Buffalo State electronic resources (including such services as
e-mail, Internet access, and file and print services) are made
available to employees to facilitate the official work of the
college. These electronic resources are provided for employees
and persons legitimately affiliated with the college for the
efficient exchange of information and the completion of assigned
responsibilities consistent with the mission of the college.
The use of campus electronic resources by any employee or other
person authorized by the college must be consistent with this
electronic resources policy and other applicable policies.
Principles of Acceptable Use
Buffalo State users of campus electronic resources are required:
- To respect the privacy of other users: for example, users
shall not intentionally seek information on, obtain copies of,
or modify files or data belonging to other users unless explicit
permission to do so has been obtained.
- To respect the legal protection provided to programs and
data by copyright and license.
- To protect data from unauthorized use or disclosure as
required by state and federal laws, and SUNY and college
- To respect the integrity of computing systems: for example,
users shall not use or develop programs that harass other users
or infiltrate a computer or computing system or damage or alter
the software components of a computer or computing system.
- To safeguard their accounts and passwords. Accounts and
passwords are normally assigned to single users and are not to
be shared with any other person without authorization. Users are
expected to report any observations of attempted security
It is not acceptable to use Buffalo State electronic resources:
- For activities unrelated to the college mission.
- For activities unrelated to official assignments or job
- For any illegal purpose.
- To transmit threatening, obscene, or harassing materials or
- For unauthorized distribution of NYS data and information.
- To interfere with or disrupt network users, services, or
- For private purposes such as marketing or business
- For solicitation of religious or political causes.
- For unauthorized not-for-profit business activities.
- For private advertising of products or services.
- For any activity meant to foster personal gain.
E-mail Privacy and Access
E-mail messages are not personal or private. E-mail system
administrators will not routinely monitor individual staff
members' e-mail and will take reasonable precautions to protect
the privacy of e-mail; however, program managers and technical
staff may access an employee's e-mail:
- For a legitimate business purpose (e.g., the need to access
information when an employee is absent for an extended period of
- To diagnose and resolve technical problems involving system
hardware, software, or communications.
- To investigate possible misuse of e-mail when a reasonable
suspicion of abuse exists, or in conjunction with an approved
Staff members are prohibited from accessing another user's
e-mail without his or her permission.
Staff members must not e-mail personally identifiable and
protected information (such as SSN, date of birth, driver’s
license number, class schedule, grades, health information,
etc.) unless the data is in encrypted format. For information on
how to encrypt a Word or Excel document, see
E-mail messages sent or received in conjunction with college
- Be releasable to the public under the Freedom of Information
- Require special measures to comply with the Personal Privacy
All e-mail messages including personal communications may be
subject to discovery proceedings in legal actions.
Management and Retention of
Applicable to all e-mail messages and attachments:
E-mail is a communication system; messages should not be
retained for extended periods of time. If a user needs to retain
information contained in an e-mail message for an extended
period, the message should be transferred from the e-mail system
to an appropriate electronic or other filing system.
Depending on their content, some e-mail messages and their
attachments may be official records of SUNY. Official records,
including those communicated using e-mail, need to be
identified, managed, protected, and retained in accordance with
New York State Law and SUNY policy (www.buffalostate.edu/recordspolicy).
Users should delete emails after messages and attachments are
opened and any official records have been saved in an
appropriate electronic or other filing system. Many e-mail
communications are not records and are therefore suitable for
immediate deletion. The Buffalo State e-mail address is the only one that is
recognized by the college. Therefore, faculty and staff must use
the Buffalo State e-mail address when corresponding via e-mail
in an official capacity with students, and must not copy any
additional outside e-mail addresses. Inquiries from outside
e-mail addresses should be treated as public inquiries – only
general information (no student-specific information) may be
shared in the response.
The college has developed electronic letterhead to be used for
the electronic distribution of official college documents
(records). The letterhead is available at
www.buffalostate.edu/collegerelations/x861.xml and should be
used in Word or e-mail documents that are to be distributed in
electronic format only. Questions regarding electronic
letterhead usage should be directed to the College Relations
Office: Cleveland Hall 307, ext. 4201, or
Pursuant to the Electronic Communications Privacy Act
of 1986 (18 USC 2510 et seq.), notice is hereby given that there
are NO facilities provided by this system for sending or
receiving private or confidential electronic communications.
The college reserves the right to log network use and monitor
file server space utilization by users and assumes no
responsibility or liability for files lost due to violation of
file server space allotments.
The college reserves the right to remove a user account or
device from the network.
The college will not be responsible for any damages that result
from the use of campus electronic resources. This includes the
loss of data resulting from delays, non-deliveries, or service
interruptions caused by negligence, errors, or omissions. Use of
any information obtained is at the user's risk.
Enforcement and Violations
This policy is intended to be illustrative of the range of
acceptable and unacceptable uses of the electronic facilities
and is not necessarily exhaustive. Questions about specific uses
related to security issues not enumerated in this policy
statement and reports of specific unacceptable uses should be
directed to the associate vice president for computing and
technology services. Other questions about appropriate use
should be directed to your supervisor.
The college will review alleged violations of the Policy on the
Use of Electronic Resources on a case-by-case basis. Clear
violations of the policy that are not promptly remedied may
result in termination of network access for the person(s) at
fault and referral for disciplinary actions as appropriate.
Policy date: September 2002
Revised: December 2011