Acceptable Use

The acceptable use of Clarkson College email is governed by the IT-2 Computing Policy.

Ownership of Email / Privacy

Clarkson College owns all Clarkson College email accounts. This includes all data stored or transmitted via the email accounts.

While Clarkson College will make every attempt to keep email messages secure, privacy is not guaranteed, and users should have no general expectation of privacy in email messages sent through Clarkson College email accounts. Under certain circumstances, it may be necessary for IT staff or other members of Clarkson College administration to access Clarkson College email accounts. These circumstances may include, but are not limited to, maintaining the system, investigating security or abuse incidents, or investigating violations of this or other Clarkson College policies. Clarkson College employees may also require access to an email account in order to continue business where the email account holder will not or can no longer access the email account for any reason (such as death, disability, illness or separation from the College for a period of time or permanently). Such access will be permitted on an as-needed basis and any email accessed will only be disclosed to individuals who have been properly authorized and have an appropriate need to know or as required by law.

Procedure:

External Communication

Clarkson College email communication sent to external parties must be classified as one of the following types of messages:

• Commercial – advertises or promotes a commercial product or service, including content on a website operated for a commercial purpose.
• Relational or Transactional – facilitates an already agreed-upon transaction or updates a customer about an ongoing transaction.
• Informational or Other – provides information requested of Clarkson College or about Clarkson College but without a commercial, relational, or transactional component.

Clarkson College commercial emails must follow CAN-SPAM and Canadian Anti-Spam Law (CASL) Regulations regarding the transmission of commercial messages. Such messages must provide for individuals to opt-out from receiving future commercial messages.

Clarkson College’s Communications and Marketing Department maintains a master list of email addresses for individuals that have expressed an opt-out preference. Any commercial messages must have email addresses on this opt-out list removed before being transmitted to intended recipients.

Account Creation

Clarkson College email accounts are created based on the formal name of the employee as listed in the Human Resources system. Student and alumni accounts are created based on the name on record in the student information system. Requests for name changes to correct a discrepancy in an email address or recognize a formal name change may be submitted via the IT Help Desk. Requests for mail aliases are evaluated on a case-by-case basis.

Requests for temporary email privileges for contractors and outside affiliations may be requested via the IT Help Desk and must have Director level approval and justification. An expiration date for the account is required upon submission and will be applied to all outside accounts.

Email Retention and Disposal

As governed by the IT-8 Data Backup Policy, the AFI Office365 backup solution will not be used for the recovery of individual user emails. Email backups are for disaster recovery purposes only. Microsoft, as a part of its Software-as-a-Service (SaaS) offering, manages the availability of Clarkson College email accounts. As of the latest revision of this policy, a 99.9% uptime is guaranteed for the service.

Recovery of items deleted from the Deleted Items folder can be performed by users and/or IT up to thirty (30) days from the time of deletion unless the user manually purges items from the Recoverable Items folder.

It is the responsibility of Clarkson College employees and students to preserve the information contained within email accounts that is vital to the operation of the College or tenure as a student.

Expiration of Accounts

Individuals may leave Clarkson College for various reasons, each of which could require a different expiration procedure for email accounts. The policy governing known instances is outlined below. Clarkson College reserves the right to revoke email privileges at any time.

• Employees – Employees who leave the College will have email privileges removed effectively on their last working day. If such separation is for cause, email privileges may be immediately revoked without notice. In either situation, the employee’s manager must submit a termination request for the account via the IT Help Desk to inform IT of the anticipated last day.
• Students who leave before graduation – Students who leave Clarkson College without completion of their degree or program may keep their email privileges for one (1) academic year from the last term when they were registered. 
• Dismissed students – If a student is dismissed from Clarkson College, email privileges will be terminated immediately upon the notice and directive of the President, Vice President of Academic Affairs, or Registrar’s Office.
• Alumni – students who have graduated from Clarkson College will keep their email privileges for one (1) academic year from the last term when they were registered. Alumni wishing to join the Alumni Association may apply for a Clarkson College Alumni Email account. This is a @clarksonalumni.net email account that is separate from employee/student accounts. The Alumni Association determines the expiration of these email accounts.

Salesforce.com

Email messages sent through Salesforce.com are to be identified as informational, transactional, or commercial. Commercial messages are to be sent in accordance with the CAN-SPAM and CASL requirements.

Personal Email Accounts

To avoid mixing Clarkson College business with personal communications, employees must never use non-Clarkson College email accounts (e.g., personal Gmail, Hotmail, etc.) to conduct business operations.

Spam and Phishing

Spam is defined as unsolicited and undesired advertisements for products or services sent to a large distribution of users.

Phishing is defined as the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. 

All incoming email is scanned for viruses, phishing attacks, and spam. Suspected messages are blocked from the user’s inbox. Due to the complex nature of email, it is impossible to guarantee protection against all spam and virus-infected messages. In many cases, viruses or phishing appear to be sent from a friend, coworker, or other legitimate source. Do not click links or open attachments unless the user is confident of the legitimacy of the nature of the message. If any doubt exists, the user should contact the Clarkson College IT Help Desk at HelpDesk@clarksoncollege.edu.