Transmission of Personally Identifiable Information Policy

Purpose

The Office of Information Technology recognizes that the landscape of security is an increasingly challenging and dangerous area.  Because of this we have crafted a policy that both protects the sensitive information that we are entrusted to safeguard, while still providing for the need to make that information available to outside groups. Because our email system is now blocking the open transmission of PII, we have provided an alternative method of transmitting this information.

This policy helps ensure the security of the PII that we are entrusted with while still creating an avenue to get it to the organizations that we work with in a trusted relationship.

Policy Statement

1. There should be no transmission of Personally Identifiable Information via email through college or non-college email systems via insecure methods.  This also includes any information that contains something that might be construed as a bank account number.
2. A secure method, in this case, requires that data be encrypted at rest (in the location it is stored), when it is transmitted (as the data goes from Point A to Point B), and in the vehicle in which it is transmitted (the data should not be readable in the actual transmission vehicle which is FTP, OneDrive, email, etc).
3. There are no exceptions to this policy.
4. Should data need to be transmitted via email, which is often the case, it must be done via secured method and not via inline text (in the email body) or at attachment (unless the attachment itself is encrypted)
5. To encrypt an email or attachment, you must use OpenPGP/PGP4WIN that is integrated in Microsoft Outlook.  This also required the person receiving the email to be able to unencrypt the email/attachment.  While the Office of Information Technology can assist College constituents in this process, we cannot support third-parties in this.  They will need to reach out to their IT department for assistance.  The only software we support for this is OpenPGP/PGP4Win. Click here to download and install OpenPGP/PGP4WIN.
6. Alternatively, you may email links from OneDrive that are password protected to external organizations.  This requires you to save/move the file(s) in question to your College OneDrive first.  Once you have done this, you can share the file with anyone directly to their email address (and do not forget to add the password to the file).  Below is an article on basic OneDrive use.  If you need further assistance with OneDrive, please click here to open a Help Desk ticket.
   Using Microsoft OneDrive: https://cedarcrest.teamdynamix.com/TDClient/2020/Portal/KB/ArticleDet?ID=63557