Emailing personal and confidential information

Protecting personal and confidential information is vital to ensure both you and the University comply with current legislation. You should not store such data in your mailbox and you should never send personal or confidential information unless it is encrypted.

Sharing information by email should be treated as the electronic equivalent of a postcard. If you assume that it could be read by anyone, this will help to ensure that you take appropriate care both in the content of the email and any attachments.

The primary purpose of email is communication, not storage, and important emails should be filed in the same way that important letters or Word documents would be, rather than being kept in the email system.

Another useful method to prevent personal and confidential information from being sent to the wrong person or as an unencrypted attachment is to delay sending messages immediately.

How to use email safely

The following tips will help to reduce the risk of unauthorised access:

  • Never redirect or forward emails in your University Outlook account to an external email account e.g. hotmail - such accounts may store data outside the EU and you may be in breach of Data Protection legislation.
  • Always double-check that you have the correct address before sending. If you amend email settings to send after a period of time rather than immediately, this may give you the opportunity to correct the email or stop it being sent by deleting it from your Outbox.
  • Never put personal or confidential data in the body of an email or in an attachment, unless the attachment is encrypted, and the encryption pass-phrase is communicated through a different route. Remember personal information belongs to the data subject, not you and you do not have permission to take risks with their data.
  • Warn the recipient that the email contains confidential information so that they only open the document in a secure environment - you can do this by putting the word "CONFIDENTIAL" either in the email header or the attachment's file name.
  • Be aware that your auto-complete address list can become corrupt and result in the email being sent to someone unexpected!
  • If you need to share email folders or calendars remember that you should not share your University IT Account password and that there are alternative ways of working collaboratively.

More information about email and sensitive data can be found on the IT Security web site: