Versions Compared

Old Version 11

changes.mady.by.user Unknown User (kimmosv)

Saved on

compared with

New Version Current

changes.mady.by.user Roope Rannikko

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

This document describes regulations for handling email at Metropolia in general. These rules apply to everyone who uses or has access to Metropolia's email address.

A summary of the regulations for handling email can be found below, which contains the most important points.

Table of Contents

Table of Contents

...

General

  • In handling electronic documents, the

...

  • University shall apply the principles of privacy of

...

  • correspond-ence, protection of privacy and good administrative procedures

...

  • .

...

  • The University shall have the right to determine for what purpose the email and the network are to be used, and user rights can be restricted

...

  • .
  • The email system is not meant for mass distribution of files or for transmitting large files

...

  • .

...

The current regulations for handling e-mail and other policies and rules concerning information security are published in the university announcement portal.

2    Definition and Handling of Email Messages and Addresses

...

Definitions and Scopes of Use

In these regulations, email messages have been divided into four different categories based on the type of address they are connected to. In the regulations, both sent and received messages are defined as follows:

...

Official and personal email addresses are composed of the user’s name or the user’s user ID.

The person's e-mail address is classified as personal information https://tietosuoja.fi/en/what-is-personal-data and the processing of personal data complies with the Data Protection Act (5.12.2018/1050). Personal data are registered in the personal data files of the University, of which file descriptions have been drawn up and handled in the University in a way and for the purposes defined in the descriptions.

The University and its units shall have organizational email addresses for running official business and offering services (e.g. kirjaamo@ metropolia.fi or helpdesk@ metropolia.fi). The services of the University shall be approached primarily using the organizational email addresses instead of the official addresses of individual employees.

2.2    Publishing of Email Addresses

Publishing means revealing an email address in such places as the University phone book or other publication, the public web pages of the University, calling cards and index services.

The University publishes the organizational email addresses and the official email addresses of its employees, as necessary for the use of services and attending duties. As a general rule, publishing a student’s email address requires the student’s consent. The University does not publish email addresses that are not issued by the University.

Email addresses should always be in the form based on the user’s name, both in the settings of the email client and otherwise published.

2.3    Handling of Organizational Email Messages

...

Use of email and handling of messages

  • In order to maintain privacy protection and information management, it is forbidden to forward or automatically redirect

...

  • organizational

...

When necessary, an email message can have an appendix referring to the confidentiality of the message.

Organizational email messages shall be handled in a manner required by the Act on the Openness of Government Activities (621/1999). The Act defines among other things what an official document is, which information in an official document is confidential, and when access to a document can be granted.

2.4    Handling of Official Email Messages

...

  • email to an email address outside of

...

  • the University

...

  • .
  • An

...

  • employee

...

When necessary, an email message can have an appendix referring to the confidentiality of the message.

Official email messages shall be handled in a manner required by the Act on the Openness of Government Activities (621/1999). The Act defines among other things what an official document is, which information in an official document is confidential, and when access to a document can be granted.

2.5    Handling of Personal Email Messages

 Personal email messages of an employee shall be separated clearly from messages belonging to the University. An employee shall immediately move any personal messages having arrived to the official email address to separate folders, the names of which clearly state the privacy of the messages (e.g. private, personal). This applies both to received and sent messages.

It is permitted to use the University email address to an employee’s or a student’s personal matters on a small scale as long as it does not impede the functions of the University. However, use for commercial purposes, such as private entrepreneurship is absolutely forbidden.

It is not allowed to use University mail servers to send chain letters or mass email. The necessity of the University to communicate on a large scale to members of the University community is considered case by case.

2.6    Handling of Other Email Messages

...

  • or student is not allowed to use an external address for tasks connected to University. Tasks included emails between teacher and student.
  • An external email address should not be used for a student’s studies and other activities as part of the University community. The University can require that an email address issued by the University is used

...

  • using

...

3    Messages Requiring Special Measures

3.1    Restricting Email Messages and Their Attachments

The University has the right to use automated checking on email messages and their attachments for possible viruses and other malware, and to restrict the sending and receiving of possibly harmful or too large/numerous attachments.

The University has also the right to delete messages and attachments containing viruses and other malware. The University is not required to inform the sender of the filtering or deletion of a single message. The filtering is performed automatically in the email system. The users will be informed of these restrictions in the document Instructions for Filtering Email.

3.2    Handling of Spam

...

  • services

...

  • by

...

  • email

...

  • .

...

  • If

...

The user can report disturbing spam to maintenance personnel or the IT support (helpdesk@metropolia.fi). In practice, the maintenance can only try to intervene in messages sent from Finland.

3.3    Handling of Undeliverable Email

...

  • a

...

