Who needs Trustner?

Trustner is an easy-to-use and end-to-end encryptedcommunication service.

Professionals and organizations can safely communicate with their customers, clients and anyone asking for confidentiality. Trustner provides data protection concepts for state privacy authorities and other interested parties.

Today´s professional world could not function without Internet communication. In cases where privacy and data security is of the utmost importance, sharing information via Trustner is a better option than traditional e-mail: Trustner encrypts all content, while e-mail does not. Furthermore, communicating in small or large groups is made much more comfortable with Trustner, especially when contacts outside administrated environments like a hospital or a law firm are involved.

In a number of professional areas there are written and unwritten codes of conduct for communicating with others. In many countries there are even laws that punish professionals who reveal trade or personal secrets – or allow that to happen.

As the risks of unencrypted electronic communication have become more obvious, the rules and regulations for the protection of privacy and the conservation of confidentiality  have begun to evolve.

The Trustner team has put together a list of people and professions who have a particular obligation to protect shared information. The information given below is mainly a collection of links to other sources and applies mainly to the US. If you are interested in more information, contact your national regulator or your professional standards organization.

Of course, you do not need to be a professional to use Trustner. You can use it as a private individual, and free of charge too.

Do you have questions or comments? Please use the feedback function in Trustner or send us an e-mail to

info(at) trustner.com.

Data protection officers

In general, the responsibility of data protection officers is to ensure that the members of an organization – public or private – respect all relevant data protection obligations and that data subjects are informed of their rights and obligations pursuant to all applicable privacy rules and regulations.

Some countries, like Germany or France, have privacy laws that explicitly require organizations of a certain size or reach to appoint a data protection officer. It is their task to keep a public register of the data processing operations carried out by the organization and the rules by which the data is processed and stored.

Electronic communication is an area in which encryption is becoming a professional standard that data protection officers are pushing for.

Doctors

Doctors and other health care providers operate under the Health Insurance Portability and Accountability Act (HIPAA) that ensures the privacy and confidentiality of patient-related health (care) information.

With regard to electronic communication the U.S. Department of Health & Human Services is relatively tolerant: “The (HIPAA) Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so...Further, while the Privacy Rule does not prohibit the use of unencrypted e-mail for treatment-related communications between health care providers and patients, other safeguards should be applied to reasonably protect privacy, such as limiting the amount or type of information disclosed through the unencrypted e-mail.

Still, HIPAA postulates that secure electronic methods should be offered and accommodated for if the use of unencrypted e-mail is unacceptable to a patient who requests confidential communications. 

Financial sector professionals

In general, bank secrecy is a victim of the war against terror: „The United States' Bank Secrecy Act (or BSA) requires financial institutions to assist government agencies to detect and prevent money laundering. Specifically, the act requires financial institutions to keep records of cash purchases of negotiable instruments, file reports of cash transactions exceeding $10,000 (daily aggregate amount), and to report suspicious activity that might signify money laundering, tax evasion, or other criminal activities.”

Specifically the 2001 USA PATRIOT Act created many new rules for American banks in an attempt to prevent bank secrecy.

On the other hand, the US Department of Justice warns that „the Internet has become an appealing place for criminals to obtain identifying data“ who use these data for „false applications for loans and credit cards, fraudulent withdrawals from bank accounts“.

The American Bankers Association (ABA) therefore recommends: „To help ensure users’ safety while offering the convenience of online banking, financial use sophisticated technology and monitoring techniques ... methods of securing customer data include multifactor authentication, encryption, privacy policies ... and more.“

Journalists

By law, journalists in many countries cannot be forced to identify their sources. In the US this is called reporter´s privilege and it presumably made possible the uncovering of the Watergate scandal, among other such incidents.

When communicating via the Internet journalists are called upon to use encrypted means of communication. Today this may even be a condition for a potential source to come forward with information. Glenn Greenwald, the journalist Edward Snowden turned to, is a good witness: He had to install PGP on his computer before he could communicate with Snowden; since he initially didn´t know how to do it, the process of getting together took several months.

Lawyers

Lawyers are often required by law to keep anything pertaining to the representation of a client confidential. The confidentiality obligation is much broader than the attorney–client evidentiary privilege, which only covers communications between the attorney and the client.

When communicating electronically, caution is required. Last year, “an American law firm was monitored while representing a foreign government in trade disputes with the United States. The disclosure offers a rare glimpse of a specific instance in which Americans were ensnared by the eavesdroppers, and is of particular interest because lawyers in the United States with clients overseas have expressed growing concern that their confidential communications could be compromised by such surveillance.”

At least in some commercially significant cases, the „expectation of privacy“ seems to have given way to the “expectation of surveillance”. As one American lawyer puts it: “Attorneys who believe their clients might be targets of government surveillance should inform their clients of the risks and consider using more secure methods of communication (such as encryption) or, at a minimum, get the client’s written consent to continue using unencrypted emails.”

Persons with security clearance

The Wall Street Journal recently published that 3.5 million people in the US hold secret government security clearance, quoting figures from the Office of the Director of National Intelligence. Two thirds of those – about 2.7 million – are government employees. About 580,000 are contractors. Another 1.4 million people, including more than 483,000 contractors, hold higher-level top-secret security clearance that gives them access to information of a more sensitive nature.

