Please note: The algorithm descriptions in English have been automatically translated. Errors may have been introduced in this process. For the original descriptions, go to the Dutch version of the Algorithm Register.
Secure emailing
- Publication category
- Other algorithms
- Impact assessment
- Field not filled in.
- Status
- In use
General information
Theme
Begin date
Contact information
Link to publication website
Responsible use
Goal and impact
The purpose of this algorithm is to help ensure that information sent by e-mail is properly secured. In other words: not with too few security measures, but not with too many either. The algorithm contributes to this by alerting e-mail senders to sensitive information and encouraging them to then send this information securely. If they choose to do so, the e-mail is secured with encryption, two-factor authentication for the recipient, revocation option and logging.
This ensures that sensitive information is secured, while insensitive information can be accessed without additional friction for the recipient. The algorithm only impacts the process of sending e-mails and does not affect the substantive legal status of citizens or businesses.
Considerations
The use of this algorithm helps ensure that e-mails are sent with the right level of security. Classification of e-mails by algorithm is more effective than classification based on a glossary compiled by human input or classification by the sender, while at the same time the algorithm does not affect the content of an e-mail.
Human intervention
In principle, the user makes the choice whether or not to send an e-mail securely based on the recommendation by the algorithm. It is also possible to automate the choice of whether or not to send an e-mail securely based on the algorithm. In that case, a user can still choose to explicitly send an e-mail securely by himself.
Risk management
The overall performance of the algorithm is monitored by the vendor. If it turns out that the algorithm makes incorrect classifications more often, this is picked up by the monitoring so that adjustments can be made to the algorithm. The verbiage can be adjusted if it turns out that certain topics are missed, or, on the contrary, wrongly classified as safe to send.
Legal basis
AVG article 32 and BIO (Baseline Information Security Government)
Links to legal bases
- BIO: https://www.digitaleoverheid.nl/overzicht-van-alle-onderwerpen/cybersecurity/bio-en-ensia/baseline-informatiebeveiliging-overheid/
- AVG art. 32: https://www.privacy-regulation.eu/nl/artikel-32-beveiliging-van-de-verwerking-EU-AVG.htm
Operations
Data
- Sender e-mail address
- Recipient e-mail addresses (To, Cc, Bcc)
- Name of sender and/or recipient (as contained in the certificate)
- E-mail address included in the certificate
- Organisation/department ID (if included in the certificate)
- Any additional identifiers included as "secure-header" (e.g. user-ID, department-ID)
(The actual content of the e-mail - texts, attachments, etc. - may contain personal data, but these are only encrypted and not processed by the algorithm itself).
Links to data sources
Technical design
When composing a new e-mail, the terms in the message and attachments are used to see how similar it is to previously (securely or normally) sent e-mails. If the e-mail is sufficiently similar to messages normally sent securely, the e-mail is flagged as potentially sensitive. Based on the terminology in the e-mail, it is determined whether it relates to a specific category of sensitive information, such as medical or legal. The moment the e-mail is classified as sensitive and is about a topic that the organisation has set to be sent securely, the user is given a recommendation to send the e-mail securely.
External provider
Similar algorithm descriptions
- This algorithm helps e-mail users determine when an e-mail contains sensitive information and should be sent securely.Last change on 14th of June 2024, at 7:49 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- Field not filled in.
- Status
- In use
- This algorithm helps e-mail users determine when an e-mail contains sensitive information and should be sent securely.Last change on 28th of November 2024, at 15:04 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- Field not filled in.
- Status
- In use
- This algorithm helps e-mail users determine when an e-mail contains sensitive information and should be sent securely.Last change on 28th of November 2024, at 15:04 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- Field not filled in.
- Status
- In use
- This algorithm helps e-mail users determine when an e-mail contains sensitive information and should be sent securely.Last change on 22nd of August 2025, at 9:31 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- Field not filled in.
- Status
- In use
- This algorithm helps e-mail users determine when an e-mail contains sensitive information and should be sent securely.Last change on 29th of April 2025, at 10:46 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- Field not filled in.
- Status
- In use