Do email policies apply to me?
All employees of UC Berkeley including faculty, staff, and student employees are required to use their @berkeley.edu email address for university business. Related policies on this topic include:
-
UC’s IS-3 Policy requires specific security controls based on the Protection Level of Institutional Information.
-
UC Procurement Policies and UC’s IS-3 (Sec 15) both require specific contract language and security protections for third-party vendors handling institutional information. Private email service providers have not agreed to these terms. They have no contractual obligations to UC and have not been evaluated for security or privacy compliance.
-
UC’s Electronic Communications Policyand the campus Email Service Policy both require protecting University email from unauthorized access and unintended redistribution, which applies to forwarding email to personal accounts with inadequate contractual and security controls.
Important steps to take now
-
Use your UC Berkeley email for all university business —– for both sending and receiving.
-
Turn off any automatic forwarding you may have set up that sends your Berkeley email to a non-Berkeley account.
-
Use your UC Berkeley email for communication in all business systems, including those that do not require CalNet authentication.
-
List your UC Berkeley email in the campus directory, on your syllabus, etc.
Why is using Berkeley email required?
Use of a non-Berkeley email for university business exposes the campus and its community members to risk for many reasons, including the following.
-
Email is a highly targeted vector for cyberattacks, requiring robust security controls to protect it adequately. Berkeley IT identifies and blocks malicious emails to Berkeley email accounts. Berkeley’s email provider also has contractual obligations with respect to the security and privacy of bMail. The campus has no control or assurances regarding the protection of email in non-Berkeley services.
-
University employees cannot appropriately respond to legal holds and Public Records Act Requests for communications outside centrally supported services.
-
Because there is no contractual obligation to do so, a non-Berkeley email provider may not inform users if they are the subject of a Public Records Act Request, Freedom of Information Act Request, or other legal requests for information. The person may not know that information has been requested or provided from their account.
-
If a Berkeley employee receives a Public Records Act Request or a Freedom of Information Act Request, and they have been using a personal email for university business, their entire personal email account may be subject to review.
-
Every email containing FERPA-protected information that is sent to an email provider without a specific contractual designation (any non-berkeley.edu account) is considered a FERPA violation.
-
Authentication logs and other forensic information critical for investigating security incidents are generally not available for email outside centrally supported services.
-
Berkeley IT staff are unable to investigate complaints regarding abuse and/or misuse of emails originating from non-Berkeley addresses.
Additional FAQs
I automatically forward emails between two different Berkeley email accounts (e.g., between a Special Purpose Berkeley (SPA) email account and an individual Berkeley email account). Is this ok?
I have a dual appointment at another University of California campus or the University of California Office of the President. Can I forward emails between my Berkeley email account and another UC account?
Yes, the UC systemwide Electronic Communications Policy governs email service for all University of California institutions. Email service at these institutions meets security and privacy requirements and forwarding emails between them is generally allowed, but will require an exception. We are still developing the service request and exception request process, but you can let us know here if you would like to be contacted when more information is available.
I have a dual appointment at a University of California-managed national lab such as Lawrence Berkeley National Lab, Lawrence Livermore National Lab, or Los Alamos National Lab. Can I forward the email between my Berkeley email account and my lab email account?
Yes, you will be able to request an exception to allow you to forward email between your Berkeley email account and a University of California-managed lab. However, please be aware that messages forwarded from your UC Berkeley email account to a national lab email account will lose the privacy protections granted by the UC Electronic Communications Policy. Further information about service changes in support of this policy will be forthcoming. We are still developing an exception request process, but you can let us know here if you would like to be contacted when more information is available.
I want to have one inbox. Can I forward all my personal email to my bMail account?
We advise against forwarding your personal email to your bMail account for many reasons. If a Berkeley employee receives a Public Records Act Request or a Freedom of Information Act Request, the contents of their bMail account, including personal emails forwarded to it, are subject to review. In addition, Google no longer offers UC Berkeley unlimited storage. Berkeley’s Google accounts (including bMail) are currently limited to 150 GB.
I want to forward some, or all, of my Berkeley email to my personal email while I’m on leave. Is that ok?
No, automatic forwarding of Berkeley email to a personal email account, for any duration of time, is not permitted. Employees who wish to remain apprised of important Berkeley emails while on leave may create filters to mark some emails as important. Then, rather than review all of their Berkeley email, they can log into their account and review only those that are filtered. Learn how to create filters
Can I occasionally forward individual emails outside of UC Berkeley, if they do not include sensitive student or institutional information?
Yes, UC Berkeley employees can occasionally forward individual emails to non-UC Berkeley email accounts, provided that the email does not include sensitive information, including, but not limited to, information classified at the P3 or P4 level per UC Berkeley's data classification standard
I am an employee leaving the university and I want to set up automatic email forwarding so that new incoming messages reach me at my personal address. Is this possible?
No, if you are an employee or affiliate you will neither be able to directly access, nor forward emails from your Berkeley email account after your grace period has ended. Follow these steps in preparation for your departure