Introduction

We have introduced a more secure way to send personal or commercially sensitive information by email.

As a council, we must comply with data protection regulations and make sure that when we share personal or commercially sensitive information, it is done securely. Failure to do so can result in large fines and damage to our reputation.

Outlook Message Encryption (OME)

As of September 2021, we now use Microsoft’s Outlook Message Encryption (OME) for sending sensitive information by email. If you receive an email that we have classified as personal or commercially sensitive, you will now need to access it using OME.

If you receive an email from us containing sensitive information, it will be protected by encryption.

Clicking ‘Read the message’ will open the email in the OME web portal.

You may receive a notification that you’ve received a protected message and need to take additional action and sign in with a work or school account, or use a one-time passcode to verify your identity, particularly if you’re using a different email account or email program.

For more detailed guidance, please view the tutorial video. The steps are demonstrated using a Gmail account but should be similar for other email providers. Different platforms are included in the video, you can find guidance on using a desktop computer at 00:39 and Android mobile phone at 02:00.

Please see the guide below for more written step-by-step guidance.

How to read an encrypted email sent from Somerset Council

PDF, 217 KB

If you are experiencing issues using the One Time Passcode (OTP) method of verification, we suggest following the steps below before getting in touch with the sender.

• If you haven’t received the OTP email after requesting it, check your junk mailbox. If the OTP email isn’t in your inbox or junk mail, please speak to your ICT support and check it has not been blocked
• Use a Microsoft or Google account login as an alternative verification

Sending emails to us

Personal data sent to us will be managed and protected in accordance with current data protection legislation.

To make sure your email arrives safely with us, you may wish to consider the following measures:

• Double-check the email address you are sending to for spelling errors or typing mistakes. Our email addresses finish with @somerset.gov.uk
• Apply encryption – if you have the ability to do so. We should be able to open most encrypted emails, but will let you know if we have any difficulties.
• Consider attaching sensitive information in a password-protected document. The password can then be communicated to the correct officer in a phone call. Do not send the password in the same or a separate email.

If you do not have the ability to apply encryption but are concerned about sending highly sensitive data, you may ask the person at the council you are sending it to, to send you an encrypted mail – marked ‘Personal Data’ – which you can respond to. Responding to an encrypted email will retain the protections.