5 'security excuses' that make each email a potential data breach

It is important that you always send personal data securely. That awareness is increasingly present on the work floor. Nevertheless, ZIVVER directors Rick and Wouter still hear numerous irrational arguments for not applying this rule. Which of these 'security excuses' do they hear most frequently? Wouter discusses them one by one.

 

Security excuse 1: Such a small file does not need security

The size of the data is often decisive. The larger the requested file, the greater the chance that the data will be sent securely. In itself this is logical enough, based on a quick assessment of the consequences of a possible data breach. In the experience of the sender, the risk increases with the amount of data.

The law sees this differently, however: a data breach is a data breach, even if only one person is involved. Furthermore, the new General Data Protection Regulation introduces the possibility that interest groups can approach other concerned parties in order to bring a joint lawsuit. If things go wrong for one patient, the chances are that other patients - without knowing it - also risk becoming a victim.

In addition to a possible claim for damages, reputation damage is already inevitable. Conclusion: anyone who sends personal data insecurely because it only involves a small quantity of data is assuming a false argument with potentially significant consequences.

 

Security excuse 2: The recipient requested the information him or herself 


My mother asked her hospital for a copy of the treatment report from her ophthalmologist. This was promptly sent to her by email, including her name, full address, patient number, insurance number, BSN (citizen service number) and the full treatment report. There was a warning at the bottom of the referral letter: 'Please note, this report may contain a citizen service number.' Anyone who intercepts that email will suddenly know a lot about my mother. The question is also what the function of the warning was at the bottom of the referral letter. Can you ignore it if a recipient has herself requested data?

We also encounter similar situations with notaries and lawyers. At the request of the customer, they often send a copy of a will, a prenuptial contract or purchase deed by email. If the client or patient has asked for it, security is apparently not important. Or maybe we think that the risk of a data breach is borne by the customer if he or she has requested information him or herself? That sounds easy enough. Until the information falls into the wrong hands, of course.

 

Security excuse 3: You do not need security for colleagues


If you send a colleague an email, you often do not immediately think of security. After all, the risk that sensitive information will end up in the public domain is smaller when using internal email. Unfortunately, this is not a criterion for the law: an email with sensitive information must always be sent securely, even if it remains inside the organisation. As soon as personal data comes to the attention of someone who did not have permission or a need for this, a data breach has occurred.

Moreover, there are enough painful scenarios imaginable involving leaked internal information. No employer would like to see information about salaries, reorganisations, treatment plans or test results, for example, reach the wrong employee. Prevention is better than cure. We know of cases involving an internal leak about salary data. The managers involved had to sign several confidentiality declarations and prove that the data had not been stored anywhere. The first is annoying, but think how complicated it would be to prove that you did not do something ...

 

Security excuse 4: The recipient does ensure good security


Municipalities and other parties must regularly share information with the police. This takes place remarkably often by unsecured email. An important motivation is the conviction that 'the police have undoubtedly got their security in order'. The same idea applies to other parties with regard to which you as sender assume that their security is sound. This is misguided logic - even apart from the question of whether you are certain that everything is really in order. Even if you send an email to an extremely secure recipient, someone can intercept that information along the way. With all the undesirable consequences that entails. And if you accidentally send the email to the wrong recipient (who does not work for the police), then you are really looking at a data breach.

 

Security excuse 5: The recipient probably doesn't want all that extra hassle


Healthcare professionals, civil servants and lawyers often find it difficult to burden their clients with 'extra hassle'. You often see them making an estimate: how many clients or patients will be irritated by this, or will not open this email because they have to take an extra step? That estimate is irrational. If one out of one hundred recipients has complained in the past, many people wrongly project this experience on the 99 other recipients that did not make a fuss. In fact, you are then selling very short the many recipients who appreciate the secure handling of their sensitive data!

And as with the previous considerations, the law, journalists, customers and chain partners have little understanding for this. Anyone sending personal data must always know the risks and take measures him or herself. Excuses never help limit reputational damage, or help avoid a high fine.

 

GDPR Checklist

This blog gives you an idea of what is involved in secure emailing. It is an important part of the GDPR. Our checklist contains all the steps you need to take to achieve GDPR compliance. The document addresses in greater detail matters such as drafting a processor's agreement, obtaining permission for the processing of personal data, the security measures to be taken and the obligation to report data leaks.

GO TO THE GDPR CHECKLIST

RELATED
Doctor_laptop_telemedicine

8 reasons telemedicine is making headlines now

It should come as no surprise that telemedicine, sometimes referred to as telehealth or eHealth, has been featured prominently in the news lately. That’s because healthcare systems and professionals are seeking safe alternatives to provide patient care in the wake of the COVID-19 pandemic. While only a fraction of people worldwide have used telemedicine for […]

Read more
Doctor_laptop_telemedicine

8 reasons telemedicine is making headlines now

It should come as no surprise that telemedicine, sometimes referred to as telehealth or eHealth, has been featured prominently in the news lately. That’s because healthcare systems and professionals are seeking safe alternatives to provide patient care in the wake of the COVID-19 pandemic. While only a fraction of people worldwide have used telemedicine for […]

Read more
ZIVVER_safety_locks

ZIVVER’s secure communication platform is a market leader

When it comes to safeguarding data, you have to first look at the root cause of most breaches. Around the globe, human error is consistently the top cause of data leaks, so it’s important to have a security platform that can effectively tackle this. Many companies claim to offer solutions, few actually deliver on providing top flight security alongside […]

Read more
ZIVVER_safety_locks

ZIVVER’s secure communication platform is a market leader

When it comes to safeguarding data, you have to first look at the root cause of most breaches. Around the globe, human error is consistently the top cause of data leaks, so it’s important to have a security platform that can effectively tackle this. Many companies claim to offer solutions, few actually deliver on providing top flight security alongside […]

Read more
typing on laptop secure email

Remote workforce? Stay secure while preventing data leaks

Minimize needless stress and optimize business efficiency  Businesses worldwide have quickly shifted to a remote workforce, in response to social distancing measures introduced to slow the spread of the coronavirus (COVID-19) pandemic. While many governments initially announced measures lasting up to several weeks, it is now expected that social distancing will be in […]

Read more
typing on laptop secure email

Remote workforce? Stay secure while preventing data leaks

Minimize needless stress and optimize business efficiency  Businesses worldwide have quickly shifted to a remote workforce, in response to social distancing measures introduced to slow the spread of the coronavirus (COVID-19) pandemic. While many governments initially announced measures lasting up to several weeks, it is now expected that social distancing will be in […]

Read more