Transmission of sensitive data policy
Data in transit means data is at risk if the proper precautions aren’t followed. Data stored inside a securely monitored environment is much less likely to fall into the wrong hands than data exchanged between people and systems. With this in mind, it is essential for company personnel to adhere to firm and clear guidelines for sharing sensitive data with others. These guidelines protect the business, its reputation and its customers by ensuring that only necessary personnel are able to receive and view material of a confidential nature.
From the policy:
Sensitive information in electronic form must be encrypted before being sent and/or transferred via encrypted methods. Encrypted storage methods can involve secure USB drives, whole disk encryption and file/folder encryption software. Encrypted transmission methods can involve secure file transfer protocol, VPN connectivity or encrypted email services. These concepts are discussed further in the “Specific transmission guidelines based on content type” section and the associated “Suggested encryption products” document, which contains 20 examples.
Employees should not use public email/document services such as Gmail or Dropbox to send or receive sensitive information. Exceptions can be permitted based on the discretion of the IT director.