Email is our most common medium for sharing information internally and externally.
In data protection terms it can be a risky way of sharing personal data. Sending emails to the wrong recipient is a very common cause of data breaches and can result in enforcement, litigation and monetary penalties for the University. Sending to the wrong recipient is an easy mistake to make and emails get forwarded into long threads to those that may not have a reason to view the data.
Approaches to sharing data safely:
If you are sharing data internally use a link to Box rather than send by email.
If you are sending high risk personal data externally as a one-off put the data in an attachment and password protect the attachment, providing the password in a separate phone call or email
If you are routinely sharing large types of data externally consider setting up a shared location to upload data to (please contact the IT department for further information)
Making email safer:
double check that you’ve got the right recipient before you hit “send” (and don’t forget to check CC and BCC recipients too)
use the Outlook address book to see more recipient details to help you identify the right person
turn off the Outlook auto-complete feature
only share what you need to share (for example, removing unwanted columns if you’re sending a spreadsheet attachment)
start a new email (long email trails can contain information that should not be shared)
If you send personal data to the wrong recipient please report it to the Data Protection Officer by emailing firstname.lastname@example.org and take the steps to recall the email or have the recipient delete it.