Here’s a little surprise for you: your email isn’t as private as you’d like to think! Sure, we don’t expect the Internet to be very private, but most of us would like to believe our emails are private. But in reality, your unprotected emails can easily be intercepted during transmission to the recipient.
When you’re sending sensitive information via email, you must consider all the points where an email could potentially be intercepted. Your emails travel through an intricate path to the recipients, and ultimately, you don’t have any control over your emails once you’ve sent them.
While you probably don’t have anything to hide, you don’t want unauthorized individuals to get access to or steal your sensitive information. So how do you protect your emails? It’s actually fairly simple: email encryption. We encrypt our emails for the same reason we lock our homes; so nothing can be stolen.
Encryption can be difficult to implement and maintain, however, it’s absolutely necessary to protect your emails. And for some businesses, it’s actually mandatory to comply with industry-specific laws and regulations. Here’s a few of those laws and regulations:
The GLBA was enacted to make sure financial institutions take precautions to protect consumers’ personal financial information. GLBA requires financial institutions to encrypt all electronic customer information at rest and in transit.
HIPAA states covered entities must perform a risk analysis for all information containing PHI, such as emails, to determine the appropriate safeguards to protect this information. The covered entity is responsible for implementing reasonable and appropriate safeguards to protect this information. Ultimately, covered entities must have a good reason not to encrypt emails, as the decision not to encrypt will be documented including the factors considered to make the decision.
SOX requires businesses in all industries to exchange sensitive transaction data over a trusted medium with strong controls to protect financial information. This trusted medium is best accomplished through data encryption at rest and in transit.
In addition, many states, including but not limited to Massachusetts, Washington, and Nevada, have state regulations requiring encryption for the use and transmission of customer information. If you’re storing or transmitting your customers’ personal information, make sure you’ve checked applicable state regulations to make sure compliance.
To learn more about email encryption, give us a call at (713) 490-5000 or send us an email at firstname.lastname@example.org. CITOC can help you add email encryption to protect sensitive data at rest and in transit.