New data protection law will not prevent possibility of human error
The new currently being drafted Finnish data protection law is meant to prevent leaks of confidential information. The law would allow an employer to investigate where an employee sends e-mails, to a limited extent. However, increased monitoring is still not enough to address the real problem, believes Jari Holmborg of Deltagon Group.
Electronic communication always carries a certain amount of risk even without criminal intent, if the content is not secured. Who would be responsible for an information leak, if an employee's non-malicious actions lead to confidential information arriving in the wrong hands?
Mr. Holmborg reminds us that a majority of information leaks happen because of human factors. "Only around one in four leaks are done purposefully," he says.
E-mail is used to send even highly confidential information, and its reliability is rarely put in question. However, unlawfully accessing another person's e-mail is very simple. Mr. Holmborg emphasizes the fact that it is the responsibility of an employer to protect both his own and his employee's back from possible repercussions resulting from an information leak.
"An employee should not be charged with breaking confidentiality if there was no criminal intent," says Mr. Holmborg. "The responsibility of determining what is confidential and providing the means available for secure communication belongs to the employer. This is the key for communicating securely."
Confidentiality a given in the insurance business
Insurance companies have long had their electronic communication policies dictated by the Federation of Finnish Financial Services. In spite of this, working implementations of e-mail confidentiality products are not widely used.
Among insurance companies, Fennia has been using Deltagon Group's confidentiality solutions since 2005.
"At our first meeting, a representative of Deltagon Group said the recipient of a secure e-mail message needs nothing more than a simple web browser," says Elina Salmi, head of security at Fennia. "Our e-mails are always sent secured with our partners whom we have agreements with. This effectively removes the possibility of human error, since deciding the level of confidentiality of an e-mail message is not up to the employee."
The most important factor for Fennia is simply the existence of a secure e-mail communication solution. The staff at Fennia has been trained to understand the importance of electronic communication confidentiality. Bringing their e-mail communication solution into routine use at Fennia has greatly been helped by the ease of use of Deltagon Group's solution.
Encryption no longer cryptic
Even though no one disputes the importance of e-mail confidentiality, even professionals hold the opinion that using encryption is complicated and time-consuming. There have been few solutions on the market suitable for large organizations.
Deltagon Group's D3 system's main strengths are its ease of use and scaleability. No additional staff training is required to use the system. It is also widely compatible with common e-mail softwares, and requires no software installations for the recipient.
The D3 solution is based on an "e-mail envelope" system. An e-mail message is encrypted and temporarily saved into the system, from which it can be retrieved by the recipient using a simple hyperlink. Additional authentication methods, such as SMS messages, are also available.
