Educause Security Discussion mailing list archives

Re: Question about confidential data in emails.

From: "Hudson, Edward" <ehudson () CALSTATE EDU>
Date: Mon, 5 Mar 2018 05:22:55 +0000

I am curious how one would do that (Refuse to receive confidential data sent by unencrypted email).

 

Thanks
Ed

 

 

Ed Hudson

Interim Chief Information Security Officer 

401 Golden Shore

Long Beach, CA 90802

Tel 562-951-8431

ehudson () calstate edu

 

I subscribe to e-mail classification: i=Information, a=Action, u=Urgent 

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Jones, Mark B" 
<Mark.B.Jones () UTH TMC EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Sunday, March 4, 2018 at 7:51 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Question about confidential data in emails.

 

I’m not sure if we have a policy for this.

My personal opinion is that such mail should be rejected.  You should refuse to receive confidential data via 
unencrypted email.

 

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Pesino, 
Sherry
Sent: Wednesday, February 28, 2018 1:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Question about confidential data in emails.

 

Looking for some guidance in dealing with confidential data in email.

 

How do you handle when outside entities send confidential data via email and that email needs to be retained and if 
not, then how is it securely deleted? Saving an email out of an O365 mailbox and deleting an email may not securely 
remove the mail in all forms that Microsoft stores that email in the mailbox. Scrubbing the info from inside an email 
may not fully scrub it.   Just wondering if there are any procedures anyone uses to securely redact/scrub content from 
an email and procedures for handling when confidential data is sent from an outside entity?

 

Thank you,

Sherry

____________

Sherry Pesino

Information Security Program Office

Connecticut State Colleges and Universities

61 Woodland Street

Hartford, CT 06105

860-723-0021

pesinos () ct edu

Attachment: smime.p7s
Description:

Current thread:

Question about confidential data in emails. Pesino, Sherry (Feb 28)
- Re: Question about confidential data in emails. Jones, Mark B (Mar 04)
- <Possible follow-ups>
- Re: Question about confidential data in emails. Hudson, Edward (Mar 04)
  - Re: Question about confidential data in emails. Jones, Mark B (Mar 04)
  - Re: Question about confidential data in emails. Martinez, Brian (Mar 05)
    - Re: Question about confidential data in emails. Austin Bollinger (Mar 05)
    - Re: Question about confidential data in emails. Frank Barton (Mar 06)
    - Re: Question about confidential data in emails. Jones, Mark B (Mar 06)
    - Re: Question about confidential data in emails. Pesino, Sherry (Mar 06)
    - Re: Question about confidential data in emails. Thomas Carter (Mar 06)
    - Re: Question about confidential data in emails. Frank Barton (Mar 06)
- Re: Question about confidential data in emails. Kevin Shalla (Mar 07)