Sample Technology Policy for NonProfit Entity – Email Accounts

Overview

Information, including information entrusted to “Nonprofit” by its clients, donors and business partners must be protected by taking reasonable and appropriate steps to ensure information’s confidentiality, integrity, and availability. All members of the “Nonprofit” workforce and all information systems used by “Nonprofit” are required to comply with the information security policies.

Monitoring

Employees should assume that the contents of any message, document, or other matter sent through any communications services and equipment used by “Nonprofit” may be seen by “Nonprofit” management and others with a legitimate need to know. To protect the interests of our clients and donors, “Nonprofit” reserves the right to monitor, retrieve, and/or store any voice or e-mail messages, online service activity by individual user, or other material, in any communications services and equipment used by the Firm.

“Nonprofit” reserves the right to access and disclose, for legitimate business and/or legal reasons, any message, document, or other matter sent through any communications services and equipment used by “Nonprofit”.

Policy Violation

Any employees member who is found, after appropriate investigation, to have violated this policy will be subject to appropriate disciplinary action, up to and including termination.

Appropriate Use of Email

Email is a critical mechanism for business communications at “Nonprofit”. Use of “Nonprofit’s” electronic mail systems and services are a privilege and therefore must be used with respect and in accordance with the goals of “Nonprofit”.

The objectives of this policy are to outline appropriate and inappropriate use of “Nonprofit’s” email systems and services in order to minimize disruptions to services and activities, as well as comply with applicable policies and laws. This policy applies to all email systems and services owned by “Nonprofit”, all email account users/holders at “Nonprofit” (both temporary and permanent), and all organization email records.

General Expectations of Users

Important official communications are often delivered via email. As a result, employees of “Nonprofit” with email accounts are expected to check their email in a consistent and timely manner so that they are aware of important announcements and updates, as well as for fulfilling business- and role-oriented tasks.

Email users are responsible for mailbox management, including organization and cleaning. If a user subscribes to a mailing list, he or she must be aware of how to remove himself or herself from the list, and is responsible for doing so in the event that their current email address changes. Email users are also expected to comply with normal standards of professional and personal courtesy and conduct.

Employees must not utilize the communications services and equipment used by “Nonprofit” in any way that may be seen as insulting, disruptive, or offensive to other persons, or harmful to morale. Examples of forbidden transmissions include sexually-explicit messages, cartoons, or jokes; ethnic or racial slurs; or any other message that can be construed to be harassment or disparagement of others based on their sex, race, sexual orientation, age, national origin, religious beliefs, or other personal characteristics or circumstances.

Appropriate Use

Individuals at “Nonprofit” are encouraged to use email to further the goals and objectives of “Nonprofit”. The types of activities that are encouraged include:

• Communicating with fellow employees, donors, business partners of “Nonprofit”, and clients within the context of an individual’s assigned responsibilities.

• Acquiring or sharing information necessary or related to the performance of an individual’s assigned responsibilities.

• Participating in educational or professional development activities.

Inappropriate Use

“Nonprofit’s” email systems and services are not to be used for purposes that could be reasonably expected to cause excessive strain on systems. Individual email use will not interfere with others’ use and enjoyment of “Nonprofit’s” email system and services. Email use at “Nonprofit” will comply with all applicable laws, all “Nonprofit” policies, and all “Nonprofit” contracts. The following activities are deemed inappropriate uses of “Nonprofit” systems and services and are prohibited:

• Use of email for illegal or unlawful purposes, including copyright infringement, obscenity, libel, slander, fraud, defamation, plagiarism, harassment, intimidation, forgery, impersonation, soliciting for illegal pyramid schemes, and computer tampering (e.g. spreading of computer viruses).
• Use of email in any way that violates “Nonprofit’s policies, rules, or administrative orders, included in the policy manual.
• Opening email attachments from unknown or unsigned sources. Attachments are the primary source of computer viruses and should be treated with utmost caution.
• Excessive personal use of “Nonprofit” email resources. “Nonprofit” allows limited personal use for communication with family and friends, independent learning, and public service so long as it does not interfere with employee productivity, pre-empt any business activity, or consume more than a trivial amount of resources. “Nonprofit” prohibits personal use of its email systems and services for unsolicited mass, solicitations, mailings, political campaigning, dissemination of chain letters, and use by non-employee members. This includes the use of instant messaging applications.

Monitoring and Confidentiality

The email systems and services used at “Nonprofit” are owned by the organization, and are therefore its property. This gives “Nonprofit” the right and responsibility to monitor any and all email traffic passing through its email system. While the organization does not actively read end-user email, IT employees may inadvertently read email messages during the normal course of managing the email system.

In addition, backup copies of email messages may exist, despite end-user deletion, in compliance with “Nonprofit’s” records retention policy. The goals of these backup and archiving procedures are to ensure system reliability and prevent business data loss.

If “Nonprofit” discovers or has good reason to suspect activities that do not comply with applicable laws or this policy, email records may be retrieved and used to document the activity in accordance with due process.

Use extreme caution when communicating confidential or sensitive information via email. Keep in mind that all email messages sent outside of “Nonprofit” become the property of the receiver. A good rule is to not communicate anything that you wouldn’t feel comfortable being made public. Demonstrate particular care when using the “Reply” command during email correspondence.

Failure to Comply

Violations of this policy will be treated like other allegations of wrongdoing at “Nonprofit”. Inappropriate use of “Nonprofit’s” email systems and services may include, but are not limited to, one or more of the following:

1. Temporary or permanent revocation of email access;
2. Disciplinary action according to applicable “Nonprofit” policies;
3. Termination of employment; and/or
4. Legal action according to applicable laws and contractual agreements.