What is the policy?
The email address allocation and retention policy sets out how we allocate University email addresses ending @cam.ac.uk, @<domain>.cam.ac.uk and @<subdomain.domain>.cam.ac.uk.
All current students, staff and associates of any part of the University, all individuals holding honorary and emeritus titles, and all current members of the Regent House are eligible to hold an email account.
People who have left the University are not eligible for a University of Cambridge email address, unless they meet the criteria set out in the policy. Retired members of staff can read about the eligibility criteria for retaining an email after retirement on our information pages.
Information about the cancellation of IT accounts is on our webpage, and includes information about eligibility for alumni email accounts.
Why an email allocation and retention policy is needed
It is important to have a policy determining who is eligible to hold an email account because it contributes to the University’s ability to maintain its outstanding reputation, manage institutional risks (particularly around cyber security), protect personal and professional data, and provide necessary assurance to external partners.
Maintaining our reputation
Cambridge email addresses are a very public part of the University’s identity, and the work of the people who use them is integral to the reputation of our community. Email addresses should be given to those whose work or study contributes to the University’s mission. The policy helps us ensure that individuals who hold email addresses have a legitimate use for them, and that they and the University are not undermined by occasional, but nonetheless harmful, misuse. Thanks to a University-wide consultation, we know the various types of people who are eligible on this basis, and the policy provides that they can be allocated an email address.
Managing institutional risks
Cyber security is an important concern for all organisations. Cyber attacks have the potential to cause severe and costly disruption to the University’s core activities, and to damage its reputation. Knowing who does, and who can have, a University of Cambridge email address plays an important part in managing secure access to our systems. This policy will decrease our exposure to damaging and criminal activity including hacking, identity and data theft, systems infiltration and even blackmail.
Data protection compliance
Good data protection within organisations is a legal as well as moral imperative: the University cares about all those who work within it and study here, and wishes to protect their personal and professional data. The policy helps to create a secure framework for the provision of email addresses and attached mailboxes, which contain individuals’ data, of which the University is (legally) the data controller. It will also help by requiring those using such accounts to abide by University data protection policies regardless of their status.
Providing assurance to external partners
The University is increasingly required by external partners such as research funders to demonstrate that it has adequate policies and technical controls to protect systems and data.