Educause Security Discussion mailing list archives
Re: [External Sender] [SECURITY] Emailing Practices [encrypted/non-encrypted]
From: "Davis, Chris" <CDavis () LOURDES EDU>
Date: Thu, 26 Apr 2018 23:16:15 +0000
This should be driven by your data classification policy. It will differ from school to school based on your compliance requirements and your school’s tolerance for risk. In general, I would recommend that PII/PHI never be emailed; but if it must that any It is encrypted. Sent from my iPhone - please excuse any minor errors. Chris Davis, PhD Chief Information Officer Lourdes University cdavis () lourdes edu<mailto:cdavis () lourdes edu> On Apr 26, 2018, at 16:38, Madl, Michael <michael.madl () INDWES EDU<mailto:michael.madl () INDWES EDU>> wrote: Was hoping you all could share your policies towards transmission of data via email. What data needs to be encrypted [internal domain recipients and external] and the data classification type [FERPA, PCI, etc.] and what is allowed non-encrypted. Thanks in advance! --- Mike
Current thread:
- Emailing Practices [encrypted/non-encrypted] Madl, Michael (Apr 26)
- Re: [External Sender] [SECURITY] Emailing Practices [encrypted/non-encrypted] Davis, Chris (Apr 26)