Back to Blogs

Study Finds Inconsistencies in Regulations that Govern Email Communications

In a recent cyber security report prepared by Kevin Salinas titled “Comparison of Privacy Laws & Regulation Across Sectors” via SideDrawer, some alarming and interesting details about email phishing, data security, and identity theft were discovered in regulations surrounding email communications for businesses. Namely, many major financial and government institutions boast inconsistent or non-existant regulations for sending financial documents via email.

The research study was conducted across multiple sectors and includes information from various global agencies. The Internal Revenue Service (IRS) Office of Safeguards has noted in the past a few protocols to follow when transferring sensitive electronic documents. Namely, documents are expected to be compressed and protected with 256-bit encryption. However, information in email bodies cannot be encrypted. This is generally considered to not be efficient enough for financial communications. As a result, sending sensitive information through plain text emails is not permitted via IRA rules.There are additional inconsistencies in email protocols for other institutions as well. The EU GDPR does not specifically identify how personal data can be sent via email. The PIPEDA also does not have any public information available that identifies how electronic patient data can be sent securely over email. To put it simply, the lack of guidelines and abundance of generic guidelines don't particularly help the public understand how to send sensitive information safely via the internet. If major financial and government institutions cannot provide this information, it's no wonder than smaller financial institutions suffer from consistent issues with email compromisation and cyber attacks. In fact, business email compromise attacks have been on the rise around the globe. Major attacks often involve phishing, or the practice of impersonating a financial institution or advisor in order to obtain sensitive information from clients via email.Personal data is unversal, and there are various ways to protect it. With the gaps in guidelines from major financial instiutions and inconsistencies, it's clear that there are no concrete regulations that designate what should be sent via email and how it can be efficiently protected. It’s clear that it’s difficult, if not impossible, to have completely secure email communications with clients in the financial sector. It certainly makes sense-- if you wouldn’t email your credit card number via your email client, why would you want to email your tax statements to a financial advisor? It’s clear that there is a growing need for software like SideDrawer to provide safer environments for clients and advisors to share sensitive documents.Third-party platforms that focus on proper protection of sensitive financial documents are not only easy to use, but offer the kind of cybersecurity protection that email cannot provide. Phishing attacks are more or less erradicated through the use of secondary platforms. In the age of remote financial advisory, many financial advisors have opted to use email for improved communications between clients and their families. The growing use of email in liu of in-person meetings could be devastating as hackers continues to find new adaptable ways to steal private informations from email accounts. If a third-party platform like SideDrawer were to be adopted on a mainstream level, we would likely see this trend of email insecurity reduce significantly.