If the address of an arriving message is not known by the email system, an error message is automatically sent to the original sender. A notification is also sent to the original sender, if the recipient’s email quota is full. Managing the quota is a user’s own responsibility.

The responsibilities for sending and returning do not apply to malware messages or spam.

3.4    Handling of Email Arriving at an Incorrect Address

...

  • user receives an email message intended for another person, the receiver must inform the original sender of the unsuccessful delivery

...

  • and delete the arrived message.

...

  •   The user has obligation of secrecy and non-exploitation considering both the contents of the message and its existence

...

  • .

4    Handling of Email in Special Situations

4.1    Automatic Responses to Messages

  • It is not recommended to use automatic replies. If, however, an automatic reply is deemed necessary (e.g. long vacations of employees, leave of absence or termination of employment), the automated reply shall advise the original sender to contact primarily the appropriate organizational address

...

  • .

...

  • A

...

  • user has the right to encrypt his or her email messages with Metropolias secure-email function, which is a tool accepted by Metropolia IT-services.
  • Confidential and sensitive personal data should not be transmitted by e-mail or any other form of data transmission over a network without encryption. Metropolia's internal e-mail traffic (when you send a message from an e-mail address ending in @ metropolia.fi to another e-mail address ending in @ metropolia.fi) is already basically encrypted.

The Official Document of Regulations for Handling Email at Metropolia

You can read the Metropolitan Email Processing Rules document from the OMA intranet. The document is available in English under the Codes of Practice section.

Sähköpostin käsittelysäännöt suomeksi 

...

Before the termination of the employment, an employee shall inform his or her communication partners of the upcoming termination of his or her email account, and delete personal messages. Other messages remain the property of the University and opening them is governed by the Act on the Protection of Privacy in Working Life (759/2004). If an employee’s ceases his or her duties before the termination of the employment, the receiving of email shall be terminated already at that time.

Before the termination of the user rights, a student is responsible for informing his or her communication partners of the upcoming termination of his or her email account.

4.3    Procedural Rules While an Employee is Temporarily Absent

When the absence is known in advance, the employee and his or her superior shall take care of the proper handling of the employee’s email. The recommended way is to give the person in charge of the duties during the absence the access to the email by access control lists. (For information on automatic replies, see chapter 4.1.)

Within the scope set by the Act on the Protection of Privacy in Working Life (759/2004, sections 18 through 20), the University has the right to gain access to the email messages that belong to the University and are necessary for the continuation of University functions while an employee is absent. Accessing and opening the messages sent to or from an official email address is primarily based on the consent of the employee and on the possibility to clearly tell apart the confidential private messages belonging to an employee from the messages belonging to the University. (On separating the messages: see chapter 2.5.)

If the employee has not given another person, accepted by the employer, the consent to access and open the messages belonging to the employer while the employee is absent, or the consent cannot be obtained due to a serious illness, the University President may order the employee’s superior, with the help of the administrator of the mail server, to access and open the above-defined official email messages, while the employee is absent. The reason for accessing and opening the email, persons taking part in it, the time of the procedure and the person or persons having received information of the opened email message have to be documented, and the employee has to be notified without unnecessary delay.

4.4    Messages and Mail Boxes Harming or Endangering the Email System

The right of the maintenance of the email system to intervene in the email traffic to ensure the service or security of the email system is prescribed in more detail in the document Administrative Rules of Information Systems.

5    Encryption and Verification of an Email Message

A user has the right to encrypt his or her email messages with an encryption algorithm.

Documents classified as top secret or secret must not be sent by email.

Documents containing other data than public information and public personal information shall not be transferred by email or other file transfer method using the data network without encryption.

Confidential personal and other information may, however, be electronically transferred, if the data is encrypted using sufficiently strong encryption algorithms or the data is transferred only within the university’s internal network.

The encryption programs used for organizational and official email shall be accepted and implemented by the University.

The validity and authenticity of a document received by email shall be confirmed, when necessary.

If official email has been encrypted in such a way that only the receiver can open it, it must be opened immediately after the transfer. If necessary, it can be encrypted again in such a way that it can be accessed also by other persons handling the matter in question. This duty does not apply to malware or spam.

6    Monitoring Email Usage and Collecting and Storing Log Information

Instructions on monitoring email usage and collecting and storing log information can be found in the document Administrative Rules of Information Systems.

7    Supervision of These Rules

These rules are supervised by the University IT Services, the administrators of the mail servers, and unit directors. Offences against these rules shall be dealt with according to the Policy of consequences for IT Offences. The rules shall be updated when necessary, or when the common recommendations of the Universities are changed. The need for updates shall be monitored by the Chief of Information Officer or a person appointed by him or her.

...