Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Events & News
Technical Services
Policies & Practices
Regulatory Compliance
Electronic Discovery
User Practices
Administrator Practices
Litigation Hold
-> Litigation Hold Receipt
-> Litigation Hold Revocation
Additional Information
Training and Awareness
Security Tools
Report Concerns
Archive
About ISO
Contact Us

User Practices

The following are best practices for users managing business related electronic data in Carnegie Mellon's computing environment. These practices should be followed to promote efficient retention of business records and to ensure easier compliance in the event that you receive a litigation hold.

  1. Send business related email using a Carnegie Mellon email account (e.g., username@andrew.cmu.edu, username@cmu.edu) or a departmental email account (e.g., username@cs.cmu.edu, username@ece.cmu.edu).  Personal email accounts such as Gmail, Yahoo, or AOL should not be used for business-related communication. Using Carnegie Mellon email accounts and systems helps to provide an audit trail that might be useful in the event of a litigation hold.
  1. Organize data using separate folders for business related and personal data.  Further separations such as filing by project or topic can help to isolate related items.
  1. Be aware of what systems are used to store your data - What email system do you use?  Do you keep local archives of email? Are your files stored on your local machine or on a network folder?
  1. Know whether or not your data is being backed up. It is typically safe to assume that email stored on servers is backed up.  Is your hard drive backed up? Is this done by your departmental computing group?  Do you back up your files yourself? If the hard drive is backed up, do you know what the backup retention policy is?
  1. Configure dual delivery when forwarding business related email to a personal email account. Dual delivery is the process of delivering email to both your Carnegie Mellon email account and your personal email account. Dual delivery can be setup through Carnegie Mellon's web portal. 
  1. If using a mobile device for email, be sure to "cc" your university or departmental account on all university business correspondence.

If encryption is used for email or file storage, ensure that a supervisor or some other Carnegie Mellon affiliate has the means to decrypt the data. Decryption keys or passwords can be placed in a personnel file, sealed in an envelope and stored in a safe location, etc. 

Support Contact

Information Security Office
412.268.2044
iso@andrew.cmu.edu

Office of General Councel
412.268.9519