When to encrypt documents

Encrypt documents

Encrypting documents is equivalent to providing them with additional security, since the person who sends the document with the information contained therein renders it unreadable, so that the recipient of the document can only access it if he/she decrypts it, for example by means of a previously known password.

Therefore, document encryption makes it possible to control access to information and prevents loss of confidentiality in the event of unauthorized access, loss or theft of the document.

When should we encrypt our documents?

Article 32.1 of the GDPR establishes, among other cases, that taking into account the risks to the rights and freedoms of individuals, it will be necessary to implement appropriate measures to ensure a level of security appropriate to the risk.

In other words, the greater the risk to the rights of the persons concerned, the greater the security measures must be, since, obviously, a loss of confidentiality of a telephone number is not the same as a loss of that person’s health data. obviously, a loss of confidentiality of a telephone number is not the same as a loss of a person’s health data.

It is obvious that exposing a person’s data to other unauthorized persons entails a loss of confidentiality, but the damage to confidentiality will be much greater when the data is more sensitive.

Therefore, the regulations leave it up to the data controller to implement such security measures, and encryption is a good option.

However, in addition to encryption, there are other measures with the same effectiveness that allow us to comply with data protection regulations, such as pseudonymization, anonymization and others.

Although the data that are commonly encrypted are those denominated as special category data (art. 9 of the RGPD), it is very common to encrypt other documents such as pay slips, because in addition to personal identification data, there are others such as the social security number and others that provide a profile of this person, in this case an economic profile (purchasing power), job profile (position, performance), liens, among other data that can create a very complete profile of a person, which would be a significant aggravation for the person concerned.

Actual penalty

Sending unencrypted information may be grounds for a complaint, and subsequently, for the imposition of a fine or warning, in the case of a Public Administration.

A recent case has been analyzed by the Catalan Data Protection Authority(APDCAT), in its Resolution PS 40/2024, where an expert of the Criminal Technical Advisory Team of the Department of Justice of Girona, being already retired, received in her personal e-mail, about fifteen confidential reports of expert victims, without using any encryption technique to prevent access to such information.

Business Adapter at your disposal

If we have to share documents where special category data is reflected, encryption becomes a requirement, since unauthorized access to this data may result in a penalty for our company.

If you need to know more about encryption, pseudonymization, anonymization and other techniques, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!