I interpreted the policy as a should and not a must. IMO, the requirement is to have a policy and make a “reasonable effort”.
None of this matters. The point is that email can be “secured”; at least enough for most use cases. Although teams and platforms like teams can be “more secure” by default, they lose their utility operating in isolation.
I think it’s more that GDPR gives a cause of action in the event of a breach, after which it would be pretty easy to argue that unencrypted email wasn’t a reasonably secure way to store users’ data.
Signal can make audio and video calls. I use that feature quite often.
Yes, if email is encrypted prior to sending then, under normal conditions, it should be secure until it reaches the recipient. At that point it is out of your control and you have no assurance of anything.
Standard email is never secure for the same reason. You have no control over messages sent to you or the ones you create once you click Send.
Yes. Encryption was mentioned and that is one of the methods used to “secure” email. Once you give another party access to your data you have no assurances, no matter what the transport mechanism is.
Guys… there is no secure. There’s only “inconvenient to access”.
That one is indeed tricky. They wrote a couple of blog posts on the topic that help undertand what they can protect from and what you can do against threats they can’t protect you from. You might want to read these before switching to another provider (and get educated on the actual practices of your potential new provider). If you’re a US resident though, ProtonMail is probably difficult to beat.
Bingo. It’s all risk (or effort)/reward. And I think “secure” tends to, colloquially, describe the point where the amount of reward is outweighed by the level of risk or effort.
If I put a $50,000 home security system in my apartment, the hassle to bypass it would be much, much more than the value of anything one might find within. But put that same security system in a museum with priceless antiquities, and it might be wholly inadequate to the task.
Does iMessage pale in comparison? Even Telegram?
Well at least it only took them 5 years to discover. That should bolster confidence in their security practices.