Approved by: The President
History: Issued            -- June 13, 2007
Revised           -- February 19, 2008
Last Reviewed --
Related Policies:

Technology Use Policy; Information Security and Assurance Policy

Additional References:

Employee Electronic Communication Guidelines;
Computer Account Disposition Procedures

Responsible Official: Chief Information Officer tel. (202) 319-5373

I. Introduction


The Catholic University of America expects all employees to use electronic communications in a responsible manner, consistent with law and with the mission and policies of the University. Violations of this policy may result in restriction of access to university information technology resources or other disciplinary action. Ownership of electronic communications and computer files resides with the University.

II. Ownership of and Access to Electronic Resources


The Catholic University of America provides access for many employees to electronic communication systems such as e-mail, voice mail, electronic instant messaging and Internet access, as well as the hardware, software, services and other materials or resources required to use and support such systems (all called "Electronic Resources"). These Electronic Resources are the property of the University. All employee messages and files created, sent, received and stored within the systems ordinarily are expected to be related to University business and are the property of the University. Incidental personal uses are permitted as provided in the Employee Electronic Communication Guidelines. Records of electronic communications pertaining to the business of the University, whether or not created or recorded on University equipment, are University records.

The University may limit access to its Electronic Resources through University-owned or other computers and may remove or limit access to material posted on University-owned Electronic Resources. Access to and use of the University's Electronic Resources may be wholly or partially rescinded by the University without prior notice and without the consent of the user when necessary in the judgment of the University to do so.

III. Allowable and Non-allowable Uses of Resources


Use of Electronic Resources is provided to employees for conducting University related business. Employees should use only those computing resources that they are authorized to use, and then only in the manner and to the extent authorized. See the Employee Electronic Communication Guidelines for selected examples of permitted and prohibited uses.

Employees should respect the finite capacity of computer system resources and limit use so as not to consume an unreasonable amount of those resources or to interfere unreasonably with the activity of other users. The reasonableness of the particular use will be judged in the context of all the relevant resources. Authorization to use University trademarks and logos, including any use on Electronic Resources, must be approved by the Office of Public Affairs.

IV. Security and Privacy


While the University respects the privacy of users, the University reserves the right to examine, use or dispose of all electronic communications and computer files as approved by senior University officials.

All employees must respect the privacy of other users and their accounts, regardless of whether those accounts are securely protected. Users of Electronic Resources shall not disclose information about students or employees in violation of University policies or laws protecting the confidentiality of such information.

Employees who access University financial, student record or employee databases or other University information systems containing confidential information from a remote location computer must access that data in a responsible and prudent manner, see the Employee Electronic Communication Guidelines for detailed procedures.

System administrators and others who have wide open access rights, or who are given such access by a system user in order to address a computer usage issue, have special responsibilities. These are detailed in the Employee Electronic Communication Guidelines.

Users should be aware that their use of Electronic Resources is not completely private. The normal operation and maintenance of the University's computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns, and other such activities that are necessary for the rendition of service. The University may also monitor, access or modify the contents of Electronic Resources of individual users without notice, in circumstances where a senior official determines that it is necessary to do so. These circumstances are described in more detail in the Employee Electronic Communication Guidelines.

V. Access to Email Upon Departure from the University


The University maintains procedures for email accounts of employees who are leaving the University. Email account access, retention, forwarding, and automatic notification is configured by the University email administrator(s) in the Center for Planning and Information Technology (CPIT) according to these procedures. The Vice President for the area of operation of the employee, or his or her designee, or the Director of Academic Technology Services, in consultation with the General Counsel, may approve exceptions to the procedures. The process for employees to obtain access to their email or other electronic information after their separation from the University is detailed in the Computer Account Disposition Procedures.

VI. Record Retention


It is the responsibility of employees who have actual knowledge of matters in which it can be reasonably anticipated that a court action will be filed, a subpoena has been served or notice of same has been given, or records are sought pursuant to an audit, a government investigation or in similar circumstances to attempt to preserve University records, including emails or instant messages.

When considering what information to store and on what devices, employees should recognize that the duty to preserve and produce evidence will apply to all storage devices on which relevant information regarding the business of the University may exist. This may include personally-owned computers, notebook or other portable computers, PDA's, smart phones and removable storage devices such as flash drives or writeable optical disks. Employees should follow any departmental or University policy or directives on the need to preserve records, including electronic records.

VII. Consequences of Violation of Policy


In the event that the University believes an employee has violated any part of this policy the University may suspend or terminate the employee's access to electronic communications systems and equipment. In addition, violation of this policy may subject employees to disciplinary action, up to and including discharge from employment.