Get Help

Online: Request Help
Phone: (707) 826-4357 • Hours
Email: help@humboldt [dot] edu
Walk-In: Library 101 • Hours
Reset HSU Password
System Status

Services For

Can I send sensitive information through email?

Printer-friendly versionPDF version

No. Sensitive data, and in particular University data that has been classified as Level 1 protected data, should NEVER be sent via email, either in the body of the email or in an attachment, unless that data has been encrypted using HSU-approved strong encryption.

Alternatively, you can store the sensitive data in a system protected by passsword security and send an email containing a link to the data. Reporting tools such as OBI (myReports) provide a secure environment for accessing University data. Communication involving student records should use the myHumboldt portal whenever possible. Using myHumboldt provides a better student and faculty experience and ensures that messages are securely and reliably delivered to the correct person.You can also save sensitive data on a University-managed system that requires a password, such as a fileserver, and send a link to the data in an email.

Below are some resources for secure information sharing:

  • The US Department of Education, Privacy Safeguards Programstates that one should ”never include personal information within e-mail message text. Names, SSNs, dates of birth, etc…”
  • IRS Publication 1075 states thatFederal Taxpayer Information (FTI) is covered by the Code of Federal Regulations and Internal Revenue Code: “E-mail systems shall not be used to transmit FTI data.”
  • The California Office of Information Securitystates that: “… email and IM messages hit numerous servers and routers before reaching their final destination ... and can be intercepted at any stage. Therefore, no confidential or sensitive data [Levels 1 or 2] should be sent via email in clear text or transmitted via Instant Messaging.”
  • The Federal Trade Commission (15 U.S.C §§ 41-58, as amended)states that: “Regular email is not a secure method for sending sensitive [Levels 1 or 2] data ... the better practice is to encrypt any transmission that contains information that could be used by fraudsters or identity thieves."


Related Topics