Electronic-Mail (E-mail)

Administrative Procedure 7.104

Purpose

The purpose of this Administrative Procedure is to:

Protect the integrity of Elgin Community College’s electronic-mail (e-mail) systems. This includes e-mail from the @elgin.edu and @student.elgin.edu domains.
Prevent accidental misuse of e-mail by employees and other users of email systems;
Ensure the proper use of Elgin Community College’s e-mail systems, while increasing employee awareness regarding appropriate and inappropriate use of the College’s e-mail systems; and
Reduce the risk of confidentiality breaches and legal liabilities.

Elgin Community College provides e-mail access to allow employees to communicate effectively and efficiently with students and the general public. Any e-mail sent from an Elgin Community College e-mail address to the general public may be viewed as a statement from the College.

Scope & Definitions

This Administrative Procedure applies to any user who electronically accesses non-public information owned or stored by Elgin Community College. A user is any administrator, faculty, staff, contractor, consultant, auditor, intern, trustee, student assistant or partner. A secured electronic employee system is any system that is non-public, contains confidential information, or where use may be restricted or monitored.

Prohibited Use

Elgin Community College’s e-mail systems shall not be used for the creation or distribution of any disruptive or offensive messages, including offensive comments about race, gender, disabilities, age, sexual orientation, pornography, religious beliefs and practice, political beliefs, or national origin. Any employee who receives an e-mail containing information of this content and nature from another user of the college’s email systems should report this incident immediately to their supervisor.

Elgin Community College prohibits sending and forwarding chain letters, joke e-mails, and mass mailings unrelated to the business of the College, from the College’s e-mail accounts. These nonbusiness activities may unnecessarily impede network traffic and electronic storage space.

Employees shall not use their Elgin Community College e-mail accounts to register on websites and mailing lists unrelated to the business of the College. By doing so, it may jeopardize the integrity of Elgin Community College’s e-mail systems which may result in unsolicited mail and viruses. Employees shall not use the e-mail systems to impersonate a College officer, faculty/staff member, or student.

Personal Use

The primary use of Elgin Community College’s e-mail systems are to conduct the business of the College. Personal use of the College’s e-mail systems is not allowed.

Best Practices

All employees should:

Be courteous and follow accepted standards of etiquette;
Protect others' privacy and confidentiality;
Refrain from using the College e-mail systems for personal commercial purposes or other gain;
Protect their passwords;

Security

E-mail security is a joint responsibility of Elgin Community College’s systems administrators and e-mail users. All users of the College’s e-mail systems are responsible for taking all reasonable precautions, including but not limited to safeguarding and frequently changing passwords to protect the integrity of the e-mail systems and prevent unauthorized use.

Access to webmail.elgin.edu will be protected by the use of Multi-Factor Authentication (MFA). All off-campus users will be required to use Duo Mobile for MFA. This can include Duo managed push notifications, phone calls, or passcodes generated by the Duo Mobile app or an ECC issued hardware token.

Ownership & Confidentiality

All electronically stored information (ESI), such as the e-mails used at Elgin Community College, are owned by the College and is, therefore, its property. In order to better ensure systems reliability, prevent business data loss, meet regulatory and litigation needs, and to provide business intelligence, archival and backup copies of e-mail messages may exist despite end-user deletion. Email is sent in clear-text and can therefore be read by unintended recipients. Please exercise extreme caution when communicating confidential or sensitive information (CSI) via e-mail. Please see Administrative Procedure 7-106 Information Security Program for additional information.

Retention elgin.edu e-mail

Elgin Community College’s Information Technology Department performs scheduled back-ups of all elgin.edu user e-mails primarily to restore service in case of failure. Archival copies are designed for quick and accurate access by College delegates for a variety of management and legal needs, such as review by the legal team during the federally mandated discovery of electronic information (e-discovery) phase of litigation or observation by management in cases of suspected abuse or any other type of investigation.

The following table provides details on the method of backup and the retention periods for elgin.edu e-mail. It should be noted that the timeframes indicated are the goals defined within our process documents. Occasionally a backup for a specific timeframe or systems might not be created due to technical reasons.

Location of E-Mail (@elgin.edu)	Available for on-line recovery	Tape Backup Recovery*
All inbound e-mails received by Exchange Server	1 year	23 months
Deleted E-mails	1 year from deletion	23 months after deletion
Personal E-mail Inbox	Daily - 24 Hours	Weekly and Monthly - Retained for 1 year offsite
Personally managed archive stored on local drive	Not backed-Up	Not backed-Up
Personally managed archive stored on network drive	Daily - 24 Hours as part of network drive backup	Weekly and Monthly - retained for 1 year offsite
Legal Holding	As long as required by HR, designated by name	Weekly and Monthly - retained for 1 year offsite
Employee Leaving or Terminated	14 Days	Weekly and Monthly - retained for 1 year after last disk backup

Recovery from backup source is not a trivial task and will consume exceptional resources within the IT Department. It is expected that these backups will only be used for disaster recovery scenarios. Also note that any items blocked by our e-mail spam filter do not reach our Exchange Server (where e-mail is stored) and are only retained for two weeks. Finally, please note that Elgin Community College’s e-mail systems shall not be used as the system of record for compliance with Administrative Procedure 3.102 – Records Retention and Disposal. Other tracking systems other than e-mail should be used to retain these required records.

Due to the possibility of limited disk space, all users may at some future time receive a quota for e-mail space, i.e., a limit on the amount of storage available. The amount of space may vary based on the needs of the College and resource availability. To prevent this, users are encouraged to regularly review and delete old messages.

Retention student.elgin.edu e-mail

Backups of student e-mail accounts, with the domain student.elgin.edu, are not maintained by the Information Technology Department of Elgin Community College. They are managed and maintained by Google and fall under their backup, retention, and other operational policies. E-mail backups can be created by the Information Technology Department of Elgin Community College at any time if needed to support a variety of management and legal needs, such as review by the legal team during the federally mandated discovery of electronic information (e-discovery) phase of litigation or observation by management in cases of suspected abuse or any other type of investigation.

Enforcement

Elgin Community College reserves the right to scan and monitor all e-mail traffic to ensure that it is free from computer viruses and other malware and to protect the unauthorized disclosure of confidential and sensitive information (CSI) defined in Administrative Procedure 7-101.

Any employee found violating this Administrative Procedure may lose their e-mail privileges and could be subjected to disciplinary action, including termination of employment.

This policy was last reviewed on 08/31/2023.

Print Page