Email rules

The email system is a tool to send and receive information internally and externally.
The email application includes calendar, task lists and contact lists.

The Public Access to Information and Secrecy Act (2009:400) and the General Data Protection Regulation (GDPR) limits how the email system can be used and which information that can be managed.
Each user has a responsibility to judge that the information used in the university's email system
does not break the rules.

Email at work

• Only the university's email system can be used for emails addressing work related
  matters.
• You can not forward you incoming emails to an external email system, for example your
  private email account.

The reason for the above is that the university is an authority that must be able to follow up,
track and when needed release or erase information. This means that work related
information can not be processed in other email systems. The university can not guarantee
the safety levels of other email systems than their own.

Private use

• Email accounts provided by the university can not be used for private matters.
• If you receive private emails not related to the work at the university these must be
  erased from the email system.
• It is inappropriate to use your university account to communicate in matters not
  associated with the work performed at the university. This due to that opinions
  expressed can be interpreted as expressed as an employee at the university and
  hence indirectly as a viewpoint from the university. The university is responsible for
  all personal data management in the email. With private matters the university lacks
  legal basis for the usage. Private use of the email increases the risk of cyber attacks,
  as phishing for example, as the email address is unnecessary exposed at external
  websites.

Email limitations

• It is not allowed to ask for confidential information (secrecy), sensitive personal data  and
  personal data meriting extra protection through email. If you receive this type of information
  it must be immediately transferred to a system appointed by the university and erased in the
  email system.
• If you need to answer a received email containing any of the above information, answer with
  a new email to avoid distributing this information further.
• If you need to send or ask for information according to above, use alternative means
  of communication such as physical mail, phone calls or use encryption according to
  instructions from the IT department.

Archiving and culling/erasing

The email system is only a temporary storage and not designed or allowed to use as an archive.

The information managed should continuously be archived or culled/erased according to
instructions in the information management plan.

Questions can be addressed to dataskydd@hb.se