Instructions for Encrypted Data Collection via Email

Overview

To learn more about the email encryption options available through your @tufts.edu Outlook account, including how to use those options to send sensitive information, see the Instructions for Sending Encrypted Email page.

This page contains additional recommendations for how to use those encryption options to request sensitive information via email. The steps involved in requesting and using sensitive information include:

  • Step 1 - Requesting the Information

  • Step 2 - Accessing the Information

  • Step 3 - Handling the Information Appropriately

  • Step 4 - Securely Deleting the Emails

Step 1 - Requesting the Information

Use encrypted email to request the information you need, either with or without an attachment. Generally, the process will be easier if the individual sends you the information in the body of the email, rather than in an attachment. Instructions for both methods are provided below.

The message you send should (1) request the information you need, and (2) explain how the individual should provide the information to you. This will make clear to the individual what information you need and enable the individual to use the encrypted solution.

Use this method if you want to receive the sensitive information within the body of the email and NOT within a file (e.g. a Word document).

  • Send your request for information using one of the methods described on the Instructions for Sending Encrypted Email page.
  • In the body of the email, include your request for information.
  • In the body of the email, include the following instructions for the recipient. You can copy and paste these directions directly into your email.
- Start of Instructions for Recipient -

Since the information requested is sensitive information, please reply using encrypted email. If you are using an @tufts.edu account, simply reply like you normally would. If you are using something other than an @tufts.edu account, you need to follow the directions below, rather than simply sending an email directly from your account.

Follow these steps when this email is open:

  • Click Reply all toward the top right of the window.Reply All button
  • If you do not wish to receive a copy of your reply, remove yourself from the Cc field.Adjusting the Cc field to remove yourself as a copied recipient
  • Type your message. Please include any sensitive information in the body of the email. Please do NOT include any sensitive information in any attachment.
  • Click Send.Send button
  • It's recommended that you delete all emails you received and the email you sent as soon as possible. Be sure to empty your trash.
  • Be sure to store any documents with sensitive information securely.
- End of Instructions for Recipient -

Use this method if you want to receive the sensitive information within a file (e.g. a Word document) that is attached to the email.

  • Send your request for information using one of the methods described on the Instructions for Sending Encrypted Email page.
  • In the body of the email, include your request for information. If you need to provide the recipient with a copy of the form or other document they need to complete, attach a copy. The attachment will be sent encrypted as well, and will only be viewable when the recipient accesses the message on the secure site. However, when they click on the document, it will download to their device, and will not be encrypted.
  • In the body of the email, include the following instructions for the recipient. You can copy and paste these directions directly into your email.

 

- Start of Instructions for Recipient -

Since the information requested is sensitive information, please reply using encrypted email. If you are using an @tufts.edu account, simply reply like you normally would. If you are using something other than an @tufts.edu account, you need to follow the directions below, rather than simply sending an email directly from your account.

Follow these steps when this email is open:

  • Click Reply all toward the top right of the window.Reply All button
  • If you do not wish to receive a copy of your reply, remove yourself from the Cc field.Adjusting the Cc field to remove yourself as a copied recipient
  • Type your message.
  • To add an attachment, click on Attach and select the file.Attach
  • Click Send.Send button
  • It's recommended that you delete all emails you received and the email you sent as soon as possible. Be sure to empty your trash.
  • Be sure to store any documents with sensitive information securely.
- End of Instructions for Recipient -

 

Step 2 - Accessing the Information

When you get a response with the sensitive information you requested, simply log in to your Tufts email to access it.

Log in to your Tufts email and open the message to access the information and/or any included attachments.

Sample response email

 

Step 3 - Handling the Information Appropriately

Once you have the information, you will need to use, share, and/or store it securely.

  • Use a secure method to provide the information to the office at Tufts that needs the information.
  • Consider whether you need to retain the information. Unless you have a continuing need for the information or unless your office is the primary record keeper, it is better not to keep a copy. If you need to keep a copy, be sure to store the information securely in a manner that is appropriate for the type of information. Do NOT use email to store the information. If the information includes Sensitive Personal Information (SPI), e.g. a Social Security number, a driver’s license number, or a bank account number, storing it on a laptop that is not whole disc encrypted is prohibited by government regulation.
  • For more information, visit the Tufts Technology Services Data Security and Privacy page.

Step 4 - Securely Deleting the Emails

The email that you sent and the email that you receive should be deleted as soon as possible. For information on how to do this, see the page on Securely Deleting Email.