Alternatives to Sending Unencrypted Email That Contains PII

[This article is part of a series about how to protect and safely transfer sensitive information such as social security numbers (SSNs) and other PII (personally identifiable information).]

Standard (unencrypted) email is not the best method for transmitting sensitive or personally identifiable information (PII). Rivier’s email policy does not permit members of the Rivier community from sending unencrypted email that contains social security numbers (SSNs) and strongly discourages all employees and students from sending ANY sensitive information via unencrypted email.

Stop and Think

Before you send a document or email that contains sensitive information, consider the following:

• Does the recipient user or organization need the sensitive information, or can you omit the sensitive information altogether?
• Are you planning to transmit school or medical records to Rivier University (admissions, the registrar’s office, student financial services, or any other department)? Please contact the department first and learn about how to properly send this data to Rivier University.
• Does the recipient have published information about how it handles PII that it receives? Does it have retention policies and delete unneeded PII after a period of time? Is PII stored in an encrypted manner? Does the recipient organization have policies established to limit who has access to PII? If concerned or unsure, contact the recipient organization.
• Are you emailing yourself legal or tax documents from your Rivier mailbox? Consider downloading them from your Rivier mailbox directly onto your personal device, saving the document wherever you securely store important documents, and then delete the original email from your Rivier mailbox altogether.

Alternatives To Sending Unencrypted Email with Sensitive or Personally Identifiable Information

• Ask the recipient if they have a secure method for receiving sensitive information. Most banks and other financial institutions have a secure portal or other website where you can directly upload documents that contain SSN and other PII.
• Leave SSN and other fields blank. Transmit (email) the document without this information, and then call the recipient and provide the omitted information over the phone.
• Send an encrypted email. See this separate KB article for instructions.
• Save the document in OneDrive. Then, share the document with the recipient. After the recipient receives (and downloads) a copy of the document, delete the document from OneDrive or stop sharing it.
• Send the document via facsimile (fax) service. NOTE: Fax technology is not necessarily more secure than email. Before sending a fax, confirm with the recipient that the receiving fax machine or fax service is secure and that the recipient is ready to receive your document.
• Encrypt the document using 7-Zip or WinZip before sending the email. Share the password with the recipient using an alternative to email (over the phone or by text). (This is an advanced procedure and full instructions are outside of the scope of this document.)

When in doubt, contact ITsupport@rivier.edu for assistance!

Related Articles:

• Main Article: What is PII and How Do I Keep It Secure?
• How Do I Send an Encrypted Email?
• Email Support & Email Security (All KB Articles)