Should I send confidential information via email?

Unencrypted email is not a secure method for transmitting confidential information or sensitive data over the Internet. If you have reviewed the information below and determined that it is necessary to send such information, take steps to secure it by encrypting your message, taking into account the sensitivity of the data being transmitted and the level of security at the source and destination systems.

At Indiana University, do not send sensitive data via email unless:

For more about data protection, see Protecting Data.

Your role within the university

You should only send sensitive data via email if it is absolutely required in order to conduct the business function of the university. If you are unsure whether email is appropriate for a particular situation, consult with the university Data Steward in charge of the data involved, as well as with the University Information Policy Office (UIPO).

Sensitive data sent outside Indiana University

The Cisco Registered Envelope Service (CRES) provides encryption for email sent from IU mail servers to recipients outside the IU network. While all outgoing mail is scanned for sensitive data, you should always force encryption of messages you know to contain such information. See What is the Cisco Registered Envelope Service (CRES)? and How can I ensure that mail sent from my Exchange account to an outside address is encrypted by CRES?

Sensitive data sent within Indiana University

Email sent from one account on a central IU email server (i.e., an Exchange server) to another email account on the IU Exchange servers has technical and physical safeguards, and is considered secure. However, because a recipient might forward any message you send, or might have his or her IU email configured to send all messages to an outside account, you should tag all messages containing sensitive data, even ones to IU addresses, to force encryption; see How can I ensure that mail sent from my Exchange account to an outside address is encrypted by CRES?

Security for large files

If the information you need to send securely is a large file, you might not be able to share it securely via email; IU restricts the size of email attachments. See At IU, what is the maximum size of email messages, and how can I send messages that exceed that size?

In these cases, you should use Slashtmp Critical. This service allows you to store sensitive data securely, for a limited time, and share it with specific recipients. See At IU, what is Slashtmp, and how do I use it? and How do I upload a file larger than 2 GB to Slashtmp?

Your Slashtmp files will disappear automatically 30 days after you upload them (but you may delete them sooner if you wish). Slashtmp files are not backed up; when you delete a file, there is no way to recover it. Do not use Slashtmp as the only place to keep files you cannot afford to lose.

This is document aktv in the Knowledge Base.
Last modified on 2017-05-19 07:25:23.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.