- The acceptable use and unacceptable use of the Email Services and related violation penalties, if any, are governed by the “Policies on Use of IT Services and Resources”, “Mass Communication and Social Computing Regulations”, “Campus Network Regulations”, “Electronic University Data Regulations”, “Information Security Policies and Standards” and additional regulations defined in this document.
- The uses of externally hosted email services are further governed by the Terms and Conditions (T&C), if any, of their respective service providers.
All users of University provided Email Services are subject to regulations defined in this document. Specifically, courtesy email services users, including alumni and retired staff, are also subject to regulations defined in this document.
- All emails sent from the accounts via services managed by Central IT, including replies and forwarded email, should contain the standard disclaimer of the University:
“This email (including any attachments) is for the use of the intended recipient only and may contain confidential information and/or copyright material. If you are not the intended recipient, please notify the sender immediately and delete this email and all copies from your system. Any unauthorized use, disclosure, reproduction, copying, distribution, or other form of unauthorized dissemination of the contents is expressly prohibited.”
- Users must use email for the sole purposes of the operation of the University, save and except users of courtesy email services (such as “Alumni” and “Retired Staff”).
- Eligible applicants may apply for “courtesy email service account”. Conditions are also applied and subject to change by the University without prior notice. The University shall have the right in its sole discretion to approve or refuse such application.
- Users must not use email for activities such as defamation, abuse, harassment, obscenity, threats or otherwise violating the legal rights (such as rights of privacy and publicity) of others. The University’s email address lists as well as any other relevant contact information in the communications directory are personal data of respective users and are for internal use only. These data may not be distributed to any external entity for mass mailing or used for any purposes other than those approved by the University.
- Users shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless expressly authorised to do so.
- Users must not impersonate another person or entity, or falsify or delete any author attributions, legal or other proper notices or proprietary designations or labels of the origin or source of software or other material contained in a file that is sent.
- The Email Services shall not be used for purposes that can reasonably be expected to cause, directly or indirectly, either excessive load on any IT Resources or interference with others' use of such IT Resources. Users shall also take all reasonable steps to avoid wastage of the IT Resources provided, and the IT Service Providers reserve the right to levy charges on wasteful and / or inappropriate use of resources. For example, users must not send or forward chainmail, mailbombs, or spam. Spam email is further defined as unsolicited messages sent in bulk with same or similar content to considerable size of recipients.
- To minimise spam and junk emails, the University deployed automatic email spam control system. The system will be adjusted to determine if the emails are considered spam and at the time of publication, there is no way for Central IT to intervene the algorithms implemented by the email service providers.
- To effectively and speedily stop the delivery of any possible spam email, Central IT, upon receiving multiple complaints, will block further delivery of such or similar email, if they are not classified as spam by the algorithms.
- Users must not intentionally transmit any viruses, worms, defects, trojans, or any items of destructive nature. They shall also protect university computers in their possession to avoid unintended transmission of the above.
- Users must take necessary precautions to protect the confidentiality of personal or confidential information found in Email and its backups, archives, cloud storage or other electronic records stored.
- According to the “Information Classification and Handling Standard”, email that contains any information that has been classified as “RESTRICTED” or “CONFIDENTIAL” must be encrypted for transmission and storage.
- Users must follow the good practice to avoid activities that may affect the performance of the Email system and interfere with the work of others such as subscribing to list‐servers, transmitting messages with large attachments or sending messages to a large group of recipients.
- Email Services must not be used as a kind of storage for University records. Content/records should be stored and managed in appropriate systems such as document management system, share drives, or electronic system. System backups for the Email Services are performed only for the purposes of disaster recovery, and of judicial discovery requests from law enforcement agencies of the Hong Kong SAR Government when contents of such backups may be legally admissible. Appropriate storage for retention and disposal of work‐related email is the responsibility of the originator/recipient of the email. It is the responsibility of all staff to ensure that their email records are retained for the appropriate period, and are also deleted when appropriate in accordance with the record type.
- To maintain the health of the Email Services, Central IT reserves the right to take any measures, subject to the prevailing rules on confidentiality, privacy and accountability stipulated by the respective IT Service Providers, to examine the message content, remove or reject any electronic messages that are considered harmful to the service, a violation of the relevant IT Policies or Regulations or is otherwise objectionable in the sole discretion of Central IT.
- The University or its delegate retains the right, at his/her own sole discretion, to create limits on the number of transmissions users may send or receive through the email services or the amount of storage space used at any time with or without prior notice.
- Direct marketing messages which are sent via the Email Services should follow the procedures about the use of personal data in direct marketing given under the University Code of Practice on Personal Data (Privacy) Issues and be compliant with the Unsolicited Electronic Messages Ordinance (UEMO) of Hong Kong.
- Unsolicited massive emailing without explicit approval from the University, or broadcasting messages which are likely to harass or offend other users, or any communications which violate IT Policies and Regulations, or any other relevant laws and regulations are prohibited. Sending electronic messages to people you do not know or who do not need to receive the message is a nuisance.
- Users intended to announce a message to large group of recipients are requested to use “CityU Announcement Portal (CAP)”, the University’s official mass communication service. Sender must respect recipients’ rights to opt-out from the mailing list by providing unsubscribing mechanism. Upon receipt of complaints about not fulfilling this requirement, the Central IT may at its discretion suspend the sender’s email account and to remove the sent email from recipient’s mailboxes without prior notifications. Details are set out in the “Mass Communication and Social Computing Regulations”.
Failure to comply with any regulation defined in this document may result in penalties as described in the "Policies on Use of IT Services and Resources."
E. Terms and Definition
A common set of terms and definitions used in the IT Policies and Regulations are defined in the “Policies on Use of IT Services and Resources” document.
F. Related Policies and Regulations
This document, Electronic Mail Regulations, is only part of the policy. The “Policies on Use of IT Services and Resources” document contains a complete list of other relevant regulations.
The IT Policies and Regulations may be revised from time to time as necessary without prior notice.
G. Contact Information
For questions about this document, please contact the Office of the Chief Information Officer (OCIO) at firstname.lastname@example.org.