Login   |   Secure Purdue > Best Practices

Electronically Transmitted Information

How information should be transmitted is based upon the category of data that is contained in the electronic file.  Data Custodians are encouraged to always use the most secure means possible to electronically transmit Purdue data.  It is expected that departments will move toward encrypted transmission options over time and encourage their vendors and exchange agencies to move in this same direction. 

Information should be transmitted in the manner applicable to the highest classification level of data contained in a file or document.  For example, if a file contains both Public and Restricted information, then the file should be transmitted according to the Restricted classification.  Purdue Data Custodians are urged to contact the Data Stewards for guidance in cases that present handling questions or security concerns.

Actions

  • Electronic Communications

Electronic Communications

This category includes almost all electronic communications.  It includes communication mechanisms such as email, instant messaging, FTP, connections to administrative applications, and wireless or cellular technologies.

Public

No special requirements

Sensitive

Encryption suggested

Restricted

Encryption required

University Restricted data should never be transmitted over any network “in the clear.” It should always be transmitted using a reliable encryption mechanism, such as NIST-approved encryption.  The University does not currently have an enterprise encryption solution.  The use of the University’s secure Filelocker service (https://filelocker.purdue.edu/) is encouraged for the transmission of Restricted Data when it is appropriate to transmit that data.

Other secure transmission services that may be appropriate in some circumstances include transmission using the Purdue VPN solution (http://www.itap.purdue.edu/connections/vpn/index.cfm), secure FTP, and Web (https).