Trending

BROWSE ALL TOPICS

Encrypting Emails Containing PII FAQs

By DON CIO Privacy Team - Published, October 26, 2012

Emails containing personally identifiable information (PII) in the body of the email or in an email attachment:

  • Should only be sent to recipients with an official need-to-know.
  • Should have "FOR OFFICIAL USE ONLY - PRIVACY SENSITIVE" in the subject line.
  • Should have "FOR OFFICIAL USE ONLY - PRIVACY SENSITIVE: Any misuse or unauthorized disclosure of this information may result in both criminal and civil penalties" in the body of the email.
  • Must be digitally signed.
  • Must be encrypted. (Always check to see if the attachments you are sending contain PII. Check all tabs.

AM I REQUIRED TO ENCRYPT EMAILS THAT CONTAIN PII?

Yes. In October of 2008, the Department of the Navy Chief Information Officer released a GENADMIN message that reiterated guidance requiring DON users to digitally sign and encrypt email messages containing PII.

HOW DO I ENCRYPT AN EMAIL CONTAINING PII?

To encrypt an email manually, click on the "ENCRYPT" icon in the tool bar for the message in question. To configure OUTLOOK for automatic encryption, go to:

"Tools" -> "Trust Center" -> "Email Security" -> "Encrypt content and attachments for outgoing messages"

WHAT DO I DO IF I ENCOUNTER PROBLEMS WHEN ENCRYPTING AN EMAIL?

  • Select "Cancel" in the pop-up and remove the failed recipient from your email. Send the email.
  • Send a separate email to the unsupported email address(es) requesting a reply with a digitally signed email if their address is not in the Global Address List (GAL), or a reply after publishing their certificates, if their address is in the GAL.
  • DO NOT select "Send Unencrypted."
HOW DO I PUBLISH A CERTIFICATE?
  • Go to Outlook: Tools/Trust Center/Email Security/Publish to GAL
  • Right-click on the contact name and select "Add to Outlook Contacts"
  • Click on the contact and attempt to send the encrypted email again
Note: When publishing certificates it may be necessary to wait a few minutes to allow the server to replicate and the user's GAL to sync.

HOW DO I MANUALLY SYNC THE GAL?

Go to: My Computer/System (C:)/Program Files/Microsoft Office/GlobalDirectory/GALSyncU.exe

IF A VALID CERTIFICATE IS VERIFIED FOR THE RECIPIENT AND I STILL CAN'T SEND THE EMAIL ENCRYPTED, WHAT SHOULD I DO?

  • Go to the Outlook toolbar and click on the small arrow next to the Send/Receive button, and download the address book with "Full Details" (this may take 5-10 minutes). Attempt to send the encrypted email again.
  • 'Cached Exchange Mode' can also cause encryption problems. To see if you are in this mode, perform the following in Outlook, go to: Tools/Account Settings/Email Security/Click on Change. If "Use Cached Exchange Mode" is checked, uncheck it and then attempt to send the encrypted email again. (Note: You will be required to shutdown and restart Outlook for the new settings to take effect.)

TAGS: Privacy

Related Policy
Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response
Federal Acquisition Regulation; Basic Safeguarding of Contractor Information Systems
DON Revision of PII Breach Reporting Forms
Use of Best Judgment for Individual PII Breach Notification Determinations
DoD Component Responsibility to Ensure Government Contract Compliance with the Privacy Act
Related News
DON IM/IT Excellence Awards Nominations Due Dec. 5
How to Obtain Military Personnel, Health, and Award Records
Privacy Tips
Register for DON IT East and West 2017
PII Breach Articles from CHIPS Magazine
Related Resources
Privacy Briefs
Contractor Privacy Responsibilities
Quickstep Process for Marking Emails Containing PII
Blanket Purchase Agreements for Identity Monitoring
Email and PII

DON CIO Information

Online Services & Community