Sensitive Data in Email

Do Not Send Sensitive Data in Email


Although it's convenient to send colleagues sensitive data in email, it is unsafe. Not only is email an insecure way of sending information, you've lost control over that information once you hit the send button.

The Risks of Sending Sensitive Data in Email

  1. Sending email is insecure.
    Unless you encrypt your email messages, it is possible that someone can intercept and read your message.
  2. You are storing sensitive data on your computer.
    The sensitive data is stored on your computer, possibly in your Sent Mail folder, requiring you to report it to your Security Lead.
  3. You no longer control the sensitive data.
    The email can be forwarded to people without your knowledge or consent.
  4. The sensitive data may be sent to non-UCI systems.
    Some people at UCI choose to receive their UCI email on a different system outside of the University, like Gmail, Yahoo Mail, or Hotmail. We don't know how email is protected on outside systems, nor how long it is stored. Most systems keep copies of your messages even after you delete them.

Alternatives to Sending Sensitive Data in Email


If you are faculty, staff or a graduate student, consider using WebFiles with 2 GB of storage. With WebFiles, you can upload the sensitive data in a file like Microsoft Word or Excel. You can then share the file with colleagues by using permissions or tickets.

Receiving Sensitive Data in Email

If you receive sensitive data in email, delete the message and contact the sender. Ask the person to share the file with you in a more secure way.