We all need from time to time, to send a list of contacts, personal details information, etc. to some other place. Be it a service provider, your customer; you name it.
When needing to do so, nobody think of it twice, we hop on our prefered email software, attach the file and press the send button.
Convenient, but not privacy secure.
Let’s review why and I’ll give you some other ways to securely send personal information to another party and make sure it stays safe and that you can manage the life cycle of the file
Even though most of the email provider and client are encrypting their communication through SSL, this is something you want to check.
But, encrypted communication does not mean your data is protected. The file you’re sending as an attachment is not encrypted.
And moreover, sending a mail from one sender to a receiver happens through a lot of different servers that you don’t know about. And each of these servers will store a copy of your mail and its attachment — it’s part of the protocol.
Encrypt your file before sending it
So, if you want to send a file by email, you must encrypt the said file before sending it.
There are tools out there which do this. They’re known as “numeric safe.” FYI I use this one
You create a “container” which is encrypted that you can send back and forth over email.
Anyone with the password can add and retrieve a file from this “safe.”
Now, you’ve added another point to take care of: sending the password securely —obviously, not in the same mail1.
You still have to manage the life cycle of the files in your inbox. Not user-friendly.
Exchanging file without email
Apart from mail, what can we use?
Let’s try with simple FTP/s. Simply put, you’ll create a dedicated directory on your server which you will grant access to your client.
The client will set a network location access in windows explorer.
If you and your client are comfortable setting up this kind of access, that a great way to go.
Beware though: the connexion must be over SSL meaning it’s an FTP/s credential
Sharing credential must be done through a secured channel (no email)1.
Your server must be protected against rights escalation to prevent unauthorized access to other directories.
Using a cloud service
Now, what if we used an online service.
I’m not a huge fan of that because, it puts personal data in another entity property, again.
But instead of using a third-party service, we can use our own.
Let’s can call it “business cloud”. You can either install it on your own server or use a provider.
This kind of software gives you a file transfer/exchange service — on top of another very valuable and convenient service.
In your case, you’ll create a new directory for your client, set the permissions and send over the invitation.
All that your client has to do is upload his file.
Owncloud/Nextcloud include features to manage the lifecycle and retention duration of these files.
Again, only share the credential through a secured channel1.
A better lifecycle management
These last two options also give you a better way to manage the lifecycle of the files holding personal data.
Everything is gathered at one and only place.
You can set a lifetime on the data and delete them at the due date.
It goes without saying that your record of processing is now much in much better shape.
Learn the first easy steps to get started
Grab your 7 actionable steps cheatsheet