What’s the Big Deal If…
I e-mail sensitive information?

Why it is a big deal

• It is important to know the sensitivity level of the information you are e-mailing. Sensitive information that you send could be at risk if it is lost, intercepted or sent to the wrong person.

Scenario

Your colleague in another department requested a document containing personal information including a date of birth and a Social Insurance Number (SIN). What should you do?

Possible actions (Vote on the correct answer)

• Option 1: Encrypt the document using Entrust, then e-mail it
• Option 2: Put the SIN in the e-mail Subject line to alert your colleague
• Option 3: E-mail the document as is

Explanation

• Option 1 is the correct choice – an e-mail containing a SIN is classified Protected B and must be encrypted when sent outside of the departmental firewall according to the Information Categorization Tool.
• Protected B information can however be sent within the department using MS Outlook or Skype. Ensure the recipient is an ESDC employee.

Key take-aways

• Think about the information you are sending, its sensitivity level, and ensure it is properly safeguarded.
• You should not put names, SINs, Personal Record Identifier (PRI), date of birth or other personal information in the Subject line of e-mail messages.
• When you send an e-mail outside the ESDC e-mail system, we can no longer manage the security of the information sent in the e-mail.
• Additionally, you should make sure that the receiver has a "need-to-know" the information.
• The receiver must also have Entrust to be able to open the document.

More information

• Sending Sensitive Information Via E-mail
• Transmitting Information Securely
• How to Encrypt a Document
• How to Send an Encrypted Email
• Information Categorization Tool