About confidential information in email

Unencrypted email is not a secure method for transmitting confidential information or sensitive data over the internet. If you have reviewed the information below and determined that it is necessary to send such information, take steps to secure it by encrypting your message, taking into account the sensitivity of the data being transmitted and the level of security at the source and destination systems.

At Indiana University, do not send sensitive data via email unless:

For more about data protection, see Protecting Data.

Your role within the university

You should only send sensitive data via email if it is absolutely required in order to conduct the business function of the university. If you are unsure whether email is appropriate for a particular situation, consult with the university Data Steward in charge of the data involved, as well as with the University Information Policy Office (UIPO).

Sensitive data sent outside Indiana University

The Cisco Registered Envelope Service (CRES) provides encryption for email sent from IU mail servers to recipients outside the IU network. While all outgoing mail is scanned for sensitive data, you should always force encryption of messages you know to contain such information. See About the Cisco Registered Envelope Service (CRES) and Ensure that mail sent from your Exchange account to an outside address is encrypted by CRES.

Sensitive data sent within Indiana University

Email sent from one account on a central IU email server (i.e., an Exchange server) to another email account on the IU Exchange servers has technical and physical safeguards, and is considered secure. However, because a recipient might forward any message you send, or might have his or her IU email configured to send all messages to an outside account, you should tag all messages containing sensitive data, even ones to IU addresses, to force encryption; see Ensure that mail sent from your Exchange account to an outside address is encrypted by CRES.

Security for large files

If the information you need to send securely is a large file, you might not be able to share it securely via email; IU restricts the size of email attachments. See At IU, what is the maximum size of email messages, and how can I send messages that exceed that size?

In these cases, you should use Slashtmp Critical. This service allows you to store sensitive data securely, for a limited time, and share it with specific recipients. See Slashtmp at IU and How do I upload a file larger than 2 GB to Slashtmp?

Your Slashtmp files will disappear automatically 30 days after you upload them (but you may delete them sooner if you wish). Slashtmp files are not backed up; when you delete a file, there is no way to recover it. Do not use Slashtmp as the only place to keep files you cannot afford to lose.

This is document aktv in the Knowledge Base.
Last modified on 2018-05-14 12:20:50.

Contact us

For help or to comment, email the UITS Support Center.