Who can view my email without my permission?

Typically email administrators have access to users' email accounts but should only view it when troubleshooting technical problems, or if university policies or contractual obligations are violated. If violations occur, users also can expect supervisors in their chain of command to have access to their email accounts.

At UNC: Work-related email is considered a public record. As such, it is subject to discovery in legal actions against the University and/or in public records requests. Email that mixes work-related and personal topics should be considered a public record and should be managed appropriately.

What policies exist concerning email privacy?

At Duke: The Office of Information Technology has a policy on "Computing and Electronic Communications at Duke University: Security & Privacy," which currently is available at http://www.oit.duke.edu/oit/policy/ITACPolicy.html. The policy says, in part, that "the ultimate privacy of messages and files cannot be ensured." Therefore, it is advisable not to use email to communicate confidential or sensitive information.

At UNC: Information Technology Services has issued the "Policy on the Privacy of Electronic Information," which currently is available at http://help.unc.edu/?id=1677. According to the policy, the university does not inspect or routinely monitor email usage, nor does it guarantee the privacy or security of email systems. Under certain circumstances, access to email on its computer networks may be given to authorized employees or system administrators.

How should I manage personal email that I receive at work?

At Duke: According to the policy on "Computing and Electronic Communications at Duke University: Security & Privacy," the university does not restrict the content of material transmitted across its networks. However, users should be aware that the ultimate privacy of messages cannot be ensured and should limit personal usage of university-sponsored email systems to a minimum. Personal email that is sent or received at work should be deleted as soon as possible or forwarded to a personal account.

At UNC: According to the "Policy on the Privacy of Electronic Communication," university email services may be used for "incidental personal purposes." Users should be aware that there is no guarantee of privacy or security of email systems, and that access to email on computer networks may be given to authorized employees or system administrators. Work-related email is considered a public record but personal email is not; however, personal messages may be included in public records requests if they accidentally are commingled with work-related email, or if email mixes work-related and personal topics.

Whether users work at a public or a private institution, email is discoverable in legal actions. Copies of personal email also may exist on backup systems, especially if they are not purged prior to the routine backup of the email system.

Who "owns" personal email that I receive at work?

While personal email sent or received at work may be considered "private" in nature, U.S. courts have generally held that employees do not have a right to privacy in electronic messages sent or received at work when the employer sponsors the system. "Ownership" of such messages, unless they fall within intellectual property definitions, should be considered to reside with the employer.

See "How should I manage personal email that I receive at work?
Should faculty be cautious when communicating with students via email?
Several FAQs have established that email is neither secure nor private. While it is unavoidable that faculty and students will discuss sensitive issues via email, such as grades, advisory issues, or academic progress, both parties should be aware of protections afforded to them.

The University Registrar has enacted policies concerning the release of student-identifiable information, in accordance with the Family Education Rights and Privacy Act (FERPA). Every faculty member should be aware of that policy and whether students have waived their right to privacy. At Duke that policy is available at http://www.registrar.duke.edu/registrar/studentpages/student/ferpa.htm. Email correspondence to and from students, if made or received by faculty members or administrators for their own use and not shown to others, falls outside the definition of "education records," according to this policy. Faculty members should continue to be aware of the security issues surrounding the use of email; it is not always the best replacement for an old-fashioned telephone call.

UNC has a similar policy, available at http://regweb.oit.unc.edu/resources/index.php.

Should I discuss sensitive or confidential issues over email?

Email is not always a secure communications medium, and users should have no expectation of privacy when using it.

You should consult your email system administrators and your supervisor to discuss using email to transmit sensitive or confidential information. They can tell you about safeguards in place to protect that information. Your department may have policies against using email in certain cases, such as transmitting protected health information or discussing personnel matters.

Why do I get so much "spam," and what can I do to avoid it?

Unsolicited or junk email ("spam") clogs nearly everyone's email inbox and can affect email system performance, spread computer viruses, and generally be aggravating.

Email software differs, but most packages contain some sort of filtering capability. In addition, there may exist filtering options at a larger, system-wide level. To learn about your email system's filtering functions, contact your email system administrator.

To avoid spam:
Do not open spam.
Don't purchase anything from spammers.
Don't post your real email address on a forum or bulletin board.
Don't reply to spam or email the spammer and ask him to remove your address from his mailing list.
Block spam with filters.
Always choose "do not sell my email address" if you have a choice.

When I delete an email message, is it really deleted?

Email systems differ in their deletion functions. Generally, deleting a message sends it to a "trash" folder or marks it with an "x." The user must then instruct the system to "empty the trash" folder or purge messages that have been marked for deletion. Some systems can be set to automatically purge deleted messages when the user exits the system. Consult your email system administrator to learn about your deletion/purge functions.

Users also should inquire about the frequency of backup procedures. Many email system administrators perform backup after hours at night. If a message resides on the system and has not been purged when backup is performed, it may reside on the backup copy for a number of days or weeks, until that particular copy is recycled or erased/reused.

What happens when my office receives a public records request regarding email?

At UNC: According to the "Policy on the Privacy of Electronic Information," email and other data stored on university computers may constitute a public record like other documents subject to disclosure under the NC Public Records Act (NCGS 132). The university evaluates all requests for information submitted by the public. Consult the Office of University Counsel for guidance if you receive such a request.

At Duke: In isolated cases, some Duke email could be subject to disclosure under the NC Public Records Act. For example: email pertaining to a state-funded project located at Duke could fall into this category.