
Denmark’s Data Protection Authority Datatilsynet has published an article emphasizing the importance of providing encrypted means for communicating personal information:
- Authorities and companies must, as data controllers, ensure — on the basis of an assessment of the risk to citizens’ rights — that they establish appropriate security measures. This means, among other things, that authorities and companies are responsible for establishing secure transmission solutions that address the identified risks to citizens — not only when they send information to citizens, but also when they collect information from citizens for the processing of a case or service.
- An authority or company is not responsible for the method of transmission if the citizen sends information of a confidential or sensitive nature unsolicited via an unencrypted connection, or if the citizen — despite an invitation to send the information encrypted — still uses an insecure method of transmission.