Effective Date: 07/01/2021

Last updated: 03/04/2024

Service Requirement PDF

Purpose

This Service Requirement defines the appropriate use of email for transmitting electronic messages using Duquesne University email systems. There is a reliance on electronic communications and email provides a fast, convenient, and cost-effective platform to deliver communications. It is imperative that Duquesne University provide an official form of e-mail as a means to communicate with our community members. These service requirements apply to all faculty, staff, consultants, students, retirees, and other authorized users that transmit and/or receive electronic messages using a Duquesne University email system.

These service requirements apply to any system or service that sends or receives electronic communications on behalf of Duquesne University. This includes but is not limited to: Office365 Email Service, Mailing Lists, Third-Party Contracted Services, and Mass Mailing Systems. As it relates to these service requirements, the term "technology environment" means any and all forms of information technology including computer-related equipment, software, accounts, tools, and intellectual property.

Service Requirements

The Email Service Requirements specify the fundamental requirements for the appropriate use of email at Duquesne University. The fundamental email requirements cover:

  1. Email as an Official Means of Communication
  2. Email and Restricted Data
  3. Email Accounts and Directory Information
  4. Abuse of Email
  5. Departmental/Group Accounts
  6. Email Management and Administration

Service Requirements Specifications

1. University Email as an Official Means of Communication

A Duquesne University email account is the official method of communication for Duquesne University business. A communication will be considered delivered one day following the date the communication is processed and delivered by your Duquesne University email account. Failure to check your email account does not excuse or exempt you from any actions required of you by the University.

Duquesne University expects all full and part-time students registered in a degree program, and its faculty, administrators, and staff to activate and actively maintain a Duquesne University email account in order to receive University communications.

Students may opt to have their Duquesne University email messages automatically forwarded to another email account (e.g. @gmail or @outlook), but forwarding of email does not absolve a student of the responsibilities associated with communication sent to official Duquesne University email addresses (MultiPassID@duq.edu). Students who opt to have their Duquesne University email messages automatically forwarded to another email account do so at their own risk. The University cannot guarantee the proper handling of email by outside services, third parties, or departmental email servers. Communications from students to University faculty and staff regarding academic matters should be generated from the student's Duquesne University email account (domain duq.edu).

Employees are prohibited from automatically forwarding their University email to a personal email account and must use University email to conduct all University business. See TAP 26. Automatic email forwarding exceptions may be granted only in rare circumstances by the Vice President and Chief Information Officer, in consultation with the appropriate University administrators, based on business need and compliance risk. The University shall, in its sole discretion, determine whether an individual is primarily an employee or a student. Ad hoc forwarding of University email to a personal email account, where such University email is not confidential or related to an employee's job duties, may be acceptable. For example, forwarding a University email sent to all employees that describes the University's benefits open enrollment period to a personal email account would be acceptable.

Definition of "Technology Environment" for Duquesne University Email Service Requirement:

The Technology Environment is property of Duquesne University and as such, Duquesne University retains exclusive rights to the environment including permission to monitor and log activity. All messages, data files and programs stored in or transmitted via the Technology Environment ("Electronic Communications") are Duquesne University records. The University reserves the right to access and disclose all messages, data files and programs sent over or stored in its technology environment for any purpose. Duquesne University reserves the right to periodically examine any aspect of the Technology Environment and any other rights necessary to protect the technology environment.

2. Email and Restricted Data

Duquesne University email services are provided by Microsoft Office 365, which offers a level of privacy for Duquesne University higher than the public offering. However, email is not a secure mechanism for sharing data. Therefore, Restricted Data as defined in the CTS Data Governance Service Requirement is strictly prohibited from being sent in email. As stated in the CTS Data Governance Service Requirement this includes information that is regulated such as Personally Identifiable Information (PII), Family Educational Rights & Privacy Act (FERPA), Health Insurance Portability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), the EU General Data Protection Regulation (GDPR) or other regulated data as defined. If restricted data is sent via email, the body of the message or attachment must be fully encrypted.

3. Email Accounts and Directory Information

Duquesne University individual and group email accounts are assigned by Computing and Technology Services (CTS) in order to send electronic communications. Accounts are assigned based on either your MultiPass ID or your group's official University Name.

An individual's email address is published in the Duquesne University directory (for students based on FERPA designation).

4. Abuse of Email

Use of email is a privilege, not a right. This privilege can be revoked and individuals can be subject to disciplinary or legal actions for inappropriate or unacceptable behavior included but not limited to:

  1. Sending unsolicited or unauthorized mass email (spam)
  2. Use of offensive language
  3. Distribution of obscene materials
  4. Threats
  5. Infringement on other's privacy
  6. Interference with others' work
  7. Copyright infringement
  8. Illegal activity
  9. Violates, or encourages the violation of, the legal rights of others or federal and state laws
  10. Alters, disables or interferes with the use and operation of email services
  11. Misrepresents the identity of the sender of the email
  12. Creates a risk to safety or health, compromises national security, or interferes with an investigation by law enforcement
  13. Tests or reverse-engineers the email services in order to find limitations, vulnerabilities, or to evade filtering capabilities
  14. Spreads or distributes software that covertly gathers or transmits data about an individual

5. Departmental/Group Accounts

Departmental/Group accounts can be requested but will require a designation of a sponsor, who will administer the addition, deletion, or modification of individuals who are permitted to access the email mailbox. Group names have to represent an official organization, center, or initiative approved by the University Cabinet and/or Board of Directors.

