emailing pay slip.

monflat

I have 2 jobs both who e mail payslips
One payslip from one company is password protected the other isn't.

I think it should be as if email got hacked etc access to prsi number.
Anyone else in.the same suitation?

salamanca22

monflat wrote: »

I have 2 jobs both who e mail payslips
One payslip from one company is password protected the other isn't.

I think it should be as if email got hacked etc access to prsi number.
Anyone else in.the same suitation?

It is your responsibility to ensure your accounts are secure. Plenty of personal and professional information is sent to and from email addresses everyday and it is hardly ever password protected.

seamus

salamanca22 wrote: »

It is your responsibility to ensure your accounts are secure. Plenty of personal and professional information is sent to and from email addresses everyday and it is hardly ever password protected.

Your account can be secure, but that doesn't mean the delivery path is secure.

That's like saying that if you have a lock on your mailbox, nobody can read your post.

This is where it gets a bit tricky OP. If the payslips are generated and emailed internally within the company, then the data never leaves the company network and strictly speaking your own email account password should be sufficient.

If the payslips are sent by an external company (or sent to an external address), then they should be password protected.

However, even internally an administrator can access and read your email, so IMO a payslip should always be password protected.

Graham

seamus wrote: »

If the payslips are sent by an external company (or sent to an external address), then they should be password protected.

I'm assuming that's your opinion rather than something that's specifically legislated for.

seamus wrote: »

However, even internally an administrator can access and read your email, so IMO a payslip should always be password protected.

Depending on the email system in use that is not necessarily the case.

seamus

Graham wrote: »

I'm assuming that's your opinion rather than something that's specifically legislated for.

It's not specifically legislated for, however there are data protection regulations which this activity would fall under, specifically the requirement to take reasonable measures to ensure that private data is secure.

I'm sure the DPC was asked for guidance, they would tell a company that they are required to password protect these emails in order to protect sensitive data.

Depending on the email system in use that is not necessarily the case.

For email systems hosted internally it would always be the case. Someone has complete access to the data and the master keys of any encryption.

For externally hosted systems like Google mail, admins may not have access to it, but since the data is hosted externally it would be recommended to password protect the email.

Graham

seamus wrote: »

It's not specifically legislated for, however there are data protection regulations which this activity would fall under, specifically the requirement to take reasonable measures to ensure that private data is secure.

While it could be argued that password protection might be a prudent additional measure I've seen no guidance from the DPC that it should be standard practice.

For what it's worth, I agree that it should be standard practice.

seamus wrote: »

For email systems hosted internally it would always be the case.

It may be the case for the most common mail system (Exchange) but it wouldn't be correct to say it is always the case. That's probably why organisation that are particularly security conscious don't use Exchange.

monflat

Ok great thanks for the replies.
They e mail payslips to my personal account. .

They used to do paper slips but refuse to do so anymore.