Sending personal data by email

When sending email, it is especially important to take protection of personal data and privacy into consideration and to secure the confidentiality of messages.

How to send personal data by encrypted email

  1. Select New message in the uniarts webmail.  
  2. On the Settings tab, select Encrypt. You will find encryption behind the lock icon.

How to send personal data using the FileSender service

Log in to FileSender with your Uniarts Helsinki account.

Enter the following data in the system:

  • Select files (select the file that you want to send from your computer) 
  • To (email address of the recipient) 
  • File encryption (activate encryption) 
  • Password (password used for encryption) 

You can also use the “Generate password” feature under the Password section for coming up with a password. 

Send the data to the recipient

Send the personal data to the recipient in a file that can either be in Word or PDF format. Send the password for opening the file in a text message. Never send the password by email.  

Using FileSender for studies

You can use the FileSender service for sending study-related large files to teachers also without encryption, if the files do not include other than regular personal data (name, email address, etc.). Do not use other file sending services (e.g. WeTransfer) than FileSender in your studies. You can deliver files to a teacher also by using Uniarts Helsinki’s OneDrive service. 

Password practices

A new single-use password must be generated each time a file that contains personal data is shared. The password is delivered to the email recipient via a text message. 

The text message only contains the passphrase, and it is sent only after the email containing personal data has been sent to the recipient. The email can and should mention that a related text message has also been sent. 

A good password

An example of a good password could be: “IWillEmailtheDocs!Inthemorning”. The password must include at least upper-case and lower-case letters and numbers, but it can also include special characters. 

Do not use your own or your organisation’s name in the passphrase. Do not use the afore-mentioned example passphrase, either! 

Confidentiality disclaimer about emails that contain personal data

The email you have received, along with its attachments, contains confidential information protected by the secrecy of communications. The information is only for the attention of the intended recipient. If you are not the intended recipient of this message, please notify the sender of the message immediately. We also ask you to immediately delete the message that you have unintentionally received, along with any attachments and possible copies of them. The Criminal Code of Finland forbids the unauthorised use and disclosure of the message, its attachments and their content. 

Things to remember when sending personal data

Always take a moment to reflect on the following questions before sending any personal data about you or another person by email: 

What kind of personal data am I sending, how many people does the data concern, and how big is the group of recipients?

  • Personal data is any data that can be used to identify an individual person. 
  • All kind of personal data must be processed carefully. 
  • Special attention must be paid when processing so-called special personal data (e.g. health data, incl. allergies) or personal data that requires special protection (e.g. information on absences due to sickness, personal identity code, information about personal circumstances, such as family relations). Sending this kind of personal data by email must be avoided. 
  • If, however, special or confidential personal data must be processed by email, the email must be encrypted or the attached material containing personal data must be password-protected, cf. sections 5 and 6. 
  • Regardless of the type of personal data, processing large volumes of personal data (e.g. reports) by email must absolutely be avoided, whether the email is being sent by email to another Uniarts Helsinki member or to a person outside of the Uniarts Helsinki community! 

Am I sending personal data outside of the Uniarts Helsinki organisation?

All email addresses that do not end in represent domains outside of the university organisation, even if the recipient works or studies at Uniarts Helsinki. 

Is the recipient allowed to process the personal data in question?

Avoid sending personal data to email lists (because you do not necessarily know who the members of the list are). 

Always check the recipients’ email addresses before sending your message so that the message is not sent to the wrong person!  

What should I do if I notice that I have sent personal data to the wrong address?

  • Send the recipient a message or contact them by phone, tell them the situation and ask them to delete the message without reading it. 
  • Also tell the recipient that they do not have the right to use the information or to send the information forward. 
  • Report the matter to the data protection officer, 

Internal email messages at Uniarts Helsinki

You can send so-called general personal data (name details, contact information, date of birth, age, etc.) normally by email from a Uniarts Helsinki address to another address. 

Processing personal data

It is forbidden to include a personal identity code in documents or reports where the unambiguous identification of a person is not necessary. 

Uniarts Helsinki emails to external recipients

Secure emails must always be used when sending special personal data or personal data that requires special protection (e.g. health data, incl. allergies or a personal identity code) to recipients outside of Uniarts Helsinki.  

Small amounts of general personal data (concerning an individual person or a few persons) can be sent normally by email, but a set of personal data of several persons constitutes a personal data file, which must be processed in a more secure way. These kinds of personal data files containing general personal data and all sensitive personal data must always be sent by encrypted email or via Filesender. 

If possible, the recommendation is always to avoid processing emails that contain special personal data or personal data that requires special protection with recipients outside of the Uniarts Helsinki community by using encrypted messages via the FileSender service or encrypted file attachments via email! 

The recommendation is that large attachments of over 10 MB are always sent via the FileSender service, because the recipient’s email system may have limits concerning attachments.