This article discusses what types of email encryption are sufficient to comply with government regulations. TLS email encryption is a good option for many organizations that manage sensitive data. However, it does not protect data at rest. Each organization must perform a risk assessment to determine which encryption methods suit their legal requirements.
Read the rest of this post »
We have long held that leaving it to each sender/employee to properly enable encryption for each sensitive message (a.k.a “Opt In Encryption”) is too risky. Why? Any mistake or oversight immediately equals a breach and liability.
Instead, LuxSci has always promoted use of “Opt Out Encryption,” in which the account default is to encrypt everything unless the sender specifically indicates that the message is not sensitive. The risk with Opt Out Encryption is very much smaller than with Opt In. (See Opt-In Email Encryption is too Risky for HIPAA Compliance).
The problem is: many companies use Opt In Encryption because it is convenient when sending messages without sensitive information — you just send these messages “as usual,” without forethought. These companies are trading large risks in return for conveniences.
LuxSci has solved the “Opt In vs. Opt Out” conundrum with its SecureLine Email Encryption Service. You could say that SecureLine enables the “Next Generation” of Opt In Email Encryption — combining both usability and security.
Read the rest of this post »
