Educause Security Discussion mailing list archives

Re: Exchange Online

From: "Jones, Mark B" <Mark.B.Jones () UTH TMC EDU>
Date: Fri, 14 Aug 2015 11:28:42 +0000

Is there something special about email in O365.

 

I think having a policy that sanctions sending PHI via email is irresponsible unless you add the requirement that the 
email be encrypted.  

 

Perhaps PHI can be protected at rest in O365, But email is email.  

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Everett, 
Alex D
Sent: Thursday, August 13, 2015 10:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Exchange Online

 

I am wondering if any of your organizations have sanctioned the exchange of PII or PHI via e-mail in Office 365 or are 
evaluating this.

Over time, we are seeing more security controls and features added to Office 365 and wondered if any other 
organizations had made this decision.

We have not yet made this decision and are not presently using Exchange Online/Outlook in Office365.

If you have or have not, or if you have a policy that you could point me to I would appreciate it.

Feel free to e-mail me directly if you don’t want to respond to all.

 

Sincerely,

 

Alex Everett, CISSP

IT Security Engineer

University of North Carolina at Chapel Hill

Attachment: smime.p7s
Description:

Current thread:

Exchange Online Everett, Alex D (Aug 13)
- Re: Exchange Online Meier, Tina (Aug 13)
- Re: Exchange Online Jeff Choo (Aug 13)
- Re: Exchange Online Jones, Mark B (Aug 14)
  - Re: Exchange Online Tevlin, Dave (Aug 14)
  - Re: Exchange Online Evans, Edward (Aug 14)
    - Re: Exchange Online Jones, Mark B (Aug 16)
    - Re: Exchange Online Jeff Choo (Aug 17)
- <Possible follow-ups>
- Re: Exchange Online Everett, Alex D (Aug 13)
  - Re: Exchange Online Everett, Alex D (Aug 13)