Electronically Transmitted Information
How information should be transmitted is based upon the category of data that is contained in the electronic file. Data Users are encouraged to always use the most secure means possible to electronically transmit Purdue data. It is expected that departments will move toward encrypted transmission options over time and encourage their vendors and exchange agencies to move in this same direction.
Information should be transmitted in the manner applicable to the highest classification level of data contained in a file or document. For example, if a file contains both Public and Restricted information, then the file should be transmitted according to the Restricted classification. Purdue Data Users are urged to contact the Data Stewards for guidance in cases that present handling questions or security concerns.
Electronic Communications or Digital Data Transmission
This category includes almost all electronic communications. It includes data transmission over a point-to-point or point-to-multipoint communication channel and communication mechanisms such as email, instant messaging, VoIP, FTP, connections to administrative applications, and wireless or cellular technologies.
Type: Public
Requirements: No special requirements
Type: Sensitive
Requirements: Encryption suggested
Type: Restricted
Requirements: Encryption required
University Restricted data should never be transmitted over open, public networks without strong encryption. Examples of open, public networks include but are not limited to the internet, wireless technologies, cellular technologies such as GSM and CDMA, General Packet Radio Service (GPRS), and satellite communications. It should always be transmitted using a reliable encryption mechanism, such as NIST-approved encryption. The University does not currently have an enterprise encryption solution. The use of the University’s secure Filelocker service (https://filelocker.purdue.edu/) is encouraged for the transmission of Restricted Data when it is appropriate to transmit that data. See guidance for electronically stored Voicemail.
Other secure transmission services that may be appropriate in some circumstances include transmission using the Purdue VPN solution (https://www.itap.purdue.edu/connections/vpn/), secure FTP, and Web (https).