Educause Security Discussion mailing list archives

Re: [External Sender] [SECURITY] Emailing Practices [encrypted/non-encrypted]

From: "Davis, Chris" <CDavis () LOURDES EDU>
Date: Thu, 26 Apr 2018 23:16:15 +0000

This should be driven by your data classification policy. It will differ from school to school based on your compliance 
requirements and your school’s tolerance for risk.

In general, I would recommend that PII/PHI never be emailed; but if it must that any It is encrypted.

Sent from my iPhone - please excuse any minor errors.

Chris Davis, PhD
Chief Information Officer
Lourdes University
cdavis () lourdes edu<mailto:cdavis () lourdes edu>

On Apr 26, 2018, at 16:38, Madl, Michael <michael.madl () INDWES EDU<mailto:michael.madl () INDWES EDU>> wrote:

Was hoping you all could share your policies towards transmission of data via email.

What data needs to be encrypted [internal domain recipients and external] and the data classification type [FERPA, PCI, 
etc.] and what is allowed non-encrypted.

Thanks in advance!

--- Mike

Current thread:

Emailing Practices [encrypted/non-encrypted] Madl, Michael (Apr 26)
- Re: [External Sender] [SECURITY] Emailing Practices [encrypted/non-encrypted] Davis, Chris (Apr 26)