Compliance with the Rensselaer Email Policy

Institute policy states that email accounts obtained through third parties may not be used in conducting the business of the Institute.  Ensuring compliance with the Rensselaer email policy is crucial for several reasons, including regulatory security requirements, operational efficiency, and maintaining a professional image.

Regulatory Security Requirements

Compliance with various regulatory security requirements such as FERPA, GLBA, and HIPAA is essential. These regulations mandate strict controls over the handling and protection of sensitive information. It is not possible to monitor and ensure compliance if using third party email systems.  We do not know the security measures applied to freemail accounts, such as multi-factor authentication (MFA) or secure devices. We have no logging, auditing, visibility, or security of these accounts when they contain institute data and communication.

Integrated Environment

Email is no longer an isolated service; it is part of a broader environment of services. In the case of O365, this includes Active Directory and Calendars. By using RPI email, you can look up someone's correct email address by their name, department, or title. Additionally, scheduling meetings and finding suitable meeting times is more efficient when everyone uses the O365 environment, which includes their RPI email address.

Assurance of Delivery 

We cannot assure the delivery of emails or check that delivery was successful if non-RPI email addresses are used. Investigating email issues becomes challenging, and it is difficult to detect forgeries.   

Forgeries

When freemail or other external accounts are routinely used it becomes increasingly difficult to detect forgeries.  This can lead to forgeries being treated as legitimate by recipients, as well as non-forged external email being treated as a forgery by the malware detection systems.

Enhanced Security

Emails going through the Rensselaer gateway are subject to more malware scans and may be investigated if they appear suspicious. Important emails from professors or others may end up in Junk E-Mail or Quarantine if they are sent from external addresses. 

Branding and Professionalism

Using RPI email accounts promotes a professional image and consistent branding. It ensures that all communications are aligned with the institute's standards and values.

Potential Legal Consequences

Mixing personal and professional emails can lead to complications during discovery and legal requests, as these requests may go to personal email providers like Gmail, if they are addressed at all. Using personal email accounts for professional communication can expose the institute to legal risks during discovery requests in civil or criminal cases.   Additionally, your personal email may now be subject to discovery.  Rensselaer may not be in compliance with data backup and retention requirements if personal email accounts are used.

 

 

Division of the Chief Information Officer

110 8th St. Troy, NY 12180

(518) 276-7777

Staff Directory

Get Help


IT Service and Support Center
Back to top