What is personal data and what has secure email to do with it
It has been two years since the GDPR was introduced. With the introduction of this European privacy legislation, organizations had to take the right organizational and technical measures. Most important is the correct processing of personal data, which often includes privacy-sensitive information. But, are we still aware of what personal data exactly entails? And do we know why it should be exchanged securely? You will read all about it in today's blog.
What is personal data?
In short, personal data is data which helps to identify a person. Think of a name, date of birth or place of birth. A fact that can be traced back to a person.
For example, if we look at e-mail addresses, we can consider them as personal data. Let’s say Jane.firstname.lastname@example.org indicates that Jane is employed at Bedrijf ABC. This email address can only be assigned to Jane and is therefore classified as personal data.
This is just an example, because it is not always that simple. It often concerns combinations of data, which ensure that they can be linked to a person. There are therefore many different types of personal data:
- First name and surname
- Social Security number
In addition to this, which are often public, there is also sensitive data such as health data, religion and race. The more information is available about a person, the more insights can be given into someone’s life. The collection and storage of all this data can therefore be contrary to the GDPR. Unless an organization has the right reasons for this, it is not permitted to process or store this data just like that.
Anyone who processes this kind of data, is obliged to take the right measures. That is to say: in a way that sensitive data always remains protected.
What is the impact of sending personal data unsecurely?
The impact can be significant without even realizing it. While an email address is often “just” a given thing that is commonly known (or easy to search for), in some cases visibility can have unpleasant consequences.
For example, an HIV clinic in the UK once received a fine after all patients' email addresses were visible to all recipients. Instead of the bcc button, the cc button was used when sending out a newsletter. This caused every recipient to see to whom the newsletter was sent. So for those who had processed their name in the email address, it was a painful discovery.
The same applies to, for example, health information that is processed in an email. If this kind of information leaks, the consequences can be enormous for those involved. Data can be used by malicious parties without noticing it. Identity fraud can then be a consequence: when a person pretends to be someone else, bank accounts can be opened for example.
If you send personal data in an unsecure way, you are risking running into unpleasant surprises. In addition to the consequences for those involved, there are also fines for you as an organization, which can be 4% of the global annual turnover.
How secure email can protect personal data
Securing personal data is simple: look at the way in which this data is used and processed. Email is accessible and widely used, so there are opportunities here.
Standard email is not secure enough. That is why it is important to use emails with appropriate security adjustments.
To be able to process personal data securely, it is necessary to limit risks.
If we go back to the example of the email addresses, a check on recipients and attachments could have helped. This is how it could look like:
This is just one of the ways how you could protect there, because there is more:
- Block emails after sending
- Receive notifications when sensitive data is processed in an e-mail, such as health data, Social Security numbers and credit card numbers, or
- Keep communicating securely anytime, anywhere from the secure portals.
It is important that personal data can always be sent securely. Preferably with a user-friendly solution, which helps the user to email securely.