Encrypting Email Containing PII
Published, May 31, 2012
In October of 2008, the Department of the Navy Chief Information Officer released a GENADMIN message that reiterated guidance requiring DON users to digitally sign and encrypt email messages. The below process explains what to do if you should encounter problems when encrypting an email.
Emails containing personally identifiable information (PII) in the body of the email or in an email attachment:
If the email containing PII fails to send due to encryption issues, do the following:
- Should only be sent to recipients with an official need-to-know.
- Should have "FOR OFFICIAL USE ONLY - PRIVACY SENSITIVE" in the subject line.
- Should have "FOR OFFICIAL USE ONLY - PRIVACY SENSITIVE: Any misuse or unauthorized disclosure of this information may result in both criminal and civil penalties" in the body of the email.
- Must be digitally signed.
- Must be encrypted. (Always check to see if the attachments you are sending contain PII. Check all tabs.)
To publish a certificate:
- Select "Cancel" in the pop-up and remove the failed recipient from your email. Send the email.
- Send a separate email to the unsupported email address(es) requesting a reply with a digitally signed email if their address is not in the Global Address List (GAL), or a reply after publishing their certificates, if their address is in the GAL.
- DO NOT select "Send Unencrypted."
- Go to Outlook: Tools/Trust Center/Email Security/Publish to GAL
- Right-click on the contact name and select "Add to Outlook Contacts"
- Click on the contact and attempt to send the encrypted email again
Note: When publishing certificates it may be necessary to wait a few minutes to allow the server to replicate and the user's GAL to sync.
To manually sync the GAL, go to: My Computer/System (C:)/Program Files/Microsoft Office/GlobalDirectory/GALSyncU.exe
If a valid certificate is verified for the recipient, and the email still cannot be sent encrypted, try the following:
- Go to the Outlook toolbar and click on the small arrow next to the Send/Receive button, and download the address book with "Full Details" (this may take 5-10 minutes). Attempt to send the encrypted email again.
- 'Cached Exchange Mode' can also cause encryption problems. To see if you are in this mode, perform the following in Outlook, go to: Tools/Account Settings/Email Security/Click on Change. If "Use Cached Exchange Mode" is checked, uncheck it and then attempt to send the encrypted email again. (Note: You will be required to shutdown and restart Outlook for the new settings to take effect.)
View the GENADMIN message: DON Policy Updates for Personal Electronic Devices Security and Application of Email Signature and Encryption.
Click here for more Privacy Tips.