2 E-mail addresses
E-mail addresses can be either organisation addresses, personal addresses or mailing list addresses.
- A personal address can be used for work and study purposes and personal communications of other kind.
- An organisation address can be used for services and communication where the role of the organisation is prominent. Each organisation address must have an owner. Customers are always advised to use the appropriate organisation address for contacting the University. Organisation addresses may not be used for personal communications.
- A mailing list is used for group communications. Each mailing list must have an owner who is responsible for the moderation (if applicable), regular maintenance and eventual removal of unnecessary lists.
Students may forward their e-mail to the e-mail address of their choice.
The University determines the e-mail addresses and their format. Descriptions of the e-mail addresses can be found in the e-mail service specification.
The University may, in compliance with legislation and University policies, publish e-mail addresses outside the University.
3.1 E-mail privacy
The University treats incoming and outgoing messages sent through personal addresses as private, respecting the privacy of correspondence.
The privacy of incoming and outgoing messages sent through staff e-mail addresses can be deviated from, as specified in Section 5.11.
3.2 Processing of an e-mail received by error
If a person receives an e-mail intended for another person, the e-mail recipient must respect confidentiality and a prohibition of utilisation that apply to both the contents and existence of the message and the parties of communication.
- The rules for handling professional e-mails sent to a wrong address can be found in Section 5.5.
- Regarding other types of messages received in error, the recipient must always notify the sender of the receipt of the e-mail and delete the e-mail and its attachments from their inbox.
The forwarding and returning obligations do not apply to malware or spam e-mails.
4.1 Information security obligation
E-mail users must carefully consider what kind of information should be sent via e-mail. Users must also consider the nature and amount of data they store in their inboxes.
4.2 Responsibility for adhering to the e-mail quota
E-mail users must adhere to the quota set for their e-mail accounts. Exceeding the quota may prevent the receipt of e-mail.
4.3 Responsibility for e-mail delivery
It is the sender’s responsibility to ensure that an e-mail is duly delivered. If the e-mail is crucial, it should be sent well before the deadline and the recipient should be asked to confirm receipt of the message.
4.4 Sending mass e-mails is subject to permission
Sending mass e-mails and chain mails and forwarding them is prohibited.
Mass e-mails may be sent in connection with topics that are relevant to the University’s operations (such as research and the advertising of the University’s services), but the services offered by the Communications department must be used or agreed on with the IT Administration before sending.
4.5 Handling of e-mail after the expiry of usage authorisations
The usage authorisations of e-mail accounts are fixed-term. Users must save any messages they will need later, along with their attachments, before their usage authorisations expire. When the usage authorisation expires, the e-mail address is removed from all mailing lists.
When the usage authorisation expires at the end of employment, the employee must manage their e-mail account as specified in Section 5.8.
4.6 Using mailing lists
The owner of a mailing list is responsible for the administration and deletion of mailing lists.
The owner must see to the moderation of the list, check regularly that the mailing list is up to date, and delete any redundant addresses.
A mailing list prepared for professional purposes is a data register and it may contain confidential information. Separate stipulations apply to the disclosure of such information. In such cases, e-mails should be sent as blind carbon copies (BCC) to prevent the addresses on the list from being visible to the recipients.
5.1 Mail handling regulations
The handling of professional e-mails at the University is governed by the legislation in force in Finland, the University’s Information Management Plan, and other instructions provided by the University regarding the management of information.
5.2 Prohibition of transfer
It is forbidden to transfer or automatically redirect organisational or work-related e-mail messages to an account offered by a provider other than the University due to information security, privacy protection and information management reasons. In addition to this, it may constitute a breach of data protection legislation. Permission to transfer or redirect e-mails to a specific service may be granted for compelling reasons (see Section 7.3.)
5.3 Prohibition on the use of external e-mail services
External e-mail services that have not been approved by the University may not be used for University-related tasks.
Access to e-mail services external to the University network can be technically restricted for compelling reasons, for example if such services are deemed to constitute a major data security risk for the University.
5.4 Obligation to confirm receipt
If a work-related e-mail that is received contains a confirmation request, or if the message constitutes e-services by nature, the person processing the message must send a confirmation to the sender.
