Score One for Minnesota DLI: Getting it Right with Encrypted Email
A document that recently landed on my cluttered desk restores my faith in mankind – well, at least in mankind's ability to properly manage its email – and if so only in Minnesota. Regular readers of this blog (both of you) may remember that I have a tendency to rail against state agencies that either recommend or require people to use email to submit sensitive documents, while providing no encryption method for that transmission. Specifically, I have mentioned by name the state of South Carolina and the New York Workers' Comp Board.
The document, printed from the State of Minnesota's website, tells me that we have found one state agency that gets it, and is moving in the right direction. The Minnesota Department of Labor and Industry uses the state's encryption system for email. Users getting email from MN DLI have to set up an account with the Microsoft Exchange Hosted Encryption Service in order to be able to “unlock” and read the message. Users only need to register once, and just be able to remember a password when prompted after that. Any reply to that email will automatically be encrypted for the return trip. It is not a perfect system, and theoretically someone who intercepts a secure email might be able to register to read it – I don't know. But they would have no clue what was in there until they did, and “packet sniffers” (used to scan electronic transmissions) would have no way of selecting those emails with potentially sensitive information.
Most people do not realize how unsafe email can be. It is NOT a means for the transmission of sensitive or personal data; at least not in an unencrypted form. Frankly, I would prefer a secure web based portal for the uploading of documents to the state, but in the absence of that, Minnesota's efforts go a long way to solving the security issue some states face.
The Minnesota website makes no mention of unsolicited or original emails sent to them. As far as I can tell, they do not have a method to force encryption on those types of emails. As long as the state is not setting up a system asking people to send documents that way, I don't see a problem.
As I said, it's not perfect, and a bit cumbersome, but it is a great start. It's official. This week I love Minnesota.
Be the first person to comment!
You must Login or Register in order to read and make comments!
Robert Wilson is President & CEO of WorkersCompensation.com, and "From Bob's Cluttered Desk" comes his (often incoherent) thoughts, ramblings, observations and rants - often on workers' comp or employment issues, but occasionally not.
Bob has a couple unique personality characteristics. He firmly believes that everyone has the right to his (Bob's) opinion, and while he may not always be right, he is never in doubt. Enter at your own risk, and like all of our blog areas, we encourage you to read the disclaimer at the bottom of the page.
We're not responsible for this guy.....
Bob is an accomplished speaker for the workers' compensation industry. He is available for conferences, corporate events, children's birthday parties and Bar Mitzvahs. You may access his Speakers Brief here.