Instructions for Encrypted Data Collection via Email

Messages between people who are using Tufts email accounts, where both the sender and the recipient(s) are using @tufts.edu addresses, are already encrypted. This makes email between people using Tufts addresses more secure than regular email (e.g. Gmail) and allows students, faculty, and staff to safely share private information, such as SSN and birth certificates, with each other when appropriate.

But what if you need to send a secure message to someone outside of the University? Tufts Secure Email provides a safe and encrypted way collect sensitive information, such as personal information, from individuals with non-Tufts email addresses (e.g. jumbo.smith@gmail.com, etc.).

 Recipients will receive an email with a link that they can click on to securely view your message and respond to it. An example of a secure message sent to a Gmail address is shown below. After clicking Read the message, the recipient may be asked to authenticate their identity by signing in to their email account again or by using a one-time passcode that is sent to their email address.

Options to verify identity in order to read a secure email

 

The steps involved in requesting and using sensitive information include:

  • Step 1 - Requesting the Information

  • Step 2 - Accessing the Information

  • Step 3 - Handling the Information Appropriately

  • Step 4 - Securely Deleting the Emails

Step 1 - Requesting the Information

Use encrypted email to request the information you need, either with or without an attachment. Generally, the process will be easier if the individual sends you the information in the body of the email, rather than in an attachment. Instructions for both methods are provided below.

The message you send should (1) request the information you need, and (2) explain how the individual should provide the information to you. This will make clear to the individual what information you need and enable the individual to use the encrypted solution.

Use this method if you do not want to receive a document that has sensitive information that will be downloaded to your computer.

Tip: Let your recipients know ahead of time about this secure email so they don’t think it’s a phishing scam. Also, there is a brief delay between when the recipient receives the initial email and when the link is functional. If they click on the link and it doesn’t work, ask them to try again in a few minutes.

1. Open your Tufts email.

2. Start a new email message.

3. In the subject line, include the word “secure” in square brackets. Any capitalization will work. The subject line may contain other text as well.

  • e.g. [secure] Request for Information
  • e.g. Encrypted message [secure]Drafting a secure request for information via email

     

4. In the body of the email, include your request for information.

5. In the body of the email, include the following instructions for the recipient. You can copy and paste these directions directly into your email.

 

-Start of Instructions for Recipient-

Since the information requested is sensitive information, please reply using encrypted email. Since you do not have an @tufts.edu account, you need to follow these instructions, rather than simply sending an email directly from your account.

Follow these steps when this email is open:

  • Click Reply all toward the top right of the window.
Reply All button
  • If you do now wish to receive a copy of your reply, remove yourself from the Cc field.
Adjusting the Cc field to remove yourself as a copied recipient
  • Type your message. Please include any sensitive information in the body of the email. Please do NOT include any sensitive information in any attachment.
  • Click Send.
Send button
  • It’s recommended that you delete all emails you received and the email you sent as soon as possible. Be sure to empty the trash.
  • Be sure to store any documents with sensitive information securely.
-End of Instructions for Recipient-
 

6. Click Send.

Use this method if you wish to receive sensitive information in a file that will be downloaded to your computer.

Tip: Let your recipients know ahead of time about this secure email so they don’t think it’s a phishing scam. Also, there is a brief delay between when the recipient receives the initial email and when the link is functional. If they click on the link and it doesn’t work, ask them to try again in a few minutes.

1. Open your Tufts email.

2. Start a new email message.

3. In the subject line, include the word “secure” in square brackets. Any capitalization will work. The subject line may contain other text as well.

  • e.g. [secure] Request for Information
  • e.g. Encrypted message [secure]Drafting a secure request for information via email

4. In the body of the email, include your request for information. If you need to provide the recipient with a copy of the form or other document they need to complete, attach a copy. The attachment will be sent encrypted as well, and will only be viewable when the recipient accesses the message on the secure site. However, when they click on the document, it will download to their device, and will not be encrypted.

5. In the body of the email, include the following instructions for the recipient. You can copy and paste these directions directly into your email.

 

-Start of Instructions for Recipient-

Since the information requested is sensitive information, please reply using encrypted email. Since you do not have an @tufts.edu account, you need to follow these instructions, rather than simply sending an email directly from your account.

Follow these steps when this email is open:

  • Click Reply all toward the top right of the window.
Reply All button
  •  If you do now wish to receive a copy of your reply, remove yourself from the Cc field.Adjusting the Cc field to remove yourself as a copied recipient
  • Type your message.
  • To add an attachment, click on Attach and select the file.Attach
  • Click Send.
Send button
  • It’s recommended that you delete all emails you received and the email you sent as soon as possible. Be sure to empty the trash.
  • Be sure to store any documents with the sensitive information securely.
-End of Instructions for Recipient-
 

6. Click Send.​​​​​​​

Step 2 - Accessing the Information

When you get a response with the sensitive information you requested, simply log in to your Tufts email to access it.

Log in to your Tufts email and open the message to access the information and/or any included attachments.

Sample response email

 

Step 3 - Handling the Information Appropriately

Once you have the information, you will need to use, share, and/or store it securely.

  • Use a secure method to provide the information to the office at Tufts that needs the information.
  • Consider whether you need to retain the information. Unless you have a continuing need for the information or unless your office is the primary record keeper, it is better not to keep a copy. If you need to keep a copy, be sure to store the information securely in a manner that is appropriate for the type of information. Do NOT use email to store the information. If the information includes Sensitive Personal Information (SPI), e.g. a Social Security number, a driver’s license number, or a bank account number, storing it on a laptop that is not whole disc encrypted is prohibited by government regulation.
  • For more information, visit the Tufts Technology Services Data Security and Privacy page.

Step 4 - Securely Deleting the Emails

The email that you sent and the email that you receive should be deleted as soon as possible. For information on how to do this, see the page on Securely Deleting Email.