Text size A  A  A

 Privacy Tips

 West Virginia Executive Branch 

 Privacy Tip


Emailing Personally Identifiable Information (PII)

Using email is the norm for most members of the workforce when communicating with business partners and co-workers. However, from a security standpoint, email com­mu­ni­ca­tions may not be fully secured. Especially if you are using an unen­crypted net­work.  The poten­tial for mes­sages to be inter­cepted “in tran­sit” is a very real and poten­tial dan­ger. Email is also prone to human error…you didn’t really mean to put your client’s social security number in the subject line of your email and unintentionally send it to the wrong email address did you?   


When using email, think privacy to ensure any personally identifiable information (PII) is not compromised.  PII is defined as information that identifies, or can be used to identify, locate, contact, or impersonate a particular individual. PII also includes protected health information (PHI).  Examples of PII include social security numbers, driver’s license numbers or financial account numbers (credit/debit).


There are several steps to consider when using email to min­i­mize the risk of unin­ten­tional breaches of PII:


  • Do not put PII in the sub­ject line of an email. Your internal email network may be encrypted; however, the subject line is not protected.Hack­ers have been known to scan the sub­ject lines of email com­mu­ni­ca­tions look­ing for user names, pass­words, and other PII. 
  • Be aware of your Department’s privacy and security protocols for using email.
  • Follow established encryption procedures.
  • Is disclosing PII in an email necessary?



Note:  Your agency/bureau/department/division may have specific requirements – always check your policies and procedures.  If you have questions, contact your Privacy Officer.



Privacy, Security and Accessibility | WV.gov | USA.gov | © 2016 State of West Virginia