Security Tips for Sending Personal Data Over Email
What kind of information should I not send via email?
We all need to be mindful when sharing personal information, whether it is our own or that of others.
You should not send personally identifiable information via unencrypted email. It is not a secure way to send any information and could expose you to data hacking.
What is personally identifiable information?
Personally identifiable information (“PII”) or personal data is information that either on its own, or when put together with other data, can identify an individual.
Examples of PII include: social security numbers, tax identification numbers, home / business addresses, phone numbers, credit card numbers, dates of birth, copies of government-issued IDs and health information.
Why is it dangerous to send PII over email?
When you send an email, you don’t necessarily know how many networks or servers the message will pass through on its way to the recipient, or who has access to them. In addition, emails sitting on your device may be accessible to a third party. Let’s also not forget the common error of emailing a message to the wrong recipient!
How can I securely transfer PII?
To be truly secure, the message must be encrypted before it leaves the sender’s computer and it must remain encrypted until the recipient receives it.
We have partnered with a cloud-based service provider, SendSafely, which we will use to transfer PII from Square. SendSafely uses end-to-end encryption to protect files from unauthorized access. Files and messages sent through SendSafely are encrypted before they leave your the sender’s device and SendSafely never has access to the decryption key needed to view them, ensuring it is only the intended recipient who has the ability to decrypt and access the message. The recipient doesn’t need to install anything new to use the service.
Whether you choose to use a cloud-based encryption service such as SendSafely or find another encryption method, be sure you take the steps to make your business a trustworthy custodian of your customers’ personal data. It will serve your business well and demonstrate your integrity to both your customers and the data protection authorities.