In the information age, organizations of all types have come to rely heavily on electronic mail (email) for conducting business. Email allows a person to communicate, through a computer network, with anyone in the world quickly. This seemingly instantaneous communication enhances productivity within an organization as well as facilitates communication externally. Organizations communicate externally with, for example, clients, business partners, suppliers, distributors, accountants, and attorneys. These electronic communications have become vital to organizations.
However, one problem with the extensive use of email to conduct business is that email often contains confidential information. The disclosure of confidential information can lead to legal liability or result in both financially and reputation damage. Some examples of confidential information include government mandated confidential information, such as, health information protected under the Health Insurance Portability and Accountability Act or personal finance information as protected under the Gramm-Leach-Billey Act. In addition, there are numerous other forms of information that must be protected from disclosure to third parties, such as, attorney-client communications and trade secrets.
Usually, information contained in email is not securely encrypted before being transmitted, therefore creating a risk that confidential information could fall into unauthorized hands. Often information in an email is sent without much thought or concern placed on whether or not confidential information is contained therein. In general, organizations as a whole are unaware of both the nature and amount of confidential information being transmitted though their email systems. As a result, organizations are unable to develop effective and efficient strategies for dealing with the transmission of confidential information.
While it is possible to develop a system that securely encrypts all outgoing email, these systems reduce efficiency by devoting time and resources to encrypting email that does not contain any confidential information, and thus delay potentially time sensitive communications needlessly. Additionally, if all email is encrypted recipients require the ability to decrypt the email.