|Date guideline took effect
|13 November 2023
|Last approved revision
|Director, Information Technology Services
|Head of IT Infrastructure
The purpose of these guidelines is to ensure effective and appropriate use of email communications for University purposes.
These guidelines apply to all staff employed by the University, and all Approved Persons who are approved to send or receive email communications on behalf of the University.
These guidelines do not apply to students, other than those students who are also staff employed by the University.
- Approved Persons
- Any person who is either approved to use a Digital Communications System associated with the University or to send a Digital Communication on behalf of the University but is not employed by the University. Examples include but are not limited to: Emeritus Professors, visiting scholars, external parties engaged in University research or teaching, alumni with access to the Library, members of University Council, staff of the OUSA , and contractors supporting University services or projects.
- Digital Communications
- Any electronic transmission of information to one or more recipients, directly or indirectly, via one or more Digital Communication Systems.
- Digital Communications System
- Any networked messaging and collaboration technologies, on which information can be created, delivered, received, and retained; including, but not limited to, email, text and video messaging applications, voicemail, websites, display screens and internet-based social networking facilities.
- Personal Information
- Any information about an identifiable individual.
Sending and responding
- The University acknowledges that the use of email can increase pressure on workplaces through the large number of emails sent to some staff and the desire for an immediate reply. Staff are not expected to respond to emails outside of their normal work hours, except in exceptional circumstances.
- Consider the most appropriate channel(s) for your communication depending on your audience, content/message, time frame, etc. Email may not be the appropriate form of communication for some matters – especially for urgent requests for information or assistance to University service/support areas such as AskOtago. Please consider contacting these areas by phone or Teams for issues requiring an urgent response.
- The use of shared mailboxes is encouraged for certain staff roles (e.g., Heads of Department, Pro-Vice-Chancellor, Chief Operating Officer, Chief Financial Officer, Directors etc.) and areas that provide services in response to email. The shared mailbox helps support functional continuity for managing requests/communication sent via email. Where appropriate, staff using a shared mailbox should identify who is sending the email (e.g., Pro-Vice-Chancellor or EA). Further information about shared mailboxes can be found in the AskOtago knowledgebase.
- It is recommended that you do not:
- open unexpected attachments from unknown or even known senders.
- follow web links within an email message unless you are certain that the link is legitimate. Following a link in an email message executes code, which can also install malicious programs on your computer.
- complete forms sent via a web link from an unknown sender. This is to mitigate the risk of identity theft.
- Contact AskOtago immediately if you suspect you have been the victim of an email scam/phishing attack.
- Consider the appropriate person(s) to whom a message is to be sent. Sending emails to a number of people can lead to uncertainty as to the responsibility for action, double handling, wasted time, lost information, delayed responses and general frustration.
- When sending emails, it is recommended that the 'To' field is used for those people who are required to take some action in the matter and that the 'Cc' field is used for those people to whom the email is sent only for information purposes. Alternatively, it may be helpful to include an appropriate note in either the subject or at the beginning of the message where an email is being sent for information purposes only. This can be done either by stating that the message is "For your information" or "No action is required on your part".
- Ensure that your message is going to the intended recipient(s) by checking the email address is correct (especially if just the recipient Display Name is showing). This is particularly important when using an address book that includes staff and student names, and where individuals have more than one email address listed. There are also instances of more than one individual having the same name, so it is important to check you have selected the correct person.
- Members of the University community are strongly encouraged to use personal and professional courtesies and considerations in email messages.
- The University strongly encourages the use of te reo Māori in at least the greeting and closing parts of the email message. More Information can be found on the University website, and in Ngā Kaupapa mō te reo Māori – the Māori Language Policy.
- Before forwarding/including others in an existing communication, ensure that the content of the full message trail is appropriate to be sent to the recipient(s).
- Ensure that special precautions are taken when handling sensitive information (e.g., health or HR information), including:
- attaching appropriate information security measures to the email communications in accordance with the University’s Information Framework and Information Security Policy;
- anonymising Personal Information if possible;
- encryption of Personal Information when appropriate;
- password protection on files that are attached to emails when appropriate.
- When sending or forwarding to external organisations emails containing information or attachments classified as confidential or restricted, the email should be signed and encrypted using an approved encryption method. These can include Microsoft Office password protect, and the encryption feature in WinZip. Passwords should be provided to the recipient using another form of communication, such as phone or text message.
- It is helpful to use a disclaimer to make clear the purpose/intention of a message, where relevant. For example, disclaimers can be used to highlight the presence of confidential and privileged information or to make it clear that the sender is not representing the University. See the following examples:
- “This message contains information that may be confidential and privileged. Unless you are the addressee (or authorised to receive the message for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by return email and delete the message.”
- “This email contains the thoughts and opinions of [your name] and does not represent the official University policy.”
- An email signature should be used to identify yourself clearly when communicating as part of your role with the University. Just as University business cards follow a consistent format, so too should email signatures, to present a visually coherent and on-brand message to those we communicate with. It is recommended that the University Email Signature Generator be used to create your email signature.
- For information security reasons, University staff email accounts must not be set up to forward messages to student email accounts or non-University email accounts.
- Staff are encouraged to create a “Personal” folder within their email account to store messages of a personal nature.
- It is recommended that Staff away from work for longer than one working day should create an Automatic Reply/Out of Office message to let the sender know if they need to take any additional action (especially if the staff member will not be checking mail regularly). For example, it may be helpful to include the contact information for another staff member who can respond while the person is away.
- In situations where people have similar/identical known and last names, the Display Name field can be updated to include information to help distinguish between people (e.g., by adding your department/team or position title to your name information). Contact AskOtago to have this done.
- Upon leaving, a staff member (in consultation with their manager, as appropriate):
- should set up a personalised Automatic Reply/Out of Office message to let senders know that the account is no longer in use and whether their message has been forwarded. It can also let the sender know where to send both University and personal messages. If a personalised Automatic reply is not set up, the default one will be applied automatically when the email account is disabled (35 days after the staff member’s end date in the HR System).
- can request that an internal forward to redirect incoming messages be set up (e.g., to a manager or colleague). Contact AskOtago to have this done.
- must not set their emails to automatically forward to a student email account or any non-University email account.
- should unsubscribe from email lists and distribution groups where appropriate.
- Upon leaving, a staff member (in consultation with their manager, as appropriate):
Email lists / distribution groups
- The University has a variety of established staff and student email lists. For some, membership is automatic depending on criteria such as your department/team, campus and/or that you are a staff member or a student. For these lists, it is likely that only approved senders will be able to send messages to members of the list. For others, membership will be voluntary (e.g., an area of interest, department social list, etc.) or indirect (e.g., the all-depts list).
- In all cases, care should be taken to ensure messages sent to a list are of relevance to list members and to check that a reply to a list message will go to where you intend it to (especially if the list is set up to automatically send replies to the list rather than the original sender).
- In some cases, it may be important to keep the email addresses that are included in an email list private. When this is the case, the sender should use the “Bcc” field, ensuring that the sender is the only person who can see who is a member of the list.
Related Policies, Procedures and forms
Policies, Procedures, Guidelines
- Digital Communications Policy
- Information and Communications Technology
- Information Security Policy
- Internet Usage Policy
- Ngā Kaupapa mō te reo Māori – the Māori Language Policy
- Mandatory and Recommended IT Services and Solutions (PDF)
- Information Framework (PDF)
Contact for further information
If you have any queries regarding the content of these guidelines or need further clarification, contact: