Scenario: Forwarding confidential information via email

General tips

Forward only to recipients you know

Forward confidential data only to recipients you trust:

  • Known recipients
  • Recipients with @tum.de, @mytum.de and @zv.tum.de addresses or school/department abbreviations that end in "tum.de."
  • Digitally-signed emails are also considered trustworthy (learn more here about how certificates can help)

Never forward to personal addresses

Never forward confidential data to private addresses belonging to your colleagues. Every member of TUM can set up an @tum.de address and use it from anywhere in the world through the web frontend (mail.tum.de).

Never forward work emails

As a recipient: never forward your work emails to a private account. If you need access from home or a location other than your workplace, you can access the data via the web frontend (see above). Forwarding data to external mail providers such as GMX, Web.de and Google violates the privacy senders expect when sending an email to a TUM address.

Practical tips

Several options are available for forwarding emails with confidential data, depending on the level of security required:

  • Forwarding emails without protection: Please keep in mind that the data can be read more or less like a postcard!
  • For TUM email systems: If the email does not leave the server, you can assume it's secure. The assumption, in this case, is that TUM has undertaken adequate security measures on the server.
    If an email is forwarded from x@zv.tum.de to y@zv.tum.de (in other words, when the part of the address after @ is identical), you can assume it's secure.

Suitable methods

The following table shows which process is suitable according to how the data is classified:

  

 

Non-secure email

Password-protected ZIP file

Email remains on server

Encrypted email  

Personal data

No

Yes

Yes

Yes

Sensitive personal data

No

No

No

Yes

Intellectual property - unpublished research material

Project-dependent

Project-dependent

Project-dependent

Yes

Intellectual property – copyrighted material belonging to third-parties

Yes (lecture participants only)

Yes (lecture participants only)

Yes (lecture participants only)

Yes (lecture participants only)

Business-critical data

No

Yes

Yes

Yes 

Other internal university data

Yes

Yes

Yes

Yes