What is Sensitive Data?
Restricted CCN data and data classified as “personal data” under the Data Protection Act must not be sent by email unless encrypted. Emails might be intercepted or miss delivered en route. Sending this type of data could be considered a breach of confidentiality and if personal data is lost of disclosed, the College could suffer a heavy fine as well as suffering damage to its reputation.
(i) Personal data is defined as “data which relates to a living individual who can be identified by that data”. Personal data includes but is not limited to:
• Student records;
• Employee records;
• Certain research data;
• Medical records;
• Financial records.
(ii) Restricted data or corporate data and intellectual property, includes but is not limited to:
• Strategic planning;
• Financial information.
There are several options available for encrypting email, not all of which are covered by this article.
Encrypted archives as attachments
Users wishing to send a sensitive attachment with an email that does not otherwise contain sensitive information my find that the simplest method is to create an encrypted archive containing the file and attach the encrypted archive to the email. The main advantages of this method are that it is simple, and the software required for decryption is freely available.
The main consideration with this method is that the password on to the archive must be passed to the recipient. This should be done by a medium other then email.
Also, a sufficiently strong encryption algorithm should be used. Most up to date archive software supports AES encryption eg a .zip archive created with 7-Zip. 7-Zip is included on ALL CCN computers.