Privacy & Cybersecurity, Faculty and Staff Email Auto-forwarding Retirement FAQ
As part of an administration-driven effort and directive to better secure employee email and reduce the risk and impact of continued cybersecurity intrusions, Technology Services Privacy and Cybersecurity has taken action as of October 5, 2021, to restrict university employees' ability to auto forward from @illinois.edu, @uillinois.edu, and @uiuc.edu email addresses.
What is this all about?
University of Illinois and its employees who auto-forward official Illinois email introduce increased risks and liabilities related to account cybersecurity, privacy, phishing, and compliance with Illinois law.
Why is this happening?
Which email accounts are/who is affected by this directive?
What did the problem look like when we started?
2) (For offsite forwards only) Employee email forwarding as an allowed practice had the potential for putting personal accounts in scope for the Illinois State Records Act and FOIA. This put individual personal privacy at risk. It also put the university in a difficult position, being that it could not comply with laws unless owners somehow granted official access to their private email.
What did the university do about it?
The university implemented a new policy restricting email auto-forwarding for employees on October 5, 2021. This required new email habits for those used to fielding their official work email from other places, or with different solutions.
To prepare, the Chief Privacy and Security Officer, Tech Services, and partners all around the university did 4 things:
1) Identified and gave ample notice to university employees and support personnel of those who auto-forward their email to make changes and adapt.
2) Provided guidance on how to eliminate rules or what to do.
OR "do nothing" (existing rules disabled once we implement)
3) Provided support and guidance to non-technical audiences who need to convey the new requirement to their support people.
4) Established a stakeholder group for feedback and guidance from university partners
When was the directive implemented?
Where can I find related resources?
(Identity Management) "Leaving Campus for Faculty and Staff" https://answers.uillinois.edu/47708
(Illinois Email) "How to set up email redirection" https://answers.uillinois.edu/47593
(EDE) "How to stop forwarding to an alternate email address": https://answers.uillinois.edu/illinois/86742
(O365/Outlook) "How to Delete Inbox Rules from Outlook": https://answers.uillinois.edu/109993
What if I was forwarding to an Illinois Google Email account (g.illinois.edu)?
What if I am forwarding to an Illinois subdomain or departmental Email account (*@dept.illinois.edu)?
How can I request more time to make the change, or request an exception?
Which laws are in play here?
Illinois Freedom of Information Act (5 ILCS 140/)
https://www.cyberdriveillinois.com/departments/library/about/foia.html
https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=85&ChapterID=2