Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

This article explains when you should encrypt your emails and how to do it.

IMPORTANT: This article will make references to Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”). For definitions of these terms see the Data Privacy Policy listed on https://www.seattleu.edu/policies/ for the most up to date definitions.

Do You Need to Encrypt Your Emails?

1. Know the categories of information

  • Confidential information (“CI”) is the most comprehensive category and covers all non-public information about Seattle University and its stakeholders, including employees, students, and donors. If something is not public information, it is considered confidential by default.
    Examples include:

    • budgets

    • prospective student information

    • contracts with third parties

    • business plans

  • Personal data (“PD”) is a subset of confidential information that is information about people. Examples include

    • educational records

    • health and medical information

    • credit card numbers

    • employment records

  • High-risk confidential Information (“HRI”) includes an individual’s name in conjunction with the individual’s (1) Social Security, credit or debit card, individual financial account, driver's license, state ID, or passport number, (2) human subject information or personally identifiable medical information, or (3) biometric information.

  • Personally identifiable information (“PII”) is any data that could potentially identify a specific individual. According to NIST, PII can be divided into two categories: linked and linkable information.

Linked information is more direct. It could include any personal detail that can be used to identify an individual, for instance:

  • Full name

  • Home address

  • Email address

  • Social security number

  • Passport number

  • Driver’s license number

  • Credit card numbers

  • Date of birth

  • Telephone number

  • Owned properties e.g. vehicle identification number (VIN) 

  • Login details

  • Student ID number

  • Processor or device serial number* 

  • Media access control (MAC)*

  • Internet Protocol (IP) address*

  • Device IDs*  

  • Cookies*

Linkable information is indirect and on its own may not be able to identify a person, but when combined with another piece of information could identify, trace or locate a person. 

Here are some examples of linkable information:

  • First or last name (if common)

  • Country, state, city, zip code

  • Gender

  • Race

  • Non-specific age (e.g. 30-40 instead of 30)

  • Job position and workplace

NIST states that linked information can be “Asset information, such as Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people”. That means cookies and device ID fall under the definition of PII.


2. Are you sending email internally or externally?

IMPORTANT: Not all contacts listed in the Global Address List are internal contacts. You must verify the email address of the recipient before sending the message if you are including any protected data in your message.

Internally

Sending email internally is considered a secure delivery method and you are not required to encrypt your message even if it contains protected data†.

Externally

If sending email to an external (not a seattleu.edu email address) recipient, you are required to encrypt your message if your message contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). If you are sending an email that contains HRI or PD, we recommend exploring other secure methods of transmitting this information other than email.


Scenarios

I’m sending email to an external email address that includes protected data†

If you are sending an email to an external recipient†† that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are required to encrypt your message.

I’m sending email to an external email address that does not include protected data†

If you are sending an email to an external recipient†† that does not contain Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are not required to encrypt your message.

I’m sending email to an internal email address that includes protected data†

If you are sending an email to an internal recipient that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are not required to encrypt your message.

I’m sending email an internal email address that includes protected data†

If you are sending an email to an internal recipient that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). You are not required to encrypt your message.

A third party wants to send me an email that includes protected data†

If a third party wants to send you an email that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”). Ask them to encrypt their message.


How do I encrypt my messages?

Using the Outlook application on Windows

  1. Compose a new message from within Outlook

  2. In the ribbon of the new message, click on Option then click on the 🔒 icon above “Encrypt”. If the icon is missing, see the bottom of this section for help.

  3. Once encryption is enabled, a message will appear to confirm encryption is turned on for this message.

Is the 🔒 icon missing?

On older versions of Microsoft Outlook, this option may not be available. Please see Using the Outlook.com website section below to send your message in the web version of Outlook. If you will be sending encrypted mail frequently, feel free to contact servicedesk@seattleu.edu for assistance updating the Outlook application on your computer.

Using the Outlook application on macOS

  1. Compose a new message from within the Outlook app.

  2. In the ribbon, click on Options, then the 🔒 icon above “Encrypt”. If the icon is missing, see the bottom of this section for help.

  3. Once encryption is enabled for this message, you’ll see a notification appear above the body of your message indicating that encryption is turned on.

Is the 🔒 icon missing?

On older versions of Microsoft Outlook, this option may not be available. Please see Using the Outlook.com website section below to send your message in the web version of Outlook. If you will be sending encrypted mail frequently, feel free to contact servicedesk@seattleu.edu for assistance updating the Outlook application on your computer.

Using the Outlook.com website

  1. Compose a new message from within the Outlook app.

  2. Click on the ellipsis (…) along the top bar of the composed message. Then click on Encrypt, then again on Encrypt.

3. When your message has been encrypted successfully this banner will appear at the top of the compose email pane.


Related articles

Protected data is any data that contains Confidential information (“CI”), Personal data (“PD”), or High-risk confidential information (“HRI”) or Personally identifiable information (“PII”).

†† An external recipient is any recipient who does not have a seattleu.edu email address. Ex. @yahoo.com, @gmail.com, etc.

  • No labels