Keep sensitive data safe: don't send Personally Identifiable Information in emails


Email is not secure

The fact is that email is not a secure channel for sending information.  Email is by default sent from server to server in clear text that can be read by anyone while in transit. Therefore, you should never send sensitive data or information in an email, whether written in the body or as an attachment. 

What about encryption?

Encryption can be used to protect the body of the message, but requires both the sender and receiver to have set it up in advance and requires some additional steps and technical knowledge. The City of Forest Park will be implementing a two way email encryption system in 2022,  but for now,  if you are sending sensitive information you should contact the department you are working with and get their fax number. 

While encrypting just an attachment can be done more easily, these attachments can be deleted by mail systems and removed because their contents cannot be scanned for safety. 

Examples of information you should never send via email include:

  • Social Security numbers
  • Driver’s License numbers
  • Passport numbers
  • State-issue ID numbers
  • Any bank/financial account numbers
  • Credit/debit card numbers
  • Protected health information
  • Documents protected by attorney-client privilege
  • Any passwords or authentication credentials

Think before you hit 'send'

  • Make sure you're sending email to the right people. Check that you aren't sending a message to the wrong person or address. Make sure you didn't accidentally 'reply-all' or send to a group list instead of an individual.
  • Make sure you're sending the right information. Don't send any confidential information, of course, but also make sure you're not sending any unintentional information or information that isn't necessary to send. Check to see whether you attached the correct file.