Transmitting client data via personal devices or personal email

It is against our acceptable use policy to download or transmit client data via personal devices or personal email (see “Data Protection” section). Transferring client data via personal email/devices is insecure without Encore's security controls (more details below).

However, every client has different needs and risk tolerance. If the client makes the request for transmitting data in this regard, understands and accepts the risk (in writing), that is their prerogative.

It would be good for your team to communicate this information to users who are asking for these unapproved methods so that they better understand why the policy restricts data to company issued devices/methods. Here are some bullet points that end user services can share with these users:

Client data should remain confidential and protected at all times
Encore has security controls in place to ensure confidentiality and integrity of client data
Personal devices/accounts lack security controls to ensure said confidentiality and integrity
It would be up to that client if they wish to accept the risk (in writing via the MSA)
We have approved methods of data transfer, such as: SharePoint and Encore-owned USBs
- There should be a business case why these approved methods are insufficient
- OneDrive FAQ: OneDrive for Business (sharepoint.com)
- How-to share client data via SharePoint