In a guest post for National Cyber Security Awareness Month, April Chang, Business Systems Analyst with the Privacy Office at Information Technology Services, explains the limitations of the privacy of your University email and shares work email best practices.
We heavily integrate email into our daily lives for work and personal tasks. While there are many email account options available, including Gmail and Yahoo, if you are an employee of the University, you must use your UNC-Chapel Hill email address to conduct University business. This requirement also applies if you are both a student and an employee. When you are performing tasks related to your University employment, you are required to use your Carolina email address to conduct University business.
As a member of a large research university and public institution, you have University email content that outsiders may highly seek. Indeed, the public nature of the University, combined with the easy distribution of email, make your Carolina email less private than you may anticipate. You should therefore exercise caution when using email for confidential or sensitive matters. Under certain circumstances, your University emails may be rightfully viewed, potentially by a multitude of people, including the general public.
Circumstances that limit the privacy of your University email:
- University troubleshooting and investigations. Authorized University employees may access email as necessary to ensure the orderly administration and functioning of University computing systems. Note that the University does require employees who, as a function of their jobs routinely have access to email, to maintain the confidentiality of such information.
- Public records requests. By North Carolina state law, if you use your University email to conduct public business, it is open to a public record request, which may be made by any member of the public. Frequently used by news reporters, this legal means of looking into University business may be used by anyone. Importantly, before making any such disclosure, the University evaluates the request for compliance with the provisions of the North Carolina Public Records Act or other applicable law.
- Legal matters may result in “discovery requests,” which could lead to a team of attorneys combing through your emails in preparation for a case. If the case escalates to a trial, your email could also get enlarged and projected on a screen for the entire courtroom to examine.
- Unanticipated inclusion in a long email string. Sometimes an email you intended for one person blossoms unexpectedly into a much larger conversation, resulting in your email getting read by many others as they are added to the conversation and the email string and number of parties involved grows.
- Email may last forever. Even if you and the recipient delete an email, backup copies may persist and be retrieved from University systems.
Given the privacy limitations of your unc.edu email, below are four tips that will help you use your University email with confidence:
- Always use your unc.edu email for University business
- Be cautious when emailing about confidential or sensitive matters
- Be professional and courteous
- Avoid writing something that will tempt others to forward on and turn into a meme
October is National Cyber Security Awareness Month. Visit ITS News throughout October for posts offering cyber security advice from experts and other tech tips. For additional cyber security tips and to check out the activities and resources associated with National Cyber Security Awareness Month, visit the national campaign’s website.