General tips
Forward only to recipients you know
Forward confidential data only to recipients you trust:
- Known recipients
- Recipients with @tum.de, @mytum.de and @zv.tum.de addresses or school/department abbreviations that end in "tum.de."
- Digitally-signed emails are also considered trustworthy (learn more here about how certificates can help)
Never forward to personal addresses
Never forward confidential data to private addresses belonging to your colleagues. Every member of TUM can set up an @tum.de address and use it from anywhere in the world through the web frontend (mail.tum.de).
Never forward work emails
As a recipient: never forward your work emails to a private account. If you need access from home or a location other than your workplace, you can access the data via the web frontend (see above). Forwarding data to external mail providers such as GMX, Web.de and Google violates the privacy senders expect when sending an email to a TUM address.
Practical tips
Several options are available for forwarding emails with confidential data, depending on the level of security required:
- Forward an encrypted email: At the LRZ website you can find instructions for sending encrypted emails with Outlook.
- Compress the confidential data in a password-protected ZIP file. Tips and instructions are available under Instructions > Data encryption.
- Forwarding emails without protection: Please keep in mind that the data can be read more or less like a postcard!
- For TUM email systems: If the email does not leave the server, you can assume it's secure. The assumption, in this case, is that TUM has undertaken adequate security measures on the server.
If an email is forwarded from x@zv.tum.de to y@zv.tum.de (in other words, when the part of the address after @ is identical), you can assume it's secure.
Suitable methods
The following table shows which process is suitable according to how the data is classified:
| Non-secure email | Password-protected ZIP file | Email remains on server | Encrypted email |
---|---|---|---|---|
Personal data | No | Yes | Yes | Yes |
Sensitive personal data | No | No | No | Yes |
Intellectual property - unpublished research material | Project-dependent | Project-dependent | Project-dependent | Yes |
Intellectual property – copyrighted material belonging to third-parties | Yes (lecture participants only) | Yes (lecture participants only) | Yes (lecture participants only) | Yes (lecture participants only) |
Business-critical data | No | Yes | Yes | Yes |
Other internal university data | Yes | Yes | Yes | Yes |