Excerpt | ||
---|---|---|
| ||
This article explains when you should encrypt your emails and how to do it. |
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
IMPORTANT: This article will make references to Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”). For definitions of these terms see the Data Privacy Policy listed on https://www.seattleu.edu/policies/ for the most up to date definitions. |
Table of Contents | ||||
---|---|---|---|---|
|
Do You Need to Encrypt Your Emails?
1. Know the categories of information
Confidential information (“CI”) is the most comprehensive category and covers all non-public information about Seattle University and its stakeholders, including employees, students, and donors. If something is not public information, it is considered confidential by default.
Examples include:budgets
prospective student information
contracts with third parties
business plans
Personal data (“PD”) is a subset of confidential information that is information about people. Examples include
educational records
health and medical information
credit card numbers
employment records
High-risk confidential Information (“HRI”) includes an individual’s name in conjunction with the individual’s (1) Social Security, credit or debit card, individual financial account, driver's license, state ID, or passport number, (2) human subject information or personally identifiable medical information, or (3) biometric information.
Personally identifiable information (“PII”) is any data that could potentially identify a specific individual. According to NIST, PII can be divided into two categories: linked and linkable information.
Linked information is more direct. It could include any personal detail that can be used to identify an individual, for instance:
Full name
Home address
Email address
Social security number
Passport number
Driver’s license number
Credit card numbers
Date of birth
Telephone number
Owned properties e.g. vehicle identification number (VIN)
Login details
Student ID number
Processor or device serial number*
Media access control (MAC)*
Internet Protocol (IP) address*
Device IDs*
Cookies*
Linkable information is indirect and on its own may not be able to identify a person, but when combined with another piece of information could identify, trace or locate a person.
Here are some examples of linkable information:
First or last name (if common)
Country, state, city, zip code
Gender
Race
Non-specific age (e.g. 30-40 instead of 30)
Job position and workplace
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
NIST states that linked information can be “Asset information, such as Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people”. That means cookies and device ID fall under the definition of PII. |
2. Are you sending email internally or externally?
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
IMPORTANT: Not all contacts listed in the Global Address List are internal contacts. You must verify the email address of the recipient before sending the message if you are including any protected data† in your message. |
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Internally Sending email internally is considered a secure delivery method and you are not required to encrypt your message even if it contains protected data†. |
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Externally If sending email to an external (not a seattleu.edu email address) recipient, you are required to encrypt your message if your message contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). If you are sending an email that contains HRI or PD, we recommend exploring other secure methods of transmitting this information other than email. |
Scenarios
I’m sending email to an external email address that includes protected data†
If you are sending an email to an external recipient†† that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are required to encrypt your message.
I’m sending email to an external email address that does not include protected data†
If you are sending an email to an external recipient†† that does not contain Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are not required to encrypt your message.
I’m sending email to an internal email address that includes protected data†
If you are sending an email to an internal recipient that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are not required to encrypt your message.
I’m sending email an internal email address that includes protected data†
If you are sending an email to an internal recipient that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are not required to encrypt your message.
How do I encrypt my messages?
Using the Outlook application on Windows
Compose a new message from within Outlook
In the ribbon of the new message, click on Option then click on the 🔒 icon above “Encrypt”. If the icon is missing, see the bottom of this section for help.
Once encryption is enabled, a message will appear to confirm encryption is turned on for this message.
A third party wants to send me an email that includes protected data†
If a third party wants to send you an email that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). Ask them to encrypt their message.
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Is the 🔒 icon missing? On older versions of Microsoft Outlook, this option may not be available. Please see Using the Outlook.com website section below to send your message in the web version of Outlook. If you will be sending encrypted mail frequently, feel free to contact servicedesk@seattleu.edu for assistance updating the Outlook application on your computer. |
Using the Outlook application on macOS
Compose a new message from within the Outlook app.
In the ribbon, click on Options, then the 🔒 icon above “Encrypt”. If the icon is missing, see the bottom of this section for help.
Once encryption is enabled for this message, you’ll see a notification appear above the body of your message indicating that encryption is turned on.
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Is the 🔒 icon missing? On older versions of Microsoft Outlook, this option may not be available. Please see Using the Outlook.com website section below to send your message in the web version of Outlook. If you will be sending encrypted mail frequently, feel free to contact servicedesk@seattleu.edu for assistance updating the Outlook application on your computer. |
Using the Outlook.com website
Compose a new message from within the Outlook app.
Click on the ellipsis (…) along the top bar of the composed message. Then click on Encrypt, then again on Encrypt.
3. When your message has been encrypted successfully this banner will appear at the top of the compose email pane.
Have you determined you need to encrypt your message and need help? See How to Send an Encrypted Email |
Filter by label (Content by label) | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
† Protected data is any data that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”).
†† An external recipientis any recipient who does not have a seattleu.edu email address. Ex. @yahoo.com, @gmail.com, etc.