The University’s Information Services Committee (ISC) has been preparing a new policy that will govern the allocation of University email addresses ending @cam.ac.uk, @<domain>.cam.ac.uk and @<subdomain.domain>.cam.ac.uk.
These pages contain updates and background information on how the draft policy is developing.
Latest news
February 2023
Work has now begun on the formal drafting of the policy, taking on board the useful feedback from the all-University consultation that took place in late 2021.
The consultation sought views on a number of principles that might inform a new policy for allocating University of Cambridge email addresses. A brief summary of the responses received, and how they are shaping the draft policy, is given below.
The University is keen to use the insight, comments and recommendations from the consultation to produce a policy that takes a generous approach to eligibility while meeting important institutional needs around cyber security, data protection and reputation management. The University recognises that academics often need to retain their email addresses beyond their contractual period of employment.
The draft policy will be subject to an Equality Impact Assessment. As with all policies, it will need to be approved by the General Board and Council.
Consultation feedback summary
The consultation on the principles that might inform the policy highlighted areas that required further thought and attention.
1,507 people responded to the consultation survey. The majority of respondents (65%) were in favour of the principles outlined, or of having tighter controls on eligibility. The remainder of the respondents made clear that the policy needed to:
- clearly delineate the criteria for eligibility of email addresses and, in particular, differentiate between eligibility for email while working for or studying at the University, and the criteria for eligibility once individuals’ formal or contractual relationships with the University have ended
- ensure eligibility for retired academic staff who are still making valuable contributions to the University’s mission and the work of the collegiate University
- acknowledge early-career academics and others working under short-term contracts
- take account of the fact that many academic staff use their email addresses as their contact point on published papers, and need to remain contactable
- further clarify the implications (if any) for Colleges, subsidiaries of the University and other associated entities
- respect the needs of individuals for whom transition to a new email provider may be problematic.
Why a new policy is needed
The University’s practices around the allocation of email addresses have grown organically over many years, and there is currently no formal policy governing exactly who is eligible for them.
Setting some parameters for access to University email addresses is important because it will contribute to the University’s ability to maintain its outstanding reputation, manage institutional risks (particularly around cyber security), protect personal and professional data, and provide necessary assurance to external partners.
Maintaining our reputation
Cambridge email addresses are a very public part of the University’s identity, and the work of the people who use them is integral to the reputation of our community. It follows therefore that email addresses should be given to those whose work or study contributes to the University’s mission. The policy will help us ensure that individuals who are given email addresses have a legitimate use for them, and that they and the University are not undermined by occasional, but nonetheless harmful, misuse. Thanks to the consultation we now know much more about the various types of people who should be eligible on this basis, and the policy will seek to include them.
Managing institutional risks
Cyber security is an increasing concern for the University, as it is for all organisations. Cyber attacks have the potential to cause severe and costly disruption to the University’s core activities, and to damage its reputation. Knowing who does, and who can have, a University of Cambridge email address plays an important part in managing secure access to our systems. The introduction of this policy will decrease our exposure to nefarious and criminal activity including hacking, identity and data theft, systems infiltration and even blackmail.
Data protection compliance
Good data protection within organisations is not only a legal but a moral imperative: the University cares about all those who work within it and study here, and wishes to protect their personal and professional data. The policy will help by creating a secure framework for the provision of email addresses and attached mailboxes, which contain individuals’ data, of which the University is (legally) the data controller. It will also help by requiring those using such accounts to abide by University data protection policies regardless of their status.
Providing assurance to external partners
The University is increasingly required by external partners such as research funders to demonstrate that it has adequate policies and technical controls to protect systems and data. This policy, and others in development, will improve our ability to do so.
Contact us
All updates on the progress of drafting the policy will be posted on these webpages, and significant updates will be published in the Reporter.
If you have any questions about the policy, the consultation, its development, or how it may affect you, please email isc@admin.cam.ac.uk.