Probably the most frequent question I am asked is how secure is email nowadays and do we still need to encrypt attachments and personal data contained within the message. The answer always used to be "yes" but Birmingham City Council has now published some guidance about the issue which can be found at:
Essentially the reason the old guidance has changed is because all public sector organisations must now meet the government’s secure email standards. To meet these standards, Birmingham City Council and Birmingham Children's Trust have the accreditation to send and receive sensitive and confidential information from other secure organisations using Transport Layered Security (TLS) encryption, without the need for using the old and now defunct GCSx email addresses. The domain names @birmingham.gov.uk and @birminghamchildrenstrust.co.uk addresses are now used for all email exchanges and there is no need to do anything to enable TLS, as it runs as backend technology to protect data.
It should however be remembered that secure email exchanges enabled by TLS are only possible if the email domains of partner organisations are included in the TLS users' list, an up-to-date version of which is available from the website link above.
The Council and Trust will use the Microsoft Office 365 email encryption process (OME) in cases where it is not certain whether the email recipient is using the government’s TLS email service. Schools and academies are advised to do the same or send encrypted attachments where this is not possible.
Please take the time to look at the helpful information on this web page and be aware of which schools do use the end-to-end encryption technology.
Comments