This standard applies to all government departments using email as part of a public-facing digital service or website. It applies if you:
- send an email message to the public from your system; and
- ask the public to submit information via email or email attachment.
Email is not a secure method of communicating with the public. The Yukon.ca privacy statement has a section that explains how the government uses email to communicate with the public. We recommend the public not include any personal information if they do communicate with the government via email.
Email receipt messages
In some instances, the public recieve an email if they interact with a public-facing digital service. For example to let them know if they created an account or confirm they have made an online payment. These are called email receipt messages. Apply the online design pattern to these emails so people understand what happenned, what they need to do next and how they can contact you.
Using email to receive information from the public
You may have a PDF form, online form, or digital service that require users to enter information and submit it to you. They may submit it via the service or using email or an email attachment.
The options you give the public to submit their information should align with the data classification for that data. Depending on the level of sensitivity, data is classified at Public, Internal, Confidential and Restricted. Refer to Appendix A: Data Classification (Yukon government's information security program) on the government's intranet for more information.
When to use email to receive information from the public
The only time it is appropriate to use email is if the information being shared is not sensitive.
Examples of sensitive data include:
- personally identifiable information;
- electronic protected health information (ePHI), and
- all other forms of data classified as Restricted or Confidential.
Refer to the Yukon government's information security program document on the government's intranet for more information. See Appendix A: Data Classification and Handling Guidelines and Appendix B: Data Classification to see examples of different levels of information sensitivity.
Do not use email
Do not use email if the information being shared is sensitive or requires protection. This includes attachments to emails.
Alternative options for users to submit their information online
There are several solutions available for you to receive information from the public. These can be scaled to meet the data handling rules for the classification level of your data.
Email [email protected]. We'll set up a call so you can tell us what you're trying to accomplish and we can go over your options and recommend what we think will work best.
Assess how well your current method of submission meets this standard
If you have a PDF form, online form or other digital transactional service, make sure your current methods of submission meets this standard.
- Review the submission instructions.
- Review the type of data people input to determine the level of classification (Restricted, Confidential, Internal or Public).
- Assess if the submission methods align with the guidance in the Yukon government's information security program Appendix A-1: Data Classification and Appendix A-6: Data Handling Guidelines.
- If your submission methods do not align with these standards you must update them as soon as possible. Email [email protected] to go over your options.