Users of Calmail Email Services should exercise extreme caution in using email to transmit confidential or sensitive matters.
- Specific Privacy Limitations
Both the nature of email and the public character of the University make email less private than users may anticipate. For example, email intended for one person sometimes may be widely distributed because of the ease with which recipients can forward it to others. A reply to an email message posted on an electronic bulletin board or "listserver" intended only for the originator of the message may be distributed to all subscribers to the listserver. Furthermore, even after a user deletes an email record from a computer or email account it may persist on backup facilities, and thus be subject to disclosure under the provisions of the University of California Electronic Communications Policy (ECP). The University cannot routinely protect users against such eventualities.
- Record Disclosure Requirements
Email, whether or not created or stored on University equipment, may constitute a University Record subject to disclosure under the California Public Records Act or other laws, or as a result of litigation. However, the University does not automatically comply with all requests for disclosure, but evaluates all such requests against the precise provisions of the Act, other laws concerning disclosure and privacy, or other applicable law. Users of University Electronic Mail Services also should be aware that the California Public Records Act and other similar laws jeopardize the ability of the University to guarantee complete protection of personal email resident on University facilities. The California Public Records Act does not, in general, apply to students except in their capacity, if any, as employees or agents of the University. This exemption does not, however, exclude student Email from other aspects of this Policy.
Also note that records such as the membership of individuals on a CalMail mailing list may be subject to disclosure under a public records request (depending upon its purpose), a subpoena in connection with a criminal investigation, or other authorized procedure.
- Email Content
Calmail, in general, cannot and does not wish to be the arbiter of the contents of email. Neither can Calmail, in general, protect users from receiving email they may find offensive. Members of the Campus community, however, are strongly encouraged to use the same personal and professional courtesies and considerations in email as they would in other forms of communication.
- Validating Authenticity
There is no guarantee, unless "authenticated" mail systems are in use, that email received was in fact sent by the purported sender, since it is relatively straightforward (although a violation of the Terms and Conditions of Appropriate Use for CalMail), for senders using CalMail or other email systems to disguise their identity. Furthermore, email that is forwarded may also be modified.
Authentication technology is not widely and systematically in use at the University as of the date of this document. As with print documents, in case of doubt receivers of email messages should check with the purported sender to validate authorship or authenticity.
- Encryption of email
Encryption enables the encoding of email so that for all practical purposes it cannot be read by anyone who does not possess the right key. However, encryption technology is not in widespread use as of the date of this document. The answers to questions raised by the growing use of encryption technologies are not now sufficiently understood to warrant the formulation of University policy at this time. Users and Operators of email Facilities should be aware, however, that these technologies will become generally available and probably will be increasingly used by members of the community.