Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt
nameSummary

This article explains when you should encrypt your emails and how to do it.

Panel
panelIconId1f6d1
panelIcon:octagonal_sign:
panelIconText🛑
bgColor#FFEBE6

IMPORTANT: This article will make references to Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”). For definitions of these terms see the Data Privacy Policy listed on https://www.seattleu.edu/policies/ for the most up to date definitions.

Table of Contents
minLevel1
maxLevel7

Do You Need to Encrypt Your Emails?

1. Know the categories of information

  • Confidential information (“CI”) is the most comprehensive category and covers all non-public information about Seattle University and its stakeholders, including employees, students, and donors. If something is not public information, it is considered confidential by default.
    Examples include:

    • budgets

    • prospective student information

    • contracts with third parties

    • business plans

  • Personal data (“PD”) is a subset of confidential information that is information about people. Examples include

    • educational records

    • health and medical information

    • credit card numbers

    • employment records

  • High-risk confidential Information (“HRI”) includes an individual’s name in conjunction with the individual’s (1) Social Security, credit or debit card, individual financial account, driver's license, state ID, or passport number, (2) human subject information or personally identifiable medical information, or (3) biometric information.

  • Personally identifiable information (“PII”) is any data that could potentially identify a specific individual. According to NIST, PII can be divided into two categories: linked and linkable information.

Linked information is more direct. It could include any personal detail that can be used to identify an individual, for instance:

  • Full name

  • Home address

  • Email address

  • Social security number

  • Passport number

  • Driver’s license number

  • Credit card numbers

  • Date of birth

  • Telephone number

  • Owned properties e.g. vehicle identification number (VIN) 

  • Login details

  • Student ID number

  • Processor or device serial number* 

  • Media access control (MAC)*

  • Internet Protocol (IP) address*

  • Device IDs*  

  • Cookies*

Linkable information is indirect and on its own may not be able to identify a person, but when combined with another piece of information could identify, trace or locate a person. 

Here are some examples of linkable information:

  • First or last name (if common)

  • Country, state, city, zip code

  • Gender

  • Race

  • Non-specific age (e.g. 30-40 instead of 30)

  • Job position and workplace

Panel
panelIconId2a-20e3
panelIcon:asterisk:
panelIconText*️⃣
bgColor#DEEBFF

NIST states that linked information can be “Asset information, such as Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people”. That means cookies and device ID fall under the definition of PII.


2. Are you sending email internally or externally?

Panel
panelIconId1f6d1
panelIcon:octagonal_sign:
panelIconText🛑
bgColor#FFEBE6

IMPORTANT: Not all contacts listed in the Global Address List are internal contacts. You must verify the email address of the recipient before sending the message if you are including any protected data in your message.

Panel
panelIconId1f513
panelIcon:unlock:
panelIconText🔓
bgColor#E3FCEF

Internally

Sending email internally is considered a secure delivery method and you are not required to encrypt your message even if it contains protected data†.

Panel
panelIconId1f510
panelIcon:closed_lock_with_key:
panelIconText🔐
bgColor#FFFAE6

Externally

If sending email to an external (not a seattleu.edu email address) recipient, you are required to encrypt your message if your message contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). If you are sending an email that contains HRI or PD, we recommend exploring other secure methods of transmitting this information other than email.


Scenarios

I’m sending email to an external email address that includes protected data†

If you are sending an email to an external recipient†† that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are required to encrypt your message.

I’m sending email to an external email address that does not include protected data†

If you are sending an email to an external recipient†† that does not contain Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are not required to encrypt your message.

I’m sending email to an internal email address that includes protected data†

If you are sending an email to an internal recipient that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are not required to encrypt your message.

I’m sending email an internal email address that includes protected data†

If you are sending an email to an internal recipient that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are not required to encrypt your message.

How do I encrypt my messages?

Using the Outlook application on Windows

  • Compose a new message from within Outlook

    Image Removed
  • In the ribbon of the new message, click on Option then click on the 🔒 icon above “Encrypt”. If the icon is missing, see the bottom of this section for help.

  • Image Removed

    Once encryption is enabled, a message will appear to confirm encryption is turned on for this message.

    Image Removed

    A third party wants to send me an email that includes protected data†

    If a third party wants to send you an email that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). Ask them to encrypt their message.

    Panel
    panelIconIdatlassian-question_mark
    panelIcon:question_mark:
    panelIconText:question_mark:
    bgColor#DEEBFF

    Is the 🔒 icon missing?

    On older versions of Microsoft Outlook, this option may not be available. Please see Using the Outlook.com website section below to send your message in the web version of Outlook. If you will be sending encrypted mail frequently, feel free to contact servicedesk@seattleu.edu for assistance updating the Outlook application on your computer.

    Using the Outlook application on macOS

    1. Compose a new message from within the Outlook app.

    2. In the ribbon, click on Options, then the 🔒 icon above “Encrypt”. If the icon is missing, see the bottom of this section for help.

      Image Removed
    3. Once encryption is enabled for this message, you’ll see a notification appear above the body of your message indicating that encryption is turned on.

    Panel
    panelIconIdatlassian-question_mark
    panelIcon:question_mark:
    panelIconText:question_mark:
    bgColor#DEEBFF

    Is the 🔒 icon missing?

    On older versions of Microsoft Outlook, this option may not be available. Please see Using the Outlook.com website section below to send your message in the web version of Outlook. If you will be sending encrypted mail frequently, feel free to contact servicedesk@seattleu.edu for assistance updating the Outlook application on your computer.

    Using the Outlook.com website

    1. Compose a new message from within the Outlook app.

    2. Click on the ellipsis (…) along the top bar of the composed message. Then click on Encrypt, then again on Encrypt.

    Image Removed

    3. When your message has been encrypted successfully this banner will appear at the top of the compose email pane.

    Image Removed

    Have you determined you need to encrypt your message and need help? See How to Send an Encrypted Email


    Filter by label (Content by label)
    showLabelsfalse
    max7
    sortcreation
    reversetrue
    titleRelated articles
    excerptTypesimple
    cqllabel = "encryption"

    Protected data is any data that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”).

    †† An external recipientis any recipient who does not have a seattleu.edu email address. Ex. @yahoo.com, @gmail.com, etc.