Staff should also be wary about over-sharing information – as some information such as official figures may be purely for internal use.
There are factors that will influence the data sent and received and the facility used to transfer the files. They are:
- recipient or sender
- file size
- access control.
Any information not classified as public will need to be transferred via a secure method.
Certain types of files sent to certain people need to be transferred via a specific method. This particularly applies to files being sent or received to or from government departments, agencies and other national bodies.
Data should never be passed or transferred to employees, agencies or partners if they are not authorised to view that information.
Files over certain sizes cannot be sent via secure email and should therefore be transferred by another agreed secure method.
There are several methods by which file transfer can take place. Which one you choose depends on the classification of the data being sent or received and who it is being sent to.
emails sent from one Derbyshire.gov.uk account to another Derbyshire.gov.uk account are contained within our email system. These are deemed secure for file transfer of any classification (public, controlled or restricted). When sending to a team or generic email account, it must be checked that all persons with access to the team email address are authorised to view any attached files.
emails sent from a derbyshire.gov.uk email address to a non derbyshire.gov.uk email address are deemed insecure because they do not stay within the Derbyshire email system. They should only be used to transfer documents or files that are classified as ‘public’.
GCSx email accounts use the PSN (Public Services Network) and are available through application to the information security team or via the service desk.
GCSx email accounts must only be used to send or receive emails to or from government bodies, that is, police (PNN), NHS, DWP, criminal justice (CJSM), GSi email addresses, GCSx email addresses which are also connected to the PSN. Files classified as controlled or restricted can be sent via GCSx, but the attached files must not exceed 12MB.
Information should not be forwarded to or from GCSx email accounts, or sent or received directly from standard derbyshire.gov.uk email accounts.
Use of secure network shares specifically created by the transformation server team for use with GCSx email accounts must be used to transfer information from or to GCSx email and our systems or email. Access policies linked to secure shares must be observed.
CJSM (Criminal Justice secure email service) is provided for criminal justice agencies and practitioners to communicate with each other.
As a general rule it must only be used for purposes relating to the criminal justice service.
GCSx email accounts can interact securely with CJSM email accounts but this should only be done if and when required.
Microsoft 365 encrypted email
This facility can be applied to standard individual and generic derbyshire.gov.uk email accounts through application to the transformation service, service desk.
This method can be used to send or receive files classified as controlled or restricted from external partners, agencies and individuals which cannot be contacted via GCSx or CJSM email.
The attached files on a single email must not exceed 12MB.
Cryptshare file sharing facility
Cryptshare is an externally hosted facility to securely share files with a user defined set of external parties.
Files of any classification can be shared and it can be used if files are too large to be sent via email. The file will be password protected and can be made available to the recipient to download for a period of up to 28 days. This can be useful if you have very large files or documents that are perhaps time regulated, for example, legal documents or planning permissions applications.
It's available to be used through specific request to the transformation service, service desk.
CAYA Sharepoint facility
Sharepoint is externally hosted internet site specifically for the schools extranet (Learning in Derbyshire).
It can only be used to transfer controlled or restricted documents by our staff and teachers or staff members who have been assigned log on credentials. It can also be used to post or upload public documents to the public facing portion of the site.
It's our policy that any cloud computing software should not be used to share information. This includes any type of file sharing such as pictures, videos and documents.
Always use encrypted portable media.
Files which need to be shared with other external partners and individuals but cannot be transferred by any of the above methods may be transferred by methods specified in the information and classification handling policy.
If you feel you may have accidentally breached this policy, you should contact your line manager immediately, or, in their absence, a more senior manager who will record this information.