jdlessley wrote:Actually there is some policy on this regarding the confidentiality of records found in the CHI, book1, p 150-151. While it does not address e-mail specifically it does address the confidentiality and security of reports, records and membership information. E-mail, falling under storing this information electronically, would require to be password protected.
Protection of storage and encryption of transmission are two different things, although they are related. Arguably both are involved with email. But the concept of protected storage applies even more directly to some central repository, such as what macsense is talking about -- provided that the data involved comprises confidential records within the scope of those provisions. Not all content falls under that definition.
The technical issue is how to comply with such requirements when they do apply. Perhaps where this forum could add value is in recommending technical solutions that would help leaders conform.
There are decent solutions such as PGP, but they are a hassle for end-users to implement. A less ambitious solution might be using recent versions of WinZip. It includes 256-bit AES, which is probably good enough. Managing shared passwords can be complicated, but is workable for small groups such as bishoprics.
Security is mostly a problem of people following procedures, and noncompliance does not occur only in email or in complicated shared-file architectures. I often find unprotected files right on the clerk's office computer.