Instructions for Encrypted Data Collection via Email
Overview
To learn more about the email encryption options available through your @tufts.edu Outlook account, including how to use those options to send sensitive information, see the Instructions for Sending Encrypted Email page.
This page contains additional recommendations for how to use those encryption options to request sensitive information via email. The steps involved in requesting and using sensitive information include:
-
Step 1 - Requesting the Information
-
Step 2 - Accessing the Information
-
Step 3 - Handling the Information Appropriately
-
Step 4 - Securely Deleting the Emails
Step 1 - Requesting the Information
Use encrypted email to request the information you need, either with or without an attachment. Generally, the process will be easier if the individual sends you the information in the body of the email, rather than in an attachment. Instructions for both methods are provided below.
The message you send should (1) request the information you need, and (2) explain how the individual should provide the information to you. This will make clear to the individual what information you need and enable the individual to use the encrypted solution.
Use this method if you want to receive the sensitive information within the body of the email and NOT within a file (e.g. a Word document).
- Send your request for information using one of the methods described on the Instructions for Sending Encrypted Email page.
- In the body of the email, include your request for information.
- In the body of the email, include the following instructions for the recipient. You can copy and paste these directions directly into your email.
- Start of Instructions for Recipient - |
Since the information requested is sensitive information, please reply using encrypted email. If you are using an @tufts.edu account, simply reply like you normally would. If you are using something other than an @tufts.edu account, you need to follow the directions below, rather than simply sending an email directly from your account. Follow these steps when this email is open:
|
- End of Instructions for Recipient - |
Use this method if you want to receive the sensitive information within a file (e.g. a Word document) that is attached to the email.
- Send your request for information using one of the methods described on the Instructions for Sending Encrypted Email page.
- In the body of the email, include your request for information. If you need to provide the recipient with a copy of the form or other document they need to complete, attach a copy. The attachment will be sent encrypted as well, and will only be viewable when the recipient accesses the message on the secure site. However, when they click on the document, it will download to their device, and will not be encrypted.
- In the body of the email, include the following instructions for the recipient. You can copy and paste these directions directly into your email.
- Start of Instructions for Recipient - |
Since the information requested is sensitive information, please reply using encrypted email. If you are using an @tufts.edu account, simply reply like you normally would. If you are using something other than an @tufts.edu account, you need to follow the directions below, rather than simply sending an email directly from your account. Follow these steps when this email is open:
|
- End of Instructions for Recipient - |
Step 2 - Accessing the Information
When you get a response with the sensitive information you requested, simply log in to your Tufts email to access it.
Log in to your Tufts email and open the message to access the information and/or any included attachments.
Step 3 - Handling the Information Appropriately
Once you have the information, you will need to use, share, and/or store it securely.
- Use a secure method to provide the information to the office at Tufts that needs the information.
- Consider whether you need to retain the information. Unless you have a continuing need for the information or unless your office is the primary record keeper, it is better not to keep a copy. If you need to keep a copy, be sure to store the information securely in a manner that is appropriate for the type of information. Do NOT use email to store the information. If the information includes Sensitive Personal Information (SPI), e.g. a Social Security number, a driver’s license number, or a bank account number, storing it on a laptop that is not whole disc encrypted is prohibited by government regulation.
- For more information, visit the Tufts Technology Services Data Security and Privacy page.
Step 4 - Securely Deleting the Emails
The email that you sent and the email that you receive should be deleted as soon as possible. For information on how to do this, see the page on Securely Deleting Email.