Protecting personal and confidential information is very important to ensure users comply with current legislation. Users should not store such data in their emails and should never send personal or confidential information unless it is encrypted and the encryption pass-phrase is communicated through a different route. Users should have an organisation provided email account which will be utilized for communication carried out for organisation activities.Users may not use organisation email services to transmit: Bulk emails and unnecessary material (spam) Emails which are likely to cause offensive or inconvenience to the receiverEmail, like all methods of communication, cannot be assumed to be secure. It cannot be postulated that email will be correctly distributed or that the sender is as claimed in the mail headers. Steps must be taken to minimise the risk of interception or breaches of confidentiality. These steps include: All users are responsible for protecting organisations confidential information that they use in any form from unauthorised access and use. All users are responsible for protecting their passwords and other access credentials and they must not divulge passwords to anyone.All users of the organisation confidential information resources must be accurately and individually identifiedAll users must ensure that any device holding mail messages, email addresses must be password protected.Confidential information must be protected on any user computer or portable deviceElectronic records containing the organisations confidential information must be appropriately protected when sent. All users should never redirect or forward emails in the organisation account to an external accountThe organisation must conduct appropriate due diligence to ensure that third parties that store of have access to the organisations confidential information are capable of properly protecting the informationUsers should also consider the following guidelines when sending email: All users must ensure that they identify and use the correct recipient email address considering anonymising references to specific individuals All users must confirm the identity of an email sender where there is reason to question this All users must adopt a risk-based approach to deciding what information is appropriate to be sent by email. Attached files must be encrypted. A password or key is required to decrypt the file and the user must ensure that only the encrypted version is kept on portable devices. All users must warn the recipient that the email contains confidential information to ensure they open the document in a secure, private environment. Users must not transmit material to which a third party holds an intellectual property right, without the express written permission of the rights holderAll plausible steps must be taken to obviate the propagation of computer viruses or other malware by email. Incoming and outgoing email must be routed via mail servers which must run adequate malware detection software. Systems must run up-to-date anti-malware software where available; the operating system must additionally be patched regularly.