University of California policy and standards require sensitive data to be encrypted. Sensitive data is data classified as needing Protection Level 3 or 4 (P3 or P4). See the University of California data classification page for details. Protected Health Information (PHI) is always classified as P4. 

• Excel
  
• Word
  
• Acrobat .pdf
  
• All other files 
  

Use Microsoft Teams as a secure platform for sharing information.

Passwords are the key to protecting files. Use a strong password. See the UCSD site for password requirements and management tips.

Once you’ve created an encrypted file, you need to provide the password to the recipients. The passwords and credentials need to be in different communication channels. For example, if the files are emailed, either text or call the recipient to share a password. Or, if files are shared in Microsoft Teams, share the password using another application, (do not use Teams Chat).

Manage your passwords in a secure location that only you can access. See the UCSD site for password requirements and management tips.

Data files need to have retention requirements defined. Once a file with protected information is processed and no longer needed, the file should be deleted. That applies to the source files, including messages in the Sent Items folder, and to received files in the Inbox or Downloads folder. If an archive is required, a department share, or SharePoint site are the preferred locations. Purging files with protected information reduces the risk to UC San Diego Health in the event of unauthorized access.