Employee Use of Email Policy FAQ

Employees and/or affiliates of California State University East Bay who are issued a university email account must protect University data.

In particular, such persons must take extra precautions to protect Sensitive Information (Level 1 or 2) sent or received by email. The policy on employee and affiliate email usage is found here.

Below will find resources to help you navigate that policy.

Important steps to take while using your university email account:

Use your CSU East Bay employee email for all University business -- for both sending and receiving.
Use your CSU East Bay employee email for communication in all business systems, including those that do not require CSUEB NetID authentication.
List your CSU East Bay university email in the campus directory, faculty profile page, on your syllabus, etc.

FAQs on Navigating this Change

Do email policies apply to me?

All employees of CSU East Bay including faculty, staff, student employees and affiliates are required to use their @csueastbay.edu email address for university business. Related policies on this topic include:

CSU's Data Classification Policy requires specific security controls based on the Protection Level of Institutional Information.
CSUEB Procurement Policy requires specific contract language and security protections for third-party vendors handling institutional information. Private email service providers have not agreed to these terms. They have no contractual obligations with the CSU and have not been evaluated for security or privacy compliance.
CSU’s Information Security Responsible Use Policy and the campus Electronic Communications Guidelines both require protecting University email from unauthorized access and unintended redistribution, which applies to forwarding email to personal accounts with inadequate contractual and security controls.

Why is using CSU East Bay employee email required?

Use of a non-University email for university business exposes the campus and its community members to risk for many reasons, including the following.

Email is a highly targeted vector for cyber attacks, requiring robust security controls to protect it adequately. CSUEB IT identifies and blocks malicious emails to University email accounts. CSUEB's email provider also has contractual obligations with respect to the security and privacy of CSUEB email. The campus has no control or assurances regarding the protection of email in non-University services.
University employees cannot appropriately respond to legal holds and Public Records Act Requests for communications outside centrally supported services.
Because there is no contractual obligation to do so, a non-University email provider may not inform users if they are the subject of a Public Records Act Request, Freedom of Information Act Request, or other legal requests for information. The person may not know that information has been requested or provided from their account.
If a University employee receives a Public Records Act Request or a Freedom of Information Act Request, and they have been using a personal email for university business, their entire personal email account may be subject to review.
Every email containing FERPA-protected information that is sent to an email provider without a specific contractual designation (any non-csueastbay.edu account) is considered a FERPA violation.
Authentication logs and other forensic information critical for investigating security incidents are generally not available for email outside centrally supported services.
CSUEB IT staff are unable to investigate complaints regarding abuse and/or misuse of emails originating from non-University addresses.

Is there a difference between forwarding an email and setting up automatic forwarding?

Yes, forwarding an email on a singular basis to another email address is allowed. Automatic forwarding redirects all incoming email, or, when using a filter, all incoming email of a certain type, to another email address. This will be disabled for accounts forwarding to unapproved domains on July 1, 2024.

How can I turn off automatic forwarding?

Information on how to turn off automatic forwarding can be found here.

Note that these options for employee accounts will be turned off by ITS on July 1, 2024

What are some examples of unapproved forwarding domains?

Can I occasionally forward individual emails outside of the University, if they do not include sensitive student or institutional information?

Yes, CSU East Bay employees can occasionally forward individual emails to non-University email accounts, provided that the email does not include sensitive information, including, but not limited to, information classified at Level 1 or 2 per CSU East Bay's data classification standard

How do I request an exception?

Submit this form to request an automatic email forwarding exception.

Please note: In most cases, you will receive a response to your exception request within 1 week, but please allow up to 15 days for more involved requests.

I automatically forward emails between two different CSU East Bay email accounts (e.g., between a department email account and an individual email account). Is this ok?

Yes, automatic forwarding between CSU East Bay email accounts is allowed, with the following exceptions.

Forwarding from a departmental accounts to employee accounts is allowed.
Forwarding from one department account to another department account is not allowed.
Forwarding from an employee (@csueastbay.edu) account to a student (@horizon.csueastbay.edu) account is not allowed.
Forwarding between two employee accounts is not advised and requires approval from the CIO or CISO.

All forwarding between CSU East Bay email accounts is managed by ITS directly; submit this form to request the setup of such forwarding arrangements.

I want to have one inbox. Can I forward all my personal email to my CSU East Bay email account?

We strongly advise against forwarding your personal email to your University account for many reasons.

If a University employee receives a Public Records Act Request or a Freedom of Information Act Request, the contents of their University email account, including personal emails forwarded to it, are subject to review.
In addition, email vendors no longer offers CSU East Bay unlimited storage. The University's email accounts are currently limited to 100 GB.
Due to recent changes in how major email providers manage forwarded email between accounts with similar names, this kind of forwarding will cause most forwarded messages to arrive in your Spam/Junk folder(s).
- The ISO may block such forwarding if it is found to increase spam rates in the University email environment.

I want to forward some, or all, of my University email to my personal email while I am on leave. Is that ok?

No, automatic forwarding of University employee email to a non-university or personal email account, for any duration of time, is not permitted. Employees who wish to remain apprised of important University emails while on leave may create filters to mark some emails as important. Then, rather than review all of their email, they can log into their account and review only those that are filtered. Learn how to create filters

I am an employee leaving the university and I want to set up automatic email forwarding so that new incoming messages reach me at my personal address. Is this possible?

No, if you are an employee or affiliate you will neither be able to directly access, nor forward emails from your University employee email account after your appointment has ended.