ITS Policies & Procedures

Email and Mass Communication Policy

Policy #: LFC.ITS.8
Date: 11/22/2023
Author: LFC ITS
Version: 2.0
Status: Approved

OVERVIEW

Email is the mechanism for official communication method for all members of the Lake Forest College community and is based on the lakeforest.edu domain UserID, which provides access to electronic resources (hereafter “e-resources”) and supports all business and instructional activities of the College. UserIDs, the messages stored within electronic mailboxes, and all other data stored within College IT systems are the legal property of the College, not the individual user who is assigned an account and provided access. Modern IT security practices and regulatory compliance requirements make it nearly impossible for users to have any reasonable expectation of privacy in any communications transmitted from or stored on College information technology (IT) resources. As such, College IT systems and other e-resources should only be used for College business. Community members shall be held accountable for receiving, reading, complying with, and responding to official email communications from the College. Additionally, College community members bear responsibility for being aware of College policies and protecting Personal Information (PI) and other confidential or sensitive data in accordance with FERPA, GLBA, and all other applicable laws, regulatory acts, and institutional policy. Users seeking information about eligibility for email or other accounts, or details about when computing privileges are extended or terminated should consult the Eligibility for Accounts Policy.

1. PURPOSE

The objectives of this policy are to:
  • Identify UserID naming conventions,
  • Describe situations in which users’ email accounts may be accessed,
  • Explain user responsibilities regarding the use of email,
  • Set expectations for proper mass communication with College communities,
  • Identify permissible and prohibited uses of email,
  • Outline data protection concerns, and
  • Establish guidelines for transfer of access.

2. SCOPE

This Policy applies to all members of the College Community (hereafter the “Community”) whether full- or part-time, including faculty, staff, students, alumni, contracted and temporary workers, hired consultants, interns, and student employees, as well as authorized guests and other members of the Lake Forest College community. (Henceforth collectively referred to as "Users.")

3. ACCOUNT NAMING CONVENTIONS

UserID account names for students and employees are customarily generated as follows:
  • Student accounts are generated in the format of [last name] [two initials] @lakeforest.edu
  • Employee accounts generally follow the format of [first initial] [last name] @lakeforest.edu, but some accounts lack the first initial.
In the event of unavoidable name collisions, numbers may be appended to the username portion of the UserID. (example: smithjb2)
Upon request, Information Technology Services (ITS) will change the full name and UserID associated with any student who has officially changed their name with the Registrar's office. The same policy holds for staff and faculty members who have officially registered a name change with the Human Resources department.

4. EXPECTATIONS OF PRIVACY

Members of the community should be aware that federal and state regulations mandate that Lake Forest College implement certain security measures to secure personal data which is classified as protected information. In addition to these requirements, the College also proactively aligns its practices with modern IT security standards, adopting robust measures that fortify our systems against constantly evolving threats. With these security controls in place, although the College does not examine files, messages, or other data on an individual basis without legitimate reason, users have no realistic expectation of privacy when using College e-resources. More details on this may be found in Section 7.1 of the Acceptable Use of Electronic Resources Policy. More information on College efforts to protect Personal Information (PI) and other sensitive user data may be found in the Data Privacy Policy section of the Information Security Policy and the Governance & Compliance Policy.

5. PERSONAL RESPONSIBILITIES

Lake Forest College email accounts are the main conduit for official communications, and users are expected to read, comply with policy and directives, and respond as needed to official email communications from the College during their tenure with the institution. Users having problems with email access should immediately contact the ITS Service Desk at: (847) 735-5544 or servicedesk@lakeforest.edu. Users are also expected to communicate via email in an appropriate manner consistent with the College's Acceptable Use of Electronic Resources Policy at all times. Additionally, the following responsibilities lie with the user to protect Lake Forest College data and maintain regulatory compliance:
  • A community member’s failure to receive or read official communications sent to the user’s official email address in a timely manner does not absolve the user from knowing and/or complying with deadlines, requirements, and safety recommendations, as communicated by the College.
  • Users are prohibited from automatically forwarding or conducting official College communications using external e-mail providers. All College business shall be conducted using the official communication platforms acquired and managed by Lake Forest College.
  • Employees (faculty, emeriti, and staff) may use or distribute work-related email or other electronic communication platforms only as is appropriate in the performance of the employee’s work responsibilities. The College IT systems should not be used for personal matters.
  • Personal Information (PI) and other data classified as protected or confidential shall not be transmitted by employees in unencrypted email or other unprotected electronic communication methods. Users are expected to handle protected and sensitive data appropriately and shall keep it suitably encrypted to protect the information in use, in transit, and at rest. More information about PI may be found in the Lake Forest College Information Security Policy.
  • Email efficiency is critical to the business functions of the College. Users of the Lake Forest College email system shall regularly delete unnecessary emails to avoid wasting College resources.

