Dispatch of personal data by e‑mail
Emails are part of everyday life today. Many contain personal data, often particularly sensitive data. As a rule, e‑mails are sent unencrypted. However, sending an unencrypted e‑mail is less secure than sending a postcard because:
- emails can be intercepted, read or modified with little technical knowledge;
- emails can be easily searched for key terms;
- Internet providers based in Switzerland are obliged to retain e‑mails for six months and to disclose them to the authorities if necessary.
provisions of the Data Protection Act (nDSG).
It is important to know whether it is “ordinary” personal data, particularly sensitive personal data or personality profiles. The sender is responsible for the data protection-compliant processing of the personal data and compliance with the data protection provisions and is obliged to provide evidence. The sender is obliged to take all measures to protect the data against loss, theft and unauthorised access or processing. When sending personal data in sensitive areas such as healthcare, the personal data in question is always particularly worthy of protection, as the mere fact that someone is a client/patient of the organisation in question is particularly worthy of protection.
The following principles apply to the use of e‑mail
- Use as little personal data as possible. (data minimisation).
- The data processor is responsible for the lawful, appropriate and proportionate handling (e.g. access authorisation, updating or deletion).
Since misdirected e‑mails pose a considerable risk, addresses must be chosen carefully. Automatisms or “convenience functions” should be avoided wherever possible.
- No particularly sensitive personal data or profiles should be processed or stored on private devices.
- Not everything that is technically possible is also permitted.
- E‑mails should not contain any information about passwords, accounts, credit cards or other access data such as user IDs.
- No large amounts of data should be scattered.
- Only select and use known distributors.
Emails from data subjects are generally permitted. If you receive an email from a person, you may reply by email on the basis of their tacit consent. An exception to this is replies that contain particularly sensitive personal data. Encryption or similar is recommended here.
Alternatives to unencrypted emails
- Storage on data server e.g. BrokerWeb or BriefButler (via a link in the message).
- Encryption at document level
- Use of an encrypted mail service e.g. Seppmail
Please note that the use of social media and instant messaging e.g. Whatsapp or SMS for the transmission of personal data must be avoided. Whatsapp or SMS for the transmission of personal data must be avoided. The postal service is particularly recommended for very sensitive data.
Secure exchange with BrokerWeb
The BrokerWeb customer portal enables the exchange of information, documents and data between broker and customer in the same way as e‑banking. Transmission takes place via a secure connection that does not allow external access.
Mail synchronisation with BrokerStar
The Mail Sync module in BrokerStar contains two functions that work with Outlook and other mail programmes such as GMail.
Der E‑Mail-Sync allows you to send and receive mails from BrokerStar. Mails are then stored in BrokerStar and in the mail programme Der Termin-Sync synchronises appointments, tasks and addresses from BrokerStar into the mail program.
Mail dispatch with BriefButler
BriefButler is a service software that delivers documents from BrokerStar, Word and other programmes to the recipient either via a secure portal or by letter post without printing. The recipient does not need any separate software for decryption. Data protection-compliant and inexpensive per consignment from CHF 0.41.
