I want to check I'm sending email safely
Email is a quick and useful tool for communicating, it is also a common cause of personal data breaches in which the sender loses control over who has access to and can make use of personal data. A mistake risks individuals’ personal information being used for malicious purposes that can have serious and long-lasting consequences, it can damage the University’s reputation and harm trust in its services.
Before sending an email containing personal or confidential data and information use this email checklist:
Is email the most appropriate communication tool?
- If you need to discuss a sensitive issue or situation, it may be better to use the telephone, set up a Microsoft Teams meeting or schedule a meeting in-person. Personal information contained in emails are subject to ‘access to information’ and erasure requests.
- If email is the best communication channel, only ever use it to communicate the minimum amount of personal data needed to complete the intended purpose.
Have I checked the email address to make sure my email is going to the correct person or people?
- Outlook autofill often selects a different person to the one you intended to send an email to. Before pressing send, double-check the recipient list to make sure you have not selected the wrong person,
- If you use the autofill function, you should clear the cache regularly to reduce the number of people stored in it, this will help reduce the risk of errors,
- Adding your photo to your O365 profile will help others to recognise you when they are using the Outlook autofill functionality, it may help prevent a mistake; and
- Use the global address book by clicking on ‘To’ or ‘Cc’, this allows you to check the school or service a recipient works in before you pick their name from the contact list.
I need to email many people, have I added their email address to Bcc?
- If you use Bcc (Blind carbon copy) when sending an email to many recipients, no one else can see each other’s email address. An email address is classified as ‘personal data’ under the UK GDPR and revealing someone else’s email address without their permission could be a personal data breach. Depending on the sensitivity of the email content, it may also reveal confidential or sensitive personal information about a person.
- Always use Bcc for sending mass emails, it’s safer and prevents recipients from using Reply-All, which can lead to many unwanted emails.
Do I really need to include an attachment, and is it the correct one?
- Confidential information should not be shared using email attachments. Where possible, use O365 to provide access to data and information (sharing). This will allow you to revoke or change access rights or document availability at any time.
- If you cannot avoid using an email attachment to share personal or confidential information, the information MUST be password protected, and the password shared separately and not by email.
- It is easy to accidentally attach the wrong document to an email. Open each attachment in turn and check you have selected the correct document before you send it.
- If it is necessary to share an excel workbook as an email attachment, check each tab to make sure surplus information isn’t included in multiple worksheets.
Is the content accurate?
- If you frequently use an email template or ‘copy and paste’ to help construct an email, it is possible that personal information from a previous message could accidentally be copied into the new email. Check to make sure you have not included any personal information about another person by mistake.
Should I copy others into an existing email conversation?
If you decide to copy (Cc:) another person into an existing email conversation, check to ensure the email thread doesn’t also contain personal or confidential information they do not need to see. This may include web-links to information where access hasn’t been restricted.
Remove any personal or confidential information where it is not appropriate or necessary to share with new recipients.
Very long email threads can be difficult to check and may include information on a range of topics. If you are considering copying another person into a long email thread, it might be more suitable to start a new message, or choose a different communication tool.
Always, make sure you have selected the correct email address before copying to a new recipient.