(1) Electronic Mail Regulations

A. Purpose

  1. The acceptable use and unacceptable use of Email Services and related violation penalties, if any, are governed by the “Policies on Use of IT Services and Resources”, “Mass Communication and Social Computing Regulations”, “Campus Network Regulations”, “Electronic University Data Regulations”, “Information Security Policies and Standards” and additional regulations defined in this document.
  2. The uses of externally hosted email services are further governed by the Terms and Conditions (T&C), if any, of their respective service providers.

B. Scope

All users of University provided Email Services are subject to regulations defined in this document.  Specifically, courtesy email services users, including alumni and retired staff, are also subject to regulations defined in this document.

C. Statements

  1. All emails sent from the accounts via services managed by Central IT, including replies and forwarded email, should contain the standard disclaimer of the University:

    “This email (including any attachments) is for the use of the intended recipient only and may contain confidential information and/or copyright material. If you are not the intended recipient, please notify the sender immediately and delete this email and all copies from your system. Any unauthorized use, disclosure, reproduction, copying, distribution, or other form of unauthorized dissemination of the contents is expressly prohibited.”
  2. Users must use email for the sole purposes of the operation of the University, save and except users of courtesy email services (such as “Alumni” and “Retired Staff”).
  3. The Email Services refers to a set of communications services and contents from the University.  These include, but are not limited to, university announcements, service announcements, administrative messages, and CityU Newsletter.  They are considered part of the services provided. Users will not be able to opt out from receiving them.
  4. Eligible applicants may apply for “courtesy email service account”.  Conditions are also applied and subject to change by the University without prior notice.  The University shall have the right in its sole discretion to approve or refuse such application.
  5. Users must inform the University of changes in their contact information.  If the University has reasonable grounds to believe that the information has become untrue, inaccurate, or not current, the University has the right to suspend or terminate the Email Services and refuse any and all current or future use of the Services.
  6. Email use for activities such as defamation, abuse, harassment, obscene acts, threats or other violations of legal rights (such as rights of privacy and publicity) of others is not allowed.  Furthermore, the University’s email address lists as well as other relevant contact information in the University’s communications directories may contain personal data of the respective users and are for internal use only.  These data may not be distributed to any external entity for mass mailing or used for any purposes other than those approved by the University.
  7. Users shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless expressly authorised to do so. 
  8. Users must not impersonate another person or entity, or falsify or delete any author attributions, legal or other proper notices or proprietary designations or labels of the origin or source of software or other material contained in a file that is sent. 
  9. The Email Services shall not be used for purposes that can reasonably be expected to cause, directly or indirectly, either excessive load on any IT services and resources or interference with others' use of such IT services and resources.  Users shall also take all reasonable steps to avoid wastage of the IT services and resources provided, and the IT Service Providers reserve the right to levy charges on wasteful and / or inappropriate use of resources.  For example, users must not send or forward chain email, unsolicited bulk email (“spam”), or excessively large email intended to block the recipient’s mailbox.  
  10. To minimise spam, junk or otherwise harmful email, the University uses automatic email spam control system. This system automatically categorises incoming email based on the email services providers’ algorithms. While any such system is adjusted from time to time by the email services provider, there is no way for Central IT to intervene in the system’s algorithms.
  11. To effectively and speedily stop the delivery of additional spam emails, Central IT, upon receipt of multiple complaints and review of them, may block (“blacklist”) future delivery of such emails, even if they are not yet classified as spam by email service provider algorithms.
  12. Users must not intentionally transmit any harmful computer programs, including computer viruses, worms, defects, trojans, or any other items of a destructive nature.  Users shall also protect university computers in their possession to avoid unintended transmission of the above. 
  13. Users must take necessary precautions to protect the confidentiality of personal or confidential information found in email and its backups, archives, cloud storage or other electronic records stored. 
  14. According to the “Information Classification and Handling Standard”, email that contains any information that has been classified as “RESTRICTED” or “CONFIDENTIAL” must be encrypted for transmission and storage.
  15. Users must follow the good practice to avoid activities that may affect the performance of the Email system and interfere with the work of others such as subscribing to list‐servers, transmitting messages with large attachments or sending messages to a large group of recipients. 
  16. The Email Services must not be used as a storage mechanism for University records.  Content/records should be stored and managed in appropriate systems such as document management systems, share drives, or other organized electronic filing systems.  System backups for the Email Services are performed only for the purposes of disaster recovery, and for judicial discovery requests from law enforcement agencies of the Hong Kong SAR Government when contents of such backups may be legally admissible.  Appropriate storage for retention and disposal of work‐related email is the responsibility of the originator/recipient of the email.  It is the responsibility of all staff to ensure that their email records are retained for the appropriate period, and are also deleted when appropriate in accordance with the record type. 
  17. To maintain the health of the Email ServicesCentral IT reserves the right to take any measures, subject to the prevailing rules on confidentiality, privacy and accountability stipulated by the respective IT Service Providers, to examine the message content, remove or reject any electronic messages that are considered harmful to the service, a violation of the relevant IT Policies or Regulations or is otherwise objectionable in the sole discretion of Central IT. 
  18. The University or its delegate retains the right, at his/her own sole discretion, to create limits on the number of transmissions users may send or receive through the Email Services or the amount of storage space used at any time with or without prior notice.
  19. Direct marketing messages which are sent via the Email Services should follow the procedures about the use of personal data in direct marketing given under the University Code of Practice on Personal Data (Privacy) Issues and be compliant with the Unsolicited Electronic Messages Ordinance (UEMO) of Hong Kong. 
  20. Unsolicited massive emailing without explicit approval from the University, or broadcasting messages which are likely to harass or offend other users, or any communications which violate IT Policies and Regulations, or any other relevant laws and regulations are prohibited.  Sending electronic messages to people you do not know or who do not need to receive the message is a nuisance.
  21. Users intended to announce a message to large group of recipients are requested to use “CityU Announcement Portal (CAP)”, the University’s official mass communication service.  Sender must respect recipients’ rights to opt-out from the mailing list by providing unsubscribing mechanism.  Upon receipt of complaints about not fulfilling this requirement, the Central IT may at its discretion suspend the sender’s email account and to remove the sent email from recipient’s mailboxes without prior notifications.  Details are set out in the “Mass Communication and Social Computing Regulations”.

D. Enforcement

Failure to comply with any regulation defined in this document may result in penalties as described in the "Policies on Use of IT Services and Resources."

E. Terms and Definition

A common set of terms and definitions used in the IT Policies and Regulations are defined in the “Policies on Use of IT Services and Resources” document.

F. Related Policies and Regulations

This document, Electronic Mail Regulations, is only part of the policy.  The “Policies on Use of IT Services and Resources” document contains a complete list of other relevant regulations.

The IT Policies and Regulations may be revised from time to time as necessary without prior notice.

G.  Contact Information 

For questions about this document, please contact the Office of the Chief Information Officer (OCIO) at cio@cityu.edu.hk.