Booth Email Forwarding Policy

 

Contents

Purpose. 3

Policy Statement 3

Scope. 3

Rationale. 3

Exceptions. 4

Related Policies and References. 4

Contact 4

 

 

Purpose

The purpose of this policy is to ensure the security, confidentiality, and proper stewardship of University data—particularly student education records as protected under the Family Educational Rights and Privacy Act (FERPA)—by establishing clear guidelines regarding the forwarding of Booth-managed email accounts.

Policy Statement

To maintain compliance with FERPA, institutional data protection standards, and University of Chicago security protocols, automatic forwarding of Booth School of Business email to personal or non-University email accounts is strictly prohibited.

This includes, but is not limited to, creating email rules, filters, or scripts that redirect or copy email from a Booth (@chicagobooth.edu) or University (@uchicago.edu) address to any external domain (e.g., Gmail, Yahoo, Outlook.com).

Scope

This policy applies to:

• All Booth faculty (full-time and adjunct), staff, researchers, and contractors;
• All systems and devices used to access Booth-managed or University-issued email accounts;
• All institutional communications containing University data or related to official Booth/University business.

Rationale

The prohibition of automatic email forwarding supports:

• FERPA Compliance: Many email communications include student information that constitutes part of the education record. Forwarding to personal accounts may expose this information in violation of federal law.
• Data Security: Personal email providers do not fall under the University’s security or privacy controls, creating unacceptable risk for data breaches and unauthorized access.
• Institutional Integrity: University communications should remain within managed environments to ensure proper logging, auditing, and response capabilities in line with University policies.
• Legal and Records Management: Retaining University communications within official systems ensures compliance with legal discovery processes, public records laws, and institutional records retention policies.

Exceptions

Limited exceptions may be granted under specific, documented circumstances where business necessity is demonstrated, and sufficient compensating security controls are in place.

All exception requests must be reviewed and approved by Booth Information Security and the Chief Information Officer or designee. Unauthorized exceptions are not permitted.

Related Policies and References

• FERPA Overview – U.S. Department of Education
• University of Chicago Acceptable Use Policy
• University of Chicago Information Security Policy
• Booth Data Classification and Handling Guidelines

Contact

For questions about this policy or to request an exception, please contact:

Booth Information Security
Email: security@.lists.chicagobooth.edu