You are here: Information Security Email policy for employees

Email policy for employees

Access and identity

All full-time employees at AU have a corporate email address and have access to sending and receiving mail at this account. Guests and part-time employees (part-time lecturers, teaching assistants, student assistants, etc.) are not automatically assigned an email account, but they can get one at the request of their immediate supervisor.

The email address includes AU’s name in the form of ‘au.dk’ or another AU domain. It is up to the individual user to ensure that his or her use of email cannot damage AU’s reputation.

Special rules for people who both are students and staff members at AU 

If a person is both a student and an employee (e.g. a student assistant or an employee on a continuing education course), two email accounts will be set up. Different rules apply for students and employees, and it must be possible to separate the two roles. In this situation, it is important for you to be aware of your role – student or employee – and to use the correct email account in the different situations.

Use, including private emails

The use of email is primarily intended for activities which are directly related to work/studies, but AU email may be used for private purposes. Private emails should be clearly marked to distinguish them from work/study-related emails. This can be done e.g. by writing ‘private’ in the subject line.

A folder called ‘Private’ should be created for the storage of private email correspondence. You can also write ‘private’ in the email subject line when you send private emails internally and externally.

Private activities must never be such that they could interfere with other employees’ or students’ legitimate work or study-related activities, and private emails must not take up too much space.

Rights to view other people’s calendars

By default, all employees’ calendars are open. This means that all employees can see the place, time and subject of other people’s meetings/appointments. 

Private meetings/appointments

If you do not want an appointment to be visible, you should mark it as ‘private’. The subject, location, content, participant list and attachments cannot then be viewed by others. However, others can see that you are busy.

If you send a meeting request to others marked as private, you should be aware that the other attendees can remove the ‘private’ flag. This will happen, for example, if you book a room for the meeting. Here, the room will automatically clear the ‘private’ flag so the subject is visible in the room calendar. If you book a private meeting in a room, you should therefore enter a ‘neutral’ subject.

Ability to book resources

All employees at AU can book resources. Among other things, this means that units do not generally have their ‘own’ rooms.

There may be restrictions on the use of resources which are controlled by the individual units.

There may also be costs associated with the use of resources. This is handled outside the shared email and calendar system.

Relocation within AU

If an employee moves to a unit that uses a different email domain (the part after the @), a new email address will be assigned automatically, and the old address will be able to receive but not send email. The employee will receive an email about the change of email address.

Ownership and access to others mailboxes

AU owns the content of employees’ mailboxes, in the same way as it owns other data. This does not apply to private correspondence, which should therefore be marked as described under the section on ‘Use, including private emails’.

The content of students’ mailboxes is basically regarded as private, and AU is therefore not entitled to open a student’s mailbox unless there is an agreement to this effect or it is necessary for technical reasons, as described below. If a mailbox is opened for technical reasons, the contents of the mailbox must not be read by the employees.

Access to employees’ or students’ mailboxes

AU IT can gain access to all AU mailboxes. This may be necessary in case of technical breakdowns (e.g. mail loops which are filling an absent employee/student’s mailbox) or an urgent need to gain access to an email which is known to have been sent to an absent colleague.

If AU IT has to gain access, this must always be agreed beforehand with the relevant employee/student. If this is not possible, it must be done by agreement with the user’s (immediate) supervisor. The employee/student must then be informed as soon as possible.

In the individual units, you can agree to give a colleague (e.g. a secretary) read access to your mailbox or parts of it. Such agreements should be openly made by the individual units.

If an employee leaves or is dismissed, AU is entitled to access the person’s mailbox with a view to accessing business-related correspondence. It is recommended that an agreement on access to a mailbox be made before the employee leaves AU, and the person should be given the opportunity to clear his or her private correspondence before access is granted. See also the section on ‘Handling of terminated employees’ email’.

Handling of terminated employees’ email

An employee is terminated when he or she no longer has any association with AU as a paid or unpaid employee. Termination takes effect from the date on which the last employment relationship is removed from employee master data. 

A terminated employee’s email account is automatically deactivated when the employee is removed from employee master data. When an email account is deactivated, the terminated employee can no longer log in to the email account and send mail from it.

The following standard auto-reply will be automatically set on disabled email accounts: “Denne mailadresse eksisterer ikke længere. Mail sendt til denne adresse bliver slettet automatisk! / This email address no longer exists. Email sent to this address will automatically be deleted.”

After 6 months the mailbox and the auto-reply will be deleted automatically. The email address will remain unique and cannot be reused.

Immediately before termination, it is the responsibility of the local management to ensure that the employee cleans up the mailbox, and that emails with content that is relevant to the unit are sent to other users.

Once the employee has left, it is generally no longer possible to gain access to the mailbox. A manager (department head or division manager) may, however, grant access to mailboxes for a limited period (max. one year after termination takes effect), if there is a work-related reason. Such access must always be restricted to a few named employees, and there must be a written justification for keeping the account open. The reason must be recorded.

Secrecy of correspondence

Emails are covered by secrecy of correspondence, cf. Section 263(1) of the Danish Criminal Code (Straffeloven).

If an employee has left AU, we must therefore respect secrecy of correspondence. A person who is granted access (see above) can therefore only read and copy work-related emails and appointments. Emails and appointments/meetings that are marked as private must not be opened. If you accidentally open an email or appointment/meeting marked ‘private’, you must close it immediately, as you are not permitted to read the content.

Manual auto-reply

If a member of academic staff wants a different auto-reply to the one specified above – e.g. reference to a new/external email address where they can be contacted – this must be agreed with the local management before leaving AU. The content of the mailbox will still be deleted; see deadlines above. 

Forwarding emails

As AU’s email and calendar system is used as a tool for case handling, emails circulating at AU may contain sensitive and/or confidential information. It is therefore not permitted to automatically forward emails from AU to email systems outside AU, such as Gmail, Hotmail/Outlook, Yahoo, etc. You can read more in AU’s policy for handling emails containing personal data.  

Blocking of email accounts

AU IT is entitled to block email accounts and immediately disconnect a given user’s computer if this is deemed necessary in order to maintain security or to otherwise safeguard operations.

Vigilance

AU IT protects email traffic as best it can by using filters against viruses, malware and spam as well as through regular security updates on computers, but these security measures may be insufficient, and all employees are therefore expected to stay up to date and show vigilance with respect to threats to information security which are transmitted by email. Read more about phishing

Criminal activities

The use of email for criminal activities of any kind, including (but not limited to) distribution of pirate software, music and films or other circumvention of the Copyright Act is prohibited. Nor may email be used for illegal activities such as sending spam, etc.

Commercial use

Use of email for private commercial activities is forbidden. Approved commercial activities (such as AU subsidiaries) must have their own email domain, and clear guidelines must be prepared which ensure that the individual employees send emails from the correct account, to avoid confusion of roles.

Access to AU email via smartphones and tablets

 

For security reasons, only a limited selection of smartphones and tablets are supported in relation to access to AU email. As a rule, phones and tablets with up-to-date versions of either Android or iOS are supported.

Before you can use email on your tablet/mobile, you must accept the following policy on the phone:

  • The phone/tablet must have a mobile password.
  • The phone/tablet must lock automatically after a maximum of 10 minutes.
  • AU has the ability to delete the content on the phone/tablet.
  • If you type your password incorrectly more than 25 times, the content on the phone/tablet will be deleted.
  • The phone/tablet must be encrypted.

If you lose a mobile device which is connected to AU’s email system, you must notify your local IT support or report it as a security breach, after which the mobile device will be reset in order to prevent misuse.

1445591 / i40