Plenty of laws and regulations place privacy constraints on electronic information, such as HIPAA and PCI-DSS.
Information is transferred in many ways, and file transfer via email is one of the most common. From the privacy compliance standpoint, email-based file transfer is a problem. For example:
- There's no ability to define privacy compliance policy, and apply it. Users do what they want.
- It's hard to work out who transfered what files, when.
- Users can change files that have been transferred.
Vendors such as Symantec/Vontu are responding to help fix the situation. This will help. So will using non-email-based file transfer, such as the FTP-based solutions from Ipswitch.
... David Ferris