access and security

Office of Information Security

Security and Privacy for Email and Messaging Systems

UGA retains the right to monitor messaging systems and services and may monitor these systems at any time, including but not limited to the following:  when required by law, when authorized and necessary for University business, for service quality purposes, and/or when there is reason to believe an individual has violated law and/or University policy.

Overview

UGA operates multiple email systems, such as UGAMail, and other electronic messaging systems. Below is commentary regarding common areas of concern or confusion related to the privacy and security of University email and messaging systems and records (messages) generated by such systems.

Ownership

All messages or records generated by UGA systems are owned by UGA.

Retention

Generally, messages sent and received as part of routine correspondence can be deleted when no longer needed. However, a message that serves as the only copy of an official University record (e.g. accreditation records) may need to be retained according to University System records retention guidelines and schedules.

Privacy and Security

Users of messaging systems should not expect their messages to be private. Messages are public records owned by the state and are subject to Open Records disclosure. UGA retains the right to monitor messaging systems and services and may monitor these systems at any time, including but not limited to the following:  when required by law, when authorized and necessary for University business, for service quality purposes, and/or when there is reason to believe an individual has violated law and/or University policy. 

Unless a messaging client is specifically configured for encryption, messages are not secured and can be easily intercepted and read by an unintended unauthorized recipient. However, messaging systems and services are required by UGA's Password Policy to use secure sign-in/log-on procedures.

Acceptable Use

Generally, acceptable use is outlined in UGA's Policies on the Use of Computers. Individuals should also adhere to UGA Non-discrimination and Anti-harrassment Policy, and students should adhere to the Student Code of Conduct when using UGA systems.

Specific to messaging systems, it is unacceptable to send SPAM messages, send messages from another person's account, impersonate another sender, or to send “Sensitive” or “Restricted” data in a message without appropriate protection.

Misuse and Abuse

Misuse of messaging systems should be reported to the UGA abuse team.

Security Compromise

Any security compromise of a messaging system or exposure of “Sensitive” or “Restricted” data in a message should be reported to the UGA computer security incident response team.

How do I find out more about the privacy and security of email or messaging systems?

Please direct your questions to the EITS HelpDesk.