• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Sensitive information via email

Snedd

Snedd

Well-Known Member
One thing I'm seeing more and more is companies that I have to deal with either requesting or sending sensitive information via email. My view of email is that its the electronic equivalent of a post card in that its relatively insecure and easy to read as it passes through and gets stored on various mail routing devices on its way to your inbox.

For example I was recently trying to track down an old pension from my very first job. The company now administering the pension asked me to send various pieces of information including national insurance number and address history to prove I was who I said I was, via email. My attitude to this is that if it proves to them that I am me, then it can also be used by someone else to pretend to be me. I asked the company involved if they had a PGP or GPG key so I could encrypt the email. When they said no I ended up asking for a postal address instead.

I'm now in a situation where my accountant (I'm self employed) is going to start sending all monthly and quarterly documents out via email instead of post. This will include payslips, profit and loss statements, details of tax to be paid, etc. I'm think of making a fuss and insisting that they either:

ask me for a PGP/GPG key and encrypt the mail before sending it

or

allow me to opt out and continue to receive documents in the post

or

if none of the above I bin them and use a different accountants.

Am I being overly paranoid?
 
You are not overly paranoid. Find another accountant :)

My bank, insurance and another company won't even email me a doc. They'll just send a simple email saying a new message or document is now available (without the actual content of the message or document in the email). Then I'll have to go to their https secure login site to read that note or grab/download that document. It's supposed to be this way (much better but not necessarily foolproof, but they sure have taken sufficient/reasonable steps to secure their/my data). bye
 
^ Well I made a bit of a fuss yesterday and they've put a note on my account saying I want to receive documents in the post as before. So we'll see what happens.

I also did a bit of research and it seems e-payslips are getting more popular, but companies are doing like you said, documents are accessed via secure https login, the payslip itself is not actually emailed.
 
Yeah, I definitely wouldn't trust email without gpg. Especially if you are using an email client like outlook or thunderbird... In one of my classes last semester, we had to dig through a hard drive image using various tools, one was a tool to pick up old email files... it was all there.

I'm surprised that the company didn't work with you on that RE: email, I would think that something or someone would have brought that up before...
 
You must log in or register to reply here.
Back
Top Bottom