What is the policy?
The email address allocation and retention policy is one of a series of actions to increase our cyber security. It is a significant step in ensuring that use of our information systems is for authorised users only.
The policy sets out the criteria for the allocation of University email addresses ending @cam.ac.uk, @<domain>.cam.ac.uk and @<subdomain.domain>.cam.ac.uk.
All current students, staff and associates of any part of the University, all individuals holding honorary and emeritus titles, and all current members of the Regent House are eligible to hold an email account.
Individuals leaving their contractual relationship with the University who will continue to contribute actively to the University’s mission may also request to be nominated by their institution to retain their email account.
Why a new policy is needed
The University’s practices around the allocation of email addresses have grown organically over many years. Setting some parameters for access to University email addresses is important because it will contribute to the University’s ability to maintain its outstanding reputation, manage institutional risks (particularly around cyber security), protect personal and professional data, and provide necessary assurance to external partners.
Maintaining our reputation
Cambridge email addresses are a very public part of the University’s identity, and the work of the people who use them is integral to the reputation of our community. It follows therefore that email addresses should be given to those whose work or study contributes to the University’s mission. The policy will help us ensure that individuals who are given email addresses have a legitimate use for them, and that they and the University are not undermined by occasional, but nonetheless harmful, misuse. Thanks to a University-wide consultation, we know the various types of people who are eligible on this basis, and the policy provides that they can be allocated an email address.
Managing institutional risks
Cyber security is an increasing concern for the University, as it is for all organisations. Cyber attacks have the potential to cause severe and costly disruption to the University’s core activities, and to damage its reputation. Knowing who does, and who can have, a University of Cambridge email address plays an important part in managing secure access to our systems. This policy will decrease our exposure to nefarious and criminal activity including hacking, identity and data theft, systems infiltration and even blackmail.
Data protection compliance
Good data protection within organisations is a legal as well as moral imperative: the University cares about all those who work within it and study here, and wishes to protect their personal and professional data. The policy will help by creating a secure framework for the provision of email addresses and attached mailboxes, which contain individuals’ data, of which the University is (legally) the data controller. It will also help by requiring those using such accounts to abide by University data protection policies regardless of their status.
Providing assurance to external partners
The University is increasingly required by external partners such as research funders to demonstrate that it has adequate policies and technical controls to protect systems and data. This policy, and others in development, will improve our ability to do so.
Contact us
All updates on the policy will be posted on these webpages, and significant updates will be published in the Reporter.
If you have any questions about the policy, the consultation, its development, or how it may affect you, please email isc@admin.cam.ac.uk.