Trustifi White Paper

E-mail communication is the backbone of modern days business. Billion-dollar decisions are made based on information received via e-mails. It is critical that e-mail is arriving to the right person with the content the sender intended to send.

E-mails are not direct messages between the sender and the recipient. Traditional onpremise or cloud-based e-mail solutions are providing security and integrity of your message only to the point when the message leaves your email exchange.

After the e-mail has left your environment it passes through many other servers, nodes, and gateways on the way to the recipient. All these points are a potential threat to your e-mail content and integrity. Even a small vulnerability at the recipient’s end or a misconfiguration at any of the hosts the message has passed through can expose the content of the e-mail, or give an opportunity to bad actors to modify the content,
without you knowing about it.

You don’t have control over what would happen with your message if it is copied, modified, printed or stored— it is all out of your control. You as a sender can’t prevent recipients from further disseminating e-mail accesses on other devices, thus giving even more opportunity of exposure. The ability to authenticate the recipients to ensure the identity of the intended recipient is not available in a traditional e-mail
environment, therefore necessary compliance requirements that are mandatory in many industries can’t be fulfilled.

Traditional e-mail solutions are not compatible with recent changes in the privacy regulations (CCPA, LGPD) nor with other major compliance regulators (HIPAA, PII, GDPR).

The Trustifi Solution

To provide trackability, encryption, and email security in a single platofrm is the kind of challenge that requires a tremendous amount of resources, knowledge, and time. Trustifi’s secure e-mail architecture provides a simple yet very secure solution for all of the challenges explained above.

The e-mail message from your trusted network of on-premise or cloud-based e-mail servers travels to Trustifi’s secure virtual private cloud storage which is fully encrypted with AES-256 encryption algorithm. The encryption key is your own private key which is stored and managed by Trustifi. Now your data can not be duplicated, hacked, or modified and you can track what is happening with your message.

Trustifi sends a notification message to the recipient about the message you sent to the receiver. The recipient authenticates itself via a secure channel, encrypted by TLS 1.2 and after successful authentication, Trustifi sends your full decrypted message to the recipient. Secure, traceable, confirmed, compliant e-mail delivery: Done.

With Trustifi apps (for Outlook, Outlook 365, Gmail and Trustifi Web Portal) secure e-mail sending and receiving is the easiest to use and deploy email security platform on the market. You can track every step of your message life-cycle including, receive and read confirmation.

For increased security, you can set special attributes of your e-mails like blocking certain recipients to access, the message, set recall date and time, configure expiration date and time.

Recipients can be forced to use multifactor authentication when accessing the messages providing the highest level of confidentiality, security, and integrity of your message life-cycle.

 

---

The first American privacy act issued by the State of California becomes effective by January 1st, 2020. It is affecting both customers and businesses not only in California but anyone who has customers or business to business relations with California.

Any company must comply with the regulations who does business in California, operating for profit, collecting customers personal data and have one or more characteristics:

• Has annual gross revenues in excess of $25 million;
• Possesses the personal information of 50,000 or more consumers, households, or devices; or
• Earns more than half of its annual revenue from selling consumers’ personal informatio.

If they are handling customers who are defined by the law as:

• Anyone who is in the State of California for anything other than a temporary transitory purpose
• Any individual domiciled in California who is outside the state for a temporary transitory purpose

The law defines what it is considered as ’’personal information”: “identifies relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”.

For example:

• Email address
• Online handles
• IP address
• Biometric information
• Geolocation data
• Browsing and search history

The act grants certain rights (similar to EU GDPR) to customers related their personal data, the rights are the followings:

• The right of the Consumer to know what personal information is being collected about them
• The right of the Consumer to know whether their personal information is sold or disclosed and to whom
• The right of the Consumer to say no to the sale of personal information
• The right of the Consumer to access their personal information
• The right of the Consumer to equal service and price, even if they exercise their privacy rights

These rights must be provided to customers falling into the California ’’categorization” from January 1st, 2020 effectively. Furthermore, any business needs to be compliant with CCPA has to provide the following disclosures to the customers at or before starting the collection of personal data:

• The customer’s rights set in CCPA
• A description of one or more methods of how a customer can submit a request to the company related to the personal data, including, at a minimum, a toll-free telephone number and if the business maintains an Internet website, a website address;
• List of categories of Personal data collected by the company in the last 12 months
• List of categories of Personal data sold by the company in the last 12 months
• A list of the categories of consumer PI that the business has disclosed for a business purpose in the preceding 12 months—or a statement by the business that it has not sold consumer Personal Data in the preceding 12 months.
• Disclose and deliver the required information to a consumer free of charge and within 45 days of a verifiable request from a consumer (with the possibility of one 45-day extension);
• Deliver required information by mail or electronically in a portable and readily-usable format;
• Provide a clear and conspicuous homepage link titled, “Do not sell my personal information” for consumers who want to exercise their opt-out rights.

Enforcement of the Law will be carried out by the General Attorney of California and companies failing to comply with the regulation should accept penalties:

From $100 to $750 per violation or actual damages, whichever is greater. Keep in mind that with statutory damages, consumers don’t have to prove that they incurred that actual financial loss, they have only had to show that the company violated the law!

Becoming compliant with CCPA requirements challenging and requires focus and organized efforts from any company. Trustifi is voluntarily compliant with CCPA already, and its customers who use their email security platform can rest assured they are in compliance with CCPA.

Providing a secure e-mail solution is a trust-based service and Trustifi enables its customers and business partners to get a clear understanding of its privacy practices and world-class security solutions to protect the customer’s data.

 

Download the Traditional E-mail Is Not Safe White Paper (.PDF)

Download the CCPA White Paper (.PDF)