Managing electronic information has become a visible and highly regulated activity. HIPAA, Gramm-Leach-Bliley, and Sarbanes-Oxley legislation, and state security breach notification laws have all changed the way companies handle and transmit information. TG is taking several actions in a continuing effort to ensure that our corporation's data, customer information, and student/parent confidential and personal information remains secure.

To protect the privacy of non-public personal information (NPI) sent via e-mail, TG will secure all outbound e-mail messages through a commonly used e-mail encryption software product known as Tumbleweed™. The software is capable of identifying and encrypting e-mail sent from TG that may contain NPI based on parameters set by TG. This includes, but is not limited to, Social Security numbers and account numbers.

How does e-mail encryption work?
E-mail encryption software is designed to protect e-mail messages in one of two ways: by making them undecipherable as they are transmitted over the Internet, or by storing the communication on a secure server where the recipient may access the message.

As modern technology makes it more efficient to conduct transactions over the Internet, more consumers are taking advantage of the convenience. However, unsecured e-mail transmissions can be intercepted, potentially exposing individuals to fraud or identity theft, particularly if the messages include NPI.

Although no approach is error-proof, e-mail encryption significantly lessens the opportunity to intercept e-mail messages as they are transmitted over the Internet.

How does TG use e-mail encryption?
Based on the protective actions that TG has taken, one of the following situations will apply:

• Situation One (Gateway-to-Gateway) — A customer receives many e-mails from TG on a regular basis (this includes some school, lender, and servicer partners).
  
  TG will work with the information technology departments of our business partners to permanently install TG's e-mail encryption key on each partner's server. Recipients will receive the encrypted e-mails without further action on the part of the recipient, and the recipient will not be required to download the key from a TG-hosted Web site.
  
  
• Situation Two (Gateway-to-Client) — A customer receives semi-frequent e-mail messages from TG (this includes some school, lender, and servicer partners).
  
  The client must acquire compatible e-mail encryption software and then work with TG's technology services team to acquire TG's encryption key. Such a customer will have to download the key only once. The key will be stored on the customer's computer and future encrypted e-mails from TG will appear in his or her e-mail inbox without further action on the part of the recipient.
  
  
• Situation Three (Registered User) — A customer receives semi-frequent e-mail messages from TG (this includes some school, lender, and servicer partners).
  
  The recipient will be notified in a clear-text e-mail message that the recipient has received encrypted e-mail from TG. The recipient then must visit a TG-hosted Web site to verify his or her identity, based on information that has been provided to TG, and will be able to access the message through the Web site. The recipient may then read, save, and reply to the message.
  
  
• Situation Four — A customer receives infrequent e-mail messages from TG (this includes all borrowers).
  
  The recipient will be notified in a clear-text e-mail message that the recipient has received encrypted e-mail from TG. The recipient then must visit a TG-hosted Web site to verify his or her identity, and will be able to access the message through the Web site. The recipient may then read, save, and reply to the message.

Why do I have to visit a TG-hosted Web site to read my message?
In order for TG to protect your information, we require that you either visit our secure Web site to view your messages, or that you work with our technology services team so that you may receive your messages in your e-mail inbox without further action on your part. By doing this, TG is ensuring that the information you are reading is secure.

Why has TG elected to use e-mail encryption?
TG remains committed to providing the highest level of customer service, and this includes using available technology designed to protect non-public personal information transmitted via the Internet.

Where can I get more information or assistance?
This page has been created to provide information regarding e-mail encryption and its use at TG. If you have any questions or concerns, please contact TG customer assistance by sending an e-mail message to cust.assist@tgslc.org or by calling (800) 845-6267.

Back to Top