Email Confidentiality

email iconReducing computer security risks are as simple as developing a few good habits. Below we discuss some tips for developing computer practices with security in mind.

Lock your computer – Every time you walk away from your computer, lock it by simultaneously pressing the control, alt, and delete buttons, and then choosing the Lock Computer option (alternately, you can simultaneously press the Windows and “L” keys to instantly lock the computer).  This will keep a passerby from intentionally or accidentally seeing confidential information.

Don’t email the wrong person – Sending email to the wrong person may sound unlikely, but it happens. Get used to double and triple checking that you are using the correct email address, especially when sending confidential information.

Blind Carbon Copy (BCC) – When sending an email to more than one person at a time, get in the habit of using the blind carbon copy (BCC) rather than the carbon copy (CC) address option.  When you BCC an email, multiple people receive the same email but individual recipients only see their email address, keeping other identities confidential.

Verify consumers’ identity – Set up code words and questions prior to engaging in online counseling with the consumer. If you question the consumer’s identity while communicating via email then you can verify identity by using the predetermined code words or questions (Zack, 2004).

Signature Lines – It is common for state agencies and businesses to attach a signature line at the end of every email. These signature lines generally include the name and contact information of the agency and the person who sent the email, followed by a short disclaimer about confidentiality.  Within the signature line, it is also a good idea to include local emergency contact numbers and back up contact information for situations when a consumer may be in crisis (Bradley, Hendrick, Lock, Whiting & Parr, 2011).  When constructing a signature line, however, be sure to protect your own privacy, i.e. don’t list a personal cell phone number unless you are willing to receive business calls on that line.

Avoid public internet – Typically, free public Internet available at coffee shops, libraries, hotels, and other public spaces is not secure. These types of Internet connections can be easily monitored by a third party. Remind consumers to avoid using public internet for sending personal information. This type of information should be shared in person or using a secure internet connection.

Sending Sensitive Data

Email makes it possible to communicate and transfer documents quickly. However, information transferred via email can be read by a third party if the email is not encrypted. Talk to your IT department if you are interested in sending encrypted emails. Most offices have a way of doing this.

However, it isn’t necessary to encrypt all email messages. For instance, it may not be necessary to encrypt a simple back and forth email confirming a meeting time.  On the other hand, it is important to keep certain types of information private. The following list, while not comprehensive, is meant to get you thinking about information you may want to encrypt before sending it off into cyberspace.

  • Social Security Numbers
  • Medical records
  • Birth-dates
  • Disability status
  • Veterans status
  • Phone numbers
  • Email addresses