Everyone with security clearance has to follow guidelines in dealing with confidential information.  Noncompliance with security regulations raises doubts about an individual's trustworthiness, willingness, and ability to safeguard classified information. Unauthorized disclosure of classified information can raise a security concern and may lead to the loss of the security clearance. Encryption of electronic communication demonstrates a professional degree of trustworthiness. 

Pharmacists

In the US, pharmacists and other health care providers are required to follow the Health Insurance Portability and Accountability Act (HIPAA). In short, HIPAA demands confidentiality and privacy when dealing with customers and patients.

A violation of HIPAA and other statuary duties concerning privacy can lead to major legal problems as observed in 2013: “As HIPAA continues to receive attention from trial lawyers seeking to establish the standard of care in negligence and professional liability cases involving the improper disclosure of health information, healthcare providers must be aware that, depending on the law of the state in which they are licensed, their potential liability for HIPAA violations could extend beyond civil monetary penalties.“

In regard to email, here is a note from CVS Pharmacy, the largest pharmacy health care provider in the United States: “In order to protect your privacy, CVS/pharmacy cannot discuss any type of personal health information through email.“

Priests

Wikipedia has the following entry under the heading “Priest-penitent privilege”:

“According to former U.S. Supreme Court Chief Justice, Warren Burger, “The clergy privilege is rooted in the imperative need for confidence and trust. The privilege recognizes the human need to disclose to a spiritual counselor, in total and absolute confidence, what are believed to be flawed acts or thoughts and to receive consolations and guidance in return.”

A priest has a duty to hold in confidence any information obtained during a counseling session. A priest who violates this trust might be on the losing end of a lawsuit for the invasion of privacy or defamation.

The First Amendment is largely cited as the jurisprudential basis. The earliest and most influential case acknowledging the priest–penitent privilege was People v. Phillips (1813), where the Court of General Sessions of the City of New York refused to compel a priest to testify. The Court opined:

“It is essential to the free exercise of a religion, that its ordinances should be administered—that its ceremonies as well as its essentials should be protected. Secrecy is of the essence of penance. The sinner will not confess, nor will the priest receive his confession, if the veil of secrecy is removed: To decide that the minister shall promulgate what he receives in confession, is to declare that there shall be no penance...”

Private individuals

Private individuals should apply common sense when using the Internet for communication. If there is nothing to hide, like making an appointment to go to a soccer game, unencrypted email, Facebook, etc. seem ok.

However, all data shared via these services is processed to create user profiles, which are then used to place user-targeted advertisements. This can significantly limit the online experience of a user. For example, owners of an Apple device will not get cheap hotel or flight offerings. Or a user will find it difficult to get insurance if they display risk-taking behavior in their exchange with others.

One does not have to be paranoid to find some online privacy appropriate. It may just be good judgment.

Social workers

The US National Association of Social Workers (NASW) has written itself a Code of Ethics in which privacy and confidentiality are listed among the key responsibilities of every social worker. In chapter 1.07 it says:

Social workers should protect the confidentiality of clients’ written and electronic records and other sensitive information… [and they] should take precautions to ensure and maintain the confidentiality of information transmitted to other parties through the use of computers, electronic mail, facsimile machines, telephones and telephone answering machines, and other electronic or computer technology.”

Encryption of communication is one of the measures asked for.

Teachers

Teachers have a responsibility to make sure that personal information about school children and students is accurate and that access is restricted to individuals with a justifiable purpose. This principle is laid down in the Family Educational Rights and Privacy Act (FERPA), and other US laws.

Over the last decade teachers have increasingly been using email to communicate with parents about their children. As an addition to face-to-face communication email has sometimes resulted in better school performance. Because of this, some school districts have guidelines for email as a means of teacher-parent-communication.

However, the positive effects of electronic communication have to be balanced with the risks of exposing student-related information on the Internet. An admonition from a school district in support of email communication states: ”All e-mails that reside on the District servers may not be confidential. E-mail messages may be requested by the public under the Right-To-Know Law and may, unless they are exempt under the law, be open to public inspection.”

Tax professionals

Personal tax return information is confidential. In the US, the federal tax law forbids the Internal Revenue Service (IRS) and tax professionals to disclose tax information to any third-party without explicit consent of the tax payer.

In 2013, the IRS warned tax preparation professionals that the security of taxpayer accounts and personal information should be a top priority. In its documents Publication 4557 and Publication 4600 the IRS provides information on requirements to safeguard taxpayer information and safeguarding techniques.

Specifically, it is recommended to tax professionals that they use encryption of taxpayer information during electronic transmission and storage.

Whistleblowers

Many countries have some sort of protection for individuals who „expose misconduct, alleged dishonest or illegal activity occurring in an organization“ (Wikipedia). However, history is full of cases where no protection was given. When communicating electronically, persons trying to blow the whistle are well advised, not to use unencrypted email.

Edward Snowden said 2013 in an interview with the Guardian:“Encryption works.“