Overview

---

Learn how to send encrypted emails from UC San Diego, including UC San Diego Health.

Critical Concepts

---

• Learn about the federal and state laws governing personally identifiable information (PII).
• Make sure notify your recipient of the coming encrypted message and send them instructions on how to receive encrypted emails from UCSD.

Steps to Take

---

Encrypt your email

1. Compose the message as usual in your email client. Attach any documents to the message that should be included.
2. Include the phrase, secure: at the start of the subject line.
   
   • Example: 
       
     Subject: Secure: How to Send an Encrypted Email Example
     

Note: Each message in a conversation you wish to encrypt must include the key phrase in the subject line.

Inform your recipient

There is a process to receiving an encrypted message. To the first time recipient, this may look suspicious and could be ignored. Before you send an encrypted message, notify your recipient of the coming message and send them these instructions on how to receive encrypted emails.

 

Frequently asked questions

---

What sensitive information should be encrypted?

Anyone who sends sensitive information to external recipients (outside of UC San Diego) must use encryption.

In the course of the academic mission and day-to-day administration, UC San Diego handles large amounts of personal data. Much of this data is not sensitive and is, in fact, publicly available. However, some of it is sensitive, including personal, financial, medical, and legal information.

Prominent examples of data protected by federal and state laws, university policy, and our general recommendations follow. (Context can play a role in data sensitivity so this list is not exhaustive):

Do not send the following over encrypted or unencrypted email:

• Credit card numbers

You must encrypt:

• • Health and Medical information that contains any of the ePHI 18 specific identifiers
  • First name or first initial and last name in combination with any one or more of the following data elements:
    • Social Security Numbers
    • Driver's license number or California identification card number
    • Account number, debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account
    • Medical information
    • Health insurance information
  • A user name or email address, in combination with a password or security question and answer that would permit access to an online account.

We suggest you encrypt:

• • Student record information (FERPA)
  • First name or first initial and last name in combination with any one or more of the following data elements:
    • Passport numbers
    • Foreign visa numbers
    • Mother’s maiden name
    • Birth month, day and year
    • Biometrics (fingerprint, retina scan, etc.)
  • Sensitive HR and employee information 

Is the information I send with email encryption secured on my computer?

Information and files stored on your computer and in your sent items folder are not encrypted unless you take additional action to do so. Consult with your departmental or divisional IT security personnel for advice and detail.

When does my message get encrypted?

The Proofpoint Secure Email system is designed to encrypt messages to external recipients. If you initiate an encrypted message, it will be encrypted as it leaves the UC San Diego border email gateways.

A Microsoft 365 message is encrypted either on the sender's machine, or by a central server while the message is in transit. Microsoft uses Transport Layer Security (TLS) to encrypt the connection between two servers.

In Google infrastructure, messages are encrypted at rest and while in transit between data centers. Messages transiting to third-party providers are encrypted with Transport Layer Security (TLS) when possible or required by configuration.