[acupa-l] email privacy/phishing mitigation

2016-09-22 Thread Theresa Rowe 
 This is a balancing act mostly covered by our policy for general
computing: http//www.oakland.edu/890

Our policy is that individual email content is essentially personal
recognizing public formal requests:

   1. *Privacy* - Technological methods must not be used to infringe upon
   privacy. However, Authorized Users must recognize that Resources are public
   and subject to the Freedom of Information Act, the Communications
   Assistance for Law enforcement Act, other federal, state and local statutes
   and regulations, and exceptions established by the University as permitted
   by law. Authorized Users utilize such Resources at  their own risk.

Our general university IT policy puts responsibility for overall management
for greater good in IT. - www.oakland.edu/policies/830

I think some of your comment hints at process rather than policy. Our
process is that:
1) we will implement spam and malware filters that block delivery of spam
and phishing email if identified
2) spam and malware filters will allow unconfirmed spam and phishing but
will display warnings
3) once spam or phishing are delivered to an email inbox, we do not
intercede and it is up to the individual to recognize and mark. This is to
comply with the above privacy statement.

Theresa


On Thursday, September 22, 2016, Erica Heffner 
wrote:

> Hello all,
>
>
>
> Does anyone have an explicitly stated practice or policy of removing
> phishing emails either from the server or from individual email accounts?
>
> We address that that employees have a limited expectation of privacy on
> University email accounts.  But haven’t described a practice of removing
> malicious emails from individual accounts.
>
>
>
> Erica Heffner, MEd, CCEP
>
> Asst. Director Compliance Services
>
> University of Vermont
>
> erica.heff...@uvm.edu
>
> p. (802)-656-1398
>
>
>
>
>
> *Ethics and Compliance Reporting and Help Line
>  * or
> Toll Free (877) 310-0413
>
>
>
> **CONFIDENTIALITY NOTICE***
>
> This e-mail and any attachments may contain private, confidential, and
> privileged information for the sole use of the intended recipient.  This
> information is intended for receipt and use by authorized addressees only.
> If you are not the intended recipient, please notify the sender
> immediately; any dissemination, distribution or copying is strictly
> prohibited.
>
>
>
>
>
> *Replying to Messages:* Replying (using Reply) to an ACUPA-L e-mail will
> distribute your message to the *ENTIRE list of members*. To send a
> message privately, reply directly to the individual who sent the message
> (their e-mail address appears in the "From" line of their original e-mail).
>
> *To Unsubscribe*: Go to http://www.acupa.org/Member
> shipForm_Discontinue.html and complete the form. We will remove you from
> the list within 24 hours, during normal business hours.
>
> *Questions about the ACUPA e-list?* Contact Jamie Parris at
> jamiepar...@cornell.edu or 607-255-6837.
>
>

-- 
Theresa Rowe on the road

RE:[acupa-l] email privacy/phishing mitigation

2016-09-22 Thread Joshua Adams 
Erica,

Here, rules about removing phishing emails from the server would not be a 
university policy, but a “behind the scenes” practice of our IT department.  I 
don’t think we have any specified rule about this, though, given how many 
phishing emails we all get.

As for a rule for staff members to remove them from their individual email 
accounts, this would also not be a university policy, but treated as a “best 
practice,” managed through informational and advisory websites (such as our 
“Phishbowl”: http://www.it.cornell.edu/security/phishbowl.cfm).

Joshua

Joshua Adams, Director
University Policy Office and EVP Communications
Cornell University
341 Pine Tree Road
Ithaca, NY 14850

p: 607.255.8279
f: 607.254.1555
w: www.policy.cornell.edu<http://www.policy.cornell.edu/>

ü Please consider the environment before printing this e-mail.

From: bounce-120815504-53380...@list.cornell.edu 
[mailto:bounce-120815504-53380...@list.cornell.edu] On Behalf Of Erica Heffner
Sent: Thursday, September 22, 2016 8:28 AM
To: ACUPA-L 
Subject: [acupa-l] email privacy/phishing mitigation

Hello all,

Does anyone have an explicitly stated practice or policy of removing phishing 
emails either from the server or from individual email accounts?
We address that that employees have a limited expectation of privacy on 
University email accounts.  But haven’t described a practice of removing 
malicious emails from individual accounts.

Erica Heffner, MEd, CCEP
Asst. Director Compliance Services
University of Vermont
erica.heff...@uvm.edu<mailto:erica.heff...@uvm.edu>
p. (802)-656-1398


Ethics and Compliance Reporting and Help 
Line<https://secure.ethicspoint.com/domain/media/en/gui/24544/index.html>  or 
Toll Free (877) 310-0413

**CONFIDENTIALITY NOTICE***
This e-mail and any attachments may contain private, confidential, and 
privileged information for the sole use of the intended recipient.  This 
information is intended for receipt and use by authorized addressees only. If 
you are not the intended recipient, please notify the sender immediately; any 
dissemination, distribution or copying is strictly prohibited.



Replying to Messages: Replying (using Reply) to an ACUPA-L e-mail will 
distribute your message to the ENTIRE list of members. To send a message 
privately, reply directly to the individual who sent the message (their e-mail 
address appears in the "From" line of their original e-mail).

To Unsubscribe: Go to http://www.acupa.org/MembershipForm_Discontinue.html and 
complete the form. We will remove you from the list within 24 hours, during 
normal business hours.

Questions about the ACUPA e-list? Contact Jamie Parris at 
jamiepar...@cornell.edu<mailto:jamiepar...@cornell.edu?subject=ACUPA%20e-list%20assistance>
 or 607-255-6837.

RE:[acupa-l] email privacy/phishing mitigation

2016-09-22 Thread Lloyd, Lynda 
We do not.

Lynda Lloyd, M.Ed., PHR
Director of Policy
Adjunct Faculty
NWACC Policy<http://www.nwacc.edu/web/policy/policy_procedure>
479-619-4248

This message is intended solely for the recipient to whom it is addressed. If 
you are not the intended recipient, do not disclose, distribute or copy this 
email.  Please notify the sender immediately and delete this email from your 
system.

From: bounce-120815504-56848...@list.cornell.edu 
[mailto:bounce-120815504-56848...@list.cornell.edu] On Behalf Of Erica Heffner
Sent: Thursday, September 22, 2016 7:28 AM
To: Association of College and University Policy Administrators 

Subject: [acupa-l] email privacy/phishing mitigation

Hello all,

Does anyone have an explicitly stated practice or policy of removing phishing 
emails either from the server or from individual email accounts?
We address that that employees have a limited expectation of privacy on 
University email accounts.  But haven’t described a practice of removing 
malicious emails from individual accounts.

Erica Heffner, MEd, CCEP
Asst. Director Compliance Services
University of Vermont
erica.heff...@uvm.edu<mailto:erica.heff...@uvm.edu>
p. (802)-656-1398


Ethics and Compliance Reporting and Help 
Line<https://secure.ethicspoint.com/domain/media/en/gui/24544/index.html>  or 
Toll Free (877) 310-0413

**CONFIDENTIALITY NOTICE***
This e-mail and any attachments may contain private, confidential, and 
privileged information for the sole use of the intended recipient.  This 
information is intended for receipt and use by authorized addressees only. If 
you are not the intended recipient, please notify the sender immediately; any 
dissemination, distribution or copying is strictly prohibited.



Replying to Messages: Replying (using Reply) to an ACUPA-L e-mail will 
distribute your message to the ENTIRE list of members. To send a message 
privately, reply directly to the individual who sent the message (their e-mail 
address appears in the "From" line of their original e-mail).

To Unsubscribe: Go to http://www.acupa.org/MembershipForm_Discontinue.html and 
complete the form. We will remove you from the list within 24 hours, during 
normal business hours.

Questions about the ACUPA e-list? Contact Jamie Parris at 
jamiepar...@cornell.edu<mailto:jamiepar...@cornell.edu?subject=ACUPA%20e-list%20assistance>
 or 607-255-6837.

[acupa-l] email privacy/phishing mitigation

2016-09-22 Thread Erica Heffner 
Hello all,

Does anyone have an explicitly stated practice or policy of removing phishing 
emails either from the server or from individual email accounts?
We address that that employees have a limited expectation of privacy on 
University email accounts.  But haven’t described a practice of removing 
malicious emails from individual accounts.

Erica Heffner, MEd, CCEP
Asst. Director Compliance Services
University of Vermont
erica.heff...@uvm.edu
p. (802)-656-1398


Ethics and Compliance Reporting and Help 
Line  or 
Toll Free (877) 310-0413

**CONFIDENTIALITY NOTICE***
This e-mail and any attachments may contain private, confidential, and 
privileged information for the sole use of the intended recipient.  This 
information is intended for receipt and use by authorized addressees only. If 
you are not the intended recipient, please notify the sender immediately; any 
dissemination, distribution or copying is strictly prohibited.