6. Email Management and Administration

Duquesne University's Computing and Technology Services (CTS) manages and administers the Microsoft Office 365 email solution.

a. Email Quotas and Restrictions

As determined by Microsoft, email on the hosted Microsoft Office 365 system has a maximum file size for attachments of 150MB and a maximum mailbox size (including folders and deleted mail of 100GB).

Certain attachments are not allowed to be sent or received via email at Duquesne University. Prohibited attachments include macro enabled office documents, script files, and executables.

b. Use of .pst folders.

The University strongly discourages the use of .pst folders for the archiving and storing of email messages. .pst folders are rarely backed up which can lead to data loss. Also, .pst's are prone to corruption and only work on Outlook email clients. There also may be compliance issues if the .pst files are lost, stolen, or mishandled. If a .pst is required and used, CTS recommends that a password be placed on the file for security and privacy.

c. Legal Holds

Users who receive a legal hold from Legal Affairs are responsible for keeping copies of all relevant documents as further described in the hold notice, including email. CTS also places legal holds within Microsoft Office 365 upon notification from Legal Affairs.

d. Email De-Activation and Retention

The de-activation process for email accounts differ depending on the user's role at the University. That role along with the de-activation timeline determines how long email is retained for individuals.

a. Employees: Administrators/Staff/ Faculty
  1. Email is disabled immediately upon separation/last day worked. If such separation is for cause, email privileges may be immediately revoked without notice.
  2. Email is retained for 1 year after last day worked and then deleted. An Out-of-Office reply can be placed on an employee's mailbox directing senders to another party at the University.
  3. The University does not provide forwarding to any email address other than the email address to which the message was originally intended by the sender. This includes the forwarding of email from a former employee to a current employee after separation. If email is required from the separated employees' mailbox, the department can request CTS to perform a targeted search for specific email(s). For privacy, access will not be provided to a former employee's mailbox.
  4. When deemed critical to ongoing business needs, access to the former employees' email will be granted to departmental supervisors or other member of the University as deemed appropriate. Formal written approval is required from Legal Affairs.
  5. The use of an automated response/bounce message for former employees can be applied for 1 year from last day worked if approved by both the former employee's Supervisor and Human Resources. The message must contain information for senders to direct questions for University business to a contact at Duquesne University and may contain new personal/business contact information for the former employee if appropriate and approved.
  6. As set forth more fully above, employee Duquesne University email messages may not be automatically forwarded to another email account (e.g. @gmail or @outlook) except in rare, pre-approved circumstances.
b. Student
  1. For graduated students, email is disabled 13 months after graduation. Email is purged 60 days following the end of the 13th month.
  2. For students who leave before graduation, email is retained for 13 months from the last term they were registered. Email is purged 60 days following the end of the 13th month.
  3. If a student graduates and then becomes an employee of the university and then separates from the university within the 13-month retention period, the email account is treated as an employee account and is handled as such (see section a. above).
c. Retiree
  1. As outlined in TAP 18, individuals who are defined as a "retiree" of the University are entitled to a Duquesne University email address.
  2. Duquesne University retiree email accounts are offered for retirees. Retirees are required to follow all University policies, service requirements, and processes to retain the email account.
  3. Email access will be disabled if the retiree has not accessed the account within the past 12 months.
  4. Retired faculty who have active research/scholarly projects that benefit Duquesne University can request and be granted a one-year extension to keep their University email and MultiPass access during retirement, subject to (at the University's discretion and request) having privileged, confidential and FERPA-related University materials removed from their accounts by the University to prevent security issues.

  5. Former University Presidents will be provided an email account to continue their ongoing support of the mission of the University.

  6. Review and approval for extensions shall be conducted by the retired faculty member's Department Chair and Dean. Requests should include:

    • A brief description of the research/scholarship being conducted
    • How (if at all) full-time Duquesne students or faculty are being involved in the research/scholarship.
    • How (if at all) university resources will be utilized
    • How the work advances the academic interests of Duquesne University.

    Duquesne University should be listed as the affiliated university for any publications based on this work.

    Retired faculty members must make a request for such an extension annually in writing and send it to his/her Dean for approval by June 1 of each year. This access can be reviewed and re-approved annually with the consent of the Department Chair and Dean. Deans shall consult with Department Chairs in making final decisions.

    For each approved request, an email confirming approval shall be sent by the department to hrservicesFREEDUQUESNE. Retired faculty members, once approved for an extension, will receive an email from CTS outlining what they need to do to keep their MultiPass active.

    Questions regarding this policy can be sent to helpFREEDUQUESNE.

e. Privacy and Right of University Access

While the University will make every attempt to keep email messages secure, privacy is not guaranteed and users should have no general expectation of privacy of email sent through University Email Accounts (including email forwarded from University Email Systems).

Certain circumstances may require University administrators to access individual's email accounts. These circumstances can include, but are not limited to: maintaining the system, investigating security or abuse incidents, business continuity, leaves, investigations, litigation, or separation from the University. Access to individual email accounts will be provided if approved by Legal Affairs based on the University's business needs.

7. Enforcement

The unauthorized or improper use of Duquesne University's Technology Environment, including the failure to comply with these service requirements, constitutes a violation which may result in the loss of access, University disciplinary actions and/or legal prosecution under federal, state and local laws, where applicable. Users are expected to adhere to TAP 26 - Computing and Ethics Guidelines.

The University reserves the right to amend these service requirements at any time without prior notice and to take such further actions as may be necessary or appropriate to comply with other published policies and with applicable federal, state, and local laws.