For the highest security, follow these practices:

1. Always sign your e-mail messages.
    
   
2. If many of the messages you send should be encrypted, set your default options to always encrypt messages.
    
   
3. If it is not automatically done, keep the revocation certification lists for the users you communicate with updated on a regular basis. For information on KU revocation certification lists, please go to -
   https://ca.aims.ku.edu/kuca/cgi-bin/crl.shtml.
    
   
4. A few examples of information that should always utilize email encryption (or never be sent via email) include - 


• Nondirectory student or prospective student records as defined by FERPA and the University Student Records Policy (including grades, exams, rosters, official correspondence, etc.) (www.vpss.ku.edu/records.shtml)
• Financial aid and scholarship records
• Individually identifiable personnel records
• Personal information utilized to verify identity, including but not limited to Social Security numbers (SSN) and University ID numbers (KU ID)
• Passwords and PINS
• Individually identifiable health information protected by state or federal law (including but not limited to “protected health information” as defined by the Health Insurance Portability and Accountability Act (HIPAA))
• Individually identifiable information created and collected by research projects
• Credit card numbers and financial transactions covered by the Payment Card Industry (PCI) Standard
• Physical building details
• Donor or prospect information
• Information resources with access to confidential or sensitive data