Skip to content

Dis­patch of per­son­al data by e‑mail

Emails are part of every­day life today. Many con­tain per­son­al data, often par­tic­u­lar­ly sen­si­tive data. As a rule, e‑mails are sent unen­crypt­ed. How­ev­er, send­ing an unen­crypt­ed e‑mail is less secure than send­ing a post­card because:

  • emails can be inter­cept­ed, read or mod­i­fied with lit­tle tech­ni­cal knowledge;
  • emails can be eas­i­ly searched for key terms;
  • Inter­net providers based in Switzer­land are oblig­ed to retain e‑mails for six months and to dis­close them to the author­i­ties if necessary.

pro­vi­sions of the Data Pro­tec­tion Act (nDSG).

It is impor­tant to know whether it is “ordi­nary” per­son­al data, par­tic­u­lar­ly sen­si­tive per­son­al data or per­son­al­i­ty pro­files. The sender is respon­si­ble for the data pro­tec­tion-com­pli­ant pro­cess­ing of the per­son­al data and com­pli­ance with the data pro­tec­tion pro­vi­sions and is oblig­ed to pro­vide evi­dence. The sender is oblig­ed to take all mea­sures to pro­tect the data against loss, theft and unau­tho­rised access or pro­cess­ing. When send­ing per­son­al data in sen­si­tive areas such as health­care, the per­son­al data in ques­tion is always par­tic­u­lar­ly wor­thy of pro­tec­tion, as the mere fact that some­one is a client/patient of the organ­i­sa­tion in ques­tion is par­tic­u­lar­ly wor­thy of protection.

The fol­low­ing prin­ci­ples apply to the use of e‑mail

  • Use as lit­tle per­son­al data as pos­si­ble. (data minimisation).
  • The data proces­sor is respon­si­ble for the law­ful, appro­pri­ate and pro­por­tion­ate han­dling (e.g. access autho­ri­sa­tion, updat­ing or deletion).

Since mis­di­rect­ed e‑mails pose a con­sid­er­able risk, address­es must be cho­sen care­ful­ly. Automa­tisms or “con­ve­nience func­tions” should be avoid­ed wher­ev­er possible.

  • No par­tic­u­lar­ly sen­si­tive per­son­al data or pro­files should be processed or stored on pri­vate devices.
  • Not every­thing that is tech­ni­cal­ly pos­si­ble is also permitted.
  • E‑mails should not con­tain any infor­ma­tion about pass­words, accounts, cred­it cards or oth­er access data such as user IDs.
  • No large amounts of data should be scattered.
  • Only select and use known distributors.

Emails from data sub­jects are gen­er­al­ly per­mit­ted. If you receive an email from a per­son, you may reply by email on the basis of their tac­it con­sent. An excep­tion to this is replies that con­tain par­tic­u­lar­ly sen­si­tive per­son­al data. Encryp­tion or sim­i­lar is rec­om­mend­ed here.

Alter­na­tives to unen­crypt­ed emails

  • Stor­age on data serv­er e.g. Bro­ker­Web or Brief­But­ler (via a link in the message).
  • Encryp­tion at doc­u­ment level
  • Use of an encrypt­ed mail ser­vice e.g. Seppmail

Please note that the use of social media and instant mes­sag­ing e.g. What­sapp or SMS for the trans­mis­sion of per­son­al data must be avoid­ed. What­sapp or SMS for the trans­mis­sion of per­son­al data must be avoid­ed. The postal ser­vice is par­tic­u­lar­ly rec­om­mend­ed for very sen­si­tive data.

Secure exchange with BrokerWeb

 

The Bro­ker­Web cus­tomer por­tal enables the exchange of infor­ma­tion, doc­u­ments and data between bro­ker and cus­tomer in the same way as e‑banking. Trans­mis­sion takes place via a secure con­nec­tion that does not allow exter­nal access.

Mail syn­chro­ni­sa­tion with BrokerStar

 

The Mail Sync mod­ule in Bro­ker­Star con­tains two func­tions that work with Out­look and oth­er mail pro­grammes such as GMail.

Der E‑Mail-Sync allows you to send and receive mails from Bro­ker­Star. Mails are then stored in Bro­ker­Star and in the mail pro­gramme Der Ter­min-Sync syn­chro­nis­es appoint­ments, tasks and address­es from Bro­ker­Star into the mail program.

Mail dis­patch with BriefButler 

Brief­But­ler is a ser­vice soft­ware that deliv­ers doc­u­ments from Bro­ker­Star, Word and oth­er pro­grammes to the recip­i­ent either via a secure por­tal or by let­ter post with­out print­ing. The recip­i­ent does not need any sep­a­rate soft­ware for decryp­tion. Data pro­tec­tion-com­pli­ant and inex­pen­sive per con­sign­ment from CHF 0.41.