Tip of the Week

Encryption

Encryption is a complicated method of scrambling information contained in an electronic file or email so that the information is not readable by someone trying to inappropriately access the information you store or maintain. Unencrypted electronic information may be referred to as "plain text" or "clear text."

Imagine an unencrypted email message as a "digital postcard" available for anyone to read if sent without encryption (including the attachments). Thus, the KU Privacy Office recommends that if you must send confidential information by email, create a password protected file, attach it to the email message, and separately (i.e. by phone) convey the password (or decryption method) to the recipient.

Contents that are expected to remain confidential should not be transmitted via e-mail. Email is vulnerable to unauthorized access as discussed, including modification by third parties. Neither email nor attachments to an email are secure methods of data transmission without encryption.

Examples of information that should not be communicated by email include but are not limited to: student grades and other information subject to the Family Educational Rights and Privacy Act (FERPA), data subject to the Health Insurance Portability and Accountability Act (HIPAA), data subject to the Gramm-Leach-Bliley Act (GLBA) or data subject to the Payment Card Industry Data Security Program (PCI).