If you are sending an email via StaffMail to a colleague in your school or to another LGfL supported school that uses StaffMail, the email will not leave the LGfL secure network so is therefore sent securely.
If you are sending an email that contains Personal Identifiable Information (PII) to an external recipient, StaffMail uses Transport Layer Security (TLS) to send emails across the Internet which is a secure method of sending emails. StaffMail has been configured in line with Government email standards and further information on TLS can be found on this link - https://www.gov.uk/government/publications/email-security-standards/transport-layer-security-tls.
You must check with the external email recipient that their email system uses TLS before sending any PII to them via StaffMail as if they do not, the email will be sent in plain text (insecure). For information, most London councils, Google Mail and Microsoft Office 365 all use TLS. To check if an email domain supports TLS, enter their email domain into this link - https://www.checktls.com/TestReceiver
If the external recipients email provider does not support TLS, LGfL has purchased Egress licences for all LGfL supported schools as part of your subscription and at no additional cost to your school. Egress is a secure email product that works alongside Microsoft Outlook or G Mail and it encrypts emails, end to end, to the recipient. An LGfL school may be entitled to free Egress licences. To find out more please see our egress product information page.
NOTE – LGfL advises you to ensure that you have the necessary Data Sharing Agreements in place with external companies that you are sharing PII with in accordance with Data Protection Law.