Confidential Information Must Be Encrypted Before Emailing to Fiscal Management
Issued: May 6, 2011
Updated: Jan. 23, 2026 – View Changes
FPP D.004
Contacts
For questions, contact:
- Payment Services
- Other appropriate Fiscal Management contact for your agency
Overview
Applicable to
State agencies and institutions of higher education.
Policy
State agencies and institutions of higher education may need to send documents to the Fiscal Management Division that contain confidential information such as:
- Social Security numbers.
- Birth dates.
- Direct deposit information.
- Net pay.
- Unpaid warrant numbers.
Never include confidential information in an unencrypted email.
Email that is not encrypted is not secure and exposes protected information to unauthorized disclosure. When confidential information must be shared by email, encrypt the message, or use an encrypted attachment in accordance with your agency’s information security policy. Transmission via email encryption must meet Federal Information Processing Standards (FIPS) 140 2 standards, using at least Advanced Encryption Standard (AES) 128 (AES 256 preferred).
Common encryption methods include:
- Microsoft Office encryption with password protection.
- Pretty Good Privacy (PGP) encryption.
- Encrypted Portable Document Format (PDF).
- WinZip.
- 7-Zip.
Provide passwords to unlock the encrypted information in a separate email or over the phone.
A fax transmission of confidential information is also acceptable.
For your agency’s approved information security policies and procedures, contact your information security office.
| Date | Updates |
|---|---|
| 01/23/2026 | Added information on encryption standards |
| 03/14/2025 | Made clarifying edits |
| 02/24/2023 | Made clarifying edits |
| 03/18/2022 | Made clarifying edits |