Secure sending of e-mails, files and documents

What is open (green) data? 

Please read about green data and classification.

Sending and sharing files and documents 

Files that contain open data can be safely sent to both internally and to third parties, by, for example, e-mail. You do not need to take any special precautions. For sending large files, we recommend Filesender (filesender.uninett.no) as recipients can have restrictions on the size they can receive by e-mail. 

Internal sending of e-mail 

No special rules. Open data can be freely sent to internal recipients at OsloMet. You can send open data from private e-mail but remember that OsloMet-related work must be performed from your job account. 

External sending of e-mail 

No special rules. Open data can be freely sent to external recipients. You can send open data from private e-mail. Remember that OsloMet-related work must be performed from your job account and that communication with external parties may be subject to archiving requirements. 

Received open information? 

You can freely read and download e-mails, attachments and files with open information. Both on private equipment, and on equipment owned and operated by OsloMet. See the storage guide for a full overview of the suitable storage location for open information. 

What is limited (yellow) data? 

Please read about yellow data and classification.

Sending and sharing files and documents 

Files that contain limited information are usually most easily shared through Teams and OneDrive, both internally and externally. External sharing can be performed to specific people through the “Share” button in Office365. We recommend that you use Filesender (filesender.uninett.no) when sending large files or if you want to encrypt. 

Large quantities of data will always be treated as classified (red) data. Speak to the privacy contact if you are in doubt or have questions. 

Research data, no matter the classification, should always be marked with Sensitivity: Confidential in Outlook. 

Sending limited information by e-mail internally 

E-mail that contains limited information can be sent internally (between @oslomet.no addresses). The e-mail must be classified, marked with Sensitivity: Internal in Outlook. 

Sending limited information by e-mail externally 

E-mail containing limited information can be sent to external individuals (third parties). The e-mail must be classified, marked with Sensitivity: Internal in Outlook. 

Received limited information? 

Limited information can mostly be stored on IT equipment and in systems that are secured by logging in through your IT account at OsloMet. Teams and OneDrive can be used to store limited information. See the storage guide for a full list of suitable storage locations for limited information. 

What is confidential (red) data? 

Please read about red data and classification.

Sending and sharing files and documents 

If you send confidential information, the data must always be encrypted in accordance with the Norwegian Data Protection Authority’s recommendations. We recommend that documents are sent and encrypted directly in Filesender (filesender.uninett.no). The 7-zip program can also be used to encrypt files and documents. Outlook and OneDrive are not approved for red data. 

Remember that you cannot work with red data in folders that are synchronized to a cloud service. On PC you can use the folder: C:\Users\yourusername\temp_persondata_utenbackup.

Sending confidential information by e-mail internally

E-mail with red data can be sent internally between employees at OsloMet if it is marked with Sensitivity: Confidential. This classification in Outlook ensures automatic encryption. Note that this only applies to the text (content) of the e-mail, not attachments. 

Files and documents (attachments), as well as files in OneDrive are not encrypted when sent with outlook. When sending files and documents, sending and encrypting in encrypting in Filesender (filesender.uninett.no) is recommended. 

Sending confidential information by e-mail externally 

Confidential information should not be sent to external parties without the content being encrypted with a suitable tool. We recommend that documents are sent and encrypted directly in Filesender (filesender.uninett.no). The 7-zip program can also be used to encrypt files and documents.

Received limited information? 

Files and attachments will only be downloaded on equipment owned and operated by OsloMet. For short-term storage on a PC, you can use the folder: C:\Users\yourusername\temp_persondata_utenbackup.

Open Windows File Explorer, paste the file path C:\Users\yourusername\temp_persondata_utenbackup. (replace yourusername with your actual username).

See the storage guide for a full list of suitable storage locations for limited information. 

What is strictly confidential (black) data? 

Please read about black data and classification.

Processing of strictly confidential information (black data) 

TSD is currently the only approved storage at OsloMet for black data. 

Content classified as Strictly Confidential should, as a rule, never be sent by e-mail. Contact sikkerhet@oslomet.no if you believe you have received, or plan to send strictly confidential information. 

Using IT-equipment from OsloMet 

Always use IT-equipment owned and operated by OsloMet when processing limited, confidential or strictly confidential information. E-mails, files and attachments that contain such information should not be synchronized and stored on private equipment. 

Encryption 

If you store or send national identity numbers, personal information about many or other red data, these must always be encrypted.