果冻影院

XClose

Data Protection

Menu

Guidance on using email

This guidance has been produced to help ensure the proper and efficient use of 果冻影院鈥檚 email service. Following these recommendations helps 果冻影院 comply with new data protection legislation

Contents

Keeping e-mails

Don麓t keep anything unnecessarily, review regularly.

Recommendations:

  • Get into the habit of reviewing email messages regularly.

  • Delete any working copies, trivial emails, out-of-date reference material and duplicates.

  • You can use the to stop your inbox from getting out of control.

  • It is good practice to manage your emails into folders and generally try to keep emails in your inbox to a minimum.

Sending e-mails

Sending e-mail is not the most secure method of sharing information and should be avoided when handling special category/sensitive data but if you still use e-mail then follow the best practice guidelines here.

Use CC & BCC with care

Every time a message containing personal data is copied to another recipient there is an increased information compliance risk.

To minimise risk, we make the following recommendations:

  • Limit the use of CC only to those who need to receive the information.BCC (Blind Carbon Copy) can be a useful tool. When you use BCC, all those in the 鈥楤CC鈥 field can鈥檛 see each other鈥檚 email addresses. However, forgetting to use BCC, frequently leads to the accidental disclosure of all the recipients鈥 email addresses.
  • Where you regularly have to send personal information, use alternative sharing tools such as Sharepoint and OneDrive.
  • With the above in mind where it is still necessary to send to multiple recipients聽please assess the nature of the information and the potential security risks when deciding on the best method to communicate with a large amount of people. If you are sending any sensitive personal information electronically, you should use alternatives to BCC, such as bulk email services (that Information Services Division can advise on) should be considered (you could consider whether a DPIA should be undertaken as well in these scenarios).

Please see to the Information Commissioner's Office's (ICO) recent warning and new guidance about bulk emails.聽.

Consider using encryption

The risks of transferring personal data increase when emailing non-果冻影院 recipients, i.e. those not using an 鈥淍果冻影院鈥 email addresses.

Robust encryption is recommended as it can be used to ensure confidentiality. Encryption keeps data private by converting it to an unreadable format. Only people who have an encryption key can access the data.

Please refer to the ISD-produced guidance on options for encryption for more information. If you are uncertain about how best to utilise encryption, please seek advice from the isg@ucl.ac.uk.

Alternative to sending e-mail

Using email for sharing documents and personal information is often not the best method. Sharepoint and OneDrive are both secure features of Office 365 as offered by 果冻影院.

Sharepoint is a web-based collaboration space which can be used to create, edit and share content between colleagues. There are a number of different service levels offered by 果冻影院 depending on business use and your skill level.

  • You can contact ISD to request your own SharePoint site.聽

OneDrive for Business is a web-based collaboration space designed for personal use, such as sharing a file with an individual. 果冻影院 staff and students are each allocated 1TB of storage space for OneDrive.聽
果冻影院鈥檚 shared drive provides access according to file system permissions. It is secure and is backed up on a daily basis.

Shared role accounts and shared mailboxes

Shared mailboxes can help to avoid duplicating content, and instead to keep e-mails grouped by task that can later be easily cleaned up.

You can use role accounts for e-mail collaboration using a shared mailbox.

A role account is a generic user ID assigned for one specific role that can be used by more than one person. The account must have a registered owner. Role accounts can only be used by one person at a time and must not be used for personal email or file storage. They will have access to an email address, N:\ storage, Desktop@果冻影院 and Eduroam, but not to print@果冻影院 or library services.

Use of role accounts must be reviewed annually to ensure continued need. If no longer needed this must be relayed back to User Services by filling in the so the role account can be closed.

If you wish to use a role account for email collaboration, you should use a shared mailbox. This allows for multiple access to a single mailbox, useful for a number of circumstances such as the ability for a PA to access a manager鈥檚 inbox.

A shared mailbox is a mailbox that multiple users can use to read and send email messages. Shared mailboxes can also be used to provide a common calendar, allowing multiple users to schedule and view vacation time or work shifts.

Use an Out of Office (OOO) message

Out of Office (OOO) should be used in all cases where staff are away/unable to access their email.

The OOO message should include dates of no email access, and alternative contact details 鈥 a mailbox or a colleague who may be able to assist the sender.
Please see the 果冻影院 guidance on out of office messages.

Tips on content聽

  • Be objective and professional. Bear in mind that emails are subject to 鈥榓ccess to information regimes鈥, i.e. freedom of information and data protection legislation 鈥
    • what you write in an email may have to be disclosed.
  • One subject per message: limit the content in each email message to one subject, which will make management easier. Keep subject lines concise, clear and related to the purpose of the email.
    • avoid personal data.聽
  • Establish email protocols in your local areas to ensure that everyone in your office manages their email in a similar way.

Use folders

Stay organised so to help management and protection of data.

  • For example, use a folder called 鈥榩rivate and personal鈥 that clearly indicates the nature of the messages to be stored.

Further information