Although email typically has a layer of security protection in the form of a password, users need to be aware that emails sent "in the clear" (not encrypted), CAN be intercepted and read by other parties using available tools.
To address this threat, the new MA Data Protection Law which went into effect March, 1, 2010 requires "Encryption of all transmitted records and files containing personal information that will travel across public networks".
There are many solutions available, but the one we typically recommend to clients is Voltage SecureMail. This is an easy solution because the email recipient doesn't need to purchase or install any software on their end.
Although it's a bit of a pain to go through the extra step of encryption, this is a necessary precaution when sending any protected or sensitive information. You can send eMails directly from Microsoft Outlook, or log into a web interface. We typically advise clients to develop a process where they send a preliminary email to the recipient with some simple instructions to let them know a secure email will follow. This helps non-tech-savvy users know what to do.
To see how it works, view the Voltage SecureMail demo.
If you'd like to give it a try, sign up for a free trial.
To learn more about the new MA Data Protection Law - 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH - read full regulation from the mass.gov web site.