VII:01:24 Email Policy

Purpose

This purpose of this policy is to establish requirements governing the acceptable use of volstate.edu email services provided by Volunteer State Community College and to ensure that authorized faculty, staff, students, and guests use volstate.edu email services to further education, conduct activities in support of Volunteer State Community College’s mission, and other acceptable uses as outlined herein.

Definitions

For the purposes of this policy, the following definitions shall apply:

Information Technology Resources – all Volunteer State Community College information technology hardware assets, software assets, computing systems, networks, network components, facilities, services, data, and information, regardless of location, provider, management, medium, or how the resource is provided/delivered, that exists for the purpose of conducting business or academic activities. This includes, but is not limited to, computers, servers, mobile devices, email systems, internet access, cloud-based applications, databases, and any associated peripherals or support services.
Acceptable Use – Email activities that conform to the purpose, goals, and mission of Volunteer State Community College and the scope of each authorized user’s official duties. Examples of Acceptable Use include, but are not limited to:
1. Communications, including information exchange, for professional development nr to maintain job knowledge or skills,
2. Use in apply for or administering grants or contracts for Volunteer State Community College programs or work-related applications,
3. Communications with other Volunteer State Community College agencies and partners,
4. Announcements of regulations, procedures, policies, services, or activities,
5. Use involving research and information gathering in support of advisory, standards, analysis, and professional development activities related to the user’s official duties, and
6. Communication and information exchange relating directly to the mission, charter, and work tasks of Volunteer State Community College, including email in support of work-related functions or collaborative projects.
Approved Email Services or Approved Email System – Email services or an email system that the Volunteer State Community College Department of Information Technology has assessed for risk and approved for use at Volunteer State Community College.
Unacceptable Use – Email activities that do not conform to the purpose, goals, and mission of Volunteer State Community College and/or do not fall within the scope of an authorized user’s official duties. Examples of Unacceptable Use include, but are not limited to:
1. Private or personal for-profit activities,
2. Personal use that creates a direct cost or adverse publicity for the College,
3. Unauthorized, not-for-profit business activities, such as non-College fundraising,
4. Transmission of incendiary statements or events that might incite violence,
5. Unlawful or prohibited activities as defined by federal, state, or local laws or regulations,
6. Concealment or misrepresentation of one’s identity,
7. Sending spam messages or email messages in bulk to unsolicited recipients,
8. Alteration of the source or destination email address,
9. Sending phishing or other social engineering messages, or
10. Sending messages that violate the College’s policies on harassment or discrimination.
Authorized User – All Volunteer State Community College faculty, staff, students, approved vendors, approved guests, and holders of specially-granted accounts whose access to or use of email services is funded by Volunteer State Community College or that is available through equipment or software services owned or leased by Volunteer State Community College.

Policy

All emails to conduct Volunteer State Community College (Vol State) business shall be transmitted via an Approved Email Service or Approved Email System.
All emails sent or received while conducting Vol State business are public records and are subject to inspection by a citizen of the State of Tennessee, unless exempted by law.
Transmission or disclosure of any data considered Restricted, Confidential, or Sensitive (including, but not limited to, social security numbers, credit card numbers, and taxpayer identification numbers) shall be encrypted in accordance with the requirements to comply with the Gramm-Leach-Bliley Act (GLBA), Family Educational Rights and Privacy Act (FERPA), Payment Card Industry-Data Security Standard (PCI-DSS), and other laws.
Vol State will issue email accounts to authorized users. The account may remain active until the end of the account holder’s active affiliation with Vol State.
Email messages and attachments are subject to the same laws, regulations, policies, and other requirements, including, but not limited to, laws related to public records, the retention period of documents, etc., as information communicated in other written forms/formats.
While use of any Vol State email resources must be related to Vol State’s business, incidental and occasional personal use of email is permissible when such use does not generate costs to Vol State.
Abuse of Approved Email Services or Approved Email Systems for personal use, including, but not limited to, enrolling in email lists or subscribing to email updates that are not related to the scope of the user’s official duties, may subject the user to disciplinary sanctions.
Unacceptable use of the Approved Email Services or Approved Email Systems may subject the user to disciplinary sanctions, including, but not limited to, curtailment of access to the Approved Email Services or Approved Email Systems.
Users shall seek clarification from the Chief Information Officer (CIO) if the user has any doubt as to whether a particular use falls within the realm of acceptable use.
Privacy
1. Vol State reserves the right to view and/or scan any file or software stored on Approved Email Services or Approved Email Systems or transmitted over Vol State networks. It may do so periodically to verify that software and hardware are working correctly, to look for particular kinds of data or software, or to audit the use of Vol State’s IT resources. If Vol State discovers violations of this or any other policy, any federal or state law, or any regulation during routine monitoring, the user may be subject to disciplinary sanctions.
2. Vol State shall follow best practices when emailing student education records, including, but not limited to, grades and personally identifiable information (PII), to reduce the risk of accidental exposure of sensitive data. This includes sending messages only to and from an official email address provided through the Approved Email Services or Approved Email Systems and complying with all other applicable policies.
Approved Email Services and Approved Email Systems are not a permanent record storage medium. Users are responsible for ensuring appropriate emails are securely stored or otherwise maintained in accordance with record retention laws.
The CIO or their designee has the final authority to interpret the terms of this policy and the referenced IT maintenance plan/procedures/processes. The CIO or their designee may grant exceptions to this policy, in writing, based on an evaluation of the risks versus the benefits.

Sanctions for Violations of Policy

Violations of this policy may result in the immediate suspension of the user’s account and further actions, including, but not limited to, the permanent and complete removal of access privileges on Vol State IT resources.
A user who violates this or any policy is subject to Vol State disciplinary processes and procedures. These may result in suspension, termination, expulsion, etc., as appropriate for the user type.
Illegal actions involving Vol State IT resources may also subject the violator to prosecution by local, state, and/or federal authorities.

TBR Source: None.

VSCC Source: December 14, 2009, President’s Cabinet; December 16, 2019, President’s Cabinet; August 13, 2025, President’s Cabinet.