacy or other reasons, unless authorized by an appropriate CSCU authority for business reasons.

• Forging email headers or content (i.e., constructing an email so it appears to be from someone else) is prohibited.

• Unauthorized access to electronic communications or breach any security measure is prohibited.

• Interfering with the availability of electronic communications resources is prohibited, including but not limited to the following: (i) sending or forwarding email chain letters or their equivalents in other electronic communications services; (ii) "spamming," i.e., sending electronic junk mail or junk newsgroup postings; (iii) "letter-bombing," i.e., sending an extremely large message or sending multiple messages to one or more recipients to interfere with the recipient’s use of electronic communications resources; or (iv) intentionally engaging in other practices such as "denial of service attacks," i.e., flooding the network with traffic.

• Distribution of an electronic mail to the entire or a substantial portion of a campus community must obtain prior approval as specified by the receiving institution.

All activities involving the use of CSCU IT systems are not personal or private. Therefore users should have no expectation of privacy in the use of these resources. Information stored, created, sent or received via CSCU IT systems is potentially accessible under the Freedom of Information Act.

Pursuant to Communications Assistance for Law Enforcement Act (CALEA), Public Act 98-142, and the State of Connecticut’s “Electronic Monitoring Notice,” the Board of Regents reserves the right to monitor and/or log all activities of all users using CSCU IT systems without notice. This includes, but is not limited to, files, data, programs and electronic communications records without the consent of the holder of such records.

Each CSCU institution shall incorporate the Electronic Communication Policy as part of the terms and conditions for issuing institution email accounts. Each CSCU institution shall have all full-time and part-time employees, including student employees, acknowledge that they have read and understand the Electronic Communication Policy. Each CSCU institution shall make the Electronic Communication Policy accessible to all employees and students.

Violations of CSCU information technology policy may result in appropriate disciplinary measures in accordance with local, state, and federal laws, as well as CSCU Policies, General Rules of Conduct for all college and university employees, applicable collective bargaining agreements, and the CSCU Student Conduct Codes.

For purposes of protecting the CSCU network and information technology resources, the BOR Information Security Program Office, in conjunction with college/university IT department, may temporarily remove or block any system, device, or person from the CSCU network that is reasonably suspected of violating CSCU electronic communications policy. These non-punitive measures will be taken to maintain business continuity and information security; users of the college/university information technology resources will be contacted for resolution..

CSCU recognizes that some portions of the Electronic Communication Policy may have to be bypassed from time-to-time because of technical or business reasons.

Accordingly, exceptions may be made provided:

1. The need for the exception is legitimate and approved by the BOR CIO or designee.

2. The exception does not disrupt or compromise other portions of the CSCU service delivery capability.

3. The implementation of the exception is vetted through the Change Management Process.

4. The BOR Information Security Program Office, in conjunction with college/university IT department, is able to establish a monitoring function to assess the operations of the implementation exception.

5. The exception has a defined lifecycle, in that the "retirement" of the exception is scheduled (e.g., "when Release 4.9 is implemented," "at contract termination," etc.)

To request an exception, please submit the Information Security Exception request to SecProg@ct.edu 

The requestor and BOR Information Security Program Office will define the approved alternative configuration if different than the original proposal of the requestor.

The exception process is NOT an alternative to the Change Control Management process.

CSCU disclaims any responsibility for and does not warrant information and materials residing on non-CSCU systems or available over publicly accessible networks. Such materials do not necessarily reflect the attitudes, opinions or values of CSCU, its faculty, staff or students.