Articles in this section
Category / Section

Data transfer security

Published:
2 mins read
Updated:


Jomablue recommends following best practices when transferring commercially sensitive data such as attendee lists. Primarily, we encourage loading these directly into Jomablue - doing so eliminates any intermediate file storage or transfer solution which reduces risk.

Where you are required to transfer data to Jomablue, our recommendation is using PGP encryption.

PGP Encryption

PGP encryption protects the contents of sensitive files from unauthorised viewing. PGP keys are used to encrypt and digitally sign outbound files, as well as to decrypt and verify inbound files. For manual data transfers of sensitive information to and from Jomablue, we strongly suggest transferring only PGP-encrypted files. For Jomablue sensitive information, we will only provide it using PGP encryption.

How to use PGP

PGP keys are used to encrypt and digitally encrypt data. PGP is easy to use but requires some technical know-how. To encrypt with PGP, you need to obtain specialised software, which is readily available. Our public key is available on MIT’s PGP register (https://pgp.mit.edu).

File-Sharing Services

File-sharing services (such as Box, Dropbox, Onedrive, and Google Drive) can be used to provide files to Jomablue, but it is highly recommended that anything transferred via these services be PGP encrypted for additional layers of security.

Alternatives

Although PGP encryption is the most secure method of transfer, we understand that using it can be complex. If your Privacy Officer or other authorised staff chooses not to use encryption and secure file transfer methods, consider the following recommendations:

  • Lock spreadsheets containing sensitive data with a strong password
  • Place that spreadsheet within a zip (archive) folder and password-protect the zip file
  • Never share the password and data file in the same email
  • Communicate passwords separately (e.g., send the password via SMS or relay it verbally over the phone)
  • Instead of emailing content, use a file-sharing service (such as Box or another trusted service) that provides industry-standard encryption
  • When using services such as Dropbox, activate the link expiration feature. Place the file in a shared location and provide a link set to expire in 24 hours.

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Access denied
Access denied