It is prohibited to send a reply to spam or malware e-mails.
The term "e-services" refers here to the electronic registration, completion and processing (including resolution) of matters, and notification of the decision.
5.5 Obligation to transfer a message in accordance with the Administrative Procedure Act
According to Section 21 of the Administrative Procedure Act (434/2003), an e-mail delivered by mistake that deals with administrative matters beyond the competence of the University shall be transferred to the authority or party deemed to be competent, and the sender shall be informed of the transfer. If such a transfer is not possible, the message shall be returned to the sender.
If an employee of the University receives a message that does not fall under his/her work responsibilities and he/she is aware of the intended recipient of the message, he/she is obligated to transfer the e-mail to the correct person and to inform the sender of doing so. If the intended recipient is not known or the e-mail is beyond the competence of the University, the recipient must transfer the e-mail to the organisation address of the University, from which the message shall be transferred or returned to the sender.
Once the e-mail has been transferred, the employee must delete it from his/her inbox. The obligation of secrecy and prohibition of utilisation, recorded in Section 3.2, also apply in these cases.
The obligation of transferring e-mails does not apply to spam or malware e-mails.
5.6 Obligation to use organisation addresses
If an e-mail message received at a work address is an application or if it concerns another public administrative matter, the message and the handling of the matter shall be forwarded to an organisation address or the address of the relevant services unit.
5.7 E-mail management during absence
Personal e-mail accounts must be managed even during absence, in accordance with separate instructions.
If an automatic reply is used, the sender must primarily be advised to contact the appropriate organisation address. Apart from this information, the automatic reply message should be kept as simple as possible.
5.8 E-mail management at the end of a period of employment
Employees must save the personal messages they may need later before the end of their employment and carry out the transfer of work-related messages in a manner agreed upon with their supervisor to the possession of the University.
If an employee resigns from his/her duties before the expiry of the employment contract, the employee or his/her supervisor can request the immediate discontinuation of incoming e-mail.
5.9 Management of organisation addresses
The owner of an organisation address must make sure that messages received at the organisation address are properly handled on a regular basis, according to the Information Management Plan, even when the owner is absent.
- E-mail messages received at the organisation address belong to the employer.
- The address owner must respond to any received messages immediately.
- The response must indicate that it is a reply to a message sent to an organisation address.
5.10 Using work addresses for personal communications
An e-mail address provided by the University may be used for personal purposes, as long as
- the employee protects his/her privacy by clearly separating personal e-mails from work-related messages. This applies both to incoming and outgoing messages.
A work-related e-mail sent by an employee must clearly state if it contains the sender’s personal views or opinions.
5.11 The University’s right to search and open messages sent to and from work addresses
The University may search and open an employee’s e-mails, in specific cases and using methods recorded in separate instructions.
All methods of encrypting organisation- and work-related e-mail messages must be approved and implemented by the University.
When sending encrypted attachments, the passwords or keys needed for accessing them must be delivered to the recipient by other means, such as by text message to a phone number in the recipient’s personal use.
Sending confidential information or personal data via e-mail should be avoided. If this is unavoidable, the information must be sent encrypted. More detailed instructions on the recognition of the type of data and the requirements for its processing that follow from it are provided separately.
6.1 System administration can intervene in e-mail traffic
The purpose of such interventions is to secure the service level or safety of the e-mail system. System administration has been provided with instructions regarding interventions, supervision of use and log-keeping.
6.2 All incoming and outgoing e-mails to and from the e-mail services administered by the University are filtered.
All e-mail traffic is automatically filtered in order to prevent malware and spam.
If necessary, exceptions can be made regarding automatic filtering (see Section 7.3).
6.3 When usage authorisation expires, e-mails will no longer be received
Once the authorisation has terminated, the University will not receive messages sent to the person. Instead, an automatic message is sent to inform the sender about the expiry of the address. When an e-mail account expires, all its redirection arrangements also become invalid.
7.1 Coming into force
7.2 Managing changes
Any significant changes concerning staff will be processed in a cooperation procedure. The IT Administration will make decisions on the need for changes.
Information on the amendments will be provided via the ordinary channels of communication only, not personally.
The Policy on Consequences of Breaches of IT Security will be applied to the breaches.