This guideline sets the expectation of access to employee email at Washington University in St. Louis as well as the mechanisms by which employee email can be accessed by IT staff.
Confidentiality of electronic mail cannot be assured. Confidentiality may be compromised by unintended redistribution, or due to technologies that may not protect against unauthorized access. In addition, any confidentiality may be subordinate to the application of law, guideline or policy, including this guideline.
Users should assume that the contents of email might be accessible to persons other than the recipient.
Users should be aware that, during the performance of their duties, network and systems administrators need to observe the contents of certain data, on storage devices and in transit, to ensure proper functioning of the university’s IT facilities. During these processes the contents of email messages may be visible.
The university has a legitimate right to capture and inspect any data stored or transmitted on the university’s IT facilities (regardless of data ownership), when investigating system problems or potential security violations, and to prevent, detect or minimize unacceptable behavior on that facility. This includes where maintaining system security and integrity including the management of unsolicited mail and virus protection.
The contents of electronic mail will not be released to persons within or outside of the university, except in response to:
- Permission from the user; or
- A request from the senior executive, dean, director or university librarian, made in writing and accepted by the chief technology officer or delegated persons, to investigate a potential breach of policy; or
- A request from the senior executive, dean, director or university librarian, made in writing and accepted by the chief technology officer or delegated persons, for access to be granted; or
- Where deemed appropriate by the university in order to uphold the statutory rights of individuals in matters such as privacy, copyright, occupational health and safety, equal employment opportunity, harassment and discrimination; or
- A proper request from an appropriate law-enforcement officer investigating an apparently illegal act, including a court order; or
- A relevant statute.
Access to any data will always be via network or systems administrators, or via persons nominated by the chief technology officer. The university’s policy and statutory legislation relating to privacy will be upheld in all cases.
Updated April 1, 2013.