What’s the Big Deal If…
I e-mail sensitive information?
I e-mail sensitive information?
Why it is a big deal
- It is important to know the sensitivity level of the information you are e-mailing. Sensitive information that you send could be at risk if it is lost, intercepted or sent to the wrong person.
Scenario
Your colleague in another department requested a document containing personal information including a date of birth and a Social Insurance Number (SIN). What should you do?
Possible actions (Vote on the correct answer)
- Option 1: Encrypt the document using Entrust, then e-mail it
- Option 2: Put the SIN in the e-mail Subject line to alert your colleague
- Option 3: E-mail the document as is
Explanation
- Option 1 is the correct choice – an e-mail containing a SIN is classified Protected B and must be encrypted when sent outside of the departmental firewall according to the Information Categorization Tool.
- Protected B information can however be sent within the department using MS Outlook or Skype. Ensure the recipient is an ESDC employee.
Key take-aways
- Think about the information you are sending, its sensitivity level, and ensure it is properly safeguarded.
- You should not put names, SINs, Personal Record Identifier (PRI), date of birth or other personal information in the Subject line of e-mail messages.
- When you send an e-mail outside the ESDC e-mail system, we can no longer manage the security of the information sent in the e-mail.
- Additionally, you should make sure that the receiver has a "need-to-know" the information.
- The receiver must also have Entrust to be able to open the document.