Risks of using email to share sensitive information

Email is perhaps the most common method to share information on campus. However, it also carries some risks, and it is important to consider these risks when deciding whether

Email is perhaps the most common method to share information on campus. However, it also carries some risks, and it is important to consider these risks when deciding whether to send information to someone through email. For a further discussion about the risks of using email in the context of sending patient information, please see the OIPC Practice Note. Please also review the following infographic and document for additional general guidelines on email management.

Alternatives to Email: UAlberta Google Drive

The Information and Privacy Office (IPO) and the Chief Information Security Officer (CISO) have assessed UAlberta G Suite through a Privacy Impact Assessment and Security Review and have found that Google Drive has adequate privacy and security controls.

Google Drive is a secure and modern digital workspace that stores files encrypted in Google's cloud infrastructure and includes built-in information rights management (IRM), meaning files are kept private until the document owner decides to share them. As a result, Google Drive is a better option than email for sharing highly sensitive or confidential information. However, be conscientious and careful when providing permission to those receiving or viewing the document or files, and always remember to unshare a document once the business need for it has passed.

Learn more information about the different sharing settings at the Google Drive Help Center.

Additional Alternatives for Sharing and Storing University Information

  • Encrypted attachment - one way to securely send personal or confidential information is through an encrypted attachment, which can only be read by the person with the decryption key, i.e., password. The password should be shared with the recipient over the phone or through another method that does not involve email. Review the MyCCID Password Tips for help choosing a strong password.
  • Shared network drive - if you wish to share a document containing personal information with a colleague in your office, consider whether you can save the personal information to a shared drive on your faculty, department or unit network. Then, simply email or tell your colleague the location in which you saved the document.
  • Fax - while faxing documents involves its own set of risks, this tends to be considered a more acceptable practice within the medical community than email. When faxing personal or confidential information, it is prudent to follow the guidelines set out in this publication: OIPC Guidelines on Facsimile Transmission
  • Non-electronic methods - sometimes, it will be most appropriate to use traditional methods of exchanging information, such as mail, courier, campus mail, hand delivery or a phone call.

Related articles

Copyright © 2006 - 2024. All rights reserved. 4R Business Services Inc

We use cookies to enhance your experience. By continuing to visit this site, you agree to our cookies policy