In recent years, using email as part of a case management system has been common practice for many companies E.g., when organizations send passports, health insurance documents or medical records via e-mail. It can be when individuals are asked to submit personal information to a new employer or to recruitment agencies.

Email is one of our most common forms of communication. It’s important to know that the data you share is often stored in the email itself, and may not be encrypted. Even encrypting an email will only protect your emails while in transit. If you were to send the email to the wrong address, or if a hacker accesses your recipient’s inbox, that person would immediately see all the sensitive information you sent.

The Danish Data Inspectorate’s website lists many examples of Danish institutions that were unaware of the risks associated with the casual sharing of sensitive data.

In fact, most of us don’t know much about the email provider we use. We may not think about what servers are used, or where they are located. Is there a backup? How long is the data stored?


Guide for transfers

The Data Inspectorate provides a guide to the requirements that must be met when transmitting sensitive data via e-mail:

  1. How can I send sensitive data? – Use encryption with ‘Transport Layer Security’ (TLS)
    The Data Inspectorate recommends a minimum of TLS 1.2.
  2. Who can access the data transmitted? – Which solution is best is up to the individual.
    E.g. a “key” or certificate (such as Easy ID) may be added to control who receives the data shared, or, you can send data in an encrypted attachment.

Which solution is best is up to the individual. At Safe Online, we recommend using an encrypted attachment to add sensitive data to an email. This way, no data is sent in the email itself, where it could be vulnerable even years later. We feel this is a better approach than encrypting the entire email, which may make the email look like spam and be overlooked.


Why should I use encryption?

By following our recommendation, you can customize your deletion policies, ensuring that transmitted or received data is only retained as long as you decide it should be (possibly up to 32 days).
You can also ensure that the sensitive data attachment is transferred directly to the server where it will be stored. This eliminates unnecessarily moving data first from an email, to a computer, to a document archive.

When using this sort of encrypted attachment, you also have the option to add different levels of passwords to the content, depending on:

  • the sensitivity of that data
  • the degree of relation between recipient and sender

In this way, whether you are sharing or requesting data, you will increase the security of the information your company protects, with no need for employees to further complicate their workflows in other efforts to minimize errors and data breaches.

If you are interested in using this type of encrypted attachment, we recommend you read more about our secure data sharing solution, Connectid Mail, a simple, easy to use add-in for Outlook.