The California Consumer Privacy Act (CCPA) and EU’s General Data Protection Regulation (GDPR) are two recent data protection regulations that affect all businesses. The aim of these regulations is to give consumers knowledge and control over the data that companies have on them.
The impact on businesses is that companies must now do more to tell customers about what data they have on them and take active actions to ensure that the data is not accidentally shared with the wrong people.
So what does this mean for email?
Despite the growth of other forms of communication, emails is still the main medium of business communications.
While it is very difficult to stop intentional misuse of personal data, businesses however, need to take steps to prevent employees from accidentally sending information in emails and attachments to unintended recipients.
Two of the main ways that information can end up being emailed to the wrong people are:
- The email gets addressed to the wrong recipient. This is fairly easy to do particularly with features such as Outlook’s Autocomplete which lets users choose email addresses as they type.
- An attachment is selected accidently and sent out with an email.
Automating Email Security and Data Loss Prevention
In order to prevent users from mistakes of the above kind, it is useful for the company to add tools to Outlook that will:
- Scan emails and attachments and warn the user if it finds potentially sensitive content (credit card numbers, personal health information, social security numbers etc.).
- Get users to quickly check and verify recipients before emails are sent out. Additional information such as the number of domains the email is going out to can also flag a potential mistake to the user.
- Provide users the means to verify (by viewing if needed) attachments before they are sent out.
It is also important that the tools while providing security for the business do not have a negative impact on productivity.
For this reason, client based tools are preferred as they can give the user immediate feedback and allow changes before the emails are sent out. Server based tools can still be used to provide a second layer of protection, if needed.
While it is possible that user mistakes could still occur, the deployment of DLP tools such as those described above will serve as proof that the company has taken active steps to protect users and consumers from such mistakes. This can be further reinforced if the deployed tool keeps a log of emails that the user has agreed to send out after viewing a confirmation prompt.
SendGuard for Outlook is an Outlook DLP addin that protects users and companies from the mistakes described in this article. It has already been deployed to thousands of Outlook users in many law and financial firms around the world.
Learn more about SendGuard for Outlook by clicking on the image below.