I’m helping a member of our extended family close out an estate in the coming months and will be sending lots of forms back and forth between legal folks and financial institutions with sensitive data on it (social security numbers, etc.)
Trying to find a good balance between keeping data somewhat secure in transit (mostly email) but also easily viewed by a receiving party that likely won’t be very tech savvy.
In the past, I’ve handled this balance by placing PDFs with sensitive info into DropBox folder and just shared the link via email with the relevant party – and then use a Hazel rule that goes in and automatically deletes the DropBox file after 7 days so the link vanishes.
I’ve also done password protected PDFs before, but have found that to often be more trouble than it’s worth since inevitably the document needs to be read by someone else in the agency/institution and the password doesn’t get to them, causing frustration for everyone.
Just curious if anybody has a cool workflow for this or a service they trust (something like OneTimeSecret does for passwords). Realizing as I write that I could probably put DropBox link in OneTimeSecret also/instead.
Wondering how other folks handle stuff like this. Thanks in advance for suggestions!
No, it does not require the other person to be using iCloud in my experience. There are a variety of settings to control whether you’re sharing it as read-only or editable, whether they can share it with others, etc.
I’d be inclined to set them up with Signal and send the PDFs as file attachments. Once it’s installed it’s as easy to use as texting, and it’s cross-platform so it doesn’t require them to use Apple devices.
You know who you’re sending them to better than I do, of course, but I’ve gotten a number of non-geeks friends and family to start using Signal. It’s no harder to use than WhatsApp, but much more trustworthy.
From my perspective, it seems you consider email to be “somewhat secure” and your worries are about the receiving party. It is my opinion, and seems you also see it this way, that throwing technology for privacy is going to be more a problem than a solution.
So I would switch the angle: if you are working with legal teams and financial institutions, they should be the ones that provide the tools or guarantee the privacy of the data you are sharing with them because it’s their business. What is their personal data protection policy? When was their last audit? How do they guarantee that no one else has access to that data? What guarantees they offer that the information shared with them will be destroyed when it is no longer necessary? Do they provide some kind of “data room” solution like Intralinks precisely for these cases?
If they do not have clear and solid answers to these, perhaps it’s a matter of switching.
Thanks for the reply. I’m in agreement with you on most of the above, just often not practical to change who I’m working with. For example, I’m a power of attorney for an extended family member and can’t change what financial institution they already have their accounts with…so need to work with the relationships already there.
The part I can control is how secure data is in transit to them, thus the original question. The 1Password option mentioned earlier will work great for this, actually…