DECISION. 25 June The attached Procedures for managing s are hereby adopted. The Procedures enter into force immediately.

Transcription

1 UPPSALA UNIVERSITY Box 256 SE Uppsala DECISION 25 June 2018 UFV 2018/ (1) Handling matter: Per Abrahamsson Telephone: Procedures for managing s The attached Procedures for managing s are hereby adopted. The Procedures enter into force immediately. The decision in this matter has been taken by the undersigned University Director following a presentation of the matter by Chief Legal Officer Per Abrahamsson. [Signature] Katrina Bjelke [Signature] Per Abrahamsson

2 DECISION 25/06/2018 UFV 2018/1239 Procedures for managing s Background Uppsala University s guidelines for managing s describe how employees and others active at the University who have access to the authority s system have to manage their and the University s system to make it a secure and time-saving tool that is managed in accordance with the rules that govern the use of . This is achieved by informing staff and avoiding management problems such as full inboxes that can lead to stress or the disappearance of important s. To meet the requirements of the General Data Protection Regulation and facilitate management, is to be used only as a conduit of information and not for the storage or processing of vital information. To enable to be an effective tool, the user should limit the quantity of unwanted s and minimise the size of s by, for example, being restrictive about annexes. In addition, all employees have to follow Uppsala University s guidelines regarding security and all handling of the University s IT resources. Purpose The purpose of these guidelines for management is to provide concrete guidelines and support for employees about how is to be used in the authority. This is because the has to meet the statutory requirements in force at any time and be a time-saving tool that all employees know how to use. General Everyone at Uppsala University has to use the system provided by the authority when s are sent on university business, in the case of both internal and external communication. Every user has to tell their immediate superior when they feel that they do not have knowledge in some areas of management. Managers are responsible for informing their employees about the training resources available to learn how to manage s effectively. management Incoming s must be checked regularly and always managed in accordance with the applicable legislation concerning public access and secrecy, regarding registration for instance. All correspondence within the framework of the user s position must take place through the system provided by Uppsala University. The automatic forwarding of s to other systems is not permitted. Only limited amounts of of a private nature may be received in and sent from Uppsala University s system.

3 s containing sensitive personal data or information covered by secrecy must be encrypted, for more information see Rutiner för informationssäkerhet: säker informationshantering, UFV 2018/668. Limit the use of personal data in s: Reduce the spreading of personal data by always considering whether personal data need to be included in the . Sort your Archive or discard old s. They should not be left in the Inbox. Use Auto Response: Place an automatic message in Auto Response when you are away for more than one working day and say when you expect to be back so that senders of s to you know that you will not reply before that. Security: Avoid, if possible, opening suspicious s the subject line or a preview of the opening lines of the may be a way to decide whether the is genuine. Never reply to advertising/unwanted s ( spam ). A reply is a confirmation to the sender that the address is active. s with unknown content or with files attached must be treated with caution. Do not open attached files if you are uncertain about what they may contain. If an attachment being opened requests activation of a macro, deny this. Macros in, for example, Word, Excel or Adobe PDF are common ways for attackers to spread viruses or steal information. s with suspicious content may, for example, mean phishing, ransomware, economic fraud, viruses etc. Send these s to security@uu.se. Never disclose a password or codes to anyone else. If an contains a threat, save the and contact security (security@uu.se). Logging and checks of use All and computer traffic in the University s network are logged. As an employer, the University has the right to go through these logs and access the content of s to check that rules in legislation or the authority s guidelines are being followed; to be able to carry out the tasks the University is obliged to perform; and to identify, manage or counter threats to information security. This also applies to files and other material stored in computers and transported in networks.

4 As an employer, the University does not, as a rule, check the content of employees computers, s or internet traffic, so as to respect personal integrity as far as possible. However, the University may check information in a computer or or in internet traffic if this is necessary for the following purposes: compliance with the authority s obligations such as the public nature of official documents; in the event of a risk to information security; on behalf of the police or other law enforcement authorities; in the event of a risk to someone s life or health; in the University s internal investigations. Responsibilities Managers in the authority are responsible for all employees in the University being aware of the authority s guidelines for managing s, but the individual is responsible for following the guidelines. If the applicable provisions are not followed, this may result in measures under labour law or other measures being taken. In cases where a state employer finds that an employee is reasonably suspected of certain offences that may result in a sanction other than a fine, the employer is obliged under Section 22 of the Public Employment Act (1994:260) to report the suspected offence for prosecution. Other cases may also be reported to the police for investigation.

5