Secure mailing

The purpose of this algorithm is to contribute to good security of e-mails being sent. Not too little security, but not too much either. The algorithm alerts senders of an e-mail to sensitive information and encourages them to send it securely. This can be done through encryption, two-factor authentication for the recipient, revocation capability and logging. Insensitive information remains easily accessible. The algorithm does not affect the substantive legal status of residents or businesses.

Reviewing e-mails by an algorithm is more effective than using a human-made glossary or format. The algorithm does not affect the content of an email.

The municipality employee chooses whether or not to send an e-mail securely. The algorithm only makes a recommendation in this regard.

The supplier keeps track of the algorithm's performance. The supplier notices when the algorithm makes mistakes and makes adjustments. The municipality can track the performance of the algorithm on a dashboard.

A Data Protection Impact Assessment (DPIA) was carried out prior to the implementation of the software.

The algorithm is based on anonymised historical messages combined with whether or not these messages were sent securely. Anonymisation is done in several steps, with only aggregates across many thousands of messages being stored. In addition, personal data is automatically removed from the data. With this, the data is anonymised and the original messages are impossible to extract from the data.

When composing a new e-mail, the terms in the message and attachments are used to see how similar it is to previously (securely or normally) sent e-mails. If the e-mail is sufficiently similar to messages normally sent securely, the e-mail is flagged as potentially sensitive. Based on the terminology in the e-mail, it is determined whether it relates to a specific category of sensitive information. For example, certain personal data such as medical information about individuals. The moment the e-mail is classified as sensitive and is about a subject that the organisation has set up to be sent securely, the user is given a recommendation to send the e-mail securely.