6. MASS EMAILS / DISTRIBUTION LISTS

For clarity, it is useful to define two classes of mass email distribution lists, the "official" College-approved lists and "user-owned" private lists. While the policies/procedures below specifically address use of distribution lists maintained on the Lake Forest College Exchange Online, Jenzabar One Communication, and Technolution's Slate services, they should also be viewed as guidelines for privately maintained lists as well.
The College-approved mailing lists are “official” in that they are derived directly from the Human Resources and Student Administration databases; all such addresses are included, there is no “opt-out” mechanism, they are strictly managed by ITS, and only authorized individuals may send materials to these lists. Official mailing lists may be created on behalf of faculty, staff, or student organizations upon request. The person responsible for the ongoing management of such a “user-owned” or “department-owned” official mailing list is known as the “list owner.” If the list owner leaves the College, then the current list owner or their supervisor must find a new list owner and identify that new person to ITS. If no new list owner is identified, the mailing list will automatically be eliminated after the list owner's account is disabled. Student organizations wishing to communicate with a wider campus audience should consult with their faculty or staff sponsor regarding best practices and procedures. Additional information for these organizations and their sponsors may be sought from the Office of Student Affairs.
Policies regarding mailing lists are as follows:
  • If there is reason to believe that a mailing list will be used for illegal purposes, that list will not be established. If it is operational, it will be disabled after consultation with College administration.
  • All mailing lists are subject to all College e-mail policies. Other than official College-approved lists, which may include department mailing lists, class lists, etc., individuals should not be pre-subscribed to mailing lists without their knowledge or permission. Subscribers who request to be unsubscribed from a list should be promptly removed.
  • Private user-owned mailing lists will not be created by ITS from College databases. Private list owner(s) or designated group members are responsible for subscribing or unsubscribing members to the list.
  • List owners are responsible for properly managing their list. The responsibilities of list owners include:
    • Advising individuals who will be pre-subscribed to the list of the list's purpose and how to unsubscribe themselves.
    • Responding to subscribers' requests for removal from the list.
    • Assisting subscribers with subscribing or unsubscribing to the list.
    • Correcting subscriptions that are made incorrectly or in error.
    • Configuring or re-configuring their lists to change list attributes such as ownership, open/closed list status, moderated/un-moderated status, etc.
    • Creating and maintaining current and relevant files such as the subscribers, aliases, news, peers, ignored, info, or welcome files.
    • Responding to errors related to their list such as delivery and remove errors.
    • Responding to requests made by the listserv manager.
  • Mailing list behavior or other mass communications which are disruptive to campus or damage the reputation of the College are prohibited.
  • Membership to a mailing list is not a right of the individual. List owners have the right and are responsible for unsubscribing list members who abuse a list by sending off-topic mail to the list, misuse or abuse the resource, or are abusive of other list members. The list owner is responsible for determining what constitutes off-topic or abusive mailings. The Chief Information Officer (CIO), the Director of Enterprise Applications, and/or the Senior Systems Administrator may determine if mailings are abusive. Escalation procedures for disagreements regarding the interpretation and application of this policy should be escalated through appropriate College channels, i.e., the Office of Student Affairs, the Dean of Faculty, etc., who may address concerns with the CIO. Abuse of a list should be brought to the attention of the CIO and/or other College authorities.
  • Mailing lists will be periodically reviewed for activity on an annual basis; lists that are inactive or fail to conform to policy will be removed. List owners will be contacted prior to the list being removed if ITS staff are uncertain about its status. If an owner is unable to be contacted, the list will be removed.

7. TRANSFER OF ACCESS

If a user is on leave from employment at Lake Forest College, for any reason, a manager may request delegated access to that individual’s account for business continuity purposes. Managers will need to outline to the CIO why delegated access to a user’s account is warranted, and to the extent possible, access will be tailored to the need. Individual account passwords will not be shared nor provided by any member of the community.
Additionally, managers may request and be granted delegate access to an individual’s email account upon termination of employment for business continuity purposes. In these instances, the manager will be granted delegate access for a period no greater than 30 days after an employee’s last day of employment. Exceptions will be made on a case-by-case basis for compelling business rationales. Upon conclusion of this period, the account and its contents will be deleted.

8. ACCESS AFTER TERMINATION

Account access after termination is not permitted to comply with laws, regulations, institutional policy, and software license agreements. This includes students’ legal guardians who will not be provided access to comply with FERPA. In the case of death of any constituent, account access will not be provided to 3rd parties, family, or anyone else unless there is a legal order to do so.
In all cases, no person may retain a copy of any private or confidential material or electronically stored information after termination. Individuals accessing or sharing this material unlawfully can be prosecuted to the full extent of the law.

RELATED POLICIES:

Document Control:

Entry#: Date Version Notes
1 11/03/2015 1.0 Original policy, approved by the LITS Advisory Committee
2 11/22/2023 2.0 Rewritten, submitted for review
3 12/07/2023 2.0 Reviewed and approved by the LITS Advisory Committee
4 01/11/2024 2.0 Reviewed and approved by the Senior Leadership Team