3 Privacy of correspondence applies to e-mail
4 Using e-mail
5 Using work and organisation e-mail accounts
6 Service provision and administration
7 Other provisions
E-mail addresses can be either organisation addresses, personal addresses or mailing list addresses.
Students may forward their e-mail to the e-mail address of their choice.
The University determines the e-mail addresses and their format. Descriptions of the e-mail addresses can be found in the e-mail service specification.
The University may, in compliance with legislation and University policies, publish e-mail addresses outside the University.
The University treats incoming and outgoing messages sent through personal addresses as private, respecting the privacy of correspondence.
The privacy of incoming and outgoing messages sent through staff e-mail addresses can be deviated from, as specified in Section 5.11.
If a person receives an e-mail intended for another person, the e-mail recipient must respect confidentiality and a prohibition of utilisation that apply to both the contents and existence of the message and the parties of communication.
The forwarding and returning obligations do not apply to malware or spam e-mails.
E-mail users must carefully consider what kind of information should be sent via e-mail. Users must also consider the nature and amount of data they store in their inboxes.
E-mail users must adhere to the quota set for their e-mail accounts. Exceeding the quota may prevent the receipt of e-mail.
It is the sender’s responsibility to ensure that an e-mail is duly delivered. If the e-mail is crucial, it should be sent well before the deadline and the recipient should be asked to confirm receipt of the message.
Sending mass e-mails and chain mails and forwarding them is prohibited.
Mass e-mails may be sent in connection with topics that are relevant to the University’s operations (such as research and the advertising of the University’s services), but the services offered by the Communications department must be used or agreed on with the IT Administration before sending.
The usage authorisations of e-mail accounts are fixed-term. Users must save any messages they will need later, along with their attachments, before their usage authorisations expire. When the usage authorisation expires, the e-mail address is removed from all mailing lists.
When the usage authorisation expires at the end of employment, the employee must manage their e-mail account as specified in Section 5.8.
The owner of a mailing list is responsible for the administration and deletion of mailing lists.
The owner must see to the moderation of the list, check regularly that the mailing list is up to date, and delete any redundant addresses.
A mailing list prepared for professional purposes is a data register and it may contain confidential information. Separate stipulations apply to the disclosure of such information. In such cases, e-mails should be sent as blind carbon copies (BCC) to prevent the addresses on the list from being visible to the recipients.
The handling of professional e-mails at the University is governed by the legislation in force in Finland, the University’s Information Management Plan, and other instructions provided by the University regarding the management of information.
It is forbidden to transfer or automatically redirect organisational or work-related e-mail messages to an account offered by a provider other than the University due to information security, privacy protection and information management reasons. In addition to this, it may constitute a breach of data protection legislation. Permission to transfer or redirect e-mails to a specific service may be granted for compelling reasons (see Section 7.3.)
External e-mail services that have not been approved by the University may not be used for University-related tasks.
Access to e-mail services external to the University network can be technically restricted for compelling reasons, for example if such services are deemed to constitute a major data security risk for the University.
If a work-related e-mail that is received contains a confirmation request, or if the message constitutes e-services by nature, the person processing the message must send a confirmation to the sender.
It is prohibited to send a reply to spam or malware e-mails.
The term "e-services" refers here to the electronic registration, completion and processing (including resolution) of matters, and notification of the decision.
According to Section 21 of the Administrative Procedure Act (434/2003), an e-mail delivered by mistake that deals with administrative matters beyond the competence of the University shall be transferred to the authority or party deemed to be competent, and the sender shall be informed of the transfer. If such a transfer is not possible, the message shall be returned to the sender.
If an employee of the University receives a message that does not fall under his/her work responsibilities and he/she is aware of the intended recipient of the message, he/she is obligated to transfer the e-mail to the correct person and to inform the sender of doing so. If the intended recipient is not known or the e-mail is beyond the competence of the University, the recipient must transfer the e-mail to the organisation address of the University, from which the message shall be transferred or returned to the sender.
Once the e-mail has been transferred, the employee must delete it from his/her inbox. The obligation of secrecy and prohibition of utilisation, recorded in Section 3.2, also apply in these cases.
The obligation of transferring e-mails does not apply to spam or malware e-mails.
If an e-mail message received at a work address is an application or if it concerns another public administrative matter, the message and the handling of the matter shall be forwarded to an organisation address or the address of the relevant services unit.
Personal e-mail accounts must be managed even during absence, in accordance with separate instructions.
If an automatic reply is used, the sender must primarily be advised to contact the appropriate organisation address. Apart from this information, the automatic reply message should be kept as simple as possible.
Employees must save the personal messages they may need later before the end of their employment and carry out the transfer of work-related messages in a manner agreed upon with their supervisor to the possession of the University.
If an employee resigns from his/her duties before the expiry of the employment contract, the employee or his/her supervisor can request the immediate discontinuation of incoming e-mail.
The owner of an organisation address must make sure that messages received at the organisation address are properly handled on a regular basis, according to the Information Management Plan, even when the owner is absent.
An e-mail address provided by the University may be used for personal purposes, as long as
A work-related e-mail sent by an employee must clearly state if it contains the sender’s personal views or opinions.
The University may search and open an employee’s e-mails, in specific cases and using methods recorded in separate instructions.
All methods of encrypting organisation- and work-related e-mail messages must be approved and implemented by the University.
When sending encrypted attachments, the passwords or keys needed for accessing them must be delivered to the recipient by other means, such as by text message to a phone number in the recipient’s personal use.
Sending confidential information or personal data via e-mail should be avoided. If this is unavoidable, the information must be sent encrypted. More detailed instructions on the recognition of the type of data and the requirements for its processing that follow from it are provided separately.
The purpose of such interventions is to secure the service level or safety of the e-mail system. System administration has been provided with instructions regarding interventions, supervision of use and log-keeping.
All e-mail traffic is automatically filtered in order to prevent malware and spam.
If necessary, exceptions can be made regarding automatic filtering (see Section 7.3).
Once the authorisation has terminated, the University will not receive messages sent to the person. Instead, an automatic message is sent to inform the sender about the expiry of the address. When an e-mail account expires, all its redirection arrangements also become invalid.
Any significant changes concerning staff will be processed in a cooperation procedure. The IT Administration will make decisions on the need for changes.
Information on the amendments will be provided via the ordinary channels of communication only, not personally.
The Policy on Consequences of Breaches of IT Security will be applied to the breaches.