Don’t let your mail leak
At CERN, data privacy is of paramount importance, and we are currently developing a comprehensive data protection policy. For example, your CERN mailbox and your “private” folders on AFS and DFS are considered yours...
You might feel like you have nothing to hide, but we are not only talking about personal e-mail: data privacy also pertains to financial mail (acquisitions, tenders), mail related to HR (contracts, assessments), medical information, etc. As this is considered “private” even if it is work-related, the data cannot normally be accessed by your supervisor, the AFS/DFS/mail service administrators or even the Computer Security Team. Tight procedures have been established for the rare cases where such access is necessary, and these require the prior approval of the CERN Computer Security Officer or the IT Department Head, the Legal Service and the DG (see here for more details).
Data privacy is not only the responsibility of the Organization, however; you should also treat it with respect. There are members of the personnel who use external e-mail providers like Gmail or Hotmail instead of the central CERN e-mail service; some people send mail messages from their external mail address; and some even forward mails sent to their CERN address to that external provider. This could have serious consequences: an external e-mail provider cannot guarantee the level of data privacy provided by CERN, which is inspired by the European Data Protection Directive (95/46/EC). External providers may be outside Europe and subject to national legislation which is less protective. In addition, once e-mail is passed through these providers, there are implications for CERN’s privileges and immunities as an intergovernmental organisation.
For these reasons, the Computer Security Team and the IT department strongly encourage you to use only your CERN mail account for professional exchanges and not an external mail provider. Similarly, you should avoid having a permanent automated forward of all your CERN mail to an external provider.
The CERN mailbox gives you several features out of the box. By default all mailboxes have a quota of 2 GB, which can easily be increased (find out how here), and you can send and receive messages with an attachment of up to 30 MB. Moreover, the CERN mail system is integrated with the CERN phonebook, the e-groups system, an electronic fax service, a calendar that allows you to easily schedule a meeting, and many other services. The CERN e-mail service supports several e-mail clients on different operating systems, including support for major Internet browsers (see here). At the same time, sending messages from external sources (instead of a CERN mailbox) can have implications. A message can be rejected by the CERN antispam system or by an e-group’s posting restrictions.
Thank you for maintaining CERN’s high level of data privacy and protecting its immunity. For further information, please check our web site or contact us at Computer.Security@cern.ch.
by Computer Security Team