The LETU Data Classification Policy (Policy 6.2 in the LETU Policy Handbook) details the need to keep Confidential and Sensitive Information (CSI) protected. Specifically, Restricted and Confidential data (as defined by the policy) should be encrypted. Email is a convenient way to move business back and forth. However, email is also the digital medium that is most vulnerable and at greatest risk for compromise. The preferred way to send and receive CSI is to use dedicated TLS-based web systems or APIs designed by vendors and partners for purposes of securely collecting and storing such information.
Using email even when encrypted is not a preferred way of handling secured data and is specifically prohibited unless the instructions below are followed, no better option is available and all use is consistent with guidance in LETU Policy 6.2: Data Classification.
The preferred method for sending encrypted email is documented here. however the instructions below may be useful in further securing individual attachments to secure email.
Using Microsoft Office, put the needed information (CSI) into an Office Document. Many times, an organization requesting credit card number, social security information classified as restricted or confidential. These request come in the form of a Word or Excel document.
Encrypt a Microsoft Office document (instructions for 2016):
Now that you have an encrypted document, you can email that document to the person requesting the CSI. Be sure and DO NOT email the password. You can text the password or call the person/organization and give them the password.