Employee Use of Email Policy FAQ
Employees and/or affiliates of California State University East Bay who are issued a university email account must protect University data.
In particular, such persons must take extra precautions to protect Sensitive Information (Level 1 or 2) sent or received by email. The policy on employee and affiliate email usage is found here.
Below will find resources to help you navigate that policy.
Important steps to take while using your university email account:
- Use your CSU East Bay employee email for all University business -- for both sending and receiving.
- Use your CSU East Bay employee email for communication in all business systems, including those that do not require CSUEB NetID authentication.
- List your CSU East Bay university email in the campus directory, faculty profile page, on your syllabus, etc.
FAQs on Navigating this Change
All employees of CSU East Bay including faculty, staff, student employees and affiliates are required to use their @csueastbay.edu email address for university business. Related policies on this topic include:
- CSU's Data Classification Policy requires specific security controls based on the Protection Level of Institutional Information.
- CSUEB Procurement Policy requires specific contract language and security protections for third-party vendors handling institutional information. Private email service providers have not agreed to these terms. They have no contractual obligations with the CSU and have not been evaluated for security or privacy compliance.
- CSU’s Information Security Responsible Use Policy and the campus Electronic Communications Guidelines both require protecting University email from unauthorized access and unintended redistribution, which applies to forwarding email to personal accounts with inadequate contractual and security controls.
Use of a non-University email for university business exposes the campus and its community members to risk for many reasons, including the following.
-
Email is a highly targeted vector for cyber attacks, requiring robust security controls to protect it adequately. CSUEB IT identifies and blocks malicious emails to University email accounts. CSUEB's email provider also has contractual obligations with respect to the security and privacy of CSUEB email. The campus has no control or assurances regarding the protection of email in non-University services.
-
University employees cannot appropriately respond to legal holds and Public Records Act Requests for communications outside centrally supported services.
-
Because there is no contractual obligation to do so, a non-University email provider may not inform users if they are the subject of a Public Records Act Request, Freedom of Information Act Request, or other legal requests for information. The person may not know that information has been requested or provided from their account.
-
If a University employee receives a Public Records Act Request or a Freedom of Information Act Request, and they have been using a personal email for university business, their entire personal email account may be subject to review.
-
Every email containing FERPA-protected information that is sent to an email provider without a specific contractual designation (any non-csueastbay.edu account) is considered a FERPA violation.
-
Authentication logs and other forensic information critical for investigating security incidents are generally not available for email outside centrally supported services.
-
CSUEB IT staff are unable to investigate complaints regarding abuse and/or misuse of emails originating from non-University addresses.
Information on how to turn off automatic forwarding can be found here.
Note that these options for employee accounts will be turned off by ITS on July 1, 2024
Some examples of unapproved domains are consumer email services: @gmail.com, @yahoo.com, @hotmail.com, @me.com, etc.
Submit this form to request an automatic email forwarding exception.
Please note: In most cases, you will receive a response to your exception request within 1 week, but please allow up to 15 days for more involved requests.
Yes, automatic forwarding between CSU East Bay email accounts is allowed, with the following exceptions.
- Forwarding from a departmental accounts to employee accounts is allowed.
- Forwarding from one department account to another department account is not allowed.
- Forwarding from an employee (@csueastbay.edu) account to a student (@horizon.csueastbay.edu) account is not allowed.
- Forwarding between two employee accounts is not advised and requires approval from the CIO or CISO.
All forwarding between CSU East Bay email accounts is managed by ITS directly; submit this form to request the setup of such forwarding arrangements.
We strongly advise against forwarding your personal email to your University account for many reasons.
- If a University employee receives a Public Records Act Request or a Freedom of Information Act Request, the contents of their University email account, including personal emails forwarded to it, are subject to review.
- In addition, email vendors no longer offers CSU East Bay unlimited storage. The University's email accounts are currently limited to 100 GB.
- Due to recent changes in how major email providers manage forwarded email between accounts with similar names, this kind of forwarding will cause most forwarded messages to arrive in your Spam/Junk folder(s).
- The ISO may block such forwarding if it is found to increase spam rates in the University email environment.