Page 26 - Information_Security_Program
P. 26
SECURE DATA TRANSMISSION [DP272]
Back to Table of Contents
Scope: Enterprise
Distribution: All employees with access to privacy‐restricted documents
Purpose: To ensure information is securely sent within and outside of the organization.
External Regulation or Standard: 45 CFR 164.312(e)(1), PCI DSS 4.1 and 4.2
Who is Responsible Statement Policy, Standard, or Procedure Statement
Number
Employees DP272.1 Employees must not transmit payment card or social security account information,
Protected Health Information or other Personally‐Identifiable, Privacy Restricted data
over open, public networks without using organization‐ approved connections.
Employees DP272.2 Employees must not send an unprotected payment card Primary Account Number
via end‐user messaging technologies such as e‐mail, instant messaging, chat, etc.)
Employees DP272.3 Employees must not send Protected Health Information or other Personally‐
Identifiable, Privacy Restricted data outside of the organization’s e‐mail system
without using organization‐approved encryption such as ZixMail.
25 | P a g e
GES CONFIDENTIAL