Attorneys have legal a duty *not* to send especially sensitive, confidential information using unencrypted email. That makes sense for other people, too.
The American Bar Association's Formal Opinion 477 states:
"At the beginning of the client/lawyer relationship, the lawyer and client should discuss what levels of security will be necessary for each electronic communication about client matters."
So, you should inform clients that you need to send and receive particularly sensitive communications using encryption.
Your clients (and possibly you!) may find it confusing and difficult to transfer documents and messages securely. Ideally you would use a secure client portal for that purpose. You might also use a secure email service.
But let's assume you don't have a portal or secure email.
What is a simple, secure way to send a client a document containing sensitive information?
Answer: A locked (encrypted) PDF file.
How do you lock a PDF file? You have these options and more:
- If you have paid Adobe Acrobat or another paid PDF program, you can use its Security or Protect feature to add an Open password to a PDF file.
- If you only have PDF reader software, you can install the free version of PDFMate PDF Converter. [https://www.pdfmate.com/pdf-converter-free.html] It can lock PDF files with passwords.
- With MS Word, you can save a document as a PDF and lock it by following these steps: Save As > Save as type: PDF > Tools button > General Options > Password to open > enter password.
Once you've locked a PDF file, you can send it via email. But you can't include the password in that email!
The internet does not protect your emails as they travel between you and your client. Furthermore, you don't want the document and its password hanging around together in your client's email folders, your Sent folder, and who-knows-what backups.
Typical methods of communicating a password are inconvenient or insecure.
- You don't want to waste time playing phone tag.
- You don't want to leave a password on voicemail if someone else might have access.
- Good passwords can be annoying to say over the phone: So many letters sound alike, especially on cell phones.
- Sending via text message far safer than via email, but still not especially secure.
Here is a safe method to send a password conveniently: Use www.onetimesecret.com. It's free and easy. You don't need to create an account to use it.
Why on earth should you trust an unknown website with your password?
- Your password or message is encrypted before it leaves your computer.
- All traces of it are destroyed immediately after the recipient views and closes message webpage.
- The owner of the website has no information about who created the password or what it is for.
- Even if they did compromise it, they wouldn't know where to use it.
Simple:
- Go to www.onetimesecret.com
- Type a strong password, such as: ru$toF4iem
- Click: Create a secret link
- Copy the link, for example:
https://onetimesecret.com/secret/fd6qcrpprds8a4y0mrwc91ie3cv8xae - Email the link to your client.
The client will only be able to open the link only once. They cannot copy and paste the password, but need to write it down or print the webpage to preserve it. To be super safe, you could send the OneTimeSecret link first, asking the recipient to confirm receipt via email. The send the locked PDF file attached to a reply.
Once opened, the webpage with the password cannot ever be displayed again. If you click the above sample link, you will see it opens the generic Unknown Secret Message webpage, not a page showing a password.
OneTimeSecret.com works like the tapes in the old Mission Impossible series: "This tape will self-destruct in five seconds." Fizz! Your recipient has more than five seconds, but once the webpage with the password is closed, it is gone for good.