Duke Security Offices position statement on use of non-Duke email accounts:
- This is a recommended posture for Duke University faculty, staff and students.
- This is a required posture for Duke Health employees. (Am I Duke Health?)
Duke faculty, staff, and students use their Duke-issued email account for Duke-related communications, including academic and research-related work.
Users should avoid using external email accounts, including personal email accounts on services such as Google Gmail, for sending or receiving Duke business, academic, or research-related messages. This includes avoiding the use of automatic forwarding to send Duke email to an external email account.
The Duke Security Offices discourage the use of external email accounts due to the following concerns:
- When using external email accounts, Duke data is transmitted and stored on non-Duke systems. Such systems may not have the same security or privacy posture as Duke systems, putting Duke data at risk of exposure.
- Use of external email accounts may violate regulations, policies, standards, or agreements related to certain protected or confidential data.
- The Duke Security Offices are unable to verify the controls in place on external systems or to assist in the case of suspected security issues with an external email account, such as phishing or account compromise.
- External email accounts used for Duke business, academic, or research-related work may be subject to review or interruption due to a legal hold, investigation, or other legal process.
Faculty, staff, and students are required to comply with applicable regulations, Duke policies or standards (Confidentiality Agreement), or other agreements that may prohibit sending or receiving certain types of data via email or that may require specific security practices when sending the data to external vendors or partners.
Security Offices position statements outline the ISO/ITSO's view on security-related topics and provide guidance concerning Duke standards.
Document Type: Other