Email and UOB data
Can I send restricted or sensitive data by email?
Restricted UOB data and data classified as "sensitive" under the Data Protection Act must not be sent by email unless encrypted. Emails might be intercepted or misdelivered en route - sending restricted data in an email is much the same as sending it on a postcard: you don't know that anyone will read it, but you should know that it is a possibility. Sending this sort of data by email could be considered a breach of confidentiality and if personal data is lost or disclosed, the University could suffer a heavy fine as well as suffering damage to its reputation.
For recommendations on email encryption and on preferred alternatives for conveying restricted or personal data see:
What else do I need to know about good practice with emails?
- Do not use a personal email account to conduct University business. Using a personal email account for UOB business can mean a lack of audit trail and could also result in inadvertent breaches of the Data Protection Act.
- Consider your message recipients' reasonable expectations of privacy with respect to their email addresses and do not divulge them unnecessarily. Do not, for example, always include all recipient addresses in the "To:" or "Cc:" message headers when sending an email. Consider using the "Bcc:" header instead. Depending on the message content, divulging one person's email address to others may constitute a breach of the Data Protection Act.
- Many email applications store emails to local drives, which can be a security risk if computers or mobile devices are lost, stolen or disposed of non-securely, so use a University recommended email client to minimise the risk of this happening.
- If you need to use something which stores emails for mobile working, it should only store a few emails from the inbox and not your entire archive. Delete any locally stored emails when you are finished with them.
Limited use of your UOB email account for personal business is acceptable - though you should be aware that in certain circumstances
your email account may be accessed by the University. Instead you might want to set up one or more personal email account with Hotmail, Google or similar. Bear in mind though that these may not be 100% secure.