About confidential information in email

On this page:


Overview

Unencrypted email is not a secure method for transmitting confidential information or sensitive data over the internet. If you have reviewed the information below and determined that it is necessary to send such information, take steps to secure it by encrypting your message, taking into account the sensitivity of the data being transmitted and the level of security at the source and destination systems. Do not send critical data through email without first consulting with the appropriate Data Stewards. Exchange Online is only approved for up to restricted data classification at this time. Before using email to share restricted data, you should consider services approved for restricted and critical data such as:

  • Slashtmp for critical
    Important:
    At IU, Slashtmp is being replaced by Secure Share, which provides a modern codebase featuring greater security and an improved user experience. The two services will run in tandem for a short period, and UITS recommends that you begin using Secure Share now. On September 30, 2022, Slashtmp will become read-only, and 30 days later will be shut off.
  • Microsoft at IU Secure Storage

At Indiana University, do not send sensitive data via email unless:

  • It is required by your role within the university and you've reviewed Your role within the university below.
  • You've reviewed the other service options for more secure alternatives.

For more about data protection, see Protecting Data & Privacy.

Your role within the university

You should only send restricted data via email if it is absolutely required in order to conduct the business function of the university. Data classified as critical such as SSN, banking or credit card information, protected health information, and research data with participant identifiers should not be sent via email. If you are unsure whether email is appropriate for a particular situation, consult with the appropriate Data Stewards and the University Information Policy Office (UIPO).

Sensitive data sent outside Indiana University

The Cisco Secure Email Encryption Service (CSEES) provides encryption for email sent from IU mail servers to recipients outside the IU network. While all outgoing mail is scanned for sensitive data, you should always force encryption of messages you know to contain such information. See About the Cisco Secure Email Encryption Service (CSEES) and Ensure that mail sent from your Exchange account to an outside address is encrypted by CSEES.

Security for large files

If the information you need to send securely is a large file, you might not be able to share it securely via email; IU restricts the size of email attachments. See Email message size limits.

In these cases, you should use Slashtmp Critical. This service allows you to store sensitive data securely, for a limited time, and share it with specific recipients. See About Slashtmp at IU.

Your Slashtmp files will disappear automatically 30 days after you upload them (but you may delete them sooner if you wish). Slashtmp files are not backed up; when you delete a file, there is no way to recover it. Do not use Slashtmp as the only place to keep files you cannot afford to lose.

Important:
At IU, Slashtmp is being replaced by Secure Share, which provides a modern codebase featuring greater security and an improved user experience. The two services will run in tandem for a short period, and UITS recommends that you begin using Secure Share now. On September 30, 2022, Slashtmp will become read-only, and 30 days later will be shut off.

Learn more about Microsoft at IU Secure Storage.

This is document aktv in the Knowledge Base.
Last modified on 2022-08-11 16:17:04.