Text size A  A  A

WV State Privacy Office

100 Dee Drive
Charleston, WV 25311

304-558-7000 Phone
304-558-7001 Fax

 Privacy Tips

WV Executive Branch Privacy Tip - Emailing PII

 

Using email is the norm for most members of the workforce when communicating with business partners and co-workers. However, from a security standpoint, email com­mu­ni­ca­tions may not be fully secured. Especially if you are using an unen­crypted net­work.  The poten­tial for mes­sages to be inter­cepted “in tran­sit” is a very real and poten­tial dan­ger. Email is also prone to human error…you didn’t really mean to put your client’s social security number in the subject line of your email and unintentionally send it out using an external listserv email address did you?   

 

When using email, think privacy to ensure any personally identifiable information (PII) is not compromised.  PII is defined as information that identifies, or can be used to identify, locate, contact, or impersonate a particular individual. PII also includes protected health information (PHI).  Examples of PII include social security numbers, driver’s license numbers or financial account numbers (credit/debit).

 

There are several steps to consider when using email to min­i­mize the risk of unin­ten­tional breaches of PII:

 

  • Do not put PII in the sub­ject line of an email. Your internal email network may be encrypted; however, the subject line is not protected.Hack­ers have been known to scan the sub­ject lines of email com­mu­ni­ca­tions look­ing for user names, pass­words, and other PII. 
  • Be aware of your Department’s privacy and security protocols for using email.
  • Follow established encryption procedures.
  • Is disclosing PII in an email necessary?

 

 

Note: Your agency/bureau/department/division may have specific requirements – always check your policies and procedures. If you have questions, contact your Privacy Officer.

See all 2015 Privacy Tips

Privacy, Security and Accessibility | WV.gov | USA.gov | © 2015 State of West Virginia